Stack Overflow
Stack Overflow

Questions tagged [ollydbg]

OllyDbg is a Ring3, Win32 debugger.

OllyDbg is a Windows 32-bit assembly level debugger and disassembler created by Oleh Yuschuk. OllyDbg operates in Ring3, or userland, rendering it unable to debug device drivers and kernel components.

It supports user created plugins. Currently version 2 is in development by Oleh.

More information can be gotten from the homepage.

276 questions
4
votes
4 answers

Why are the cpu-registers in OllyDbg not sorted alphabetically?

In OllyDbg the registers window, among other things, lists the standard cpu-registers: EAX ECX EDX EBX Is there a particular reason why EBX is displayed last?
Andrej Mitrović
  • 3,322
  • 3
  • 20
  • 33
4
votes
1 answer

Memory map in IDA Pro similar to OllyDbg

Does IDA Pro have a memory mapping functionality similar to that in OllyDbg? If so, I can't find it. I know there is that skinny bar at the top of the screen showing where you are in the address space and where memory is allocated, but I consider…
Tyler Durden
  • 11,156
  • 9
  • 64
  • 126
4
votes
2 answers

Debugging and Analyzing a Trojan

I'm interested in using something like OllyDbg to examine a program that potentially has Trojan-like characteristics. Does anyone know any good tutorials on how to do this safely? Basically the program is a "bot" for a video game, but I suspect that…
user267275
  • 41
  • 3
4
votes
1 answer

OllyDbg, don't get the option to copy to executable file

Whenever I'm in OllyDbg and successfully finish editing the ASM code to my liking, I try to highlight all the modifications I've made and when I right click....I don't get the option to "Copy to Executable?" - Yet a lot of the tutorials I follow…
Justin
  • 409
  • 2
  • 8
  • 14
4
votes
1 answer

Execute Till User Code doesn't work

I'm trying to use OllyDbg's "Execute Till User Code" feature (which is essential for me) but it never works. I first tried it on a program which called MessageBoxA. When it called it I paused the program in the debugger and issued OllyDbg to execute…
MasterMastic
  • 20,711
  • 12
  • 68
  • 90
4
votes
3 answers

How does a debugger set breakpoints if the image is in read-only memory?

How does a debugger set breakpoints if the image is in read-only memory? I know there are hardware breakpoints, but in the debugger I use (OllyDbg) those have to be set specially using a different dialog than normal breakpoints. Explanation: Here is…
Tyler Durden
  • 11,156
  • 9
  • 64
  • 126
4
votes
2 answers

In OllyDbg how do you force/hint disassembly at a location?

I have some code that OllyDbg is having trouble disassembling. This mostly happens at indirect jumps. For example in the code shown in the image below you can see that the EIP (CPU instruction pointer) is at 401839 which is a valid code address.…
Tyler Durden
  • 11,156
  • 9
  • 64
  • 126
3
votes
4 answers

Modifying a program to fake a button press

I have an MFC application that I was given (without source code) which opens a window with an 'Update' button, which then performs a very long update after being clicked. I'd like to modify the program so that when the window is created (or…
samoz
  • 56,849
  • 55
  • 141
  • 195
3
votes
2 answers

Reverse Engineering, Left Bit shift by seven

I've been trying to reverse engineer a function of a game but I'm kinda confused. I'm pretty new to reverse engineering (I'm using ollydbg btw) so I don't really know about all the tricks and details yet. Anyway here's my problem. This function is…
Maarten van Beek
  • 133
  • 1
  • 8
3
votes
1 answer

How to correctly print address of a variable in memory?

i'm trying to understand how c or c++ structures ar stored in memory. i wrote a small program in c++ and i compiled and ran it into a debugger. i used printf with %p and &variable to print the address but the address printed out and the actual…
jumpindonuts
  • 582
  • 1
  • 6
  • 11
3
votes
1 answer

Ways to find OEP of packed file

I've succeeded in unpacking a file using OllyDbg and fixed the dump with ImportRec, but I still cannot find the OEP. When I load the file with OllyDbg, I first see these instructions (see screenshot "EP" ): CALL unpackme.00401931 MOV EAX,8C603 POP…
ShHolmes
  • 453
  • 3
  • 10
3
votes
5 answers

Copy unicode string to clipboard isn't working

I don't know why this code isn't working properly: #define UNICODE #include #include #include void main(void) { wchar_t* strData = L"CreateWindowExA"; MessageBox(NULL, strData, L"Warning", MB_OK); if…
BPL
  • 9,632
  • 9
  • 59
  • 117
3
votes
4 answers

Using the Ollydbg,anyone tell me what the address of the variable "a" is?

My very simple tested program #include #include int main() { int a = 12345; printf("%d\n", a); system("PAUSE"); return 0; } After compiled and connected,the EXE file is created.Then I open the EXE file in the Ollydbg: The…
freedomwings
  • 85
  • 10
3
votes
2 answers

Cheat Engine vs Ollydbg

What is the difference between both programs besides that one is used for cheating at games and the other is a debugger? I know that Cheat Engine is a memory editor. But what does Ollydbg do exactly; does it only edit .exe files?
stephenson
  • 41
  • 1
  • 5
3
votes
1 answer

Ollydbg Debugging - Pass exception to application / Step into instruction

I'm trying to identify a bug in a program (32bit) which could probably lead to code execution. So far I debugged the application with ollydbg and ran my exploit code. Then ollydbg gives me an exception. If I press "Ctrl+F9" nothing seems to be…
hexxler
  • 31
  • 3
1 2
3
18 19