PDA

View Full Version : ollydbg unable to load the program!

Anonymous
11-25-2002, 06:57 PM
http://tongtian.net/pediy/usr/2/2_1394.rar
sometime load it success but unable to pass the exception.
the notepad is packed with dbpe2.1.1.
TBD
11-25-2002, 10:57 PM
it is protected ? can it be runned normaly ? because on NT it doesnt start at all.
Anonymous
11-25-2002, 11:12 PM
not run at your computer?it's run on my computer but ollydbg not able to pass the exception
or you try this one.(maybe the languge problem)
http://tongtian.net/pediy/usr/2/2_1394_5.rar
TBD
11-26-2002, 12:40 AM
same problem ... it exits doing nothing. it is a virus ?

please login. it takes 3 seconds
Zer0
11-26-2002, 01:59 AM
mm,make me crazy.
you can have a look at the webpage of the packer.
http://dbpe.allite.net. the author is D.boy

must type the name and password every time when post or reply a post?
Zer0
11-26-2002, 02:01 AM
correct the link
http://dbpe.allit.net/
Zer0
11-26-2002, 02:06 AM
http://dbpe.allit.net/down/dbpe210.exe
the download link.
maybe your system is not support chinese(double word)
the second button is pack,sorry for my poor english.
TBD
11-26-2002, 02:07 AM
Zer0: it is cookie based messageboard, so it expires after some time but usualy you dont have to login everytime.
also each post has an Edit link to correct posts.

btw, why it is so big ? 1mb for a packer ?
[EDIT] it doesnt work on NT even the packer. so no luck.
Zer0
11-26-2002, 02:56 AM
i was use win2k,it's runing.
maybe it test the run everment(not run in if it is run in english windows?)
so bad.
but it's really the ollydbg don't pass the exeption.
any advice to avoid it?maybe some anti-debug code make the problem.
my mean is how to pass it mannully.
sorry for my poor english twice.
TBD
11-26-2002, 03:25 AM
Zer0: when an exception occurs press SHIFT+F7 to enter in windows exception handling routine and then breakpoint on the SE handler and take look there.
Zer0
11-26-2002, 05:30 PM
when press shift+f7 it come in the ntdll and raise the exception.
press shift+f9 ollydbg don't pass the exception.
TBD
11-27-2002, 12:24 AM
Zer0: you must not shift+f9, you must go into the exception handler and watch for the return value, if must return 0 for the program to continue.

check Comrade's SEH example (http://comrade.ownz.com/work/seh.zip) and try first to debug this example.
blabberer
01-30-2003, 03:30 AM
dunno very old thread probably useless info still my two cents
there is a call near ecx in ntdll.dll (w2k,ep=77f81000)at 77f92536 bookmark it
that calls destination(second time) is always the seh handler as far as i have noticed
Squidge
01-30-2003, 03:54 PM
Why don't you just look in the stack for the exception frame? That'll point you direct to where the program will end up - put breakpoint here and SHIFT+F9 to break in the exception handling routine.

Always done this and it always seems to work.

Saves messing around in the kernel libs.