Results 1 to 11 of 11

Thread: Olly BSOD my PC...

  1. #1

    Olly BSOD my PC...

    hi all,

    Olly still continue to BSOD my system. It crashes my firewall, and at end bsod my pc. This on both my machines, old (SP1) and new (xp full updated).

    On this new machine i did nothing! I found no thread related, so can anyone have an idea? due to various tools, I have problems with sice etc.

    On older machine it seemed to 'take' all machine resources over the time (i.e. if I leave pc opened and olly paused when i go dinner).

    boh :?
    I want to know God's thoughts ...the rest are details.
    (A. Einstein)
    --------
    ..."a shellcode is a command you do at the linux shell"...

  2. #2
    Red wine, not vodka! ZaiRoN's Avatar
    Join Date
    Oct 2001
    Location
    Italy
    Posts
    922
    Blog Entries
    17
    Hi M.
    Did you try to analyze the crash dump? Does the bsod starts happening after the installation of a particular program?
    I think the problem is surely related with an external behaviour...

  3. #3
    oh, sure, I did not mean olly is unstable, it's the exact opposite, sorry.
    I were curious to know if anyone has experienced such problems. Surely it is related to some driver (as bsods are not so easy on r3).
    I think Kerio firewall (i swap firewall every 3-6 months as I cannot still find a decent one...) driver is responsible. What is fuzzying me is that I keep HIPS off, so debugging should not be checked at all.
    (Kerio at a certain point says that cannot connect to the gui services anymore and shut down -this might be an interesting attack on such firewall. however, since sedebugprivilege is granted only at admin, it is not still useful for domain user exploits, but who knows?)
    Firewalls have problems with debuggers i.e. I noted agnitum fw transformed my IDE debugger (ASM view) into a slow turtle :-? .

    (ps: I've reset when crash dump was building, as it were taking ages...)
    Last edited by Maximus; December 27th, 2006 at 17:52.
    I want to know God's thoughts ...the rest are details.
    (A. Einstein)
    --------
    ..."a shellcode is a command you do at the linux shell"...

  4. #4
    Red wine, not vodka! ZaiRoN's Avatar
    Join Date
    Oct 2001
    Location
    Italy
    Posts
    922
    Blog Entries
    17
    Hey.
    I read somewhere about a similar problem, it was caused by an antivirus program. The problem stops when the antivirus was removed. Maybe trying to remove Kerio you'll known if the firewall is your problem.... or have you already tried?

  5. #5
    This bsod happened today, i'll try to change firewall... tomorrow
    I want to know God's thoughts ...the rest are details.
    (A. Einstein)
    --------
    ..."a shellcode is a command you do at the linux shell"...

  6. #6
    Naides is Nobody
    Join Date
    Jan 2002
    Location
    Planet Earth
    Posts
    1,647
    My firewall, Outpost, detects and does not like when a process, Olly, reads the memory of another, debuggee, and opens a window wanting to kill both processes. (It also detects Armadillo father modifying the Armadillo son process memory and complains formally about it)
    I am sure your FW have similar technology, hooking in the debugging API or zw APIs. If one of the FW drivers has gone amoc, may well be BSODing your machine in response to Olly.

    But I know for sure that my Outpost allows me to use Olly of I tell it to shut up.

  7. #7
    Registered User
    Join Date
    Nov 2003
    Location
    .hr
    Posts
    40
    i have Kerio and it works just fine with olly (i'm running xpsp2).
    i have turned off "system security module".
    Kerio (fwdrv.sys) hooks:
    1. ZwClose
    2. ZwCreateFile
    3. ZwCreateKey
    4. ZwCreateProcess
    5. ZwCreateProcessEx
    6. ZwCreateThread
    7. ZwDeleteFile
    8. ZwDeleteKey
    9. ZwDeleteValueKey
    10. ZwOpenFile
    11. ZwOpenKey
    12. ZwResumeThread
    13. ZwSetInformationFile
    14. ZwSetValueKey
    15. ZwWriteFile

    maybe some plugin antiantidbg code is causing it?
    you should run olly without plugins (period )...and add them back one by one.

  8. #8
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,524
    Blog Entries
    15
    try writing a minidump and let your system autoreboot analyze the minidump to get some pointers if it is taking ages to write full dump

    I have run ollydbg with kerio i didnt happen to encounter any bsods
    infact i havent encountered a bsod till date that was caused by ollydbg

    sounds interesting

  9. #9
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    Kerio personal firewall seems to be quite unstable in general. Three of my friends have tried it, and they all started getting random BSODs from this point on.
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

  10. #10
    For some reason I believe this to be overheating issues.

    I've noticed my CPU temperature go up when debugging a program and pausing it with OllyDbg, or running conditional breakpoints.

    It doesn't go up enough to hang the machine though, but if the cooling system was obstructed it probably would.

  11. #11
    mmh... on my older machine, it might have been possible. But even the new one? I checked Kerio, and the GUI problem is related to the fact the GUI and the Service communicates using blocking calls. I haven't reinstalled a r0 debugger, but I'm curious to set a bpx on the failing condition, run olly and wait until it trigs (hoping the system dont crash before).
    I believe it is a time-out error (almost sure), because my mp3 player 'chockes' sometime (and often when i close olly). Something in my system must take an high degree of CPU resource, and it was pretty noticeable on single-core cpu.
    (well, I have windows debugger, but admittely I do not know an hell nothing of its commands... learn, always learn heh...)
    Last edited by Maximus; January 2nd, 2007 at 12:32.
    I want to know God's thoughts ...the rest are details.
    (A. Einstein)
    --------
    ..."a shellcode is a command you do at the linux shell"...

Similar Threads

  1. BSOD with softice under XP DOS box
    By WaxfordSqueers in forum Tools of Our Trade (TOT) Messageboard
    Replies: 3
    Last Post: June 30th, 2009, 22:29
  2. # Syser causes BSOD
    By nezumi-lab in forum Blogs Forum
    Replies: 1
    Last Post: May 11th, 2008, 01:12
  3. How to BSOD win2k
    By omega_red in forum Off Topic
    Replies: 3
    Last Post: December 13th, 2005, 20:04
  4. Revirgin and BSOD
    By cps530 in forum Tools of Our Trade (TOT) Messageboard
    Replies: 11
    Last Post: March 29th, 2004, 00:49
  5. Win2k -> DS 2.6 BSOD (hal.dll) HELP!?!?
    By Clandestiny in forum Tools of Our Trade (TOT) Messageboard
    Replies: 6
    Last Post: August 11th, 2002, 14:02

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •