Ok, first of all, sorry if my lingo isn't correct. I am using Ollydbg on program that has NOT been packed. (I have looked for the answer myself, but I'm not sure I'm using a good search phrase because the scope of my search's answers is too vast to comb thru).

I am working on a program that puts a string at a memory location of 00C51CD0. The problem is that I can't put a breakpoint on that memory address because it doesn't exist at any of the breakpoints I set prior to the creation of this string.

Is there a way to have olly break when this memory address becomes available?

Thanks.

-b

Memory could be allocated at runtime, you have to understand how the program allocated new memory. You can start looking at functions like HeapAlloc, VirtuaAlloc etcetc...

thanks for the quick reply! I will look into breaking on those APIs.. but I'll just let you know that I have run the program all the way to the closest "call" I could find prior to that string being in memory, and the memory had still not been created.

ok, so thanks to your advice about virtualloc, I was able to find the exact moment when that memory is made available for writing. The strange thing is, that when I stop there, and then place a MEMORY, WRITE breakpoint on the address... the program no longer writes to the address.. if I leave it alone, then it does write to it. Is this some kind of protection?

May be the next byte is 0CCH(INT03)

Sorry if i can't answer you problem.I can understand a simple English

Thanks for the reply. I found that if I did a hardware breakpoint rather than a memory breakpoint that works.

HOWEVER... i seem to be over my head now. Basically this program creates a serial number internally.... I've found the point at which this serial number is placed into memory, but I cannot figure out what elements it used to create this serial number... and I think it is too advanced for me.