Questions tagged [ollydbg]

OllyDbg is a Ring3, Win32 debugger.

OllyDbg is a Windows 32-bit assembly level debugger and disassembler created by Oleh Yuschuk. OllyDbg operates in Ring3, or userland, rendering it unable to debug device drivers and kernel components.

It supports user created plugins. Currently version 2 is in development by Oleh.

More information can be gotten from the homepage.

276 questions

votes

1 answer

Unknown module in OllyDbg 2.01 "Assemble" command

I'm disassembly a crack-me and I want to replace an empty space with the WINAPI SetDlgItemText() which takes three parameters. I successfully added the three "push" instruction but when I try to assemble call OllyDbg…

assembly disassembly ollydbg

asked Jul 31 '14 at 21:09

incud

votes

0 answers

Sometimes some of my bytes disappear in my exploit. Why?

I try write my own exploit. The idea is simple - overwrite return address to place where is opcode 'jmp esp'. In esp is address of my shellcode. So I have this simple program: #include #include void do_something(char…

python c exploit shellcode ollydbg

asked Jul 07 '14 at 08:50

Mariusz

votes

1 answer

Recognizing passed parameters in a CALL instruction using Ollydbg

The calling convention used in assembly differs depending to the compiler. The Question is: How ollydbg2.01 would help me to recognize the parameters passed from caller to the callee and values returned back to the caller from the callee for a CALL…

ollydbg

asked Jun 26 '14 at 10:31

was.chm

votes

2 answers

Get more detailed comments in OllyDBG

I'm trying to get to know OllyDbg (1.10) a bit, but one specific setting I couldn't find. I saw in a tutorial movie the following: POP ECX ; Test.00627CB But in my version of Olly, I just see the POP ECX. No commenting. I checked all the…

ollydbg

asked May 27 '14 at 19:58

Steven Van Ingelgem

votes

2 answers

Hexadecimal editing with and without ollydbg weird issue

I am very confused with this one. I was trying to do some manually exe patching because I had an idea for a program. so I made a really small file in assembly (5kb) that just basically creates a txt file. I opened it up with ollydbg and added this…

debugging binary hex ollydbg hexdump

asked Apr 21 '14 at 17:32

Darrin Woolit

votes

1 answer

Decompiling x86 PE binary to C?

I'd like to know if there's any way to generate the C code of a x86 PE binary. I don't really need this, I just want to learn how some closed-source software are working. From my common sense, I think the process is: Converting the x86 binary to…

decompiler disassembly ollydbg

asked Jan 25 '10 at 13:29

Alon Gubkin

56,458
54
195
288

votes

1 answer

Conditional Breakpoint, EBP contains string pointer

I need to use a conditional breakpoint to find the location when EBP-44 contains the pointer to a specific string. I tried using ollydbg, but because EBP-44 is mostly 0 (or other unreadable memory) the Run Trace fails with Run trace: invalid…

debugging breakpoints ollydbg conditional-breakpoint

asked Jan 15 '14 at 17:56

JINX

votes

1 answer

error when trying to move the first byte from a string into a register

I'm pretty new at masm and I need to make a pocket calculator. I have done the macros for +, -, /, * and i'm putting my expression in the EBX register. for example: I type "1 + 2 =" and the EBX takes all that string and stores it. I'm trying to…

assembly masm masm32 ollydbg

asked Jan 06 '14 at 20:06

hepifish

votes

1 answer

ollydbg change unicode string bulk method

I want to change many of parts of a unicode string in ollydbg. Is there any plugin or trick that can be used to replace bulky of unicode string at once? For example, if 100 unicode 'test' words exist in the string reference then I want to change all…

reverse-engineering ollydbg

asked Dec 27 '13 at 03:51

user3138338

votes

1 answer

What does Ollydbg termination code 0 and 1 means?

I am debuggin an application. After loading i click f9 then program is getting terminated. Termination code at the bottom-left of ollydbg is showing status 1. I want to know What does Ollydbg termination code 0 and 1 means?

status termination ollydbg

asked Oct 08 '13 at 12:52

Mavenkp

votes

1 answer

Save run trace in OllyDbg 1.10 using ODbgScript

I'm trying to automate Ollydbg 1.10 to run a program in trace over mode and save it to a log file. I'm using ODbgScript plugin to do this. Here is the commands manual. The script skeleton looks like this: coe //continue to run after…

windows automation reverse-engineering ollydbg

asked Jul 21 '13 at 11:16

assafmo

1,047
3
15
32

votes

1 answer

Which version of assembly does OllyDbg disassemble binary to?

So I understand that there are many assemblers such as MASM, FASM, NASM, etc. But which version is the disassembler in OllyDbg and Cheat Engine?

assembly reverse-engineering ollydbg

asked Jul 20 '13 at 04:42

user2601542

votes

1 answer

determine the address of the allocated region in VirtualAlloc?

According to this VirtualAlloc allows the value of address parameter to be null and the "the system determines where to allocate the region." The question is, is there a way to know the allocated address? If yes, how?

windows memory-management memory-address ollydbg virtualalloc

asked Jul 19 '13 at 07:58

srh snl

votes

1 answer

ollydbg entry point changes after run

I have been following a lot of tutorials on how to use ollydbg, but I have a problem that seems to be consistent across different executables. The entry point seems to be "crap", but changes after the initial run. This makes it extremely hard to…

entry-point ollydbg

asked Jul 14 '13 at 13:45

Jano

votes

4 answers

Tips for debugging a made-for-linux application on windows?

I'm trying to find the source of a bug I have found in an open-source application. I have managed to get a build up and running on my Windows machine, but I'm having trouble finding the spot in the disassembly where the issue is. I have tried three…

c visual-studio debugging windbg ollydbg

asked Nov 13 '09 at 04:02

John Gietzen

48,783
32
145
190

Prev 1 2 3

…

18 19 Next