News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests
NB: Posting URL's See here: Posted URL Change

Main Menu

Complaints about Olly Debug

Started by NoCforMe, April 01, 2024, 08:24:18 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

NoCforMe

April 01, 2024, 08:24:18 PM
I just ended a short session of using Olly to figure out what was going wrong with a program. I like Olly in general, I really do, especially considering the price. But I have a couple complaints, things I can't seem to do with it, which may just be due to my ignorance.

JJ, I think you sent me a PM some time ago explaining some of this, but I can't seem to find it.

The things I'd like to be able to do but can't are the following:
  • Look at the value of a local variable
  • Look at the value of a function parameter
I can't figure out how to do either of these, even when I assemble and link with debug symbols.

The other thing I'd really like would be to have a small watch window appear showing the value of a variable.

Also: I thought I'd seen the value of an expression shown on the line of an assembler instruction that accesses memory, but I don't see that when I use Olly. Is there some way to enable that in the code execution pane?

Any help appreciated.
Assembly language programming should be fun. That's why I do it.

jj2007

#1
April 01, 2024, 08:57:15 PM
Code Select
include \masm32\include\masm32rt.inc

.data
somevar    dd 12345678h

.code
start:
  int 3
  mov eax, somevar
  mov edx, offset somevar
  exit
end start
OPT_Symbols    1
Hit F7 until edx has loaded offset somevar. At this point, right-click in the upper right corner ("Registers (FPU)") on edx, and pick "Follow in dump".

You will see the contents of the variable in the dump window in the lower left corner. Right-click the title to see display options; inter alia "Integer/Long signed".

Quote from: NoCforMe on April 01, 2024, 08:24:18 PM
  • Look at the value of a local variable
  • Look at the value of a function parameter

Same procedure but right-click on ebp - example attached.

NoCforMe

#2
April 02, 2024, 04:32:09 AM
OK. Well, I already knew how to show global vars. (like "somevar" in your example). Didn't know about right-clicking on registers; I always just used Ctrl-G over the dump pane, then entered the register (or memory var.) in the selection dialog.

Didn't know about right-clicking on EBP, but that really doesn't do it for me: it shows me what that reg. is pointing to all right, but then I have to do a bunch of head-scratching and arithmetic to find the specific local var. (or function parameter) in that mess.

So there's no way to look at a specific local variable, say what Olly shows as SS:[ARG1] or SS:[LOCAL.4]? I've tried using those expressions, and Olly complains that it's an "Unrecognized identifier". Seems like a huge omission on the part of the author. Being able to do that would make life so much easier ...
Assembly language programming should be fun. That's why I do it.

greenozon

#3
April 03, 2024, 06:50:56 AM
there is a Olly PluginSDK, so how about writing something cool eh? :)

jj2007

#4
April 03, 2024, 09:49:27 AM
Quote from: NoCforMe on April 02, 2024, 04:32:09 AMSo there's no way to look at a specific local variable, say what Olly shows as SS:[ARG1] or SS:[LOCAL.4]?

Code Select
00401000 >/$  55            push ebp
00401001  |.  8BEC          mov ebp, esp
00401003  |.  83C4 F8      add esp, -8
00401006  |.  C745 FC 23010>mov [local.1], 123
0040100D  |.  C745 F8 56040>mov [local.2], 456
00401014  |.  68 04304000  push offset ??0019
00401019  |.  FF75 08      push [arg.1]
0040101C  |.  E8 5F000000  call dw2hex
Options/Options/Analysis/Show recognized ARGs and LOCALs in disassembly.

local.1 is the first local variable in the LOCAL list under "proc".

Otherwise, memorise what locals and args are (same code):

Code Select
00401000 >/$  55            push ebp
00401001  |.  8BEC          mov ebp, esp
00401003  |.  83C4 F8      add esp, -8
00401006  |.  C745 FC 23010>mov dword ptr [ebp-4], 123
0040100D  |.  C745 F8 56040>mov dword ptr [ebp-8], 456
00401014  |.  68 04304000  push offset ??0019
00401019  |.  FF75 08      push dword ptr [ebp+8]
0040101C  |.  E8 5F000000  call dw2hex
Here is a nice tutorial.

2B||!2B

#5
June 25, 2024, 02:18:25 PM
Quote from: NoCforMe on April 02, 2024, 04:32:09 AMSo there's no way to look at a specific local variable, say what Olly shows as SS:[ARG1] or SS:[LOCAL.4]? I've tried using those expressions, and Olly complains that it's an "Unrecognized identifier". Seems like a huge omission on the part of the author. Being able to do that would make life so much easier ...

Ollydbg is able to go to ARG.x and LOCAL.x
You don't need SS:[ARG1] but only ARG.1 for example.

NoCforMe

#6
June 25, 2024, 02:46:28 PM
So you say, but I've tried and had no luck.

Can you show us what the exact syntax is to use? Give us an example or three.
Assembly language programming should be fun. That's why I do it.

2B||!2B

#7
June 25, 2024, 04:05:25 PM
That's odd. It works for me.

NoCforMe

#8
June 25, 2024, 04:11:53 PM
I'll try it again.
Assembly language programming should be fun. That's why I do it.

jj2007

#9
June 25, 2024, 05:28:25 PM
Quote from: 2B||!2B on June 25, 2024, 04:05:25 PMThat's odd. It works for me.

Can you explain with which commands you arrived at that dialog? I can't find it...

NoCforMe

#10
June 25, 2024, 06:37:52 PM
I always use Ctrl-G to bring up that dialog; doesn't that work for you?
Same as picking "Go to" from the context (right-click) menu.
Assembly language programming should be fun. That's why I do it.

zedd151

#11
June 25, 2024, 06:46:57 PM
Quote from: greenozon on April 03, 2024, 06:50:56 AMthere is a Olly PluginSDK, so how about writing something cool eh? :)
Was a lot of phun when I had explored doing that myself.  :azn: :biggrin:
In 100% masm32 assembly of course.
:azn:
Print
Go Up Pages1
User actions