Results 1 to 6 of 6

Thread: Code Analysis with Ollydbg

  1. #1
    s7master
    Guest

    Code Analysis with Ollydbg

    I am working with a program that loads a dll. After the dll is loaded, then it executes at the <ModuleEntryPoint>, which is in the POL1 section. The code then extracts the rest of the code to the .text section. My problem is that I cannot analyze the code in the .text section because I believe it is being treated as data rather than code.

    Is there any way I can analyze the code in the .text section?

    Thanks in advance,
    Taylor K.

    P.S. Attached is a screenshot so you know what I'm talking about.
    Attached Images Attached Images  
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,486
    Blog Entries
    15
    if you want to analyze sections that are not mapped as .code by default

    use analyzethis plugin by joe stewart

    you can grab it at openrce downloads

    there are caveats using that like if you try analysing any page that is not in
    any modules memory map it may err or give you wrong analysis

    also analysing anydata sections always come with the risk of
    inaccurate analysis like disassembling data as code


    but something is always better than nothing
    give it a spin and see if it fulfills your need

    btw for ollydbg questions there is a seperate forum
    you should consider posting your questions about ollydbg there
    to avoid moving the posts here and there by the admins

  3. #3
    To analyze a section different from which indicated by NtHeaders->OptionalHeader.BaseOfCode, you can use the olly's plugin "AnalyzeThis" downloadable here: http://openrce.org/downloads/browse/OllyDbg_Plugins

  4. #4
    pnluck:

    Didn't blabberer post that same information about 10 minutes before you did??

    Regards,
    JMI

  5. #5
    s7master
    Guest
    Thank you guys, help appreciated. Oh, and I'll try and post on the right forum next time
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    We are attempting to keep all the "olly" Threads here in the OllyDbg Forum now.

    Regards,
    JMI

Similar Threads

  1. Replies: 4
    Last Post: August 14th, 2010, 00:23
  2. Replies: 0
    Last Post: July 14th, 2009, 22:37
  3. LINK: Grafting Compiled Code: The Ultimate in Code Reuse
    By Cthulhu in forum Advanced Reversing and Programming
    Replies: 4
    Last Post: November 10th, 2007, 03:40
  4. Localised Code Analysis And The Art Of Nanomite Filtering
    By Admiral in forum Tools of Our Trade (TOT) Messageboard
    Replies: 29
    Last Post: October 25th, 2005, 01:15
  5. Replies: 10
    Last Post: November 9th, 2002, 04:50

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •