Results 1 to 6 of 6

Thread: Help - problem loading a program for debugging

  1. #1
    pepak
    Guest

    Help - problem loading a program for debugging

    I am trying to write a Win32 application in assembler. I have started with various tutorials and it seems straightfoward enough. The problem is that I need something to debug my applications with. OllyDbg looks just right, except that I don't seem to be able to actually debug m program in it: The program loads, but the first breakpoint occurs AFTER the program finishes. How do I tell OllyDbg to only load the program but stop before executing my code? I am trying it on a bare skeleton of a program:

    <code>
    .486
    .model flat, stdcall
    option casemap :none

    include c:\masm32\include\windows.inc
    include c:\masm32\include\user32.inc
    include c:\masm32\include\kernel32.inc

    includelib c:\masm32\lib\user32.lib
    includelib c:\masm32\lib\kernel32.lib

    .data

    AppName db 'Test application', 0

    .code

    start:

    INVOKE GetCommandLine
    INVOKE MessageBox, 0, EAX, ADDR AppName, MB_OK
    INVOKE ExitProcess, 0

    end start
    </code>
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    King of Redonda
    Join Date
    Jul 2006
    Posts
    109
    Blog Entries
    4
    Check out Options -> Debugging options -> Events. Maybe there's something wrong there.
    <[TN]FBMachine> i got kicked out of barnes and noble once for moving all the bibles into the fiction section

  3. #3
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,525
    Blog Entries
    15
    but the first breakpoint occurs AFTER the program finishes
    what do you mean ?

    you mean ollydbg shows you that the process has terminated ?

    where does it indeed break ? is it your break point or some ghost breakpoint ?

    are you sure it broke some where ?

    is the analysis being done ( a black progress bar will show up)
    does the log window say the program has been analysed ?

    if you still have some problems just post few lines from your log window
    may be there is some clue in there

    does your program run outside the debugger without problems

    or are you confusing yourself with the initial break point in system breakpoint ?

    if it indeed has broke on system breakpoint look at log window
    you will see this line
    Log data, item 0
    Address=7C901230
    Message=System startup breakpoint
    if it there then go to
    option debugging options events -> and set make first pause at
    entry point of main module radio button and click ok and restart your debuggee

  4. #4
    pepak
    Guest
    Quote Originally Posted by fr33ke
    Check out Options -> Debugging options -> Events. Maybe there's something wrong there.
    I tried all three events. All of them trigger after my program finishes.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    pepak
    Guest
    (edit: damn these notebook keyboards, so many misspellings)

    Quote Originally Posted by blabberer
    what do you mean ?

    you mean ollydbg shows you that the process has terminated ?
    It shows that the program loaded OK and lets me debug. Unfortunatelly, all three WinAPI calls of my application occur before that. So the sequence is

    1) Open the application in OllyDbg
    2) Process GetCommandLine, MessageBox, ExitProcess
    3) OllyDbg's breakpoint triggers

    are you sure it broke some where ?
    No. But I am pretty certain that it would be more useful for me to debug the application before it finishes rather than after :-)

    is the analysis being done ( a black progress bar will show up)
    does the log window say the program has been analysed ?
    I tried it with a modified skeleton application, one that displays a form and an edit box, then waits for the user to terminate it. The log looks like this:

    Code:
    Log data
    Address    Message
               OllyDbg v1.10
               Bookmarks sample plugin v1.06 (plugin demo)
                 Copyright (C) 2001, 2002 Oleh Yuschuk
               Command line plugin v1.10
                 Written by Oleh Yuschuk
    
               File 'D:\Pepa\Skola\Programovaci techniky\Prace\_main.exe'
               New process with ID 000004CC created
    00401040   Main thread with ID 0000037C created
    00400000   Module D:\Pepa\Skola\Programovaci techniky\Prace\_main.exe
                 Size changed, discarding .udd data
    77D30000   Module C:\WINDOWS\system32\user32.dll
    77F10000   Module C:\WINDOWS\system32\GDI32.dll
    7C800000   Module C:\WINDOWS\system32\kernel32.dll
    7C900000   Module C:\WINDOWS\system32\ntdll.dll
    746F0000   Module C:\WINDOWS\system32\MSCTF.dll
    77C00000   Module C:\WINDOWS\system32\msvcrt.dll
    77DC0000   Module C:\WINDOWS\system32\ADVAPI32.dll
    008F0000   Module C:\Program Files\Ad Muncher\AdMunch.dll
    77E70000   Module C:\WINDOWS\system32\RPCRT4.dll
    71A90000   Module C:\WINDOWS\system32\ws2_32.dll
    71A80000   Module C:\WINDOWS\system32\WS2HELP.dll
               Process terminated, exit code 0
    00400000   Unload D:\Pepa\Skola\Programovaci techniky\Prace\_main.exe
    008F0000   Unload C:\Program Files\Ad Muncher\AdMunch.dll
    71A80000   Unload C:\WINDOWS\system32\WS2HELP.dll
    71A90000   Unload C:\WINDOWS\system32\ws2_32.dll
    746F0000   Unload C:\WINDOWS\system32\MSCTF.dll
    77C00000   Unload C:\WINDOWS\system32\msvcrt.dll
    77D30000   Unload C:\WINDOWS\system32\user32.dll
    77DC0000   Unload C:\WINDOWS\system32\ADVAPI32.dll
    77E70000   Unload C:\WINDOWS\system32\RPCRT4.dll
    77F10000   Unload C:\WINDOWS\system32\GDI32.dll
    7C800000   Unload C:\WINDOWS\system32\kernel32.dll
    7C900000   Unload C:\WINDOWS\system32\ntdll.dll
    
               File 'D:\Pepa\Skola\Programovaci techniky\Prace\_main.exe'
               New process with ID 00000694 created
    00401040   Main thread with ID 00000248 created
    00400000   Module D:\Pepa\Skola\Programovaci techniky\Prace\_main.exe
                 CRC changed, discarding .udd data
    77D30000   Module C:\WINDOWS\system32\user32.dll
    77F10000   Module C:\WINDOWS\system32\GDI32.dll
    7C800000   Module C:\WINDOWS\system32\kernel32.dll
    7C900000   Module C:\WINDOWS\system32\ntdll.dll
    746F0000   Module C:\WINDOWS\system32\MSCTF.dll
    77C00000   Module C:\WINDOWS\system32\msvcrt.dll
    77DC0000   Module C:\WINDOWS\system32\ADVAPI32.dll
    008F0000   Module C:\Program Files\Ad Muncher\AdMunch.dll
    77E70000   Module C:\WINDOWS\system32\RPCRT4.dll
    71A90000   Module C:\WINDOWS\system32\ws2_32.dll
    Mind you, this is the status when my window is already running and receiving input, though OllyDbg doesn't show anything at all yet. I have to close the window, only then does OllyDbg trigger; the log shows:

    Code:
     Message=Process terminated, exit code 0
    does your program run outside the debugger without problems
    It runs without problems even in the debugger. The only problem is that I can't get the debugger to debug it. Anyway, you can try for yourself: The application and its source code are at http://www.pepak.net/tmp/asm.zip.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    pepak
    Guest
    Well, never mind, I found it: Firewall is the culprit here! It triggers on rule "process writes to memoryspace of system"
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Replies: 3
    Last Post: December 4th, 2008, 01:57
  2. Question about a self-debugging program
    By kcynice in forum The Newbie Forum
    Replies: 6
    Last Post: June 18th, 2008, 22:33
  3. program runs when loading
    By alan in forum Bugs
    Replies: 4
    Last Post: September 23rd, 2007, 14:39
  4. Sice loading problem
    By SynApsus in forum Tools of Our Trade (TOT) Messageboard
    Replies: 4
    Last Post: May 31st, 2004, 08:18
  5. IDA sig file loading problem
    By Thigo in forum Tools of Our Trade (TOT) Messageboard
    Replies: 2
    Last Post: July 1st, 2001, 06:32

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •