Suspicious Breakpoint
Your process reacts differently on my apps.
After the Break on GetProcAddress, I'll execute-until-return until the EIP is within the exe's memory range.
I get this dialog whenver I hit that point or run your script.
"Suspicious Breakpoint
It looks like you are trying to set a breakpoint on the data. If this is really the case, such a breakpoint will not execute
and may have disastrous influence on the debugged program. Do you really want to set a breakpoint here?"
If I answer yes, the program runs a few lines and breaks with that message again. Repeats a few more times until program
goes off and never breaks again.
If I answer no, the program runs and never breaks again.
I see un-analyzed but unpacked CODE SECTION bytes in the disassembler window.
On the first app I tried, while executing-till-return it broke within 7 bytes of the OEP. (OEP:401000, broke on 401007)
The second app it broke on 401CFC, actual unpacked OEP is 401CD0.
A few more apps, different ranges, but same dialog.
Everything looks unpacked in memory but Olly does not let me do anything except answer the dialog.
The script and the manual process end up at the same dialog.
I thought it might be a simple Olly configuration item but have found nothing relavant.
-bg
Tested on Ollydbg 1.10c & ollydbg1.10b, both with Ollyscript 0.81
|