Results 1 to 9 of 9

Thread: Using Olly

  1. #1
    SteM
    Guest

    Using Olly

    Hi there,
    i'm a very new user of OllyDbg.

    In this moment i'm trying to use a DLL without source and documentation of it.
    So, i'm interested about two features:
    1. is it possible to mark in any way the DLL entry points and log them?
    2. is it possible to enter the entry call I discover so Olly can remark the code I see in the disasm window?

    Any link?
    thanks a lot !!

    ---
    SteM
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,525
    Blog Entries
    15
    ollydbg can load the dll directly and it will stop on DllEntry

    Log data, item 0
    Address=1001B337
    Message=Entry point of debugged DLL

  3. #3
    SteM
    Guest
    Yes, i know.
    But I'd like to have a report with the sequence of the calls done by the original program and realtive parameters.

    About the second question: (maybe it was not clear ..):
    Some known API calls are commented on the asm view.
    My DLL calls are not commented and I'd like to add some notes on the parameters passed on the stack before the call.
    How can i do it?

    Thanks
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    SteM
    Guest
    Any tutorial to suggest?
    In particular handling DLL ..

    Thanks
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,525
    Blog Entries
    15
    But I'd like to have a report with the sequence of the calls done by the original program and realtive parameters.
    thats still confusing
    a dll when loaded by an exe can either be loaded via import table entries or by Dynamically Loading it with LoadLibrary

    an in both cases DllEntry is called by Ldrp Functions and it always takes three Paramenters only

    Code:
    BOOL WINAPI DllMain(
        HINSTANCE hinstDLL,  // handle to DLL module
        DWORD fdwReason,     // reason for calling function
        LPVOID lpReserved )  // reserved
    sequence of calls are standard check kernel32.dll and study LoadLibrary Function
    LoadLibraryA -> LoadLibraryExA -> LoadLibraryExW -> ldrLoadDll -> LdrpLoadDll-> ldrPMapDll -> ldrpRunInitializers and back
    when in LdrpRunInitializers the import table of the loaded dlls are checked and additional dlls that are linked in the loading dll
    are loaded and thier initialisers are run as well

    yes if you ahve analysed your dll all your comments will be visible the next time

    if you want to add custom function descriptions refer help file or find the posts by me in this forum that states how to do it with #####.arg files

  6. #6
    SteM
    Guest
    Thanks,
    but, i'm sorry, there is a misunderstanding.

    I know the entry point of DLLs, i developed them. I try to explain by other words ....
    My idea is to understand how to use the functions contained into a DLL I own.
    With 'depends' tools i had all the function names and, since i guess the DLL was developed by C++, I translated all the function names from their decorated name into a complete C-prototype syntax.
    Then, i'm writing a program that can call the DLL.
    Now I need to discover how the original program uses that functions (for example, first the 'open', then the 'connect', then 'download', then 'close') and also some useful set of parameters.
    Then I guess it should be useful to have a tool that hooks each function to create a log to study the sequence of the calls.

    I hope to be clear for what i'd like to obtain ...

    Thanks for the hint for the custom function descriptions ... i start the search ...

    Thanks!
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  7. #7
    Musician member evaluator's Avatar
    Join Date
    Sep 2001
    Posts
    1,517
    Blog Entries
    1
    disassemble DLL, debbug DLL..
    is there other ways???

  8. #8
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

  9. #9

    for delta sir~~~

    for your help, more greatest today!!!
    thanx again...

Similar Threads

  1. Replies: 3
    Last Post: March 29th, 2013, 12:18
  2. Replies: 2
    Last Post: February 15th, 2009, 21:52
  3. use of PhantOm Olly plugin no in Olly ?
    By LaBBa in forum Advanced Reversing and Programming
    Replies: 4
    Last Post: November 8th, 2008, 22:19
  4. Another bug in Olly?
    By dELTA in forum Bugs
    Replies: 0
    Last Post: April 23rd, 2008, 03:39
  5. Olly and SMC
    By least in forum The Newbie Forum
    Replies: 1
    Last Post: May 31st, 2004, 12:14

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •