I've just downloaded a 30-day trial version of PE Explorer from HeavenTools to see how well it can disassemble DLLs. On startup, load your DLL then press Cntrl-M and Alt-S to start the disassembler.
Cntrl-F for "entry" which takes you to the DLL entrypoint which should look something like this:
push ebp
move ebp, esp
etc
EBP is the (32-bit) frame pointer or the base pointer, unlike the stack pointer ESP, the base pointer is only manipulated explicitly. ESP always points to the last element used on the stack (NOT the first free element).
Cntrl-E takes you to the Export Viewer.
No comments:
Post a Comment