Results 1 to 8 of 8

Thread: Access violation?

  1. #1
    Anonymous
    Guest

    Access violation?

    I have a program that's unable to load in OllyDbg. it runs normallly on win xp . here are the error i encounter:

    Access violation when readiing [ffffffff]

    EBX = 00000000
    DS: [ffffffff]=???

    the proggie is written in VC. i tried to bypass but fail. exit code 80 (128).

    any clues?? thanks
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2

    Access violation?

    it doesnt help. we need more info like - do you have the source or not ?
    where it GPF (in your program or in dll) ?

    you said "unable to load" - you cannot start at all your program ?

    also you can post a link to it so everyone can take a look.

    a lot of different things can go wrong

  3. #3

    Access violation?

    There is a antidebug rutine sure, in the program, read the tute in english 68 Armadillo for newbies and in the beginning there are a method for hide ollydbg.
    And is possible the program use the api IsDebuggerPresent to detect a debugger.With the method of the tute you run the program with this antidebugging trick.

    Ricardo

  4. #4
    Anonymous
    Guest

    Access violation?

    6C3ED626 5E POP ESI
    6C3ED627 > 55 PUSH EBP
    6C3ED628 8BEC MOV EBP,ESP
    6C3ED62A 8B45 10 MOV EAX,DWORD PTR SS:[EBP+10]
    6C3ED62D 53 PUSH EBX
    6C3ED62E 33DB XOR EBX,EBX
    6C3ED630 3BC3 CMP EAX,EBX
    6C3ED632 74 02 JE SHORT MFC42.6C3ED636
    6C3ED634 8918 MOV DWORD PTR DS:[EAX],EBX // Failed here EAX=FFFFFFFF

    for some reason , i can't give out the program.

    Ricardo sorry for be a newbie, do you have the link for the tute u mention??

    appreciate any help giving.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    Anonymous
    Guest

    Access violation?

    Ricardo i found the tute. keke thanks again.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,524
    Blog Entries
    15

    Access violation?

    mov eax,[ebp+10] ---> moves aome thing from stack to eax
    xor ebx,ebx
    cmp eax,ebx ; so basically eax must be zero so that it takes the je that comes next

    so the access viol can be eliminated
    that means [ebp+10] must be 0
    you land at access violation coz [ebp+10] !== 0

    it may be designed like that for triggering an access violation and handling
    tha access violation via a structured exception handling code

    look for the seh (olly marks it in stack and cpu as well
    btw if you use seh you can do almost anything with the situation
    for example modify debugregisters,change eip, writein the code section (if the code section has write permission(else it can virtual protect and write loop holes every where) change the registers to new value so that it works now
    but also the program gets to know that it is being debugged)

    btw did you try passing that exception to program (shift+f7)
    or adding last exception in debug options olly got lot of options to tackle these situations

  7. #7
    Anonymous
    Guest

    Access violation?

    modul kernel32
    77E7387D 8D45 B0 LEA EAX,DWORD PTR SS:[EBP-50]
    77E73880 50 PUSH EAX
    77E73881 FF15 0015E677 CALL DWORD PTR DS:[<&ntdll.RtlRaiseExcep>; ntdll.RtlRaiseException
    77E73887 5E POP ESI;MSVCRT.77C114AC//Access violation no RTTI Data

    heres another exception i encount, I m able to pass this exception a few times (shift + f7) and the program runs.
    quick question what's the drawbacks of bypassing these expetions??
    thanks
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  8. #8

    Access violation?

    Is difficult if not view the program, if the program RUN out of OLLYDBG is obvious there are a detection of OLLYDBG.
    When you press Shift + f9 and the program ends, go to the K (call stack) and view the calls in the list, the upper is the last call the program enter ,right click VIEW CALL and go to the executable or part of the program last executed before the error, look if there are a conditional jump, for not execute the bad call, if changing the conditonals jumps befores this call not RUN good the program, go to the call stack again and take the second call and make the same process, i dont know if is your case, but if i cant look the program, is only an idea.

    Ricardo Narvaja

Similar Threads

  1. access violation in olly
    By icegood in forum OllyDbg Support Forums
    Replies: 1
    Last Post: March 16th, 2012, 03:46
  2. Access violation
    By VeeDub in forum The Newbie Forum
    Replies: 15
    Last Post: June 30th, 2006, 18:25
  3. Access violation question
    By woody in forum OllyDbg Support Forums
    Replies: 1
    Last Post: November 3rd, 2005, 15:06
  4. Can't run program in ollydbg/Access violation
    By DebugAll in forum OllyDbg Support Forums
    Replies: 1
    Last Post: March 11th, 2003, 16:29
  5. Access violation when writing to [00000000]
    By helloword in forum OllyDbg Support Forums
    Replies: 1
    Last Post: February 4th, 2003, 05:06

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •