Pancake Posted April 8, 2015 Share Posted April 8, 2015 (edited) Hello. I was wondering how can i create a call stack to view the return addresses. So i found that fancy function, it worked prefrectly in one .exe, showing call stack up to ntdll but it does not show full backtrace when called from a hook. Sometimes it prints 1, 2, 3 addresses but i know how that program is working and the call stack is much bigger. The "Call Stack" function from olly shows exactly same not full result but i can view stack and see which address is a return address, but i cant dereference values from the stack to see if its a return address because i would crash on access vioaltion very quickly. How can i make it work properly? Edited April 8, 2015 by Pancake Link to comment
Conquest Posted April 21, 2015 Share Posted April 21, 2015 but i cant dereference values from the stack to see if its a return address because i would crash on access vioaltion very quickly. You are on the right track. Handle exceptions. 1 Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now