Page 1 of 3 123 LastLast
Results 1 to 15 of 37

Thread: String references in Olly ?

  1. #1

    String references in Olly ?

    When I open the game in Olly and search for "All referenced text strings" in the CPU window it gives me a lot text strings.

    But when I disassemble the game in W32dasm it doesn't give anywhere near the same amount of text strings. So, I am thinking that maybe the text strings from Olly are useless?

    Basically I am going to the addresses where the text strings are pushed and then trying to find out how to manipulate the corresponding code.
    Last edited by Aquatic; February 14th, 2003 at 17:28.

  2. #2
    Also, the game crashes when I try to run it from Olly or do "attatch process".

  3. #3
    _Servil_
    Guest
    Then your game is most likely using some antidebugger trick/s, there are several kinds of these, search the board to get more info about them.

    About the strings, I dindt;use w32dasm for long time but as I can remember the difference is that W32 handles only strings referenced by code while OllyDbg searches whole module and finds all chunks of code possibly being texr. You can lookup the reference point by invoking context menu upon that entry and selecting 'Find references' or put a memory breakpoint on accessing it's first character.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    Originally posted by _Servil_
    Then your game is most likely using some antidebugger trick/s, there are several kinds of these, search the board to get more info about them.

    About the strings, I dindt;use w32dasm for long time but as I can remember the difference is that W32 handles only strings referenced by code while OllyDbg searches whole module and finds all chunks of code possibly being texr. You can lookup the reference point by invoking context menu upon that entry and selecting 'Find references' or put a memory breakpoint on accessing it's first character.
    Hmm, first I need to get the game running from Olly without it crashing.

    I can get the game running with Softice in the background, but I want to be able to run it from Olly. I can't find a way to do this.

  5. #5
    w00t! I managed to do an 'attatch it to the process' without it crashing! I had to use that Int3/Int1 program...

    Anyway, can you make it a little clearer about the string references in Olly? Will the referenced text strings found by Olly actually lead me to any useful code?
    Last edited by Aquatic; February 20th, 2003 at 17:54.

  6. #6
    _Servil_
    Guest
    Can't answer this question, don't know your game and first of all you must know what you are seeking. Respective string might or not lead to... Why don't you try it self? If it finds a string it means the string is there nothing more or less, you just haveto decide what's it useful for...
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  7. #7
    Maybe if I take a string I find in Olly and then search for it in the game's memory while it is running. (doing an ascii search)

  8. #8
    and what use will that do apart from give you the exact same addresses as what ollydbg itself has found?

    now, searching for the string ADDRESSES may yield something...

  9. #9
    Originally posted by squidge
    and what use will that do apart from give you the exact same addresses as what ollydbg itself has found?

    now, searching for the string ADDRESSES may yield something...
    Not sure that I know how to do that.

    In Olly when you do 'search for all referenced text strings' it gives you all the addresses where the strings are pushed.

    For example

    Code:
    *Code removed*
    Where 'xxx' is the process name (blanked out).

    So, I know where the string is pushed, but don't know how to get the address of the actual string.

    Any ideas?
    Last edited by Aquatic; February 20th, 2003 at 17:51.

  10. #10
    In your example, "ReloadTime" is the text, and the address by the push is the address of the string - 785D88.

    However, if Olly gives you the reference by telling you what statements actually refer to the string, then it's pretty useless anyway as Olly is doing it all for you.

    So, now you are armed with this information, it's time for you to decide whether these strings are useful or not for the task you have in mind.

  11. #11
    Originally posted by squidge
    In your example, "ReloadTime" is the text, and the address by the push is the address of the string - 785D88.

    However, if Olly gives you the reference by telling you what statements actually refer to the string, then it's pretty useless anyway as Olly is doing it all for you.

    So, now you are armed with this information, it's time for you to decide whether these strings are useful or not for the task you have in mind.
    What do you mean by 'statements' ?

    Sorry, I'm pretty new at this.

  12. #12
    Sorry, I mean Mnemonics (I think)

  13. #13
    Originally posted by squidge
    Sorry, I mean Mnemonics (I think)
    Where does Olly tell me the 'statements' that refer to the string?

  14. #14
    Let's say your interested in what happens to the textstring "reloadtime". You get all references and investigate the code around the instruction that loaded/manipulated them.

    Code:
    005ED7F7  |. 68 885D7800    PUSH xxx.00785D88                   ;  ASCII "ReloadTime"
    """"""""
    ^^^^^^^^
    ||||||||
    This is the place! The code around this adress will perhaps be interesting.
    I do not want to put you down, but these things are pretty basic and will be obvious to you once you get some practise. You should practice "simpler" cracking first. Getting to know tools and how code functions. There are numerous tutorials att krobar's site. Start in the newbie-section and try to understand what's going on. Tutorials often give you a short route to the answer, try to learn as much as you can anyway. Ask as many questions as you want here, we will try to help, but learning requires a lot of effort on your own behalf too... And getting results on the things you most desire might have to wait sometimes, till you have a better grasp of things.

    /Manko

  15. #15
    Thanks guys.

    I am doing some other basic learning stuff, but I just wanted to get some feedback from more experienced ppl.

    Anyway, it looks like the address for the string is outside the scope of the game's code. I disassembled it in W32Dasm and the last address it gives doesn't come close to *Code removed*.

    The tutorial I am learning from is here: http://www.s-i-n.com/chaos/strmemory.htm
    (gives you an Idea where I am coming from).

    Basically I looked for a JNZ in the code around the *Code removed* address and didn't find one.
    Last edited by Aquatic; February 20th, 2003 at 17:52.

Similar Threads

  1. Replies: 3
    Last Post: March 29th, 2013, 12:18
  2. Changing the address a dll references
    By Steve110 in forum OllyDbg Support Forums
    Replies: 4
    Last Post: June 19th, 2012, 17:46
  3. Replies: 2
    Last Post: February 15th, 2009, 21:52
  4. String references
    By Pompeyfan in forum OllyDbg Support Forums
    Replies: 8
    Last Post: March 3rd, 2004, 04:05
  5. help,Need all the asm references
    By highfly in forum Tools of Our Trade (TOT) Messageboard
    Replies: 3
    Last Post: January 28th, 2004, 22:47

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •