Results 1 to 6 of 6

Thread: Translation

  1. #1

    Translation

    Hi, im following a tutorial for a crackme and its showing how to crack the crack me but i have 1 problem the language in SoftICE (what the tutorial uses) and the language in Ollydbg (the debugger i use) are totally different
    for example
    012F:9E18 55 PUSH BP (in softice)

    shows as

    7C902200 > 55 PUSH EBP (in ollydbg)

    is there a method i can use so that ollydbg speaks the same language as softice so to speak, it would be much easier as a newbie to understand the tutorials and where abouts i was in the software!

    thanks

  2. #2
    Can it be worked out without knowing the first part of code? e.g just knowing the 55 push bp bit of code? afterall it's only the first bit that changes the instruction that follows doesn't

  3. #3
    |< x != '+' BanMe's Avatar
    Join Date
    Oct 2008
    Location
    Farmington NH
    Posts
    510
    Blog Entries
    4
    not sure I understand your problem ..maybe a little clarification is in order..
    0x55 is the 'opcode' for push ebp..I hope that is the correct answer..

    regards BanMe
    No hate for the lost children;
    more love for the paths we walk,
    'words' shatter the truth we seek.
    from the heart and mind of Me
    me, to you.. down and across

    No more words from me, to you...
    Hate and love shatter the heart and Mind of Me.
    For the Lost Children;For the paths we walk; the real truth we seek!

  4. #4
    the problem sounds a bit droll
    7C902200 > 55 PUSH EBP (in ollydbg)
    012F:9E18 55 PUSH BP (in softice)
    the virtual address should not change (7C902200)

    the 012F you see is the "selector" 9E18 the virtual address

    55 is the opcode in hex PUSH EBP the asm command

    you can turn off the selectors somehow just read the virtual addresses

    what os are you using ?

  5. #5
    *Elenil* I'm using Ollydbg and that was my problem i didn't understand i didn't understand why the address in ollydbg and in softice appeared differentley
    the tutorial showed it in 012F:9E18 55 PUSH BP format but obviousley i was reading it in ollydbg format and must have just misunderstood it. it was beggining to think i was in a totally different part of the code to the tutorial

  6. #6
    Naides is Nobody
    Join Date
    Jan 2002
    Location
    Planet Earth
    Posts
    1,647
    Quote Originally Posted by DENiSON View Post
    012F:9E18 55 PUSH BP (in softice)

    The problem is a little more complicated: This notation is not due to the fact that you are tracing with softIce, but that you are in a 16 bit environment, where addresses are expresssed as Segment:Offset
    In this case, segment is 012F and Offset 9E18.
    When SofIce is tracing 32 bit environments the addresses are the same as Olly.
    Also notice that what gets pushed is BP (A 16 bit size register) instead of EBP or extended Base Pointer (A 32 bit pointer)


    shows as

    7C902200 > 55 PUSH EBP (in ollydbg)

    Now in Olly, you are looking at 32 bit code. In fact olly cannot debug 16 bit code, as SoftIce indeed can do.

    Addresses are 32 bit long, (7C902200 ) or 4 bytes long. The register EBP is 32 bit long. Actually, this particular address 7C........ is probably not in your application code but up into the Operating system .dll modules kernel32.dll or user32.dll.

    Also
    push EBP

    or
    push BP

    Is an extremely common asm instruction, used for setting up function call frames. There is little evidence taht you are looking at the same code in Olly and SoftIce


    So probably you are using a rather old and outdated tutor and crackme, and/ or using Olly to trace an old 16 bit program, which does not work, you end up tracing the operating system instead.

    Learning to crack and trace old 16 bit programs is practically useless these days.

Similar Threads

  1. [ New Tool ] IDA Plugin for Chinese Language Translation
    By Gunther in forum Tools of Our Trade (TOT) Messageboard
    Replies: 0
    Last Post: May 16th, 2014, 12:00
  2. Help with Quick ASM Translation.
    By Adri_Magnon in forum Malware Analysis and Unpacking Forum
    Replies: 18
    Last Post: June 28th, 2002, 19:51

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •