Text only | Text with Images

The MASM Forum

General => The Workshop => Topic started by: jj2007 on November 26, 2013, 07:28:49 AM

Title: Olly is back
Post by: jj2007 on November 26, 2013, 07:28:49 AM
That was long overdue: September 27, 2013 - version 2.01 (http://www.ollydbg.de/version2.html)

Feels much faster - it seems Oleh has made lots of improvements under the hood :t

include \masm32\include\masm32rt.inc
; in RichMasm (http://masm32.com/board/index.php?topic=94.0), place Olly in \Masm32\OllyDbg\ollydbg.exe, insert a breakpoint and hit F6
.code
start:
  int 3        ; any "active" lowercase int 3 will trigger an Olly launch; comment out to run the exe normally
  MsgBox 0, "Hello World", "Masm32 is great:", MB_OK
  exit
end start
Title: LOCAL symbols and args in OllyDbg
Post by: jj2007 on November 30, 2013, 08:44:28 PM
Here is a little test showing a problem with local symbols:

include \masm32\include\masm32rt.inc
.code
MyTest proc  uses esi edi ebx MyFirstArg, MySecondArg
LOCAL lv1, rc:RECT, wc:WNDCLASSEX
  int 3
  lea eax, MyFirstArg
  lea ebx, MySecondArg
  lea edx, lv1
  lea esi, wc
  ret
MyTest endp
start:
        invoke MyTest, 123h, 456h
        exit
end start

Results:
Olly 2:
0040101A                ³.  8D45 08             lea eax, [myfirstarg]
0040101D                ³.  8D5D 0C             lea ebx, [mysecondarg]
00401020                ³.  8D55 FC             lea edx, [local.1]
00401023                ³.  8D75 BC             lea esi, [local.17]

Olly 1:
0040101A                    8D45 08              lea eax, [arg.MyFirstArg]
0040101D                    8D5D 0C              lea ebx, [arg.MySecondArg]
00401020                    8D55 FC              lea edx, [local.lv1]
00401023                    8D75 BC              lea esi, [local.wc]

This is using /Zi for the assembler, and /debug /debugtype:cv for the linker. I have tried other combinations but no solution yet...

According to Olly history (http://ptr.webz.cz/main.php?file=options.inc):
OllyDbg 2.00 alpha 8
..
Use symbolic names for ARG and LOCAL
Title: Re: Olly is back
Post by: Zen on December 07, 2013, 06:09:31 AM
JOCHEN,   
When I'm into some serious overkill,...I open the exe with IDA Pro (http://en.wikipedia.org/wiki/Interactive_Disassembler) and then Olly.
Title: Re: Olly is back
Post by: K_F on December 07, 2013, 03:05:22 PM
How do you trace in IDA Pro ? I see something about linking a debugger into IDA - would this be Olly... ?

Olly is straight forward and easy!
Title: Re: Olly is back
Post by: xanatose on December 15, 2013, 07:38:16 PM
Excellent debugger.
A pity that is only 32 bit.
Title: Re: Olly is back
Post by: TWell on December 15, 2013, 09:49:47 PM
Quote from: xanatose on December 15, 2013, 07:38:16 PM
Excellent debugger.
A pity that is only 32 bit.
Look here (http://www.ollydbg.de/odbg64.html)
Title: Re: Olly is back
Post by: Vortex on December 15, 2013, 09:54:48 PM
Quote from: TWell on December 15, 2013, 09:49:47 PM
Quote from: xanatose on December 15, 2013, 07:38:16 PM
Excellent debugger.
A pity that is only 32 bit.
Look here (http://www.ollydbg.de/odbg64.html)

TWell, the 64-bit is a joke :

QuoteWhat is even not an alpha, buggy as hell and can't debug? - OllyDbg 64! (This  is a joke).
Title: Re: Olly is back
Post by: Greenhorn on December 22, 2013, 02:03:37 AM
QuoteDecember 20, 2013 - first breakpoint on 64-bit OllyDbg was hit!


Data storage - 95%
Disassembler - 90%
Assembler - 90%
Expressions - 60%
Dialogs - 30%
Debugging engine - 20%
Analysis - 0%
Data base (known data) - 0%
Let's wait 'n see ...
Text only | Text with Images