Question from a newbie:

Does Olly allow me to look at the memory/register values of a web base app?

The app would be load in I.E. (or any browser) with script file in the form:

"path/xx/xxx/xx.exe?script=value....."

I can look at the static file, but I can't run the app in Olly. Is there a way to load the script file with the app on Olly to get it running? Any help will be appreciated.

Thanks!

PS: I tried, but can't get to the FAQ to read it.

It's not your fault on the FAQ. We are still uploading files after our server problem, which were caused by an error I made while updating some of the server software. Almost everything is back in place now and updated and the rest will be back up shortly.

Regards,

Google "CGI".

Hi QuanSu.

Look in this thread
http://71.6.196.237/forum/showthread.php?t=10227&highlight=cgi

some pointers:
As LLXX suggested, WEB based modules, while designed to work with a browser, will often start on their own (without the browser's script) as a console application, which Olly can start, attach, trace and debug.

I found it necessary to allow the web browser to start the CGI application, because of the extensive CGI formated input the app required for correct working.

This is the way I ended up bypassing the problem: Let's call the app QuanSu.exe

with IDA or OLLY or PEID: find QuanSu.exe entry point. Change the bytes at the entry point to EB,FE (jmp -1) also called the spinning jump. Write down the original bytes located at the app entry point.

Now run the web browser and provoke the script that loads the app.

It will get loaded but will remain jumping to itself at the entry point. your computer may slow down substantially at this time.

Fire Olly, file->attach and find QuanSu.exe process in the list. click it to attach Olly.

The process will be loaded into Olly and paused somewhere in NTDLL module.

click run, wait 1 second, click pause. Now you should be stopped at the spinning jump at QuanSu.exe entry point. Replace the EB,FE jump with the original bytes, then start tracing your app in Olly.

* JMI: Thanks for the FAQ and for going easy on me.

* LX: Thank you for the tip, here and in other threads. Will keep searching.

* Naides: Much appreciated for your pointers, especially the one on the jump at entry point AND the warning on the firewall. I'll give it a try.

Be right back!