Results 1 to 11 of 11

Thread: reocurring breakpoints

  1. #1

    reocurring breakpoints

    this application when runs under olly always breaks on some addresses "break on access when writing to [xxxxxx]" but I did not set any breakpoints

    probably olly somehow misinterpretes some bytes of the application as breakpoints, It would not bother if it happend once or twice , it happens over 100x times

    deleteting each one by bc [xxxxx] is tedious and out of question

    what can I do?

  2. #2
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,456
    Blog Entries
    15
    have you checked debug -> hardware break points
    are you sure you dont have an entry listed there

    hardware bps set are persistent across sessions

    when you break on one try following it debug harware bps and if you see an entry delete it you dont like it hanging there

    they are not listed in breakpoints window

    also one more option to look at is to see if
    options -> debugging options --> exceptions --> ignore memory access in kernel32 is checked -> it is checked on by default
    but if you had unchecked it sometimes

    then you might get those breaks especially when the exe is doing IsValid kind of Api (IsBadCodePointer , Is BadBlah , Is Bad whatever)

    ollydbg uses those apis mostly in its IsSuspicious() wrapper

  3. #3
    hmmm, application contains flash data (swf), when I stripped these , it does not break but exe does not work properly

    maybe it's form of protection

    seems I'll have to live with it

  4. #4
    Registered User
    Join Date
    Jul 2007
    Posts
    107
    Blog Entries
    6
    If all else fails, try deleting the .udd corresponding to the file to start with a fresh new blank project.

    Do you mean its a flash game or flash video embedded in an exe?
    Without sending the file, what informations can you gather about it?
    Any mention of the software it was made with?

    TiGa
    Programming today is a race between software engineers to build bigger and better idiot-proof programs and the Universe trying to produce bigger and better idiots.
    So far, the Universe is winning.

  5. #5
    it has nothing to do with udd or hw bps(no hw bps are set and I never set them in this app) , I remember running it for the first time in olly with these problems, also tested it with modified olly version

    yes, there is a flash 9 video embedded
    according to xml in flash file it's made with abode flex 2 and there is a high chance that flash file itself is somehow protected from decompilation

  6. #6
    Registered User
    Join Date
    Jul 2007
    Posts
    107
    Blog Entries
    6
    Adobe Flex 2 is used to make phone applications.
    http://www.adobe.com/products/flex/media/flexapp/

    Are you trying to debug a phone application in Olly?
    If yes, stop right now and switch to IDA.

    Olly is only for x86 instructions, not phone or .NET or Linux.

    TiGa
    Programming today is a race between software engineers to build bigger and better idiot-proof programs and the Universe trying to produce bigger and better idiots.
    So far, the Universe is winning.

  7. #7
    no , it's windows application

    this is why I think it is created with flex 2, copied right from embedded flash

    <dc:title>Adobe Flex 2 Application</dc:title>

  8. #8
    Registered User
    Join Date
    Jul 2007
    Posts
    107
    Blog Entries
    6
    <dc:title>Adobe Flex 2 Application</dc:title>
    Sure, that's a PE header all right!

    Even if the "application" happens to work via a Windows Web browser, it does not make it a Windows executable.
    http://examples.adobe.com/flex3/labs/configurator/configurator.html

    Olly can't help you, not even IDA.

    TiGa
    Programming today is a race between software engineers to build bigger and better idiot-proof programs and the Universe trying to produce bigger and better idiots.
    So far, the Universe is winning.

  9. #9
    where did I write it works via webbrowser? it's Windows PE Executable with flash overlay

  10. #10
    King of Redonda
    Join Date
    Jul 2006
    Posts
    109
    Blog Entries
    4
    Olly has problems with guarded pages. It uses them to set memory breakpoints on access. However, every guard page violation is treated by Olly as a memory breakpoint.

    Usually this isn't a problem, but for instance Ntkrnl protector uses it.
    ( http://www.reversing.be/article.php?story=20070124050711383 )
    Maybe it is just a coincidence this time.

    Anyway, to fix it use the OllyGuard plugin.
    ( http://www.tuts4you.com/download.php?view.1540 )

    Hope this helps.
    <[TN]FBMachine> i got kicked out of barnes and noble once for moving all the bibles into the fiction section

  11. #11
    yes, that's it , it works now nicely, no breaks , thank you

Similar Threads

  1. using breakpoints in a plugin
    By JH1 in forum Plugins (General)
    Replies: 5
    Last Post: January 26th, 2004, 04:10
  2. Help on breakpoints
    By Anonymous in forum OllyDbg Support Forums
    Replies: 2
    Last Post: September 29th, 2003, 09:03
  3. Conditional breakpoints?
    By Anonymous in forum OllyDbg Support Forums
    Replies: 2
    Last Post: August 13th, 2003, 13:21
  4. breakpoints always vanish
    By Anonymous in forum OllyDbg Support Forums
    Replies: 8
    Last Post: July 25th, 2003, 15:05
  5. conditional breakpoints
    By fg-eal in forum The Newbie Forum
    Replies: 1
    Last Post: April 21st, 2003, 14:45

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •