|
|
Codeproject has lot of good articles about it.
|
|
|
|
|
atlsmtpconnection.h is available in VS 2005 but not in VS 2008. Also I am not able to find other classes like CMimeMessage etc in VS 2008. Does anyone have any idea whether I need to install anything else to get these classes?
the fruits of your success will be in direct ratio to the honesty and sincerity of your own efforts in keeping your own records, doing your own thinking and, reaching your own conclusions.
..surviving in autumn..in love with spring..
|
|
|
|
|
Hello everyone,
If there is an arbitrary address (e.g. 0x12345678), how to check whether it is code or data or stack? Any command to display the information (suppose I have symbol file) in the arbitrary address? Could we use WinDbg tool?
thanks in advance,
George
|
|
|
|
|
Will the PEDUMP tool do the job for you?
« Superman »
|
|
|
|
|
Hi Santosh,
In my understanding, PEDUMP tool dumps human readable information in a static way -- without running the binary. But my purpose is to dump information at runtime at some specific address. Without running, just do static analysis, you do you know what information (code/data/stack) will reside in some specific memory address, right?
Please feel free to correct me if I am wrong.
regards,
George
|
|
|
|
|
There is no specific address where each section resides.
You will need to understand the PE format.
It is a chain of data structures.
You will need to examine the PE Header and the PE optional header of the executable to get the starting relative virtual address of each section.
« Superman »
|
|
|
|
|
Thanks Santosh,
Sorry I do not agree with you. Suppose my application loads a DLL and I want to debug into the DLL, since DLL could be loaded into any address (possible reload), how could you just get the actual address using static analysis tool without running it?
Please feel free to correct me if I am wrong.
regards,
George
|
|
|
|
|
OK. Now I'm not sure if I understand your requirement.
« Superman »
|
|
|
|
|
I have a question for you, Santosh.
A DLL could be loaded at any arbitrary address, how could you use PEDUMP to analysis information at some address without actually run/load it. Let me know if I have not made myself understood.
regards,
George
|
|
|
|
|
Well if you read about PE is very helpful for you and if you like to see it I saw a very good article on the www.codeguru.com about it.
|
|
|
|
|
Thanks Hamid,
Could you post the link of the good article you referred please? CodeGuru is a big site.
regards,
George
|
|
|
|
|
you can search with PE,its more five page I think.
|
|
|
|
|
|
|
|
Dont you know C#?
|
|
|
|
|
Does it relates to my question, Hamid?
regards,
George
|
|
|
|
|
You said it was C# I asked do you know C#?
|
|
|
|
|
Sure, Hamid!
Let us discuss the original question?
regards,
George
|
|
|
|
|
Did you see those articles? are they helpful?
|
|
|
|
|
Thanks Hamid,
I will read them today and response with you.
regards,
George
|
|
|
|
|
Yes, Hamid!
I have read the articles and tried the PEDUMP tool. I think it is used for analyze the physical binary file format, not to analyze the loaded in memory binary.
Any comments?
regards,
George
|
|
|
|
|
I think I found your answer but I dont remember your question (you have lot of questions) you want to read memory of a process(thread) with an address,right? well see ReadProcessMemory .
|
|
|
|
|
Sorry for my bad English, Hamid!
My question is, I can get the content of the memory, but I want to know what exactly resides in the memory -- i.e. does the memory content represents code or data? If I have symbol file, could I decode the memory content to human readable information? Any ideas?
regards,
George
|
|
|
|