Reverse Engineering Asked by bshi02 on November 16, 2020
I tried to analyze a certain part of program with IDA PRO, So I set a break point at some instruction and start debugging(press F9 key)
Afer It start debugging mode, I was pressing F7 key(step into) in order to observe flow of current function. I even made below videoclip which displays what happened when I have analyzed a certain part of program.
First I’m curious that why "call off_75C3708C"(navigate to 00:06,00:35,1:06 in navigation slider of dropbox) was repeated three times during step into processing.
I observed videoclip which I made, But it seems that there was no jmp instruction which reroute EIP pointer to a address where "call off_75C3708C"s’ location(USER32:75BCD8A0)
and Very weird thing is that whenever EIP reach a first instruction of module of ntdll_KiUserCallbackDispatcher(ntdll:77D003D0,mov ecx,large fs:0, navigate to 0:34,1:45) F7 key(step into) is not working at all and execute until EIP reach any Break Point or execute continuously if there is no Break Point.
I really want to know why there weird thing happens and really looking for any reply.
Thank you in advance.
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP