LCKB ** OLD LCKB DATABASE ** Off-Topic (The Outer World) General Discussion v
admin issue

Linear Mode
admin issue
someone Offline
Senior Member
****
Posts: 313
Threads: 20
Thanks Received: 0 in 0 posts
Thanks Given: 0
Joined: Jul 2011
Reputation: 0
#12
10-12-2011, 06:51 AM

Im trying to learn--

Please, how do I find this line in OllyDbg?

According to the MSDN the PE header is 1000 Bytes and looks something like this:

typedef struct _IMAGE_FILE_HEADER {
WORD Machine;
WORD NumberOfSections;
DWORD TimeDateStamp;
DWORD PointerToSymbolTable;
DWORD NumberOfSymbols;
WORD SizeOfOptionalHeader;
WORD Characteristics;
} IMAGE_FILE_HEADER,
*PIMAGE_FILE_HEADE

Source:

2

 

That file is in hex, and has file offset, you must calculate the virtual offset.

Virtual_Offset = (First_Address - Header) + File_Offset

Find


Messages In This Thread
[No subject] - by BashVendetta - 10-11-2011, 12:35 PM
[No subject] - by damona - 10-11-2011, 02:33 PM
[No subject] - by robino1996 - 10-11-2011, 03:57 PM
[No subject] - by MonarC - 10-11-2011, 04:03 PM
[No subject] - by damona - 10-11-2011, 04:04 PM
[No subject] - by BashVendetta - 10-11-2011, 04:16 PM
[No subject] - by MonarC - 10-11-2011, 04:36 PM
[No subject] - by damona - 10-11-2011, 05:15 PM
[No subject] - by blankname - 10-11-2011, 05:48 PM
[No subject] - by Aquilis - 10-11-2011, 08:49 PM
[No subject] - by BashVendetta - 10-11-2011, 09:14 PM
[No subject] - by someone - 10-12-2011, 06:51 AM
[No subject] - by Aquilis - 10-12-2011, 03:48 PM
[No subject] - by someone - 10-12-2011, 04:23 PM
[No subject] - by Aquilis - 10-12-2011, 04:30 PM
[No subject] - by someone - 10-12-2011, 04:39 PM
[No subject] - by Aquilis - 10-12-2011, 04:42 PM
[No subject] - by blankname - 10-12-2011, 04:43 PM
[No subject] - by Aquilis - 10-12-2011, 05:01 PM
[No subject] - by BashVendetta - 10-12-2011, 05:08 PM
[No subject] - by zhuk - 10-17-2011, 09:31 AM
[No subject] - by Azkeel - 10-17-2011, 09:54 AM
[No subject] - by MonarC - 11-03-2011, 01:20 PM

Forum Jump:


Users browsing this thread: 1 Guest(s)