Stack Overflow
Stack Overflow

Questions tagged [ollydbg]

OllyDbg is a Ring3, Win32 debugger.

OllyDbg is a Windows 32-bit assembly level debugger and disassembler created by Oleh Yuschuk. OllyDbg operates in Ring3, or userland, rendering it unable to debug device drivers and kernel components.

It supports user created plugins. Currently version 2 is in development by Oleh.

More information can be gotten from the homepage.

276 questions
6
votes
1 answer

OllyDbg catching/throwing exceptions

Every time I am trying to debug something with OllyDbg 1.10 (on Windows 7 32-bit), it keeps throwing exceptions for no reason. I skip them with Shift + F7/F8/F9, and at the end it throws an exception saying EIP = 00000000. Can someone please tell me…
Abanoub
  • 3,623
  • 16
  • 66
  • 104
6
votes
0 answers

Go to a specific address OllyDbg

I have to go to a specific memory address in OllyDbg, and I can't find anything online (in this forum also). How can I go to a specific address ? So something that prompt me a window, that asks me for the address I want to go, also if this address…
Kiks777
  • 113
  • 1
  • 2
  • 9
6
votes
2 answers

How to change value of EIP in ollydbg?

I double clicked on EIP in register window,but seems un-editable. Why is EIP special?How can I change it?
COMer
  • 5,091
  • 4
  • 22
  • 20
6
votes
1 answer

How to dump memory into raw file in Ollydbg?

I am debugging a process and want to dump a chunk of memory, say from memory address 0x4160d8 to 0x4200d8, into a file. How can I get a raw file that includes just the bytes? I tried to use the OllyDump plugin but it creates an executable file with…
Abundance
  • 1,963
  • 3
  • 24
  • 46
6
votes
4 answers

Ollydbg 1.10 "Back to user mode" doesn't work

I tried to learn "Lena's reversing for newbies", when some trouble arise. I start Pixtopian Book with ollyDbg, then try to have MessageBox with message about uregistered version. Then i switch to OllyDbg, stop program executing and press "Alt+F9"…
murzagurskiy
  • 1,273
  • 1
  • 20
  • 44
6
votes
1 answer

How does debugger know function names?

When I debug any program with debugger (for example OllyDbg), in disassembled assembly code, I can see function names, for example: push 0 call msvcrt.exit How does the debugger know the function names? Where do they come from? In machine code, it…
Smax Smaxović
  • 550
  • 2
  • 7
  • 17
6
votes
3 answers

What does FSTP DWORD PTR DS:[ESI+1224] do?

I am trying to learn more about assembly and disassembly. My goal is to modify the way a specific address is being written using a debugger (olly). Preferably by incrementing it by a number (20, 50, etc..) I can identify the address of the floating…
The Unique Paul Smith
  • 636
  • 2
  • 8
  • 22
5
votes
2 answers

windows process memory layout

So I was playing with Olly debugger, sniffing around what I can yet find out about windows and I pressed that M button and it popped up that memory map window. So I googled up some articles on the subject and I found out I can actually write to…
Pyjong
  • 3,095
  • 4
  • 32
  • 50
5
votes
1 answer

Assembly: Memory address of variables in C Programming

This is my C code C:\Codes>gdb test -q Reading symbols from C:\Codes\test.exe...done. (gdb) list 1,15 1 #include 2 3 int main() 4 { 5 int a = 12345; 6 int b = 0x12345; 7 …
Charlotte Russell
  • 1,355
  • 1
  • 13
  • 16
5
votes
1 answer

How to call a function located in an executable from a loaded DLL?

I have located a function inside an executable which I'd like to call from my DLL. The address of it would be 0x0090DE00 according to OllyDbg. I've tried to call it directly: luaL__openlib *f = ((luaL__openlib*)(module_handle + 0x0090DE00)); but…
Stefan Falk
  • 23,898
  • 50
  • 191
  • 378
5
votes
4 answers

Help deciphering a few lines of assembly

I have found these few lines of assembly in ollydbg: MOV ECX,DWORD PTR DS:[xxxxxxxx] ; xxxxxxxx is an address MOV EDX,DWORD PTR DS:[ECX] MOV EAX,DWORD PTR DS:[EDX+116] CALL EAX Could someone step through and tell me what's happening here?
Iron
  • 153
  • 1
  • 1
  • 4
5
votes
1 answer

Is there a Perl module that can automate ollydbg?

Is there a CPAN module that can automate the famous ollydbg debugger? If yes, could someone provide such module and some tutorials/documentaitons/example about it?
dan
  • 885
  • 2
  • 9
  • 18
5
votes
1 answer

What does EBP+8 in this case in OllyDbg and Assembler mean?

I am just learning Assembler and debugging skills in OllyDbg in order to learn how to use undocumented functions. Now I am having the following problem: I have the following code part (from OllyDbg): MOV EDI,EDI PUSH EBP MOV EBP,ESP MOV EAX, DWORD…
Chuck Bartovski
  • 95
  • 1
  • 2
  • 7
5
votes
2 answers

Editing assembly in WinDbg

I have been trying to solve some "crackmes" (from http://crackmes.de) using WinDbg. Most of the solutions I have looked at involve using Olly Dbg to make modifications to the assembly; is there a way to do this in WinDbg?
Chris Finley
  • 3,901
  • 5
  • 24
  • 32
4
votes
1 answer

How to use Ollydbg with multi-threaded programs?

I have seen here that Olly supports a multi-threaded debugging, but I couldn't find any video or a good tutorial to see how to debug a multi-threaded program. I would like to know how to use Ollydbg and see the stacks and registers of all the…
0x90
  • 39,472
  • 36
  • 165
  • 245
1
2
3
18 19