Questions tagged [ollydbg]

OllyDbg is a Ring3, Win32 debugger.

OllyDbg is a Windows 32-bit assembly level debugger and disassembler created by Oleh Yuschuk. OllyDbg operates in Ring3, or userland, rendering it unable to debug device drivers and kernel components.

It supports user created plugins. Currently version 2 is in development by Oleh.

More information can be gotten from the homepage.

276 questions

votes

1 answer

How do I de-reference a PTR in assembly?

I'm running into some issues with a piece of software I'm trying to debug for a friend.. Long story short I need to know how to get the address of a function out of a pointer... So for example if I have... MOV ECX, DWORD PTR DS : [82738119] Then I…

assembly ollydbg

asked Aug 03 '16 at 12:03

Ricky

votes

2 answers

How can I watch the complete disassembly code when open PE binary in ollydbg?

I opened cstrike.exe(for game Counter Strike) with ollydbg, but the disassembly code isn't complete,it starts at 01401000 and stops at 0140BFFF(I mean it should at least start from 00000000 to be complete, and I can't say for sure whether 0140BFFF…

portable-executable ollydbg

asked Sep 21 '10 at 05:48

COMer

5,091
4
22
20

votes

2 answers

About reverse with ollydbg

When I debug an EXE in it,will first stop on a specific line,how does OD know where to initially stop? And the disassembly code is pretty short, is it true that OD only displays stuff within a single memory page? If true,how can I make it show all…

reverse-engineering ollydbg

asked Sep 18 '10 at 17:27

Alan

5,029
5
32
37

votes

1 answer

Debugging - CreateProcess under a debugger

I'm trying to attach a debugger (Ollydbg v1) to a child process created by CreateProcess within another process which is being debugged and I get the following error: "Process is already in debug mode". My question is why can't I attach a debugger…

c windows debugging reverse-engineering ollydbg

asked May 02 '16 at 08:18

Lauren Ottawa

votes

1 answer

OllyDBG: WS32_32.send is not in a function?

What does it mean? Did I do something wrong? I'm attached to a game in it's "adobe air" module. I'm going by his tutorial, by the way:…

send ollydbg

asked Mar 12 '16 at 20:03

Naltamer14

votes

2 answers

TEST ECX, 3 isn't testing the value pointed to by ECX

I have this: TEST ECX, 3 ECX contains the address memory which contains the character 'a'. But, after the test, ZF is set to 1! How is this possible? Here are the screenshots before and after the instruction.

testing assembly x86 ollydbg

asked Nov 11 '15 at 14:54

Duke Nukem

votes

2 answers

Is there a possibility to change other's application code in Visual Basic?

I have just reversed a crackme in OllyDbg, and I was wondering if I can modify its code with application written in VB.NET. For example, to change JNZ (on specified address) for JMP. EDIT: I see there is a misconception. I was talking about creating…

vb.net reverse-engineering ollydbg

asked Oct 11 '15 at 13:06

blondkarol

votes

1 answer

Is it possible to view strings in Memory using IDA just like I can in OllyDbg?

I have wrote a simple registration program that requires a Name and License Key in order to get to the success message. The coded solution simply expects both fields to be case sensitive, the Name field must be Admin and the License Key must be…

reverse-engineering ida ollydbg

asked Sep 14 '15 at 22:53

Craig

1,874
13
41

votes

1 answer

Patching executable to avoid crashing

I have got a minigame.exe which crashes at some point inside the game. It does not show any error message and it just says Not Responding. I am using Win 7. I want to identify the crashing point and try to fix the games problem. I think the problem…

dll crash patch crash-reports ollydbg

asked Aug 23 '15 at 09:23

FreeMind

votes

1 answer

olly debugger cannot find referenced text

I created a very simple c++ console application which compare user entered password with hard-corded one and print corresponding output. #include "stdafx.h" #include #include using namespace std; int _tmain(int argc, _TCHAR*…

c++ reverse-engineering ollydbg

asked Jul 01 '15 at 16:34

Madhawa Priyashantha

9,633
7
33
60

votes

1 answer

OllyDBG not working properly

I'm having problems with OLLYDBG in Win8.1. For example, I'm using a simple VB 6.0 program with a textbox and a command box. When I run it through OLLYDBG in WinXP, it shows all referenced text strings properly, while in Win 8.1 it shows only…

windows vb6 ollydbg

asked Apr 16 '15 at 09:11

saiaku

votes

0 answers

Why certain address shows 00000000

00000583 : A100000000 MOV eax,dword ptr ds:[00000000] 00000588 : 50 PUSH eax 00000589 : 83EC24 SUB esp,24 …

debugging ollydbg

asked Mar 25 '15 at 02:38

ZM Zhao

votes

1 answer

Imprecision of ASM jump instructions observed in debugger

I am making some inline modifications to an application in OllyDbg and am noticing some strange behavior. These are the instructions I wrote, copied directly from the debugger: 2005FE35 4C DEC ESP 2005FE36 77 21 JA SHORT…

assembly x86 reverse-engineering machine-code ollydbg

asked Mar 14 '15 at 14:29

AK-33

votes

1 answer

find out what instructions write to this memory address olly dbg cheat engine

Is there an option in ollydbg to find out what pieces of code write to a memory address ? Just like Cheat Engine shows all the assembly instructions that write to a specific address. "breakpoint --> memory" does not work.

debugging assembly ollydbg cheat-engine

asked Dec 08 '14 at 17:08

Fresco

votes

2 answers

What does MOV EAX,DWORD PTR DS:[ESI+EBP*8] do?

If I do step through the debugger in Ollydbg I see MOV EAX,DWORD PTR DS:[ESI+EBP*8] and register ESI = 0040855C and EBP = 00000000. My problem is I dont know 2 register * 8

debugging assembly ollydbg

asked Nov 26 '14 at 17:14

Michael2014

Prev 1 2 3

…

18 19 Next