Is there a debugger or a tool that will find the stack corruption
in [ASM]
|
From: parag on 20 Oct 2009 16:17 Is there a debugger or a tool that can correctly find out where the stack got corrupted,
From: James on 21 Oct 2009 01:25 parag wrote: > Is there a debugger or a tool that can correctly find out where the > stack got corrupted, yep
From: parag on 26 Oct 2009 03:46 On Oct 21, 10:25 am, James <james(a)dne> wrote: > parag wrote: > > Is there a debugger or a tool that can correctly find out where the > > stack got corrupted, > > yep Can you please name such a tool
From: Frank Kotler on 26 Oct 2009 19:24 parag wrote: > On Oct 21, 10:25 am, James <james(a)dne> wrote: >> parag wrote: >>> Is there a debugger or a tool that can correctly find out where the >>> stack got corrupted, >> yep > > Can you please name such a tool "DEBUG"! :) Or maybe gdb... What's your OS, Parag? When they don't say, usually it's Windows. Ollydbg is popular... http://www.ollydbg.de/ Best, Frank
From: hutch-- on 29 Oct 2009 19:51
There is an even more powerful tool if you can find one, its called a "programmer". They are almost an endangered species but if you can find one she/he will tell you that the way to avoid stack corruption is to understand what the stack is and write code that works. There is a register in 32 bit called ESP, the STACK pointer, in most instances you try for something so simple as BALANCING the stack with practices like matching every PUSH with a POP, every CALL with a RET (n) or RET(f) and if you bother to check the content of ESP (SP in 16 bit, RSP in 64 bit) before and after a procedure call you will know if it works or not. Now you can start to get into trouble writing procedures with no stack frame unless you exactly understand how the stack works. Doing direct writes to the stack is risky unless you understand what you are doing and it can be the source of the type of problem you mentioned. Write yourself a simple piece of code that displays ESP and keep track of which way the stack changes. One problem you cannot fix is if you are using libraries and at least one of the modules in the library does not balance the stack. Your only choice is to identify the function that is making a mess and replace it with something else. The possibilities are endless but the solution is simple, use a "programmer" to solve the problem, gizmos rarely ever do the job, even an occasionally useful tool like a debugger. Regards, hutch |