Questions tagged [ollydbg]

OllyDbg is a Ring3, Win32 debugger.

OllyDbg is a Windows 32-bit assembly level debugger and disassembler created by Oleh Yuschuk. OllyDbg operates in Ring3, or userland, rendering it unable to debug device drivers and kernel components.

It supports user created plugins. Currently version 2 is in development by Oleh.

More information can be gotten from the homepage.

276 questions

votes

3 answers

Can't find “referenced string” in OllyDBG

So I am trying to reverse a program and crack it but I am not able to find any of the Strings through searching for "referenced Strings" or "binary Strings", I am new to OllyDBG and I don't know a lot about it, which is why this is driving me crazy.…

string reverse-engineering ollydbg

asked Dec 12 '15 at 12:00

njoye

votes

1 answer

How to view the value located in the DS segment via OllyDbg

I'm debugging one DLL via OllyDbg and found the following command: LEA ECX,DWORD PTR DS:[ECX+EDX+8771F681] ECX is 90C85FFF and EDX is 13F5A9CE, so the final address is 0x90C85FFF + 0x13F5A9CE + 0x8771F681 = 0x12C30004E. Unfortunately, I don't know…

assembly x86 reverse-engineering ollydbg

asked Apr 29 '15 at 15:20

FrozenHeart

19,844
33
126
242

votes

3 answers

Explanation of the disassembly of the simplest program (x86)

The following code int _main() {return 0;} Compiled using the command: gcc -s -nostdlib -nostartfiles 01-simple.c -o01-simple.exe gcc version 4.4.1 (TDM-1 mingw32) OllyDbg produced this output: Can you explain what happens here? Analysis so…

c assembly x86 ollydbg

asked May 25 '10 at 00:14

George

votes

1 answer

How can I change this assembly code to mod this video game?

This is perhaps an unusual question, but I will appreciate any help. First of all, I am not a programmer and never studied programming, but I have some amateur knowledge of Visual Basic and Java. I have been trying to mod an old video game called…

assembly 3d ollydbg

asked Apr 17 '14 at 10:29

Hani

votes

2 answers

Equivalent of GDB's "call" in Ollydbg (or other Windows debugger)

In GDB, I can call a function that is part of the executable I am debugging by issuing a command like call foo("123"). How do I do the same in OllyDbg (or possibly some other primarily Windows debugger)?

windows debugging windbg ollydbg

asked Nov 07 '12 at 12:49

mikeazo

votes

2 answers

Will arguments to a function be passed on the stack or in a register?

I'm currently analyzing a program I wrote in assembly and was thinking about moving some code around in the assembly. I have a procedure which takes one argument, but I'm not sure if it is passed on the stack or a register. When I open my program in…

reverse-engineering ollydbg ida

asked Jun 10 '09 at 16:05

samoz

56,849
55
141
195

votes

3 answers

What happens if I delete the Relocation table address from PE Header?

I'm analyzing some cracks, and one of them changed the Relocation Table address and size to 0. What the cracker was trying to achieve with this? To provide more information, the objective of the crack is load another DLL, changing the name of a…

windows exe portable-executable ollydbg

asked Dec 17 '11 at 13:20

Filipe Carvalho

votes

3 answers

Is It Possible To Modify an EXE to require run as admin?

I need to modify an EXE that my client no longer has access to the source code, he wants the EXE to automatically Run as Administrator when launching (or at least automatically ask it to run). Is it possible to modify a compiled EXE to require/ask…

exe ollydbg hex-editors

asked Jan 23 '20 at 14:52

Rick

votes

1 answer

OllyDbg can't debug visual studio exe

I've just created a new vc++ exe with this simple code: #include #include #include int ExceptionHandler(void); int main(int argc,char *argv[]){ char temp[512]; printf("Application launched"); try { throw…

c++ debugging assembly ollydbg seh

asked Apr 25 '11 at 14:32

Marco A.

43,032
26
132
246

votes

3 answers

Locating OEPs in Packed EXE Files

Are there any general rules on how to realiably locate OEPs (Original Entry Points) for packed .exe files, please? What OEP clues are there to search for in debugged assembly language? Say there is a Windows .exe file packed with PC-Guard 5.06.0400…

debugging assembly reverse-engineering ollydbg

asked Mar 21 '11 at 16:53

Bunkai.Satori

4,698
13
49
77

votes

1 answer

How to attach OllyDbg to hidden process?

I am trying to reverse engineer a program that requires a serial key to run. The problem is that when i want to attach OllyDbg to the program, the process is basically not coming up. When i opened task manager to try and find the process, i could…

process reverse-engineering hidden ollydbg

asked Jan 06 '18 at 23:11

Lukas Knudsen

votes

0 answers

Is SEH un-debuggable?

I'm using OllyDBG to debug a SEH overflow program, on Windows XP SP3 (32 bit) During tests I can overflow both nSEH and SE handler value, as shown in the figure above. Now the problem is OllyDBG doesn't actually "capture" the exception, the program…

windbg ollydbg

asked Jul 30 '17 at 08:48

daisy

22,498
29
129
265

votes

1 answer

How to set a conditional break point when a instruction is dealing with an address on a specific range?

I am doing some exploiting exercises, and I see my current exe is storing information in a specific address range. Apparently the information stored seems to be encoded, so I need to debug the procedure that stores that information. As the exe…

assembly exploit ollydbg

asked Jun 11 '17 at 18:54

user8115488

votes

2 answers

How to find OEP when the address of entry point is zero in PE header?

I want to analyze a file in OllyDbg, however, the "address of entry point" in this file is 0x0000. So it will run the MZ signature as beginning part of the ASM code. Most debuggers are also unable to debug it directly. How could I find the original…

portable-executable ollydbg

asked Jan 16 '17 at 23:30

Likak

votes

2 answers

What does the quote mean in ollydbg?

What does this mean in the 2nd column? == | | | | ==

ollydbg

asked Sep 29 '10 at 04:54

wamp

5,789
17
52
82

Prev 1 2 3

…

18 19 Next