Results 1 to 6 of 6

Thread: how to force ollydbg to load a specific udd file ?

  1. #1
    Roko
    Guest

    how to force ollydbg to load a specific udd file ?

    Hello,
    I am trying to analyze a module loaded at start of an application.
    The module is loaded by a loader.

    The problem is that each time the module get a new name. So i am loosing my previous user comments.

    Since the new name is predictable i tried that :
    in debugger options/security i set:
    +ignore path/extension
    +ignore timestamp
    +ignore crc of code section (though data section get modified)

    changed udd name file, and path to module that is set in udd file.

    Well thats not enough, on attaching, ollydbg ignore the udd and backup it before "updating" it.
    Is there a way to change this behaviour.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Roko
    Guest
    ok i found a solution i will apply
    thanks to http://www.woodmann.com/forum/showthread.php?p=61076&postcount=3

    but i will use labelmaster plugin in future... for that module, at least.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    Roko
    Guest
    well, doesn't work, probably bcse of crc or tst value in udd...
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    Quote Originally Posted by Roko View Post
    The problem is that each time the module get a new name. So i am loosing my previous user comments.
    The file name in the old UDD will not be same as soon as the module gets a new name, which will result in a new UDD being generated by Olly.

    You can at least try to use the Breakpoint Manager plugin to remember your breakpoints.

    Regards

  5. #5
    The Breakpoint Manager Plugin can even remember your comments, so I'd also go this way

    http://www.woodmann.com/collaborative/tools/index.php/Olly_Breakpoint_Manager
    Last edited by Darkelf; February 20th, 2010 at 08:16.

  6. #6
    Quote Originally Posted by Darkelf View Post
    The Breakpoint Manager Plugin can even remember your comments, so I'd also go this way

    http://www.woodmann.com/collaborative/tools/index.php/Olly_Breakpoint_Manager
    Yes it does but it might be necessary to modify the saved *.obp file too.
    The BP Manager also saves the name of the program here an example of the same program that was loaded with different names.

    1. Program loaded as AF17BAF4.exe
    Code:
    AF17BAF4:0000f685:#:#
    AF17BAF4:0000f701:#:#
    AF17BAF4:0000f726:#:#
    AF17BAF4:0000f782:#:#
    AF17BAF4:0000f795:#:#
    AF17BAF4:0000f7aa:#:#
    2. Same Program loaded by its loader as 0E27E38F.exe
    Code:
    E27E38F:0000f685:#:#
    E27E38F:0000f701:#:#
    E27E38F:0000f706:#:#
    E27E38F:0000f75e:#:#
    E27E38F:0000f7b1:#:#

    At least with the version I have I always load the program in Olly first and then edit the saved .obp file to reflect the new name of the loaded exe before importing it with BP Manager.

    Regards

Similar Threads

  1. ollydbg zip file corrupted help
    By antari6675 in forum OllyDbg Support Forums
    Replies: 8
    Last Post: June 19th, 2006, 11:18
  2. HASP4 API, bruce-force
    By moonygals in forum The Newbie Forum
    Replies: 1
    Last Post: August 31st, 2005, 11:39
  3. How to force data into a specific PE section?
    By Clandestiny in forum Advanced Reversing and Programming
    Replies: 6
    Last Post: April 8th, 2005, 09:32
  4. breakpoint softice <-> specific file
    By holomorph in forum The Newbie Forum
    Replies: 1
    Last Post: February 26th, 2004, 13:39
  5. ollydbg unable to load the program!
    By Anonymous in forum Bugs
    Replies: 13
    Last Post: January 30th, 2003, 15:54

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •