Results 1 to 9 of 9

Thread: Privileged Instruction

  1. #1
    OnoSendai
    Guest

    Privileged Instruction

    hi all,

    an application, that i'm trying to debug, loads a dll with opcodes OUTS and IN. When ollydbg reaches this opcodes a privileged instruction exception is fired.

    is there a workaround for this problem?

    many thanks in advance!
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    psyCK0
    Guest

    Privileged Instruction

    That exception means that the processor decoded a privileged instruction but was not executing in the privileged mode. Usually this kind of exceptions are fired due to some kind of executable file protection.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    mimas
    Guest

    Privileged Instruction

    These instructions cannot be executed in ring3 (level application), the programme should run in ring0 (kernel mode) to access I/O port.

    What's the DLL ? It could be an anti-debugging trick. Try ty pass the exception with Shift+(F7,F8 or F9).
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    OnoSendai
    Guest

    Privileged Instruction

    thank you for your additional infos!

    It is probably an anti debugging trick.

    upon mapping of this dll ollydbg shows the message:"...entry point outside code ..."

    if i try shift + f7/f8/f9 the log window says:
    "Debbugged program was unable to process exception"
    afterwards the threads are terminated

    (i just trying the porttalk freeware but without success)
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5

    Privileged Instruction

    armadillo probably, rename ollydbg to other name and try again using the plugin Isdebug too and look if pass the exceptions.


    Ricardo

  6. #6
    OnoSendai
    Guest

    Privileged Instruction

    so far I tried this:

    -shift f7,f8,f9
    -renaming ollydbg
    -IsDebug displayed <error>
    -start via allowio from porttalk
    -noping the io opcodes -> same exception on later calls

    programming can be very frustrating

    by the way here is the snippet that causes the probs

    005ED447 FF15 B8BDA300 CALL DWORD PTR DS:[…] ;
    617441F0 > 6F OUTS DX,DWORD PTR ES:[EDI] ; I/O command
    617441F1 E5 6D IN EAX,6D ; I/O command
    617441F3 AB STOS DWORD PTR ES:[EDI]
    617441F4 227F 61 AND BH,BYTE PTR DS:[EDI+61]
    617441F7 BB 53CCE5DA MOV EBX,DAE5CC53
    617441FC 56 PUSH ESI
    617441FD C9 LEAVE

    and thank you for any further ideas
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  7. #7

    Privileged Instruction

    tell what packer is (use PEID) and will be more easy help.

    If you rename olly and have errors, keep a copy of the original ollydbg.exe in the same folder for aviod the errors, and use a renamed exe you put in the same folder.

    And if you use IsDEbug and make and error i think you are in win98, in XP work perfect.

    Ricardo

  8. #8
    OnoSendai
    Guest

    Privileged Instruction

    hi ricardo,

    peid shows the following message on the dll (while all other modules look normal):
    safedisc 2.51.000 -> macrovision

    unfortunately i'm not a hacker so i don't know what to do with this message. but i guess there is another tool that can remove this protection?!

    looking forward hearing from you

    ps: my os is xp and i also tested it on a virtual w2000 (virtual pc)
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  9. #9

    Privileged Instruction

    Aja safedisc i hear safedisc have a different kind of detection of ollydbg but i cannot check , safedisc programs are very large (games CDs and is difficult to download.

    Ricardo

Similar Threads

  1. REPZ Instruction
    By markh51 in forum The Newbie Forum
    Replies: 11
    Last Post: August 29th, 2004, 10:55
  2. Instruction addresses in run traces
    By TheTwo in forum OllyDbg Support Forums
    Replies: 2
    Last Post: August 16th, 2004, 11:54
  3. [b]Help with ASM Instruction Please![/b]
    By xOptiMus in forum Advanced Reversing and Programming
    Replies: 3
    Last Post: November 17th, 2000, 20:27

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •