I just ended a short session of using Olly to figure out what was going wrong with a program. I like Olly in general, I really do, especially considering the price. But I have a couple complaints, things I can't seem to do with it, which may just be due to my ignorance.
JJ, I think you sent me a PM some time ago explaining some of this, but I can't seem to find it.
The things I'd like to be able to do but can't are the following:
- Look at the value of a local variable
- Look at the value of a function parameter
I can't figure out how to do either of these, even when I assemble and link with debug symbols.
The other thing I'd really like would be to have a small watch window appear showing the value of a variable.
Also: I thought I'd seen the value of an expression shown on the line of an assembler instruction that accesses memory, but I don't see that when I use Olly. Is there some way to enable that in the code execution pane?
Any help appreciated.
include \masm32\include\masm32rt.inc
.data
somevar dd 12345678h
.code
start:
int 3
mov eax, somevar
mov edx, offset somevar
exit
end start
OPT_Symbols 1Hit F7 until edx has loaded offset somevar. At this point, right-click in the upper right corner ("Registers (FPU)") on edx, and pick "Follow in dump".
You will see the contents of the variable in the dump window in the lower left corner. Right-click the title to see display options; inter alia "Integer/Long signed".
Quote from: NoCforMe on April 01, 2024, 08:24:18 PM- Look at the value of a local variable
- Look at the value of a function parameter
Same procedure but right-click on ebp - example attached.
OK. Well, I already knew how to show global vars. (like "somevar" in your example). Didn't know about right-clicking on registers; I always just used Ctrl-G over the dump pane, then entered the register (or memory var.) in the selection dialog.
Didn't know about right-clicking on EBP, but that really doesn't do it for me: it shows me what that reg. is pointing to all right, but then I have to do a bunch of head-scratching and arithmetic to find the specific local var. (or function parameter) in that mess.
So there's no way to look at a specific local variable, say what Olly shows as SS:[ARG1] or SS:[LOCAL.4]? I've tried using those expressions, and Olly complains that it's an "Unrecognized identifier". Seems like a huge omission on the part of the author. Being able to do that would make life so much easier ...
there is a Olly PluginSDK, so how about writing something cool eh? :)
Quote from: NoCforMe on April 02, 2024, 04:32:09 AMSo there's no way to look at a specific local variable, say what Olly shows as SS:[ARG1] or SS:[LOCAL.4]?
00401000 >/$ 55 push ebp
00401001 |. 8BEC mov ebp, esp
00401003 |. 83C4 F8 add esp, -8
00401006 |. C745 FC 23010>mov [local.1], 123
0040100D |. C745 F8 56040>mov [local.2], 456
00401014 |. 68 04304000 push offset ??0019
00401019 |. FF75 08 push [arg.1]
0040101C |. E8 5F000000 call dw2hexOptions/Options/Analysis/Show recognized ARGs and LOCALs in disassembly.
local.1 is the first local variable in the LOCAL list under "proc".
Otherwise, memorise what locals and args are (same code):
00401000 >/$ 55 push ebp
00401001 |. 8BEC mov ebp, esp
00401003 |. 83C4 F8 add esp, -8
00401006 |. C745 FC 23010>mov dword ptr [ebp-4], 123
0040100D |. C745 F8 56040>mov dword ptr [ebp-8], 456
00401014 |. 68 04304000 push offset ??0019
00401019 |. FF75 08 push dword ptr [ebp+8]
0040101C |. E8 5F000000 call dw2hexHere is a nice tutorial. (https://legend.octopuslabs.io/archives/115.html)
Quote from: NoCforMe on April 02, 2024, 04:32:09 AMSo there's no way to look at a specific local variable, say what Olly shows as SS:[ARG1] or SS:[LOCAL.4]? I've tried using those expressions, and Olly complains that it's an "Unrecognized identifier". Seems like a huge omission on the part of the author. Being able to do that would make life so much easier ...
Ollydbg is able to go to ARG.x and LOCAL.x
You don't need SS:[ARG1] but only ARG.1 for example.
So you say, but I've tried and had no luck.
Can you show us what the exact syntax is to use? Give us an example or three.
That's odd. It works for me.
(https://i.imgur.com/eXgWa1k.png)
I'll try it again.
Quote from: 2B||!2B on June 25, 2024, 04:05:25 PMThat's odd. It works for me.
Can you explain with which commands you arrived at that dialog? I can't find it...
I always use Ctrl-G to bring up that dialog; doesn't that work for you?
Same as picking "Go to" from the context (right-click) menu.
Quote from: greenozon on April 03, 2024, 06:50:56 AMthere is a Olly PluginSDK, so how about writing something cool eh? :)
Was a lot of
phun when I had explored doing that myself. :azn: :biggrin:
In 100% masm32 assembly of course.