Results 1 to 6 of 6

Thread: OllyICE doesn't create .udd file for an unpacked executable

  1. #1
    jayoce
    Guest

    OllyICE doesn't create .udd file for an unpacked executable

    Hi
    I'm trying to debug an executable that I unpacked using UPX.
    But everytime I restart the .exe from OllyICE, it analysis the executable again, and doesn't save any .udd file in UDD folder, so all the breakpoints disappear. Can anyone help me please?



    ---
    All truths are easy once they are discovered, the point is to discover them
    Galileo Galilei
    ---
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    option----->security
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    jayoce
    Guest
    I don't have this problem with other executables.
    I mean that the option has already been checked but .udd file isn't saved.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    Looks as if your file is not fully unpacked.
    I have had similar problems with some files which after unpacking still had some traces of packed data in them.
    Did you unpacked the target manually or used automated unpackers or upx with the -d switch?

    Greetz

  5. #5
    jayoce
    Guest
    I unpacked the file using upx with the -d switch...
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    Quote Originally Posted by jayoce View Post
    I unpacked the file using upx with the -d switch...
    Just like I thought.
    You might have to check the unpacked file, there might still be some traces of compressed sections or data in the presumed unpacked file.

    Another aspect you might consider is that the progi might also be loading a dll for instance always with different names at run time. In this case Olly will not show your previously saved comments and remarks, because of the new name of the now loaded dll or whatever extension the file might have.
    I have seen a few programs that did that. This can make debugging a pain, especially if something goes wrong during the tracing and and the session has to be restarted.

    BP on CreateFileA und LoadLibraryA for instance on at least 2 separate runs in Olly and figure out if this is the case.

    If so than you may Bp on CreateFileA and alter the name of the file(s) to be created to the one your first debugged and olly should be able to load the previously saved comments and remarks.

    Regards

Similar Threads

  1. Unable to create signature file in IDA Pro
    By akovid in forum Advanced Reversing and Programming
    Replies: 0
    Last Post: January 28th, 2014, 01:31
  2. problem running unpacked file
    By n00b in forum Malware Analysis and Unpacking Forum
    Replies: 6
    Last Post: May 1st, 2005, 12:24
  3. How to create .sig file from .cpp?
    By 5aLIVE in forum Tools of Our Trade (TOT) Messageboard
    Replies: 4
    Last Post: April 26th, 2005, 04:09
  4. Saving "unpacked" executable?
    By Segosa in forum OllyScript Plugin
    Replies: 2
    Last Post: March 6th, 2005, 23:39
  5. unpacked file won't run on win2k
    By Unregistered in forum Malware Analysis and Unpacking Forum
    Replies: 2
    Last Post: October 15th, 2001, 20:18

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •