Results 1 to 11 of 11

Thread: Arrows in the hex dump column in the Disassembler

  1. #1

    Arrows in the hex dump column in the Disassembler

    Hello,

    could someone explain what is the meaning of the upward, downward, right arrows (or triangles) that appear in the hex dump column in the Disassembler
    pane of the CPU window? Is it explained somewhere on the help file?

    Regards,
    yaa

  2. #2

    Arrows in the hex dump column in the Disassembler

    there are jump directions (up/down) and right arrows say that a jump has destination to that address

  3. #3

    Arrows in the hex dump column in the Disassembler

    What about the dollar sign? What is it for? Thx.

    Regards,
    yaa

  4. #4

    Arrows in the hex dump column in the Disassembler

    $ means start of a procedure/routine (not 1oo% sure).

  5. #5

    Arrows in the hex dump column in the Disassembler

    mmmhhh, usually routines have a thick border that groups the relative code toghether. However I sometimes see the dollar sign also next to instructions that are not the start of a routine.

    For example debugging OllyDbg's own code I see the following:

    00401059 > $ E9 6E400900 JMP OLLYDBG.004950CC

    and this is not the start of any routine.

    Regards,
    yaa

  6. #6

    Arrows in the hex dump column in the Disassembler

    yaa: yup, that is the module entrypoint - where the program starts

  7. #7

    Arrows in the hex dump column in the Disassembler

    And what about instructions like the following:

    00494134 /. 55 PUSH EBP
    004950F4 /. 55 PUSH EBP
    00495100 /. 55 PUSH EBP

    They seem to be the start of a procedure an yet they have no dollar sign next to them.
    It seems that they differ from those "dollar signed" only for the fact that they don't seem to be used anywhere inside the code (the call tree is empty). Could it be that the dollar sign indicates the start of a procedure that is also used inside the progam?

    Regards,
    yaa

  8. #8

    Arrows in the hex dump column in the Disassembler

    $ indicates that the procedure is direct called (using call), the other procedures are called indirectly (pushed as arguments to another procedures).

  9. #9

    Arrows in the hex dump column in the Disassembler

    Does OllyDbg provide an easy and fast way of finding procedures passed as arguments to other procedures?

    Regards,
    yaa

  10. #10

    Arrows in the hex dump column in the Disassembler

    yaa: do you mean Find references (CTRL+R)? (you must be on the first line of your procedure)

  11. #11

    Arrows in the hex dump column in the Disassembler

    Yup, that is what I was looking for. Thx.

    Regards,
    yaa

Similar Threads

  1. Replies: 0
    Last Post: November 15th, 2008, 16:43
  2. How to use a Disassembler and a Debugger together
    By MagicFX in forum OllyDbg Support Forums
    Replies: 5
    Last Post: October 10th, 2007, 11:17
  3. IDA Pro Disassembler 4.9 released
    By Zero in forum Tools of Our Trade (TOT) Messageboard
    Replies: 3
    Last Post: September 30th, 2005, 12:36
  4. New Disassembler - Spasm
    By Aquatic in forum Tools of Our Trade (TOT) Messageboard
    Replies: 0
    Last Post: May 11th, 2003, 03:04
  5. Replies: 0
    Last Post: June 4th, 2001, 11:31

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •