Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 09-08-2003, 03:52
5Alive 5Alive is offline
Friend
 
Join Date: Aug 2003
Posts: 82
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 1
Thanks Rcvd at 1 Time in 1 Post
5Alive Reputation: 0
OllyDbg help.

I'm trying to familiarise myself with the use of OllyDbg and I've hit a snag.

When I attach to an app I want to reverse, Olly reports that the attached process is paused at NTDLL.DLL BdgBreakPoint.

RETN
INT3
RETN

Is there a API call to check for the presence of a debugger and halt the process?

Can anyone tell me how to check/circumvent this?

5Alive.
Reply With Quote
  #2  
Old 09-08-2003, 04:10
5Alive 5Alive is offline
Friend
 
Join Date: Aug 2003
Posts: 82
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 1
Thanks Rcvd at 1 Time in 1 Post
5Alive Reputation: 0
I now realise that dbgbreakpoint is a api call, however OllDbg when I view the ntdll.dll executable module, there are no calls to it, this is also true of the main exe I'm working with.

I've tried a google search but this hasn't help.

Thanks again,
5Alive.
Reply With Quote
  #3  
Old 09-08-2003, 05:11
Squidge's Avatar
Squidge Squidge is offline
Drunken Squirrel
 
Join Date: Oct 2002
Posts: 412
Rept. Given: 4
Rept. Rcvd 9 Times in 4 Posts
Thanks Given: 0
Thanks Rcvd at 6 Times in 6 Posts
Squidge Reputation: 9
dbgbreakpoint is called from the exception port which is part of the process you have attached to and is activated when ollydbg attached to the process. You need to run the app until the context in back in user code, then you can browse and step code all you wish.
Reply With Quote
  #4  
Old 09-08-2003, 18:19
5Alive 5Alive is offline
Friend
 
Join Date: Aug 2003
Posts: 82
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 1
Thanks Rcvd at 1 Time in 1 Post
5Alive Reputation: 0
Post

Quote:
Originally posted by Squidge
dbgbreakpoint is called from the exception port which is part of the process you have attached to and is activated when ollydbg attached to the process. You need to run the app until the context in back in user code, then you can browse and step code all you wish.
Thanks for the excellent technical reply. I later discovered I could single step by running the app, but clearly didn't understand the purpose of the dbgBreakPoint function. I do now though

5Alive.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Best ollydbg 2 mod Zeocrack General Discussion 7 10-08-2023 17:57
64-bit OllyDbg v2.01 giv General Discussion 37 06-29-2014 16:38
how to do this in OllyDbg et al? boya General Discussion 6 08-30-2005 20:11


All times are GMT +8. The time now is 15:19.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )