Page 1 of 2 12 LastLast
Results 1 to 15 of 30

Thread: Error 11 etc..

  1. #1
    WebRIPPER
    Guest

    Error 11 etc..

    I can't get it work !!!
    It always halt with "error 11" message. What to do?
    In SoftICE it does not happens with the same programs. Maybe I miss something in settings?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    WebRIPPER
    Guest

    Error 11 etc..

    Now it's something new (after restart)
    ERROR_CLASS_DOES_NOT_EXIST (00000583) ??? Why??? There are all clases there
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3

    Error 11 etc..

    Never in my life OLLYDBG tell me ERROR 11, and i have 185 tutorials and 150 challenges, do you use Panda Antivirus, the enemy of OLLYDBG?

    Ricardo

  4. #4
    WebRIPPER
    Guest

    Error 11 etc..

    No, there is TrendMicro installed on the machine... So what 's the problem?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,487
    Blog Entries
    15

    Error 11 etc..

    greets

    well as far as i know ther is no error level 11 string in olly
    the nearest string is

    Text strings referenced in OLLYDBG:.text, item 1860
    Address=00447BF3
    Disassembly=PUSH OLLYDBG.004B3E3A
    Text string=ASCII "(Last error = %s)"

    does the popup belong to olly or does it belong to application

    what does it say actually

    what are you doing to get it

    all this info may help us help you

    just by saying woahhhhhhhh i got err0r 11 doesnt make a cleare picture

    and if you have panda antivirus many say it tinterferes with the debuggers process so ric asked if you have it installed

    so instead of asking "i have trend micro whats the problem"
    why dont you try disabling it for some time run olly and see if this probalem goes off if not tell that tooetc etc

    blind questions does not get any replies or gets at the most blind replies

    regards

  6. #6
    WebRIPPER
    Guest

    Error 11 etc..

    Thank you for response, as following:
    1) The problem is with application debugged, but not with Olly
    2) The application running in debug mode, using Olly just halted after a couple of seconds, so it is impossible to debug.
    3) When the appliction halted it can be ERROR_CLASS_DOES_NOT_EXIST (00000583) or
    ERROR_SUCCESS (00000000) last error state
    4) While this the stack is
    Call stack of thread 000009EC
    Address Stack Procedure / arguments Called from Frame
    01CFFE48 77F5C454 Includes 7FFE0304 ntdll.ZwTerminateProcess+0A 01CFFF40
    01CFFE4C 77E798EC Maybe ntdll.ZwTerminateProcess kernel32.77E798EA 01CFFF40
    01CFFF44 77E7990F ? kernel32.77E79895 kernel32.77E7990A 01CFFF40
    01CFFF58 004545FA ? kernel32.ExitProcess hb3.004545F4 01CFFF54
    01CFFF5C 00000002 ExitCode = 2
    01CFFF64 00454542 ? hb3.00454557 hb3.0045453D
    01CFFF74 0043C453 hb3.00454535 hb3.0043C44E
    5) I have trendmicro, but I do not think that it the problem
    6) ntdll halt string is 77F5C448 >/$ B8 01010000 MOV EAX,101
    77F5C44D |. BA 0003FE7F MOV EDX,7FFE0300
    77F5C452 |. FFD2 CALL EDX
    77F5C454 \. C2 0800 RETN 8
    7) That's all folks . So I'm wonderring what is the problem here 'cos in SoftICE this does not happens, but I prefer to use Olly (love it)...
    8) Thanks to all
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  7. #7
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,487
    Blog Entries
    15

    Error 11 etc..

    does it create any exception if you want to know do this
    alt+0 debugging options,exceptions ,add last exception

    it will be grayed if ther was no exception else if it is enabled the top most is the recent exception
    if you want you can allow olly to pass it to the applications handler rather than letting olly handle it

    it saves you pressing shift+f9 umpteen times

    are you attaching it
    or are you loading it

    does it stop on entry point have you read its pe header entry point
    is it packed have you unpacked it

    if sice can work on this app (if it is an app and not some driver)
    then olly can work with it too and better than sice

  8. #8
    WebRIPPER
    Guest

    Error 11 etc..

    I added 0-FFFFFFFF in skip error on debug option- nothing (still halting)
    How to post to app handle?
    I'm load it
    the application in unpacked
    So still problems, what to do>? Something I missed?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  9. #9
    focht
    Guest

    Error 11 etc..

    Greetings,

    the problem is that one win32 API call returns ERROR_CLASS_DOES_NOT_EXIST (00000583) and the thread/program terminates upon (due to application error handling).
    The error code could be related to window classes (registered atoms) but it can be anything other too.

    At first you must identify the API call that caused the last error code.
    To do so, set a conditional breakpoint at ntdll.RtlSetLastWin32Error.
    Condition "[ESP+4] == 0x583" (first arg is win32 last error code).

    Let the program run and watch it stop.
    Collect all data - especially the call stack - and post it here.

    View -> callstack
    "show arguments"
    copy whole table to clipboard.

    With this information we might help you...

    Regards,

    A. Focht
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  10. #10
    WebRIPPER
    Guest

    Error 11 etc..

    Here the dump
    Call stack of thread 000014C4
    Address Stack Procedure / arguments Called from Frame
    01CFFF64 00456115 ntdll.RtlSetLastWin32Error hb3.0045610F 01CFFFB4
    01CFFF68 00000000 Error = ERROR_SUCCESS
    01CFFF74 0045387E hb3.004560B3 hb3.00453879 01CFFFB4
    01CFFF78 0043C3D6 hb3.00453879 hb3.0043C3D1 01CFFFB4
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  11. #11
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,487
    Blog Entries
    15

    Error 11 etc..

    ERROR_CLASS_DOES_NOT_EXIST (00000583)

    Condition "[ESP+4] == 0x583" (first arg is win32 last error code).

    01CFFF64 00456115 ntdll.RtlSetLastWin32Error hb3.0045610F 01CFFFB4
    01CFFF68 00000000 Error = ERROR_SUCCESS

    sort of messup some where where ????

    btw why dont you try following the calls using show calls or going to stack following it to dissembler and break pointing the return and see if olly breaks

  12. #12
    WebRIPPER
    Guest

    Error 11 etc..

    That's what it return to me with condition [ESP+4] == 0x583
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  13. #13
    focht
    Guest

    Error 11 etc..

    Hi again,

    as "oh me anon" already mentioned - there is something messed up.

    Ollydbg should never break on conditional if arg0 = 0 (Error = ERROR_SUCCESS)

    Next try: do a conditional log breakpoint.

    Condition: "[esp+4] == 0x583"
    Explanation: "lasterror code"
    Expression: "[esp+4]"
    decode: assumed by expression
    Pause program/log: on condition

    Run the program.
    If that doesnt work (breaks even if lasterror != 0x583), try condition "[esp+4] != 0".
    It will break/log on every API error encountered.

    Dont come back until lasterror code "00000583" is logged

    Regards,

    A. Focht
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  14. #14

    Error 11 etc..

    I think is a antidebugger code in the program.

    The program can generate the errors.

    1)I try disabling all breakpoints and all hardware BPX, enabling the plugin IsDebuggerPresent for hide of detection for this api
    2)You can use WindowsHacker for hide the windows of olly to hide detection for the name of the Window of OLLYDBG.
    3)Also you can rename the exe of ollydbg for hide of detection for name of the process
    4)You can create a infinite loop in the EP of program and when is looping, atach the olly for hide detection of api Process32first, Process32Next (ACProtect method), this detect the process who load the process of the program, and if olly load the program is detected how the program who create the process.(if you atach a program looping in your EP olly is not detected how creator of the process)

    If you try all of this options and continue the problem try
    HE RaiseException if the program stop look if there are a conditional jump to skip this api and run the program.

    Ricardo Narvaja

  15. #15
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,487
    Blog Entries
    15

    Error 11 etc..

    hey ricardo ,

    just to be sure i want to know this coz i dont use sice

    and you seem to be doing some good job writing so much tuts
    if this is antidebug then how come sice can handle it with aplomb
    and not show his error 11

    any ideas if sice has some extra capability to by pass antidebug
    ;(

    i have my doubts like this

    1) he hasnt set any break points so itmust be running in full steam
    2) he must have f9 ned it and it and pressed some check the message box is result of his doing not ollys
    3)it has to stop in the entry point of packer atleast if it is packed
    there is no way that it can execute all by itself
    4) if it is executing by itself then the ntdll.dll debug break must be screwed up without screwing it up each and every exe must stop at some entry point wherther it is original or packers or some devils entyr point isnt it
    5) without executing any code in application no antidebug worth its salt is going to help
    6) there is no way i think to find if the app is running in the contextof debugger during loading process (am i right or wrong
    any one reading this may comment on this point

    can the system determine if an app is running in the context of debugger and take evasive action without running any of its code

    7) ???? what else i dunno but i firmly believe if sice can handle it then olly must be able to handle it

    all and any comments are welcome

Similar Threads

  1. Error 998? What happened?
    By cooljoebay in forum OllyDbg Support Forums
    Replies: 2
    Last Post: January 4th, 2010, 01:55
  2. Error Issue
    By Jo_ti in forum The Newbie Forum
    Replies: 8
    Last Post: October 17th, 2009, 10:56
  3. Error
    By Bilal in forum OllyDbg Support Forums
    Replies: 1
    Last Post: July 29th, 2004, 09:20

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •