We learn about face "ESP's Law", ESP law is one of the most widely used method in the shelling, the shelling is suitable for most programs.
What is the ESP's law we do not get to the bottom, as it is a name of it. After all, a lot of shell tools can not take off, but ESP's law but can take off most of the shell.
This time we use OD manual shelling. Let OD loader. The prompt box, we click "no."
Here is our location after clicking "No" to stay. We press the F8 key changes are noted within the register window on the right.
We can see the change in value of the EIP and ESP, and only two of them red. Then we in the ESP register window right here, select "Data window, follow"
you can enter dd 0012FFA4 in the Command window in the bottom of the track to this position.
Then we position the lower left corner, pay attention to the lower left corner portion purple (purple part is I checked for everyone to see more clearly, is not automatically appear in purple)
Right - break - hardware access --Word
this step following figure, HR 0012FFA4 is entered in the bottom of the Command window, directly breakpoint.
Once selected, we F9 to run the program, the program will stop off at our location under. As shown below