Reverse Engineering Stack Exchange
Reverse Engineering Stack Exchange

Questions tagged [ollydbg]

A very popular Windows 32bits debugger written by Oleh Yuschuk. It is free and lightweight and yet powerful and extendable through plugins.

OllyDbg is a Windows 32bits debugger written by Oleh Yuschuk. This debugger is very popular in the hacker community. It is free and lightweight and yet powerful with more than 200 plugins available for it.

438 questions
24
votes
3 answers

Advantages of OllyDbg 1 over OllyDbg 2

I see that most RE tutorials around the web that give RE examples use OllyDbg 1, even if the tutorial was written after the release of OllyDbg 2. Is there any particular reason for that? Is version 2 too buggy, or were some of the features dropped?
Mellowcandle
  • 4,795
  • 6
  • 34
  • 47
8
votes
1 answer

Issue opening executable module in OllyDBG

I am running windows 8.1 and OllyDBG 2.0. When I attach to a process and view the executable modules, I want to open one. However, when I double click on one of the modules, it won't open in the main OllyDBG window, which it should. Has anyone else…
Chris Altig
  • 181
  • 1
  • 3
8
votes
3 answers

Find a string that I entered in ollydbg

Say, there's an input box and I enter a text. Can I somehow find the location that text is entered?
aclowkay
  • 413
  • 2
  • 4
  • 7
7
votes
2 answers

How to set a breakpoint at the specific location on the stack in OllyDbg

Is there any way to set a breakpoint at the specific location on the stack in OllyDbg? I have some value (argument of the function) on the stack and I want to break on every memory access at this location. Thanks in advance.
FrozenHeart
  • 193
  • 1
  • 1
  • 5
6
votes
1 answer

Ollydbg 2: Breaking after attaching to a suspended process

When analyzing malware, I come across packers that inject the actual malware code into a newly spawned process and execute it that way. For that, they create a process in suspended state, inject the code and resume it using ntdll.NtResumeThread on…
j0ker
  • 163
  • 1
  • 5
6
votes
3 answers

Break points in OllyDBG

I'm trying to set breakpoints in OllyDBG, I found the address that I wish to break on and I've hit F2 in order to set the breakpoint. However, when the program runs the code, it doesn't break. I'm not very familiar with OllyDBG and don't know how it…
user1960364
  • 181
  • 1
  • 4
6
votes
1 answer

How to distinguish different compiler codes in ASM?

While reversing an executable with olly, theres compiler code and user code. So how do i recognise the compiler codes ? Lets say if the executable is visual basic, it has a jmp and a call in the first 2 instructions and the winmain comes later.
Lian
  • 61
  • 1
5
votes
1 answer

Finding a certain function in game(TS4)

I am trying to find a function that places a furniture on the ground when I buy it and click the spot. This is the way I am trying to do solve it at the moment. Find the address of money with cheat engine See which areas write to this…
Samuli Lehtonen
  • 151
  • 4
5
votes
1 answer

Ollydbg 'Copy all modifications to executable' doesn't copy all modifications

I'm editing executables on a(n) (almost) daily bases in Ollydbg and it is very annoying that the 'Copy all modifications to executable' doesn't work properly. All the code I edit in the .text section is copied to the new executable, but all the…
Dennis van den Berg
  • 193
  • 1
  • 5
5
votes
2 answers

How to obtain decrypted virus body of Bolzano virus using Ollydbg 1.10 debugging on windows OS

I installed windows NT 4.0 service pack 6 on vmware player. Then I added Ollydbg 2 from vmware shared folder into windows NT. I extracted ollydbg zip and run ollydbg.exe. I am getting this error : PSAPI.DLL is not found. This library contains…
user1744108
  • 161
  • 6
5
votes
2 answers

Ollydbg terminated while loading dll

When I try to load a DLL of a game client I get this error: How can I completely load this dll?
Ranastic
  • 51
  • 3
4
votes
1 answer

Suspicious breakpoint message in ollydbg

I want to set a breakpoint and suddenly the following message appears: You want to place breakpoint outside the code section. INT3 breakpoint set on data will not execute and may have disastrous influence on the debugged program. Do you really…
user3097712
  • 1,541
  • 1
  • 25
  • 44
4
votes
2 answers

OllyDebugger How to use Find Sequence of commands with wildcard 32bit registers

Lets say I want to find all the MOV EAX, 1234h MOV WORD PTR[EBP+ADDR], AX But it won't be always EAX or EBP+ADDR How do I wildcard search like MOV ???, 1234h MOV WORD PTR[???+ADDR], ?? I tried MOV ANY, 1234h MOV WORD PTR[ANY+ADDR], ANY MOV ?,…
SSpoke
  • 759
  • 1
  • 7
  • 19
4
votes
3 answers

Cannot call function (properly) in ollydbg

I need some help regarding calls in assembly with Ollydbg. I'm messing around with a simple application. So far, so good, I created a codecave for myself to add some code. But whenever I try to create a call to a function outside my debugged…
Dennis van den Berg
  • 193
  • 1
  • 5
4
votes
1 answer

Searching for strings in ollydbg

I have the following program: int main() { char buff[11] = "helloitbd9"; int x = 4; printf("%d", x); return 0; } I can see the string "helloitbd9" through a hexdump of the binary, in the beginning of the data section. However, what…
Xymistic
  • 111
  • 1
  • 2
  • 7
1
2 3 4 5 6