Results 1 to 2 of 2

Thread: An OllyDbg Bug Disables Software Breakpoints

  1. #1

    An OllyDbg Bug Disables Software Breakpoints

    I have found a new bug in OllyDbg v1.10. The bug is triggered when the BaseAddress value is changed in the LDR_MODULE structure for the main executable. Any subsequent DLL loading forces Olly to call the psapi "EnumProcessModules" function in order to update the module list, and since the psapi "EnumProcessModules" function traverses and reads from the LDR_MODULE linked list, the new (fake) base address will definitely be returned.

    A simple application was written to test this bug. See the image below.

    Here is how the source code above looks in olly.

    If some breakpoints are set after the troublesome code and OllyDbg is left to run, an error message shows up once we step over the "LoadLibrary" function call and none of the breakpoints are hit.

    The problem is that OllyDbg trusts the data retrieved from the psapi "EnumProcessModules" function call and tries to update data related to the main executable, including software breakpoints. At this point, all software breakpoints are deleted since OllyDbg thinks their addresses are no longer valid. Actually they are, but this is how it goes in OllyDbg v1.10.

    N.B Software breakpoints outside the main executable e.g. in ntdll.dll are not affected by this bug.

    A demo here
    Original topic

  2. #2
    Nice!! very useful, thanks

Similar Threads

  1. OllyDbg v1.10 And Hardware Breakpoints
    By walied in forum Bugs
    Replies: 0
    Last Post: February 7th, 2012, 18:16
  2. Help with Breakpoints please
    By loopah in forum OllyDbg Support Forums
    Replies: 1
    Last Post: June 11th, 2005, 05:31
  3. Software Memory Breakpoints ??
    By Emerson in forum The Newbie Forum
    Replies: 2
    Last Post: January 24th, 2004, 07:58
  4. SI Breakpoints
    By m4nd4t3 in forum Tools of Our Trade (TOT) Messageboard
    Replies: 3
    Last Post: October 7th, 2002, 01:22
  5. Delphi Breakpoints
    By T-Jax in forum Malware Analysis and Unpacking Forum
    Replies: 3
    Last Post: November 30th, 2001, 18:49


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts