Results 1 to 4 of 4

Thread: File successfully patched in Olly, runs... in Olly. When saved, errors as corrupt?

  1. #1

    File successfully patched in Olly, runs... in Olly. When saved, errors as corrupt?

    Hi all,

    Title pretty much says it all. I've been working my way through tutorials and doing pretty well until this.

    I have a target that I can load and run in Olly (strangely, only R4ndom's "version" of Olly... stock Olly 1.1 will load and run it but throws exceptions, and Olly 2 never will load it, hangs on analysis. Might have something to do with one of R4ndom's plugins?). Anyhow, I've got a working patch for it... it's incomplete and inelegant, but it's a start.

    Once I make the patch and run the target WITHIN Olly, it works fine. The target will run perfectly. When I right-click into the context menu and mouse over "copy to executable", the only option is "selection". The typical "all modifications" is not shown. I select all of my modifications, then right-click in the new window and "save file". Same thing I've done with other files and it works fine. This target will save with no errors, but when run on its own, outside of Olly, it errors as corrupt.

    Examining this target in ExeInfoPE shows that it's not packed, but was created with Borland Delphi 2.0.

    I know I'm making a really stupid newb mistake here.. I'm obviously missing something important about this target. I've been fighting with it for 2 days now. Pretty frustrating to maybe figure out a patch, only to not be able to save it! ;-) Could anyone offer any suggestions? I'm not asking for spoon feeding, I enjoy learning on my own... I just need a push in the right direction. What should I be looking at?

    Thanks for ANY suggestions...

  2. #2
    <script>alert(0)</script> disavowed's Avatar
    Join Date
    Apr 2002
    Posts
    1,281
    OllyDbg is unreliable with regards to patching. You're better off using a standalone hex editor to do patching.

  3. #3
    Hey, thanks for the reply. As it turns out, I AM an idiot (as expected). The patched file isn't actually corrupt, the error is being thrown not by Windows but by the target program when I run the patched version. If I load the patched version into Olly, I get the same "file is corrupt" error. I've found that string in a data section of the binary, but it's not easily traceable (for this newb). I'm stepping through the program from the beginning and I've found a block of code that can be bypassed by a jump, but if not bypassed goes into a loop that eventually throws the error. Just patching to take the jump doesn't work either though; the target hangs and terminates a little later on. So I'll have to dig into the functions inside this block instead of just jumping it. Anyone have any good reading on how to deal with something like this?

    Thanks...

  4. #4
    Yup, turns out it was just an integrity check. There are probably more efficient ways, but I just stepped through the code until I found it, buried like 10 calls deep. Works fine now. That was fun!

Similar Threads

  1. Replies: 5
    Last Post: March 24th, 2012, 05:00
  2. Replies: 2
    Last Post: February 15th, 2009, 21:52
  3. use of PhantOm Olly plugin no in Olly ?
    By LaBBa in forum Advanced Reversing and Programming
    Replies: 4
    Last Post: November 8th, 2008, 22:19
  4. Another bug in Olly?
    By dELTA in forum Bugs
    Replies: 0
    Last Post: April 23rd, 2008, 03:39
  5. Olly
    By PedraSimon in forum OllyDbg Support Forums
    Replies: 5
    Last Post: March 18th, 2007, 12:27

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •