开发者

How to find Code generating known data?

From debugging the program I onl开发者_StackOverflow中文版y know that before clicking a button a set of known data isn't in memory (confirmed by memory search) and after clicking it the data is in memory (all the time a different location).

How can I find the code that generates this data?

One of the major problems (which might be important to know) is that it is a .net-Program (which I can't analyze with Reflector because it is obfuscated). So I'm analyzing the assembly generated by .NET (in Olly / Immunity / IDA).


If it is .Net you could debug the IL code. It is not easy though, but it should be possible to find the il intruction that writes the sequence into memory.

Try debugging tools for windows with the so called SOS extension.

You could also try if it would be possible to generate say C# code from the obfuscated assemblies for debugging. But this will most certainly not better readable code than IL.


Add Cheat Engine to your toolkit.

If you can get the address it will write to you could right click it and choose "Find out what writes to this address".

P.S. For a reverse effect you can select an instruction in the memory view, right click and choose "Find out what addresses this instruction access".

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜