Message board for the users of flat assembler.
> Windows > How to use InitiateSystemShutdown?
Goto page Previous 1, 2
i think i now understand but from my undestanding.
.token+12 should contain the address of .attr
since .token is 4bytes
followed by luid which is 8bytes
im confused i think i have a poor understanding of x86 addressing
|25 Feb 2017, 14:16||
The +12 is because there are already 3 dwords pushed ahead of it (the three ,0,0,0 that follow it are pushed before it) so ESP has been decremented by 12 bytes. So actually the address is still .token.
A debugger will show you the push order and the addresses that are used.
|25 Feb 2017, 14:21||
|Goto page Previous 1, 2
< Last Thread | Next Thread >
Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.
Website powered by rwasa.