Stack Overflow
Stack Overflow

Questions tagged [ollydbg]

OllyDbg is a Ring3, Win32 debugger.

OllyDbg is a Windows 32-bit assembly level debugger and disassembler created by Oleh Yuschuk. OllyDbg operates in Ring3, or userland, rendering it unable to debug device drivers and kernel components.

It supports user created plugins. Currently version 2 is in development by Oleh.

More information can be gotten from the homepage.

276 questions
0
votes
2 answers

Assembly Absolute JMP/CALL to Relative JMP/CALL Tool/Plugin?

I have this program I'm trying to reverse engineer. I don't know whether or not it was the compiler's optimizer or obfuscation, but now some parts of the code that call other functions are calculated by math then called such as CALL EAX It works…
SSpoke
  • 5,656
  • 10
  • 72
  • 124
0
votes
1 answer

msvcp60.dll imported function names on idapro and ollydbg

I am currently reversing an executable that imports some functions from msvcp60.dll. When I open the executable in IDA Pro, the function names are very long, and it doesn't give any hint about what are they doing. Reversing all of these functions…
mohamed Abdel latief
  • 1
0
votes
1 answer

create symbol or rename a function inside WinDBG

is there a way to rename a function in windbg? similar of using symbol. For example, we have a function that is identified in windbg as "example+0x14". after reverse engineering, I know this function is making call to a trampoline that will do…
reza_679
  • 1
  • 1
0
votes
0 answers

Trying to determine and change "Nation/locale/region Code" for application inside disassembler

Inside this program executable (included below), there is something that determines what "nation" the program will start up as. by "nation" i mean the program will either run in Korean, US, Japanese, or Taiwanese version (the version it is in…
smo Monkeyy-3
  • 1
0
votes
1 answer

OllyDbg not properly interpreting SSE2 instructions and operands

Note: using OllyDbg v1.1 I'm attempting to reverse engineer a subroutine in a program that likely employs some sort of techniques to frustrate the process beyond the basic 'IsDebuggerPresent'. I have the code disassembled in IDA, but certain…
abortedReverseEngineer
  • 1
  • 1
0
votes
0 answers

Interruption service in assembler (int 21h) and it's behavior (w/OllyDbg)

Hello, fellow programmers! I have a stupid (for your lvl) question: Using "flat assembler" and debugging it using "ollydbg (v2.00.01)" I have a following code: format PE org 100h start: mov eax, 0 ; clear entire register mov…
Futman
  • 3
  • 3
0
votes
1 answer

Is digital certificate of PE(Portable Executable) file is in overlay of file?

Digital Certificate is in the overlay of file or digital certificate is outside of a file
Malware Analyst
  • 1
0
votes
0 answers

OllyDbg - How can I add more instruction space to a .exe file?

I want to make a "codecave" in an executable file using OllyDbg, but my issue is that I have no idea how can I add more space where I could write my own function to the file. So far I've only tried to extend it by adding zeros to the end of the file…
Sejt
  • 1
  • 1
0
votes
1 answer

Base addresses not the same

When I load up an executable in IDA pro and OllyDbg, the addresses of the same instructions start up at different locations. This could be because they are different base addresses. I would like the executables use the same base address; how do I go…
user277465
0
votes
1 answer

Unpacking WinUpack 0.39 with Ollydbg 1.10

I am new to reverse engineering and I am trying to unpack an executable packed with WinUpack 0.39. After the packing I launched the executable and it worked fine. When I run it in Ollydbg 1.10 after few instructions it gives me an error of Access…
mobydick1968
  • 3
  • 1
0
votes
1 answer

Ollydbg instructions before program

I am new to reverse engineering, and I have been looking at a simple program: char* a = "hello world"; printf(a); However, when I open this in ollydbg, I am not taken right to the assembly as I would have been in gdb, there are many more…
user490895
  • 335
  • 2
  • 7
  • 17
0
votes
1 answer

OllyDbg - there are several patches applied but it still says that file was unmodified and doesn't save changes to modded *.exe

OllyDbg - there are several patches applied but it still says that file was unmodified and doesn't save changes of patches to modded *.exe . Somehow before the addition of each new patch it saves ok with notice of changing the file, but with next it…
Triadasoul
  • 11
  • 2
0
votes
0 answers

When the window of the program is not responding, how to find which Message Procedure is blocking in the Message Loop?

For example, if a release program appears no responding in Windows, what tools and methods should be used to find out which message procedure caused the long time no return?
cmf41013
  • 107
  • 1
  • 9
0
votes
1 answer

How to Reverse Engineer a software using Ollydbg

I am trying to reverse a program and crack it but I cant find any of the Strings through searching for "referenced Strings" or "binary Strings". but in view -> windows now i see all Strings. how to use this part of ollydbg? or its not useful for…
user1092106
  • 13
  • 5
0
votes
0 answers

Sorting and change values in 32bit assembly

Below i wrote a code that will compare characters and move letters to litere array and numbers to numere array. The problem is that when i am trying to print the letters array using printf , it actually not printing anything. I think i made a…
Andrei Cezar
  • 11
  • 4
1 2 3
18 19