I'm currently analyzing a program I wrote in assembly and was thinking about moving some code around in the assembly. I have a procedure which takes one argument, but I'm not sure if it is passed on the stack or a register. When I open my program in IDA Pro, the first line in the procedure is: ThreadID= dword ptr -4 If I hover my cur...
I have an MFC application that I was given (without source code) which opens a window with an 'Update' button, which then performs a very long update after being clicked. I'd like to modify the program so that when the window is created (or somewhere else such as DoModal), a message is sent to the program to make it think that the butto...
I'm trying to find the source of a bug I have found in an open-source application. I have managed to get a build up and running on my Windows machine, but I'm having trouble finding the spot in the disassembly where the issue is. I have tried three different debuggers (WinDbg, OllyDbg, and VisualStudio) and each pretty much gives me th...
Is there a CPAN module that can automate the famous ollydbg debugger? If yes, could someone provide such module and some tutorials/documentaitons/example about it? ...
I need Ollydbg to pause when one of the registers contains a certain string. Any way I could accomplish that? ...
I'd like to know if there's any way to generate the C code of a x86 PE binary. I don't really need this, I just want to learn how some closed-source software are working. From my common sense, I think the process is: Converting the x86 binary to Assembly, which can be done with a disassembler like OllyDbg. Converting this Assembly to ...
I'm interested in using something like OllyDbg to examine a program that potentially has Trojan-like characteristics. Does anyone know any good tutorials on how to do this safely? Basically the program is a "bot" for a video game, but I suspect that it has back doors and/or will upload information it gathers (such as passwords) to a re...
The following code int _main() {return 0;} Compiled using the command: gcc -s -nostdlib -nostartfiles 01-simple.c -o01-simple.exe gcc version 4.4.1 (TDM-1 mingw32) OllyDbg produced this output: Can you explain what happens here? Analysis so far: // these two seems to be an idiom: PUSH EBP // places EBP on stack MOV EBP...
I have found these few lines of assembly in ollydbg: MOV ECX,DWORD PTR DS:[xxxxxxxx] ; xxxxxxxx is an address MOV EDX,DWORD PTR DS:[ECX] MOV EAX,DWORD PTR DS:[EDX+116] CALL EAX Could someone step through and tell me what's happening here? ...
Hi, I must patch an arm executable in my Pocket PC. I am dissassembling the ARM executable with IDA Pro. But I can not edit binary. As you know Ollydbg let us to edit binary / add assembly code (Right Click->Assemble) But it doesnt support ARM. So I dissassembly it with IDA Pro. But in IDA , I can not add my assembly code into my ARM E...
Hi there, I'm using Ollydbg to disasemble a program. What I need to do is inject code into the program and save an EDX value at a certain point. I'm guessing the easiest way would be for me to create a dll with a single function like so... function WriteEAXValue(EAX: PChar): LongBool and then inject code into the program so it calls t...
Is there a option I can choose how to launch the DLL(like when debugging a dll project in visual studio)? As it seems to me when I drop the DLL into OD,the only option I have is to launch it by LOADDLL.EXE, is that the whole story? ...
When I debug an EXE in it,will first stop on a specific line,how does OD know where to initially stop? And the disassembly code is pretty short, is it true that OD only displays stuff within a single memory page? If true,how can I make it show all stuff? ...
I opened cstrike.exe(for game Counter Strike) with ollydbg, but the disassembly code isn't complete,it starts at 01401000 and stops at 0140BFFF(I mean it should at least start from 00000000 to be complete, and I can't say for sure whether 0140BFFF is the exact end or just a stripped part) 01401000 . E8 05000000 CALL cstrike.0140100...
When I double click on the hex dump or disassembly column, both can achieve the goal of setting a breakpoint, so what's the difference? ...
I want to break on where Executable Module X is called, but I've no idea which function is actually called. Is it possible to set this kind of matching-all breakpoint? ...
When I try to open a PE executable , it's automatically run. How can I just open it statically without running it? I just want to see the binary file in hex format. ...
It seems only 1 memory breakpoint can be set, and it seems doesn't matter at which line the memory breakpoint is set,very weird,anyone can explain? ...
What does this mean in the 2nd column? == | | | | == ...
What does Z 1 DS 0023 32bit 0(FFFFFFFF) mean? ...