Results 1 to 12 of 12

Thread: Conditional Branch Logger

  1. #1

    Conditional Branch Logger

    Hello

    I am trying to load this plugin with Olly 1.1 on XP (in a VM).

    I receive the error

    Code:
    cbl_gui.dll failed to load correctly
    I have the cbl_gui.dll (and Conditional_Branch_Logger.dll) in the plugin folder.

    Would appreciate suggestions on what could be the issue.

    Thanks

  2. #2
    I've worked it out, it is a conflict with another plug-in.

  3. #3
    Hello,

    Unfortunately the cbl_gui.dll does not load correctly in all instances.

    When I posted above that I had it working, I had removed all other plugins and was testing with notepad.

    CBL is still the only plugin that is in the plugin directory, but when I try to configure CBL with the application that I want to trace (a service), I am getting the same error as before.

    So am again after advice either on how to resolve or alternatives (for instance is there an OllyScript that does something similar?)

    Thanks

  4. #4
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,048
    Blog Entries
    5
    I can't really understand where there would be a problem. CBL loads with Olly, even before you open a target, so if all is good you should see the message in the log window
    "cbl_gui.dll loaded and all addresses are retrieved"
    It should work irrespective of whether you open notepad, a service, or attach to a running process.

    Conditional_Branch_Logger.dll is the plugin loaded by Olly. If the plugin can't load cbl_gui.dll you will get an error message in the Olly log window. The fact that you did get that error message seems to indicate the plugin probably loaded OK, but couldn't find the second dll. If for some reason it loaded but couldn't resolve the dll exports you'd get an additional message
    "cbl_gui.dll loaded but addresses not retrieved"

    All I can suggest at the moment is to delete ollydbg.ini and refresh to create a new one, and remove any udd files and try again. Out of curiosity, do you know which plugin it may have had a conflict with?

    You could also do a full run trace, but for the same code execution path there would be a lot more instructions to sift through in the log file over using the plugin.

  5. #5
    Hello Kayaker,

    Thanks for responding.

    I've done some more testing.

    I've removed all the UDD's. And now when I open Olly cbl_gui.dll loads as you describe. I have re-added the plugins and there is no change, so the other plugins were not the issue. Notepad continues to work, and I've tried a couple of other applications and they work too.

    Unfortunately CBL still doesn't work with the service.

    The process for loading Olly works differently with the service, unlike the other applications, where I use Olly to load the applications. By configuring some registry entries (which I can detail if that helps) when the service is started, Olly is started as the debugger. So in this instance I can't load Olly and check that cbl_gui.dll is loaded OK before starting the service (actually I tried doing that - but it made no difference to the instance of Olly that was loaded when the service started).

    Any idea what the problem could be?

  6. #6
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,048
    Blog Entries
    5
    Interesting. Are you using the gflags/Image File Execution method to attach Olly to the service on startup?

    It sounds like something is preventing that secondary dll loaded by the plugin to load properly. I read about adding a delay to the service startup to give time for the debugger to attach. Perhaps that would give the necessary time for cbl_gui.dll to load.

    http://support.microsoft.com/kb/824344

    I guess the logical step to see if CBL itself is the culprit, or whether this is an inherent problem with that kind of service-startup/debugging setup, would be to create a dummy Olly plugin which loads a dummy second dll and see if it also fails to load.

    I can't think offhand of other plugins which use 2 dlls which might also fail this way. Ollybone with its loaded sys driver is the only one that comes to mind.

    I haven't got time to test right now, but it's an interesting question nonetheless.

  7. #7
    Hi,

    I have been using the registry method.

    I'm aware of the setting for preventing the service from timing out, but I can't see anything about delaying the service startup.

  8. #8
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,048
    Blog Entries
    5
    My mistake really. I wasn't quite sure if increasing the timeout period might help for this situation. Does the service load OK into Olly otherwise, plugin failure aside?

    Is this an automatic (boot) service, or a delayed service, or one you can start manually and have Olly kick in? Maybe not pertinent, but I'm curious to see if I can duplicate the problem.

  9. #9
    Quote Originally Posted by Kayaker View Post
    My mistake really. I wasn't quite sure if increasing the timeout period might help for this situation. Does the service load OK into Olly otherwise, plugin failure aside?

    Is this an automatic (boot) service, or a delayed service, or one you can start manually and have Olly kick in? Maybe not pertinent, but I'm curious to see if I can duplicate the problem.
    Yes the service loads fine.

    By default the service is automatic, but for the purposes of troubleshooting it is more convenient to set it to manual and start as needed, which works fine.

    Occasionally I have found that when you start the service Olly doesn't load (looks like a bug) and I have found that opening an Olly instance beforehand gets around that issue. So I was hoping that I could do that to resolve the CBL dll error but unfortunately having an instance of Olly open doesn't make any difference to the state of the dll in the Olly instance which is started to debug the service.

  10. #10
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,456
    Blog Entries
    15
    can you follow the flow and adapt it to the application you are debugging
    prima facie i dont face any problems with debugging a service appliaction along with conditional branch logging plugin

    have you made your service made interactive ? (should work upto winxp sp3 )
    for vista and above service interaction is disallowed due to session zero isolation
    you would need to muck with windbg remote debugging

    Code:
    C:\>md testcblservice
    
    C:\>cd testcblservice
    
    C:\testcblservice>copy f:\utilities\odbg\odbg110.zip .
            1 file(s) copied.
    
    C:\testcblservice>copy f:\utilities\plugins\Bin_Conditional_Branch_Logger_2007-10-23_21.4_Conditional_Branch_Logger_v1.0.zip .
            1 file(s) copied.
    
    C:\testcblservice>"c:\Program Files\7-Zip\7z.exe" x -y *
    
    7-Zip 9.20  Copyright (c) 1999-2010 Igor Pavlov  2010-11-18
    
    Processing archive: Bin_Conditional_Branch_Logger_2007-10-23_21.4_Conditional_Branch_Logger_v1.0.zip
    
    Extracting  Conditional_Branch_Logger.dll
    Extracting  src.zip
    Extracting  readme.txt
    Extracting  cbl_gui.dll
    
    Everything is Ok
    
    Processing archive: odbg110.zip
    
    Extracting  BOOKMARK.DLL
    Extracting  Cmdline.dll
    Extracting  dbghelp.dll
    Extracting  license.txt
    Extracting  OLLYDBG.EXE
    Extracting  OLLYDBG.HLP
    Extracting  PSAPI.DLL
    Extracting  readme.txt
    Extracting  register.txt
    
    Everything is Ok
    
    Archives: 2
    Files: 13
    Size:       3141618
    Compressed: 1820976
    
    C:\testcblservice>del *.txt & del *.hlp & del PSAPI.DLL & del *.zip & dir /b
    BOOKMARK.DLL
    cbl_gui.dll
    Cmdline.dll
    Conditional_Branch_Logger.dll
    dbghelp.dll
    OLLYDBG.EXE
    
    C:\testcblservice>OLLYDBG.EXE  //close it just checking if ollydbg works
    
    C:\testcblservice>copy c:\WINDOWS\system32\calc.exe .
            1 file(s) copied.
    
    C:\testcblservice>ren calc.exe testcblservice.exe
    
    C:\testcblservice>sc create testcblservice binPath= "c:\testcblservice\testcblservice.exe" type= own type= interact
    [SC] CreateService SUCCESS
    
    C:\testcblservice>reg add "hklm\software\microsoft\windows nt\currentversion\image file execution options\testcblservice" /v Debugger /t REG_SZ /d "c:\testcblservice\ollydbg.exe"
    
    The operation completed successfully
    
    C:\testcblservice>testcblservice.exe   \\open in debugger and keeps working
    
    C:\testcblservice>net start testcblservice  \\will open in debugger but will be terminated by service control manager after default timeout 30 seconds
    The service is not responding to the control function. <------------------------ default closure  solution is to increase default timeout value 
    refer http://support.microsoft.com/kb/824344 and reboot
    
    More help is available by typing NET HELPMSG 2186.
    
    
    C:\testcblservice>
    Last edited by blabberer; July 3rd, 2013 at 05:39.

  11. #11
    @blabberer

    Yes, the service is set to interactive.

    I created a fresh Olly config as per your instructions and am able to load the target service successfully

    Thanks very much to both yourself and Kayaker for all of your help, I doubt that I would have tried this approach by myself

  12. #12
    Hi,

    More questions I'm afraid.

    The reason I wanted to use CBL was so that I could compare application behaviour packed versus un-packed. At the moment un-packed is not running how I would like and I thought this might be an easy way of isolating the issue.

    I can now run CBL on the un-packed service and get the log.

    In relation to packed, when I start at the packed EP I configure CBL not to log. I then get to OEP, configure CBL to log (I also need to change the address range) at this point when I save the settings in CBL, Olly restarts.

    Am I stuffed in terms of this approach, or might there be a work-around?

Similar Threads

  1. Conditional BP
    By REAP in forum OllyDbg Support Forums
    Replies: 2
    Last Post: November 8th, 2013, 23:40
  2. Conditional Branch Logger A New Plugin
    By blabberer in forum OllyDbg Support Forums
    Replies: 31
    Last Post: May 4th, 2008, 12:08
  3. Conditional Break?
    By RITZ in forum OllyDbg Support Forums
    Replies: 5
    Last Post: June 30th, 2006, 11:17
  4. Conditional breakpoints?
    By Anonymous in forum OllyDbg Support Forums
    Replies: 2
    Last Post: August 13th, 2003, 13:21
  5. Conditional Breakpoint
    By Anonymous in forum OllyDbg Support Forums
    Replies: 5
    Last Post: January 27th, 2003, 11:06

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •