Results 1 to 6 of 6

Thread: Ollybug

  1. #1


    Im not sure it this is only a bug from olly or if this also happens in other debuggers but when olly goes into api OutputDebugStringA with the argument: %s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s it closes with an error message.

    Info about this api:

    If the application has no debugger, the system debugger displays the string. If the application has no debugger and the system debugger is not active, OutputDebugString does nothing.

    Im not sure if this is the correct place but the trick is from an protector .
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Olly probably treats the string as a format like in printf, not literal. "%s%s" is enough to crash. Seems that patch is needed

  3. #3
    Registered User
    Join Date
    Jul 2004
    Quote Originally Posted by Eggi
    Im not sure if this is the correct place but the trick is from an protector .
    This is an exploit published about 4 or 5 months ago, only OllyDbg. Perhaps there is a patch you can use for it. I'm not sure... But it's only called twice, right?.

    As people moves to use Olly more and more packers start to add it to their blacklists.

    See you,

  4. #4
    Super Moderator
    Join Date
    Dec 2004
    Blog Entries
    well read this post copy pasted the string and assembled inline with olly
    and singlestepped through it (f7)
    it seems to work without crashing as you can see in the attached picture
    it has broke on the second bp i set
    if there is no bp it executes both the jump and loops on ebfe when i single stepped ( i used 98 se and single stepping inside kernel32.dll will work for only two or three instructions so i cant say more will test with w2k some time and trace it but till then thought ill post it)

    if you f8 or f9 it crashes olly dbg
    well cant do jit now but will make olly jitand debug this if possible
    OLLYDBG caused an invalid page fault in
    module OLLYDBG.EXE at 0167:004a74cf.
    EAX=7fffffff CS=0167 EIP=004a74cf EFLGS=00010206
    EBX=0078d973 SS=016f ESP=0078c194 EBP=0078c6c0
    ECX=00000000 DS=016f ESI=0078f1cc FS=29af
    EDX=00000001 ES=016f EDI=00000020 GS=0000
    Bytes at CS:EIP:
    80 3a 00 75 ee e9 c5 00 00 00 f7 c7 00 01 00 00 
    Stack dump:
    015202ec fffbb613 0078d914 75626544 74732067 676e6972 96ac203a 2073254d 7325202d 004a77d8 0078c1cc 0078f1e8 00008258 0078f234 4e52454b 32334c45

  5. #5

  6. #6
    Ladies and Gentlemen, we seem to have evidence that Eggi failed to use the search function here before posting his question.

    OutputDebugString would have been a good place to start that search.


Similar Threads

  1. Ollybug?
    By Eggi in forum OllyDbg Support Forums
    Replies: 4
    Last Post: December 30th, 2004, 07:16


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts