Results 1 to 7 of 7

Thread: References to ws2_32.dll not displayign labels

  1. #1
    asm0
    Guest

    References to ws2_32.dll not displayign labels

    Hello all.

    Firstly, I'm rather new to using OllyDbg, so please bear with me. My problem is fairly straightforward: I've been trying to track down references a program makes to ws2_32.dll. OllyDbg seems to do this rather well, but with one issue...Instead of showing the proper label, it will just give me names like ws2_32.#1 and ws2_32.#151. What I'd like is to be able to see things like ws2_32.connect or ws2_32.socket instead. Oddly enough, though, it properly displays the imported WSA components from ws2_32.dll. Anyway, if anyone knows how to resolve this, please let me know. Thanks.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Naides is Nobody
    Join Date
    Jan 2002
    Location
    Planet Earth
    Posts
    1,647
    The Problem is with your dll.
    If it was compiled without the function labels information, olly can only show the sequential number of the function, no the symbolic, human intelligible one. The imported WSA components do have included the symbols in their export table, so olly can read them and show them to you.

    The solution: You need to download the debug symbol table for the ws2_32.dll from the MSoft symbol repository, possibly using windbg. the file name would be ws2_32.pdb.
    Then you need to tell olly where to find the .pdb file, using the main menu bar item debug->Select Path for Symbols -> {navigate to the .pdb}

  3. #3
    Actually, the program may be importing by ordinal instead of by name.

    I have just checked the ws2_32.dll in both my 98se and XP Pro systems, and all the exports do indeed have names.

  4. #4
    asm0
    Guest
    Quote Originally Posted by naides
    The Problem is with your dll.
    If it was compiled without the function labels information, olly can only show the sequential number of the function, no the symbolic, human intelligible one. The imported WSA components do have included the symbols in their export table, so olly can read them and show them to you.

    The solution: You need to download the debug symbol table for the ws2_32.dll from the MSoft symbol repository, possibly using windbg. the file name would be ws2_32.pdb.
    Then you need to tell olly where to find the .pdb file, using the main menu bar item debug->Select Path for Symbols -> {navigate to the .pdb}
    I tried this...Still no go...(I tried setting Olly's path to c:\windows\symbols (Default installation path) and c:\windows\symbols\dll (exactly where ws2_32.pdb is located))

    I suppose I should mention that, when disassembling, IDA shows the names of the imported functions fine.

    edit: I just realized that if I right click and view the call tree, it shows me the actually name, heh...Well, I can work with this, but for convenience's sake, is there a way I can get it to display that from the names window? Not as big of a problem if I can't, though.
    Last edited by asm0; July 6th, 2006 at 17:36.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    Knight
    Guest
    Olly can resolve ordinal imports by using import libraries (Debug->Select import libraries). I checked and my VS has that lib (probably you rather need platform SDK than VS).
    This feature is very helpful with MFC apps where all imports are by ordinal.

    Regards,
    Knight
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,486
    Blog Entries
    15
    I tried this...Still no go...(I tried setting Olly's path to c:\windows\symbols (Default installation path) and c:\windows\symbols\dll (exactly where ws2_32.pdb is located))



    ollydbg has a little problem that it pushes only the ollydbg directory to SymSetSearchpath() after it calls Syminitialize with null

    so effectively the _NT_SYMBOL_PATH doesnt reflect in its search path

    there is a little patch you can apply to make it select the Default NT_SYMBOL_PATH

    Names in ws2_32, item 30
    Address=71AB406A
    Section=.text
    Type=Export (Known)
    Name=connect


    check out this thread here for details

    http://www.woodmann.com/forum/showthread.php?t=8460
    Last edited by blabberer; July 7th, 2006 at 12:35.

  7. #7
    Hint: If you type CTRL+A (Analyse code) in OllyDbg you are getting besides ordinals all names of functions...

    Cheers

    Nacho_dj

Similar Threads

  1. IDR labels and function prototypes => IDA?
    By Cherry in forum Advanced Reversing and Programming
    Replies: 7
    Last Post: January 2nd, 2011, 16:44
  2. User-defined labels
    By Wilmar in forum OllyDbg Support Forums
    Replies: 6
    Last Post: July 27th, 2005, 10:51
  3. BPX on labels from dynamicly loaded DLLs
    By merbzt in forum OllyDbg Support Forums
    Replies: 1
    Last Post: April 4th, 2004, 16:01
  4. ARG.x and LOCAL.x labels
    By Hiftu in forum OllyDbg Support Forums
    Replies: 2
    Last Post: November 21st, 2003, 08:17
  5. Function as References
    By Bengaly in forum Advanced Reversing and Programming
    Replies: 2
    Last Post: August 24th, 2003, 18:15

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •