GetModuleHandle과 LoadLibrary

windows 2010. 5. 11. 08:29 |
모듈(Module)
함수들의 집합, 특정 일을 처리한다는 객체 개념으로 해설할 수도 있다. 윈도우 내에서는 구체적인 예로 DLL이나 EXE 파일이 있다.

HMODULE GetModuleHandle(LPCTSTR lpModuleName);

lpModuleName에 DLL이나 EXE 파일 이름을 넘겨주면 모듈에 대한 핸들(HMODULE)을 리턴한다고 되어 있지만 실제 리턴 값은 베이스 주소 값을 넘겨준다, 결국 GetModuleHandle은 DLL과 EXE의 베이스 주소를 리턴하는 함수이다.

HINSTANCE LoadLibrary(LPCTSTR lpLibFileName);

 테스트

#include <Windows.h>
#include <stdio.h>

void main()
{
    HMODULE hMod;
    hMod = GetModuleHandle(NULL);
    printf("%p",hMod);
}



같 은점 :
LoadLibrary도 GetModuleHandle과 같은 기능(모듈에 대한 핸들을 리턴한다)을 한다.
(HMODULE과 HINSTANCE의 차이점 참고)

차 이점 :
LoadLibrary의 경우 레퍼런스 카운트를 올리지만 GetModuleHandle의 경우 레퍼런스 카운트를 올리지 않는다. 
따라서 경우에 따라 원하는 모듈이 자신의 메모리에 올라와 있지 않으면 NULL을 반환할 수 있다.
단순히 값만 참조할 때면 GetModuleHandle을, 실제 지속적으로 사용하기 위해서는 LoadLibrary를 사용할 것이다.

'windows' 카테고리의 다른 글

PIMAGE_IMPORT_DESCRIPTOR  (0) 2010.05.24
WinNT.h  (0) 2010.05.24
Toolhelp32를 이용한 프로세스ID얻기  (0) 2009.10.02
context switch  (0) 2009.10.01
세그먼트 레지스터  (0) 2009.10.01
Posted by applicationlayer
:

ollyDBG 단축키

tips 2010. 5. 11. 01:47 |
Pop-up menus display only items that apply. Frequently used menu functions:  

Function

Window

Menu command

Shortcut

Edit memory as binary, ASCII or UNICODE string

Disassembler, Stack Dump

Binary|Edit

Ctrl+E

Undo changes

Disassembler, Dump Registers

Undo selection Undo

Alt+BkSp

Run application

Main

Debug|Run

F9

Run to selection

Disassembler

Breakpoint|Run to selection

F4

Execute till return

Main

Debug|Execute till return

Ctrl+F9

Execute till user code

Main

Debug|Execute till user code

Alt+F9

Set/reset INT3 breakpoint

Disassembler Names, Source

Breakpoint|Toggle Toggle breakpoint

F2

Set/edit conditional INT3 breakpoint

Disassembler Names, Source

Breakpoint|Conditional Conditional breakpoint

Shift+F2

Set/edit conditional logging breakpoint (logs into the Log window)

Disassembler Names, Source

Breakpoint|Conditional log Conditional log breakpoint

Shift+F4

Temporarily disable/restore INT3 breakpoint

Breakpoints

Disable Enable

Space

Set memory breakpoint (only one is allowed)

Disassembler, Dump

Breakpoint|Memory, on access Breakpoint|Memory, on write

 

Remove memory breakpoint

Disassembler, Dump

Breakpoint|Remove memory breakpoint

 

Set hardware breakpoint (ME/NT/2000 only)

Disassembler, Dump

Breakpoint|Hardware (select type and size!)

 

Remove hardware breakpoint

Main

Debug|Hardware breakpoints

 

Set single-short break on access to memory block (NT/2000 only)

Memory

Set break-on-access

F2 

Set break on module, thread, debug string 

Options

Events

 

Set new origin

Disassembler

New origin here

 

Display list of all symbolic names

Disassembler, Dump Modules

Search for|Name (label) View names

Ctrl+N

Context-sensitive help (requires external help file!)

Disassembler, Names

Help on symbolic name

Ctrl+F1

Find all references in code to selected address range

Disassembler Dump

Find references to|Command Find references

Ctrl+R

Find all references in code to the constant

Disassembler

Find references to|Constant Search for|All constants

 

Search whole allocated memory

Memory 

Search Search next

Ctrl+L

Go to address or value of expression

Disassembler Dump

Go to|Expression Go to expression

Ctrl+G

Go to previous address/run trace item

Disassembler

Go to|Previous

Minus

Go to next address/run trace item

Disassembler

Go to|Next

Plus

Go to previous procedure

Disassembler

Go to|Previous procedure

Ctrl+Minus

Go to next procedure

Disassembler

Go to|Next procedure

Ctrl+Plus

View executable file

Disassembler, Dump, Modules

View|Executable file

 

Copy changes to executable file

Disassembler

Copy to executable file

 

Analyse executable code

Disassembler

Analysis|Analyse code

Ctrl+A

Scan object files and libraries

Disassembler

Scan object files

Ctrl+O

View resources

Modules, Memory

View all resources View resource strings

 

Suspend/resume thread

Threads

Suspend Resume

 

Display relative addresses

Disassembler, Dump, Stack

Doubleclick address

 

Copy

Most of windows

Copy to clipboard

Ctrl+C



Frequently used global shortcuts:  

Ctrl+F2

Restart program

Alt+F2

Close program

F3

Open new program

F5

Maximize/restore active window

Alt+F5

Make OllyDbg topmost

F7

Step into (entering functions)

Ctrl+F7

Animate into (entering functions)

F8

Step over (executing function calls at once)

Ctrl+F8

Animate over (executing function calls at once)

F9

Run

Shift+F9

Pass exception to standard handler and run

Ctrl+F9

Execute till return

Alt+F9

Execute till user code

Ctrl+F11

Trace into

F12

Pause

Ctrl+F12

Trace over

Alt+B

Open Breakpoints window

Alt+C

Open CPU window

Alt+E

Open Modules window

Alt+L

Open Log window

Alt+M

Open Memory window

Alt+O

Open Options dialog

Ctrl+T

Set condition to pause Run trace

Alt+X

Close OllyDbg



Frequently used Disasembler shortcuts:  

F2

Toggle breakpoint

Shift+F2

Set conditional breakpoint

F4

Run to selection

Alt+F7

Go to previous reference

Alt+F8

Go to next reference

Ctrl+A

Analyse code

Ctrl+B

Start binary search

Ctrl+C

Copy selection to clipboard

Ctrl+E

Edit selection in binary format

Ctrl+F

Search for a command

Ctrl+G

Follow expression

Ctrl+J

Show list of jumps to selected line

Ctrl+K

View call tree

Ctrl+L

Repeat last search

Ctrl+N

Open list of labels (names)

Ctrl+O

Scan object files

Ctrl+R

Find references to selected command

Ctrl+S

Search for a sequence of commands

Asterisk (*)

Origin

Enter

Follow jump or call

Plus (+)

Go to next location/next run trace item

Minus (-)

Go to previous location/previous run trace item

Space (  )

Assemble

Colon (:)

Add label

Semicolon (;)

Add comment


'tips' 카테고리의 다른 글

BOF에 취약한 함수들  (0) 2010.05.13
attrib  (0) 2010.05.11
hping사용  (0) 2010.04.28
packet test tool  (0) 2010.04.27
portable ftp server  (0) 2010.04.26
Posted by applicationlayer
:

iphonestone

iphone 2010. 5. 10. 17:42 |
아이폰의 파일시스템을 볼수있는 툴
iPhoneStone(v 1.0).zip

'iphone' 카테고리의 다른 글

3.1.3탈옥  (0) 2010.05.14
Posted by applicationlayer
:

티스토리툴바