how does olly pass exceptions to debugee? [Archive]

View Full Version : how does olly pass exceptions to debugee?

pillii

07-22-2005, 11:35 AM

hello,
i wonder how exactly olly passes exceptions to the debugee. in the exceptions option window when i check every option and also ignore the exception range from 0 to ffffffff olly sometimes tells me 'dont know how to bypass exception'.
this is not what i expected.
another thing is that i get evil bluescreens when debugging certain exes, every other debugger i tried didnt give me bluescreens when exceptions have been raised.

pillii

Ricardo Narvaja

07-22-2005, 06:58 PM

OLLY have a bug in ILLEGAL EXECPTION, hwne you pass tell you don´t know how bypass exception, i repair this bug debuggin OLLYDBG with other OLLY, search the strings of the message and you can repir this bug easily, only changing one conditional JUMP.

Olly is a RING3 debugger and cannot produce any blue screen , the program you are debugging, detect is being debugged and intentionally produce this blue screen.

Ricardo Narvaja

gabri3l

07-22-2005, 08:11 PM

Ricardo, you just saved me a whole ton of Shift+F9's. I didn't know it was a bug that could be fixed, You are my hero.

pillii

07-24-2005, 12:15 AM

thank you for your answer.
i followed your instructions and now i dont get the annoying message box.
i also figured out why olly makes those certain exes give me a bluescreen.
its because olly calls continuedebugevent api with dwContinueStatus=DBG_CONTINUE, this is not what i expect from olly when i tell olly in the options menu to not handle any exception. i changed the parameter dwContinueStatus to DBG_EXCEPTION_NOT_HANDLED and now everything works just fine.
i wonder if there is a plugin out there doing this automatically. if not i will try to write such a plugin, because i think this feature is a must for a good debugger.
btw, why does olly call continuedebugevent with wContinueStatus=DBG_CONTINUE when i tell olly to pass every exception to the debugee??
tia
pillii

omega_red

04-13-2007, 05:45 AM

Jump to patch in Olly to prevent buggy pauses is

Code:

0043979D   68 203A4E00      PUSH OLLYDBG.004E3A20

004397A2   E8 A5160500      CALL OLLYDBG.0048AE4C

004397A7   59               POP ECX

004397A8   33D2             XOR EDX,EDX

004397AA   8B4D B0          MOV ECX,DWORD PTR SS:[EBP-50]

004397AD   8915 5C8D4D00    MOV DWORD PTR DS:[4D8D5C],EDX

004397B3   890D 5C5A4D00    MOV DWORD PTR DS:[4D5A5C],ECX

004397B9   833D 14574D00 01 CMP DWORD PTR DS:[4D5714],1

004397C0   75 42            JNZ SHORT OLLYDBG.00439804 ; <== change to JMP

004397C2   833D 70574D00 00 CMP DWORD PTR DS:[4D5770],0

004397C9   75 39            JNZ SHORT OLLYDBG.00439804

004397CB   833D D8364D00 02 CMP DWORD PTR DS:[4D36D8],2

004397D2   74 0C            JE SHORT OLLYDBG.004397E0

004397D4   813D 2C574D00 00>CMP DWORD PTR DS:[4D572C],80000000

004397DE   73 24            JNB SHORT OLLYDBG.00439804

004397E0   833D 8C574D00 00 CMP DWORD PTR DS:[4D578C],0

004397E7   75 11            JNZ SHORT OLLYDBG.004397FA

004397E9   8D86 A5310000    LEA EAX,DWORD PTR DS:[ESI+31A5]

004397EF   50               PUSH EAX

004397F0   6A 00            PUSH 0

004397F2   E8 397EFFFF      CALL OLLYDBG._Message

Change it to JMP and no more annoying breaks. I've run into this issue yesterday and thought that may as well post it for the lazy ones

naides

04-13-2007, 06:20 AM

Thank you, in the name of the lazy ones