News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests
NB: Posting URL's See here: Posted URL Change

Main Menu

OllyDbg question

Started by jj2007, October 15, 2022, 10:56:46 AM

Previous topic - Next topic

hutch--

I do keep an eye on later hardware and both AMD and Intel very latest CPUs are starting to show some real performance gains but they run like furnaces which turns me off a lot as I do a reasonable amount of work that runs at near 100% for extended periods. My old i7, the dev box will heat up to about 65 - 70 c but the 12 and 14 core Xeons struggle to get over 50c being thrashed at near 100%.

14 core running at about 2.9 gig for hours will do a massive amount of work and I doubt the new ones will take a hiding like this. They have some impressive low thread count speeds but with all cores loaded, I doubt they will maintain the speed or reasonable temperatures.

fearless

#16
Quote from: zedd151 on October 30, 2022, 12:50:38 PMIs there also a 64 bit version of that plug-in, fearless?
Yes in the releases in that plugins repo on github https://github.com/ThunderCls/xAnalyzer/releases there is:
  • xAnalyzer.dp32 - x86 32bit plugin.
  • xAnalyzer.dp64 - x64 64bit plugin.
  • apis_def.zip - the defintion files.
Place the .dp32 plugin into the \x64dbg\x32\plugins folder and the .dp64 plugin into the \x64dbg\x64\plugins folder.

And the apis_def.zip which is extracted into a \x64dbg\x32\plugins\apis_def folder and extracted into a \x64dbg\x64\plugins\apis_def folder (create the apis_def folders manually and extract to them) - the *.api files and header\*.h.api in those folders have most win32 sdk api calls.

Plus its possibly to create and add your own for your own sources. I did a few for SDL and Lua functions, and for a couple of my ModernUI controls - which reminds me I should do a pull request to add the SDL and Lua ones to the xAnalyzer repo.

jj2007

Hi fearless,

I would like to see my own symbols, see below. From judging your screenshot, that seems not possible, or am I wrong?

Quote from: jj2007 on October 30, 2022, 08:14:36 PM

fearless

Its possible to name the labels to whatever you want, the xAnalyzer plugin does similar to olly, but places them in the comments instead of renaming the labels. Im sure that as its open source it could be adapted to rename the labels instead and have an option in the plugin menu to do that instead of outputting into the comments.
Here is an example of renaming the labels just for completeness and for others, in case they weren't aware of it.


NoCforMe

Wait, JJ: those screenshots you posted: is the top one really OllyDbg? Version 2, I presume?

So how come I don't see any of those variable names (and the comments in the right column), even when I assemble and link with the debug options? I've never seen Olly look like this. Is there some trick I'm missing? If it only did what you show here I'd be as happy as a pig in shit.
Assembly language programming should be fun. That's why I do it.

jj2007

Quote from: fearless on October 31, 2022, 06:23:03 AM
Its possible to name the labels to whatever you want

I've named the labels already - in my source. Olly recognises them.
.While 1
inc ebx
deb 4, "loop URLs", ebx
.Break .if !Instr_(ebx, esi, offset txUrlA, 0)
mov ebx, edx
add edx, selStart
dec edx
mov txrg.chrg.cpMin, edx
.Break .if !Instr_(ebx, esi, offset txUrlB, 0)


004078B8  |.  CC            int3
004078B9  |>  43            /inc ebx
004078BA  |.  6A 00         |push 0                  ; /Arg4 = 0
004078BC  |.  68 C45B4200   |push offset txUrlA      ; |Arg3 = ASCII "[url="
004078C1  |.  56            |push esi                ; |Arg2
004078C2  |.  53            |push ebx                ; |Arg1
004078C3  |.  E8 22700100   |call InstrCi            ; \ReTest.InstrCi
004078C8  |.  85D2          |test edx, edx
004078CA  |.  74 75         |jz short 00407941
004078CC  |.  8BDA          |mov ebx, edx
004078CE  |.  0355 EC       |add edx, [ebp-14]
004078D1  |.  4A            |dec edx
004078D2  |.  8955 E0       |mov [ebp-20], edx
004078D5  |.  6A 00         |push 0                  ; /Arg4 = 0
004078D7  |.  68 CA5B4200   |push offset txUrlB      ; |Arg3 = ReTest.txUrlB
004078DC  |.  56            |push esi                ; |Arg2
004078DD  |.  53            |push ebx                ; |Arg1
004078DE  |.  E8 07700100   |call InstrCi            ; \ReTest.InstrCi


Quote from: NoCforMe on October 31, 2022, 07:39:32 AMI've never seen Olly look like this. Is there some trick I'm missing? If it only did what you show here I'd be as happy as a pig in shit.

Options/Options/Analysis/Show recognized...
Options/Options/Debugging/Use debugging data

The latter requires a restart of Olly 2.0 to take effect.

daydreamer

#21
Quote from: jj2007 on October 16, 2022, 01:51:19 AM
Quote from: Shintaro on October 16, 2022, 01:15:42 AMHave you tried Chris Titus Debloater for Windows 10?

Looks interesting, thanks. Right now I am still on Win7...
JJ what happened to the new computer you got?
@Shintaro that's what lea is for
Princess: Lea strangle jabba the hutt  :greenclp:
my none asm creations
https://masm32.com/board/index.php?topic=6937.msg74303#msg74303
I am an Invoker
"An Invoker is a mage who specializes in the manipulation of raw and elemental energies."
Like SIMD coding