I am using a hook. Is it possible to clean the EIP and / or EBP so that it is set to start all new and cleaned, something like XOR... and how do you switch from EIP to EBP. I know very little of nothing about this but need to learn because i ran into a few minor problems and i think an solution maybe with-in this.

Posted on 2002-06-01 22:22:56 by cmax
try to be more clear, what r u trying to do? change the eip/ebp when returning from exception? or are u debugging a program?
Posted on 2002-06-02 04:50:14 by DZA

You can usually only effect EIP indirectly by using JMP, Jxx, CALL or RET. EBP can be changed directly but be very careful what you do here as you can crash the program very easily.

What you need to get the swing of is how EBP is used in procedure entry and exit if its used at all. Very simple procedures that have no local values on the stack don't need to use EBP and can directly use ESP for the stack parameters but in most instances, both ESP and EBP are used in procedure entry and exit.


Posted on 2002-06-02 06:25:29 by hutch--