Results 1 to 4 of 4

Thread: Very strange behaviour

Hybrid View

  1. #1
    Firestream
    Guest

    Very strange behaviour

    Hello,

    I'm dealing with a very strange problem when I'm working with the latest version of OllyDbg. The executable that I'm trying to load all of a sudden won't load even without OllyDbg. I try to execute the file and I get a GPF right away before even getting into the program. It's almost as if some system file got changed or corrupted.

    My OS is Windows XP without SP1.

    Here's what I've done to try and get this executable functioning again:
    1. I've replaced the file in question with a backup.
    2. I've done a repair install of Windows XP
    3. I've deleted OllyDbg from my system.
    4. I've deleted anything in c:\windows\prefetch

    Nothing works except doing a clean install of XP.

    Anyways does anyone know if OllyDbg changes any system files. Any ideas?

    TIA
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2

    Very strange behaviour

    Firestream: OllyDbg doesnt change any system file, nor registry. Everything it creates in his directory (.ini,.udd & .bak)

    maybe your program has a timeout routine, have you tried tracing the program
    and see where it exits ?

  3. #3
    Firestream
    Guest

    Very strange behaviour

    It's actually a program that we are writing in C++ and we needed OllyDbg to try and find the cause of a GPF while running a routine in the executable. Now OllyDbg reports the error on startup on an API called DuplicateHandle while setting up stout, stin, sterror. This occurs while trying to load the program before we ever get into the main loop. This has happened twice now while trying to find a GPF much further in the program.

    I'm stumped and just about ready to repave this machine again. I really like OllyDbg so I'd like to prove to myself that this behaviour isn't caused by it so that I can feel comfident using it on othet projects.

    I've also looked for any locked or corrupted files that our program uses and replaced them just in case. The new error occurs way before these files ever get touched though so I wasn't too hopeful this was the cause and sure enough, it wasn't.



    I'm still hoping that XP caches executable somewhere that I'm not aware of or maybe OllyDbg does also and that is what I have to find and clean up. That's why I first thought to clean out c:\windows\prefetch
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    focht
    Guest

    Very strange behaviour

    Greets,

    - does the startup error happen only with ollydbg or does it happen too in your development environment (debug program)/other debugger (windbg)?
    - does it happen both in release and debug version?
    - post the complete call stack (source level) of the thread where the exception occurred

    So long...

    Anastasius Focht
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Armadillo App strange Mem-behaviour ?
    By SKiLLa in forum OllyDbg Support Forums
    Replies: 2
    Last Post: October 18th, 2005, 15:37
  2. SoftIce strange behaviour
    By robson in forum The Newbie Forum
    Replies: 13
    Last Post: December 25th, 2004, 21:50
  3. strange program behaviour
    By NikDH in forum Malware Analysis and Unpacking Forum
    Replies: 1
    Last Post: January 19th, 2002, 11:59
  4. Odd softice behaviour
    By matthew in forum Malware Analysis and Unpacking Forum
    Replies: 1
    Last Post: December 17th, 2001, 12:26
  5. quite strange app behaviour
    By NikDH in forum Advanced Reversing and Programming
    Replies: 2
    Last Post: February 7th, 2001, 06:47

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •