PDA

View Full Version : DLL crashing Olly -- Having trouble debugging


personmans
March 7th, 2012, 22:25
As the title says, I'm having trouble debugging a target.

The target is written in a C++esque language called xBase++ (http://www.alaska-software.com/)

First, the main EXE was packed(compressed), it's now unpacked and works fine.
Second, there are two dlls that crash olly at 40.8% analysis each. I'm not familiar with an anti-debugger trick that would do that, but I may be missing something.
The two are called:
XPPRT1.DLL
XPPUI1.DLL
I believe them to be a part of xBase and not the target itself.
I have identified (part of) the routine that checks registration using the usual tricks (strings etc), but now I don't know where to go because it becomes very hard to keep track of calls/returns with no analysis.

Any recommendations?

Kayaker
March 7th, 2012, 22:56
I found a demo program written in XBase and Olly had no problem with the initial analysis (upx packed) or those runtime dlls. I suspect it's not a problem with those 2 dlls specifically then, in general, that for some reason Olly can't handle.

Recommendations? Yeah, not to be flippant, but Olly isn't the only debugger around..

personmans
March 7th, 2012, 23:08
Thanks for testing that, can you recommend a different debugger?

I started with SICE, but moved on for obvious reasons. I feel like I've needed to move on from Olly for a while (x64) but I really dislike IDA and couldn't find anything as robust as olly/sice used to be.

Kayaker
March 8th, 2012, 01:08
Well, WinDbg is the one I was thinking of. Not as user-friendly as Olly, but I consider it worthwhile learning since it's also very useful for ring0 debugging and works well for remote debugging with VMWare.

I still use SoftIce mostly under an XP VM, but sometimes force myself to use WinDbg so I don't forget how to use it. Occasionally I'll let the Visual Studio debugger work on my own source code, but it's pretty horrid. IDA debugger - no comment