PDA

View Full Version : How to get around anti-disassembly tricks on Olly?


Sunk
March 19th, 2012, 17:13
I'm reading Practical Malware Analysis where they talk about anti-disassembly tricks and how to get around them in IDA by using the C or D keys to change opcodes to code or data, but what do you do in Olly when you encounter the same tricks?

blabberer
March 20th, 2012, 11:43
c for code and d for data in ida represents a way to make dis assembly a bit more readable
where ida during it analysis marked some code as data and didnt disassemble it but
simply dumped them as bytes you can use C to convert those bytes to Code

ollydbg is a debugger you normally step through in debugger so all bytes are code to debugger

you can remove analysis in ollydbg using right click -> analysis->remove analysis from / module / selection etc

Sunk
March 20th, 2012, 14:08
Thanks for the explanation!