Stack Overflow
Stack Overflow

Questions tagged [ollydbg]

OllyDbg is a Ring3, Win32 debugger.

OllyDbg is a Windows 32-bit assembly level debugger and disassembler created by Oleh Yuschuk. OllyDbg operates in Ring3, or userland, rendering it unable to debug device drivers and kernel components.

It supports user created plugins. Currently version 2 is in development by Oleh.

More information can be gotten from the homepage.

276 questions
0
votes
1 answer

ollydbg Plugins

I was going through lena's tutorial and now I gotta use some plugin, but it doesn't seem to work, (Lena's 2nd tutorial), I created a "plugins" folder and copied the files to that directory, but it's still not working, I was searching in google for…
idish
  • 3,190
  • 12
  • 53
  • 85
-1
votes
1 answer

Save memory dump edit into an exe file in OllyDbg

I am editing the client of my game server at Ollydbg. The problem is that i don't know how to save it into a new .exe file. I open my game and then open Ollydbg and attach the game process to it. I press ctrl+M and find the string that i want to…
Thomas Zimmermann
  • 1
  • 1
-1
votes
1 answer

How to replace a store of EAX with a store of an immediate constant?

From my previous question, I asked how to change the nation code to what I needed it to be. I explored in the disassembly more and I found out exactly where I needed this change to be. In other files, the code seems to be: mov ds:dword_73A9C8, 1…
smo Monkeyy-3
  • 1
-1
votes
1 answer

How to create a breakpoint using ollydbg for a winApi function call, e.g. a breakpoint for a GetDigiItemA function call?

Ollydbg v.1 or v.2 I mean the types of breakpoints that could be set up in SoftIce during the program execution, e.g. getDigiItem, setDigiItemA.
Inum
  • 53
  • 1
  • 7
-1
votes
2 answers

How to find address in games using Ollydbg

I'm trying to find the memory address of XYZ so that I can use it on CE to create Teleport script I have found the movement function "movementX" and "movementY" by using Ollydbg I would guess that I could use Ollydbg somehow to find this function or…
Dhia Ben Mansour
  • 1
  • 2
-1
votes
1 answer

How to Decompile an unknown packed .exe

I'm new to decompiling, so I'm sorry if I sound like an idiot. Using Process Explorer I found out that the .exe I want to decompile is packed, and via PEiD it says "Nothing found *" . Due to it being packed, I am clueless on how to proceed. Any…
Denis
  • 31
  • 1
  • 7
-1
votes
1 answer

I have a managed assembly and need to debug it but can't

I have an .exe which is a portable program. It is assembled with Microsoft Visual C# / Basic .NET I managed to find out that in order OllyDBG to be able to open it, it should be running and also JIT compiler producing some code. I am a beginner and…
Mango Polo
  • 1
  • 3
-1
votes
1 answer

DeviceIoControl() returned data meaning

I've been reversing an exemplary application given in class & I'm facing a problem trying to find out what the DeviceIoControl() function is returning in the Output Buffer & since DeviceIoControl() is often used after calling CreateFile(), i have to…
afr0ck
  • 65
  • 6
-1
votes
1 answer

Ollydbg not showing any code of a windows application

i want to disassemble a windows application which is written in microsoft visual c++. When i open it in Ollydbg 110 than it is showing that application is running but there is no code shown there. I don't understand what is the problem with the…
yash
  • 812
  • 3
  • 12
  • 37
-1
votes
1 answer

is there a relation between wParam and address id of memory?

I'm using windows 7 and ollydbg to edit the game client. I'm trying to disable a button on a game client. i have found wParam id of WM_COMMAND but i don't know what is the relation between wParam id and address id of memory or how to find the…
user3725506
  • 155
  • 1
  • 1
  • 7
-1
votes
2 answers

Is it possible to change the entry point of a process from a DLL?

The default entry point for most application processes is usually 0x401000. Is there any way we could shift or change the entry point of a process? For example, if I wanted to change the entry point to 0x901000 externally using a DLL (assuming that…
Wei Chen
  • 35
  • 5
-1
votes
2 answers

how to get a programs current function?

is it possible in assembly using the ollydbg debugger program to find a programs current function thats it's executing? the reason for this is because my application that i've created is running at 70 % computer usage during a specific time and i…
theTime3
  • 19
  • 4
-2
votes
3 answers

Assembly & Symbol of exe file from visual studio were gone after build for debug purposes

I am learning about reverse engineering on windows. I was following Reverse Engineering and Function Calling by Address. I did not download those source demo. I just write down a little c++ console and debug it my self with Ollydbg or xdbg64. Just…
Dzulfikar Adib
  • 116
  • 1
  • 7
-2
votes
1 answer

Its possible to change the hex code on dump?

So, I have one .exe file and every time I dump it on ollydbg, it returns the same hex code. And I do a lot of modifications in the source, but the hex values is still the same! Is there a way to change this?
Lucas Dias
  • 116
  • 3
  • 9
-3
votes
1 answer

How to replace IP address with another one?

How to replace IP address with another one ? without adding a new lines
jmp
  • 2,456
  • 3
  • 30
  • 47
1 2 3
18
19