I searched googled, but I'm not sure if I am asking the right question or not, and I could not find anything, regardless of whether the link would be useful.
I made a C ++ program that shows a message box, then I opened it with Ollydbg and moved on to the part where it calls MessageBoxW.
The address of the MessageBoxW call changes every time I start the application, as the windows update my Imports table to have the correct MessageBoxW address. So my question is how to find MessageBoxW virtual addons in my import table, and also how can I use this in ollydbg?
Basically I am trying to make a cave of code in the assembly to call MessageBoxW again. I got pretty close once by searching the executable using a hex editor and found the call position, and I think I found the virtual address. But when I call this virtual address in olly and save it in an executable file, the next time I opened it, the call was replaced by a bunch DB xyz(which looked like a virtual address, but why deleted it call?
Sorry if my terminology is disabled, as I'm new to this, so I'm not quite sure what to call things.
source
share