Results 1 to 5 of 5

Thread: ??? Questions ???

  1. #1
    Anonymous
    Guest

    ??? Questions ???

    1.
    How to search for bytes?

    In SoftICE s 0 l ffffffff 90,90,90,...
    In OllyDbg ???

    2.
    I have win2000 and I want set breakpoint on GetVolumeInformationA... or GetProcAddress, but how???

    Thx,
    Bruce Lee
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Anonymous
    Guest

    ??? Questions ???

    in ollydbg, the right click is like talking to god; everything is done with right click (well almost). do right click -> search for -> binary string. you can even use ?? for wildcards i think. for setting bpx on imports, do ctrl-N for a list, and then ... right click to bpx.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    Anonymous
    Guest

    ??? Questions ???

    In packed target when press ctrl+n found missing imports
    And now what?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    Anonymous
    Guest

    ??? Questions ???

    here's a trick most people dont know. it was in some olly tips i forget which #. you can get around this by doing view -> executable modules, and locate the library where the call is, in other words kernel32.dll or whatever. then from inside that library you can do ctrl-N and set a breakpoint on the EXPORT you are interested in. then it will break when your app calls that export of that lib. its not the easiest solution, but it can be useful when you are not sure where the import calls are in your app.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    Anonymous
    Guest

    ??? Questions ???

    if you want to set breakpoint on GetVolumeInformationA... or GetProcAddress, etc easily in Ollydbg, just do:

    bp GetVolumeInformationA

    or

    bp GetProcAddress

    Other useful commands are:

    D expression Follow address in dump
    DUMP expression Ditto
    DA [expression] Dump in assembler format
    DB [expression] Dump in hex byte format
    DC [expression] Dump as ASCII text
    DD [expression] Dump as addresses (stack format)
    DU [expression] Dump as UNICODE text
    DW [expression] Dump in hex word format
    STK expression Follow address in stack
    BP expression [,condition] Set INT3 breakpoint at address
    BPX label Set breakpoint on each call to external 'label' within the current module
    BC expression Delete breakpoint at address
    MR expression1 [,expression2] Set memory breakpoint on access to range
    MW expression1 [,expression2] Set memory breakpoint on write to range
    MD Remove memory breakpoint
    HR expression Set 1-byte hardware breakpoint on access to address
    HW expression Set 1-byte hardware breakpoint on write to address
    HE expression Set hardware breakpoint on execute at address
    HD [expression] Remove hardware breakpoint(s) at address
    STOP Pause execution
    PAUSE Ditto
    RUN Run program
    G [expression] Run till address
    GE [expression] Pass exception to handler and run till address
    S Step into
    SI Ditto
    SO Step over
    T [expression] Trace in till address
    TI [expression] Ditto
    TO [expression] Trace over till address
    TC condition Trace in till condition
    TOC condition Trace over till condition
    TR Execute till return
    TU Execute till user code

    and others that you can find in the documentation...
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. 2 Questions
    By DaBookshah in forum The Newbie Forum
    Replies: 5
    Last Post: November 2nd, 2006, 09:06
  2. rsa Questions
    By tommychong in forum RCE Cryptographics
    Replies: 6
    Last Post: September 14th, 2005, 17:12
  3. Some DRx Questions
    By Lenus in forum OllyDbg Support Forums
    Replies: 3
    Last Post: December 31st, 2004, 04:19
  4. Some DRx Questions
    By Lenus in forum The Newbie Forum
    Replies: 2
    Last Post: December 28th, 2004, 18:11
  5. RegOrganizer 1.3B4: Questions and More Questions (sv / +spl/\j guru!)
    By foxthree in forum Malware Analysis and Unpacking Forum
    Replies: 17
    Last Post: March 9th, 2002, 06:43

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •