| View previous topic :: View next topic |
| Author |
Message |
JoneLe86
How do I cheat?
![]() Reputation: 0
Joined: 11 Sep 2013
Posts: 5
|
 Posted: Thu Oct 10, 2013 3:08 am Post subject: what is the rigth way to get the stack size? is it.. |
 |
|
I am wondering how to get the stack size of ESP where as i know the address?
bty i did search and i found this answer, somehow i do not get his meaning, here is what he said
The first time you can use the address of any value on the stack to get the base address and size (in bytes) of the committed stack space.
Subtract the size from the base address and call VirtualQuery again. This way you get the space reserved for the stack.
Adding the two sizes you obtain the total stack size.
assuming i have this.. what i should do next?
| Code: | virtualqueryex(Process,address,Mbi,sizeof(Mbi));
address = mbi.baseaddress-mbi.regionsize;
virtualqueryex(Process,address,Mbi,sizeof(Mbi)); << ??? |
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25785
Location: The netherlands
|
| Posted: Thu Oct 10, 2013 4:18 am Post subject: |
|
|
The stacksize is mbi.baseaddress+mbi.stacksize
But for what purpose do you need the stacksize? (You can't use it for pointers as windows tends to fill in the start of the stack with a random amount of data)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
JoneLe86
How do I cheat?
![]() Reputation: 0
Joined: 11 Sep 2013
Posts: 5
|
| Posted: Thu Oct 10, 2013 1:34 pm Post subject: Thanks for answering my question! |
|
|
You can't use it for pointers as windows tends to fill in the start of the stack with a random amount of data (interesting!)
hmm I just want to know how some debuggers show that in (Stack window) which has the lowest address of stack and the highest address,,,
maybe i asked a wrong question, cuz one i add mbi.baseaddress+mbi.stacksize a different value than those debugger show?
Ex
stack window show this range 0022E000 to 0022FFFC so now by subtracting
= 1FFC.. 8188
if use | Code: | | virtualqueryex(Process,address,Mbi,sizeof(Mbi)); |
i Will get
| Code: | mbi.baseaddress = 0022FFFC
mbi.AllocationBase = 30000
mbi.regionsize = 4096
mbi.state = 4096 |
what i do not get it, How the debugger showed this lower value 0022E000 and highest value 0022FFFC????
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25785
Location: The netherlands
|
| Posted: Thu Oct 10, 2013 4:26 pm Post subject: |
|
|
ah yes, I forgot that virtualqueryex returns the base from the base you gave
virtualquerryex on 22fffc will get the region of 22f000 and later
virtualqueryex on 22e000 will get the region of 22e000 and later (that includes 22f000, so at least 8192)
You need to do a virtualqueryex from address 0 and loop till you encounter a region that the target address belongs to
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
JoneLe86
How do I cheat?
![]() Reputation: 0
Joined: 11 Sep 2013
Posts: 5
|
| Posted: Thu Oct 10, 2013 5:01 pm Post subject: |
|
|
it makes me feel better once i ask in a forum and i get an answer within hours, honestly i know why the hek Dark Byte is a Site Admin.. cuz he is amazing!!! and awesome!!! dude why there are no such people like you in other forums?
Got it thanks!!
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
