Beta
08-05-2005, 01:28 PM
I have no idea how olly could be improved after this.It's stable(usually) .Does any body out there know anything about 2.0?
View Full Version : What will olly 2.0 improve on?
ssb
08-06-2005, 05:31 AM
I'm afraid that nobody, except Oleh, really knows anything about 2.0. Sometimes I doubt it will ever release 
Ricardo Narvaja
08-06-2005, 05:03 PM
RING0 maybe?
Ricardo Narvaja
Ricardo Narvaja
1bitshort
08-07-2005, 01:15 AM
i didnt think he could add or improve much on it either, but he is taking a long time so maybe he is adding a lot of new stuff or something like ring0 support
Ricardo Narvaja
08-07-2005, 10:16 AM
if he in the page request for originals of all SO i think is for RING0 support, for RING3 is not necesary have all SO originals
Ricardo Narvaja
Ricardo Narvaja
1bitshort
08-08-2005, 05:19 AM
It would be quite a party trick
Beta
08-12-2005, 04:47 AM
What is ring0 may i ask?
1bitshort
08-12-2005, 10:50 AM
No, you may not. Go back to jail. Do not pass go. Do not collect $200. 
If you(/anyone) dont know the difference between ring 3 to ring 0 you should do a little bit more reading before burying your head in debuggers, it will save you a lot of confusion - fundamentals are fundamental for a reason.
To cut to the chase, in the Windows operating systems ring 0 is essentially "kernel mode" whereas ring 3 is "user mode", a less-privileged level. Windows only uses these two rings. Any program you write will be a ring 3/usermode program, but if you want to go to ring0/kernel mode you basically need to write a kernel driver (.vxd for win9x/.sys for nt/2k/xp/vista), unless you use a ring3->ring0 trick.
If you(/anyone) dont know the difference between ring 3 to ring 0 you should do a little bit more reading before burying your head in debuggers, it will save you a lot of confusion - fundamentals are fundamental for a reason.
To cut to the chase, in the Windows operating systems ring 0 is essentially "kernel mode" whereas ring 3 is "user mode", a less-privileged level. Windows only uses these two rings. Any program you write will be a ring 3/usermode program, but if you want to go to ring0/kernel mode you basically need to write a kernel driver (.vxd for win9x/.sys for nt/2k/xp/vista), unless you use a ring3->ring0 trick.
mr haggar
08-12-2005, 02:40 PM
Maybe it will fix bugs related to exceptions and tracing what I read in couple tutorials:
What did I learn from reversing this beast?
c) Few Olly bugs (incorrect processing of lock int3, lock int1,
ds:int3, etc.)
d) Olly trace feature is buggy. Really buggy.
From kao solution for execryptor on crackmes.de.
What did I learn from reversing this beast?
c) Few Olly bugs (incorrect processing of lock int3, lock int1,
ds:int3, etc.)
d) Olly trace feature is buggy. Really buggy.
From kao solution for execryptor on crackmes.de.
mr haggar
08-12-2005, 02:41 PM
PS
Plus, OllyDbg cannot handle TLS calls so debugger can be descovered before target is loaded.
Plus, OllyDbg cannot handle TLS calls so debugger can be descovered before target is loaded.
Ricardo Narvaja
08-12-2005, 11:22 PM
If you know how use olly is easy solve this
1)change the mark in debuggin options - events to stop in SYSTEM BREAKPOINT, next when stop in system breakpoint put a MEMORY BREAKPOINT ON ACCESS in the seccion of start and you stop in the TLS.
Or when you stop in the breakpoint look in peeditor in directories and look in TLS the value and FOLLOW IN DUMP this value and look for the content, and put a BPX in this adress and you start in the TLS too
Ricardo Narvaja
Olly trace is perfect i have no problems at all, the only bug is in ILLEGAL EXCEPTION and is easy repared only changing a byte in OLLY, if you know how use the trace option there are no problem at all and there are no bugs at all.
INT3 have no problema at all is perfect handled
lock INT3, LOCK INT1 are illegal exceptions and are the same case only changing a jmp is solved.
Ricardo Narvaja
1)change the mark in debuggin options - events to stop in SYSTEM BREAKPOINT, next when stop in system breakpoint put a MEMORY BREAKPOINT ON ACCESS in the seccion of start and you stop in the TLS.
Or when you stop in the breakpoint look in peeditor in directories and look in TLS the value and FOLLOW IN DUMP this value and look for the content, and put a BPX in this adress and you start in the TLS too
Ricardo Narvaja
Olly trace is perfect i have no problems at all, the only bug is in ILLEGAL EXCEPTION and is easy repared only changing a byte in OLLY, if you know how use the trace option there are no problem at all and there are no bugs at all.
INT3 have no problema at all is perfect handled
lock INT3, LOCK INT1 are illegal exceptions and are the same case only changing a jmp is solved.
Ricardo Narvaja
mr haggar
08-13-2005, 03:49 AM
Gonna try that trick with TLS. Thanks.
blabberer
08-13-2005, 08:00 AM
hehe haggar olly can handle tls callbacks too
may be you should take a look at NtGlobalFlag plugin
its available for download where you posted your recent pespin tut
may be you should take a look at NtGlobalFlag plugin
its available for download where you posted your recent pespin tut
vBulletin® v3.7.4, Copyright ©2000-2008, Jelsoft Enterprises Ltd.