Results 1 to 6 of 6

Thread: What's the meaning of this message???

  1. #1

    What's the meaning of this message???

    In debugging an application just after opening it with ollydbg I see "13 heuristical procedures, 218 calls to known, 7 calls to guessed functions". Could someone explain the meaning of it? Thx.

    Regards,
    yaa

  2. #2

    What's the meaning of this message???

    yaa: it is information from analysis module

    13 heuristical procedures - 13 procedures detected (e.g. push ebp/mov ebp,esp intro)
    218 calls to known - recognized APi calls (GetMessageA, CreateWindowExA,...)
    7 calls to guessed functions - user routines called by "call ..."

    also it provides info about detected switches, loops, ... good for "Search for/All ..." command

  3. #3
    Anonymous
    Guest

    What's the meaning of this message???

    Ok for the APIs and user routines but could you further explain the procedures part. What are they? Also how can the switches, loops, etc. detection functionality be used. Please if you can use an example to clarify the concepts. Thx.

    Regards,
    yaa
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4

    What's the meaning of this message???

    yaa: forgot to login ?

    so, a program is made from main part (what windows loader calls on running the exe) and procedures(or routines).

    OllyDbg tries to find the procedures by searching for example the stack init - "push ebp/mov ebp,esp".

    for example, in OllyDbg 1.08 at 0x4154F0 is procedure called "_Disasm"

    for switches,loops,... you can use right-click/Search for/All ... it is easier than looking in table switches and try to remeber who jumps where it is just for easy understanding the code.

  5. #5

    What's the meaning of this message???

    TBD what I'm still not getting is the difference between the user routines and those that ollydbg identifies as "heuristical" procedures. Aren't they also user routines??? How do they differ, if they do differ? About loops and switches where is it that you can look for loops?? I only see the possibility of requesting switches.
    Thx.

    Sorry for not logging in before, I didn't notice that the board lets you post without logging in.

    Regards,
    yaa

  6. #6

    What's the meaning of this message???

    yaa: oops, no search for loops

    i think a more detailed explanation is in ollydbg.hlp, in analysis section.
    if it is still unclear feel free to ask questions here

Similar Threads

  1. tracing from message box and IPC
    By WaxfordSqueers in forum The Newbie Forum
    Replies: 16
    Last Post: December 24th, 2007, 13:47
  2. What is Armadillo CC meaning?
    By linhan in forum Malware Analysis and Unpacking Forum
    Replies: 2
    Last Post: September 6th, 2005, 12:27
  3. The REAL meaning of opcodes!
    By Zero in forum Off Topic
    Replies: 1
    Last Post: July 10th, 2005, 14:16
  4. same codebytes, different meaning ?!
    By 0rp in forum The Newbie Forum
    Replies: 2
    Last Post: April 3rd, 2004, 18:42
  5. fucked up message
    By dooral in forum Malware Analysis and Unpacking Forum
    Replies: 3
    Last Post: April 15th, 2001, 16:11

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •