Questions tagged [ollydbg]

OllyDbg is a Ring3, Win32 debugger.

OllyDbg is a Windows 32-bit assembly level debugger and disassembler created by Oleh Yuschuk. OllyDbg operates in Ring3, or userland, rendering it unable to debug device drivers and kernel components.

It supports user created plugins. Currently version 2 is in development by Oleh.

More information can be gotten from the homepage.

276 questions

votes

1 answer

Why my start address in Ollydbg is different than other people

Why my first start address in Ollydbg is different than other people? (window7 64bit) My Ollydbg start address is 777000000, 77777777, etc. I think this is system address. Other people and other windows(xp,window7 32bit) Ollydbg start address is…

ollydbg dbg

asked Mar 07 '18 at 02:50

Kimgt

votes

2 answers

How to put a HASH bytes in a memory address with OllyDbg

I am using OllyDbg to modify an application but I am quite new in assembly language, I need to place an MD5 hash in a memory address, the destination memory address is stored in EAX. How can I do it? The hash that I need to insert is…

assembly reverse-engineering ollydbg cracking

asked Dec 02 '17 at 23:00

Joseph

votes

1 answer

What APIs are used to write output to command prompt?

Im using OllyDbg to reverse engineer an executable for my lab assignment. My professor has asked a question asking for the APIs responsible for writing output to the command prompt. The DLLS used were ntdll, kernel32, msvcr100

api reverse-engineering ollydbg

asked Nov 10 '17 at 23:40

user8768298

votes

0 answers

binwalk in reversing switch

everyone. I am a green apple in reversing. Recently i wanna reverse a switch but get some problems. i reaaaaaaaaly need your guys help. first i extract the .bin file from the switch and use binwalk to analyse. but it shows nothing. then i rename the…

router bin ida ollydbg reversing

asked Sep 15 '17 at 03:56

chandler

votes

1 answer

Real-time changes on IDE/Assembler

I'm new on this, sorry for bad usage of terms or overextending an explanation. I'm learning code languages and way i found to bring it to my world so i can learn it better, was coding for/with games i play. When a window close on the game a…

ide reverse-engineering disassembly ollydbg cheat-engine

asked Jul 27 '17 at 14:36

Bruno Cerk

votes

1 answer

Stop Ollydbg execution (breakpoint) when entering a specific module?

I have an EXE file in OllyDbg that uses a DLL. I've found an option to stop the EXE execution when the DLL loads, but I would now like to put a breakpoint everytime the execution enters the DLL module. I thought about puttin a breakpoint on every…

breakpoints ollydbg

asked May 12 '17 at 15:11

Xenos

3,351
2
27
50

votes

1 answer

debugging program that is a child of Microsoft Word

I'd like to use Ollydbg2 to debug FLTLDR.EXE, which is spawned when my document is opened in Microsoft Word. I can't run FLTLDR.EXE manually I don't think, it seems to need to be run or hosted by Word. I have ticked the "Debug child processes" in…

debugging ollydbg

asked Apr 25 '17 at 15:44

user7427917

votes

2 answers

Angle brackets in x86 Intel assembly

I'm new to assembly and was reading a guide that presented an example of a pinball function taken from Ollydbg. I was trying to understand what most of the instructions do but the following line has me completely confused: 01017455 |. E8 249D0000 …

assembly x86 intel ollydbg

asked Mar 15 '17 at 20:09

Phil O'kelly

votes

0 answers

How to find out programs communicate?

I will try to explain with example; #include #include using namespace std; int main(){ HWND hwndCalc; hwndCalc = FindWindow(NULL, "Calculator"); if(!hwndCalc) …

bots ollydbg

asked Jan 20 '17 at 09:15

Zeki Kral

votes

1 answer

How can i see a dll file functions in ollydbg?

I have function names and addresses of a dll file. I want to see a function behavior. How can I use this information in ollydbg?

ollydbg

asked Jan 17 '17 at 20:03

iceman_bu

votes

1 answer

(reversing)return to specified location in c , assembly

I want to modify below c code and assembly code to pop up only one message box. The 'failed' message box pops up and then the 'success' message box pops up next now but I want to know the way of only the 'success' message box pops up after "Func"…

c assembly return reverse-engineering ollydbg

asked Jan 13 '17 at 06:44

user3503072

votes

1 answer

Can I watch what accesses a particular address?

With Cheat Engine it is possible to watch a particular address and keep track of what has accessed a particular memory address. I was wondering if this can be done too with OllyDbg or IDA. I could not find anything that would do that.

ida ollydbg

asked Dec 03 '16 at 21:13

Stefan Falk

23,898
50
191
378

votes

1 answer

Cant save my own vs2015 c++ exe with ollydbg

The save option is not visible when i open my own executables from visual studio 2015 with ollydbg.They are console programs written in c++.Is this normal?

visual-studio-2015 ollydbg

asked Aug 23 '16 at 14:10

Chukk

votes

1 answer

I don't understand how can this be valid address

I don't really see where 0055AE9C is located. I thought Ollydbg would indicate the value in that location as "???" since there is no such address. Or is there?

debugging assembly x86 ollydbg

asked Aug 15 '16 at 08:08

James Park

votes

1 answer

Ollydbg watch/conditional breakpoint expression for Flag registers?

So I have been reversing a piece of malware recently and figured I could use a conditional breakpoint that would break whenever the zero flag was set for a specific jz command. I read the documentation on the web and in the help file that olly…

reverse-engineering ollydbg

asked Aug 10 '16 at 00:22

John

Prev 1 2 3

…

18 19 Next