Results 1 to 6 of 6

Thread: how does olly pass exceptions to debugee?

  1. #1

    how does olly pass exceptions to debugee?

    i wonder how exactly olly passes exceptions to the debugee. in the exceptions option window when i check every option and also ignore the exception range from 0 to ffffffff olly sometimes tells me 'dont know how to bypass exception'.
    this is not what i expected.
    another thing is that i get evil bluescreens when debugging certain exes, every other debugger i tried didnt give me bluescreens when exceptions have been raised.

    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2

    how does olly pass exceptions to debugee?

    OLLY have a bug in ILLEGAL EXECPTION, hwne you pass tell you donīt know how bypass exception, i repair this bug debuggin OLLYDBG with other OLLY, search the strings of the message and you can repir this bug easily, only changing one conditional JUMP.

    Olly is a RING3 debugger and cannot produce any blue screen , the program you are debugging, detect is being debugged and intentionally produce this blue screen.

    Ricardo Narvaja

  3. #3

    how does olly pass exceptions to debugee?

    Ricardo, you just saved me a whole ton of Shift+F9's. I didn't know it was a bug that could be fixed, You are my hero.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4

    how does olly pass exceptions to debugee?

    thank you for your answer.
    i followed your instructions and now i dont get the annoying message box.
    i also figured out why olly makes those certain exes give me a bluescreen.
    its because olly calls continuedebugevent api with dwContinueStatus=DBG_CONTINUE, this is not what i expect from olly when i tell olly in the options menu to not handle any exception. i changed the parameter dwContinueStatus to DBG_EXCEPTION_NOT_HANDLED and now everything works just fine.
    i wonder if there is a plugin out there doing this automatically. if not i will try to write such a plugin, because i think this feature is a must for a good debugger.
    btw, why does olly call continuedebugevent with wContinueStatus=DBG_CONTINUE when i tell olly to pass every exception to the debugee??
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    Jump to patch in Olly to prevent buggy pauses is
    0043979D   68 203A4E00      PUSH OLLYDBG.004E3A20
    004397A2   E8 A5160500      CALL OLLYDBG.0048AE4C
    004397A7   59               POP ECX
    004397A8   33D2             XOR EDX,EDX
    004397AA   8B4D B0          MOV ECX,DWORD PTR SS:[EBP-50]
    004397AD   8915 5C8D4D00    MOV DWORD PTR DS:[4D8D5C],EDX
    004397B3   890D 5C5A4D00    MOV DWORD PTR DS:[4D5A5C],ECX
    004397B9   833D 14574D00 01 CMP DWORD PTR DS:[4D5714],1
    004397C0   75 42            JNZ SHORT OLLYDBG.00439804 ; <== change to JMP
    004397C2   833D 70574D00 00 CMP DWORD PTR DS:[4D5770],0
    004397C9   75 39            JNZ SHORT OLLYDBG.00439804
    004397CB   833D D8364D00 02 CMP DWORD PTR DS:[4D36D8],2
    004397D2   74 0C            JE SHORT OLLYDBG.004397E0
    004397D4   813D 2C574D00 00>CMP DWORD PTR DS:[4D572C],80000000
    004397DE   73 24            JNB SHORT OLLYDBG.00439804
    004397E0   833D 8C574D00 00 CMP DWORD PTR DS:[4D578C],0
    004397E7   75 11            JNZ SHORT OLLYDBG.004397FA
    004397E9   8D86 A5310000    LEA EAX,DWORD PTR DS:[ESI+31A5]
    004397EF   50               PUSH EAX
    004397F0   6A 00            PUSH 0
    004397F2   E8 397EFFFF      CALL OLLYDBG._Message
    Change it to JMP and no more annoying breaks. I've run into this issue yesterday and thought that may as well post it for the lazy ones
    Vulnerant omnes, ultima necat.

  6. #6
    Naides is Nobody
    Join Date
    Jan 2002
    Planet Earth
    Thank you, in the name of the lazy ones

Similar Threads

  1. OllyDbg2 plugin to hide Olly2 from debugee
    By BoB in forum OllyDbg Support Forums
    Replies: 7
    Last Post: April 30th, 2012, 10:30
  2. Replies: 3
    Last Post: December 3rd, 2009, 04:13
  3. how to terminate debugee in safe mode
    By zqBugZ in forum The Newbie Forum
    Replies: 6
    Last Post: June 26th, 2008, 10:12
  4. A nasty id/pass scheme
    By Bitman in forum Advanced Reversing and Programming
    Replies: 12
    Last Post: June 5th, 2007, 19:55
  5. Unable to pass exceptin when condition log
    By Teerayoot in forum OllyDbg Support Forums
    Replies: 2
    Last Post: June 16th, 2003, 05:11


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts