Questions tagged [ollydbg]

OllyDbg is a Ring3, Win32 debugger.

OllyDbg is a Windows 32-bit assembly level debugger and disassembler created by Oleh Yuschuk. OllyDbg operates in Ring3, or userland, rendering it unable to debug device drivers and kernel components.

It supports user created plugins. Currently version 2 is in development by Oleh.

More information can be gotten from the homepage.

276 questions

votes

0 answers

save as Little Endian

BYTE b = 0x12; WORD w = 0x1234; DWORD dw = 0x12345678; char str[] = "abcde"; int main(int argc, char *argv[]) { byte lb = b; WORD lw = w; DWORD ldw = dw; char *lstr = str; return…

ollydbg reversing

asked Jul 28 '19 at 08:18

hy ro

votes

1 answer

Entry point in ollydbg is not according to ImageBase value in PE

I am new to PE analysis, so please bear with me for my basis question. Loading PE in Windows XP and Windows 7 are showing different Entry Point Hello.exe created in Windows XP. CFF Explorer is showing ImageBase 0x00400000 and AddressOfEntryPoint…

windows-7 portable-executable ollydbg

asked Jan 18 '19 at 20:17

amit raja

votes

0 answers

ReadProcessMemory not working with Dolphin emulator

I'm trying to get access to some of the values in the memory of an emulation of Smash Bros Melee running in Dolphin. The Dolphin debug mode says that the address of the value I want is 0x80C6BA10 (I'm assuming that it means 0x00C6BA10, because…

c# emulation ollydbg

asked Dec 27 '18 at 22:39

JaxPayne

votes

0 answers

Manipulation of eit by calling isDebuggerPresent

Found a nice code snippet (https://github.com/invictus1306/Anti-debugging-techniques/blob/master/anti-debugging.asm) for anti-debugging mechanism in asm. My question is about following snippet: ;IsDebuggerPresent first -…

debugging assembly malware ollydbg malware-detection

asked Nov 29 '18 at 20:40

Schugar

votes

1 answer

ollydbg - how to keep debugged program window open

Any way to keep debugged program window open while stepping the code in ollydbg? The program displays buttons in a loop in a dialog box. But its window stays minimized so I can't observe what effect each command has on visual display. source:…

debugging reverse-engineering ollydbg

asked Nov 28 '18 at 03:34

astandet

votes

1 answer

How to make Immunity Debugger Color Scheme look like OllyDbg Color Schemes?

I want to make Immunity Debugger look like default OllyDbg in Color and Style. Here is how default Olly looks: Here is how default Immunity Debugger looks: Changing anything in the color schemes seems to has no effect. How to make Immunity…

assembly reverse-engineering disassembly ollydbg

asked Nov 20 '18 at 11:49

Michael

32,527
49
210
370

votes

1 answer

Many 'printf' in ollydbg but only one 'printf' in a.exe

Here the concise c code: #include int main() { printf("abcdefg\n"); return 0; } when I open it with ollydbg, and then type E (executable module), right click the a module and select 'view executable file'. it will show the below…

c system ollydbg

asked Sep 29 '18 at 02:16

Courage

votes

1 answer

OllyDbg : 'Label expected' issue

Well, as newbie in reverse engineering, i tried to use 'inline patch' technique to patch the program, then i got stuck on this point : Assemble window keep giving me message 'Label expected', so i edit that instruction to name label, such as…

assembly reverse-engineering ollydbg

asked Sep 14 '18 at 10:36

Hashnut

votes

1 answer

Which technique for locating many similar Base Pointer Adresses (fast)?

I try to catch some Base Pointer Adresses from a Windows Application which I want to Bot (Its not a game, Its an Online Broker). So, I know how to find Base Pointer Adresses, but I do this with Cheatengine (Find Adresses, set Breakpointes, search…

windows pointers assembly memory ollydbg

asked Sep 07 '18 at 19:10

Filthy Frank

votes

1 answer

Why use OllyDbg over standard IDE Debugger?

Recently went for an interview and was asked if I had used OllyDbg before. In fact I have never heard of it, and after looking it up I cant come up with a use case. I am familiar with debugging in general, and used them with various IDE's. Can some…

ollydbg

asked Aug 31 '18 at 08:33

joejoemac

votes

0 answers

OllyDBG source view / C++ DLL

i wrote my DLL in C++, compiled in Releasemode, and i find out, that i can view the complete source, ex. main.cpp etc ( full source code) in ollydbg->view->sourcfiles. what the hell did i wrong? this should not be happen. how to prevent that? thanks…

c++ dll ollydbg

asked Aug 19 '18 at 08:04

rck

votes

1 answer

How do I determine the way an application is terminating using OllyDbg?

I am using 32-bit OllyDbg version 2.01 on a Windows application that appears to be terminating (not crashing due to an exception). Unfortunately, there are a lot of different ways an application can terminate. It can send WM_CLOSE to the main…

windows terminate ollydbg

asked Aug 19 '18 at 03:39

Tyler Durden

11,156
9
64
126

votes

1 answer

How to prevent OllyDbg from interpreting parameters?

How do you prevent OllyDbg from interpreting parameters and showing the registernames + offset instead? Screenshot:

configuration ollydbg

asked May 13 '18 at 11:17

Joe Cer

votes

1 answer

Memory map in Debuggers

I opened an exe file compiled by Nasm in a debugger(x32dbg). In the memory map it shows where the program section .text and section .data starts. How does it know. Here is the code: ;…

assembly memory ollydbg

asked Apr 29 '18 at 05:55

user6630701

votes

1 answer

Why do we use debugger(ollydbg or x64dbg) on Virtual Machine?

Why do people use VM to debug an .exe? as a follow up questions someone told me to absolutely not to patch an exe on my hdd (x64dbg) I could not understand what does it suppose to mean? Where do I patch the exe then?

debugging ollydbg dbg

asked Apr 01 '18 at 18:27

Crows Ravens

Prev 1 2 3

…

18 19 Next