tag:blogger.com,1999:blog-1812985003737084262.post2425763835185473711..comments2009-03-12T11:48:11.216-04:00bxiahttp://www.blogger.com/profile/13262666423559414651noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-1812985003737084262.post-92023796426344332582009-03-12T11:48:00.000-04:002009-03-12T11:48:00.000-04:00"From the unassembled code, esi register is used to store the value of ecx register at the very beginning of the function, so I concluded the last function call was IFTPLicense_Impl::Release and the instruction pointer could be right at the call instruction."<BR/><BR/>The logic behind the scene is that since esi register has not been modified, so the instruction pointer should not reach "mov esi,ecx". However, one issue is at the very end of function(epilogue), the following instructions would restore the value of esi,<BR/>02b3a3a5 5e pop esi<BR/>02b3a3a6 c3 ret<BR/><BR/>However, most likely, the web server should crash before reaching the epilogue. Therefore, my previous conclusion still holds.bxiahttp://www.blogger.com/profile/13262666423559414651noreply@blogger.com