deamon32
May 13th, 2010, 16:21
Alright I have done plenty of tutorials and have successfully reversed a few applications that our programmers have written at work. I am currently working on a C++ application to try and build a keygen. I have run into a very weird issue which I do not know if I am simply missing something or if this is a bug or what is going on, I would still consider myself a noob at most of the more advanced techniques so sorry if this is something obvious, I have tried to google an answer to this issue with no success.
I have attached two screen shots of the issue so hopefully this will provide enough information to help explain what I am talking about. The before JMP.gif shows olly right before executing the jump, the jump is supposed to be followed and the EIP register points at the correct instruction.
Once I step over the instruction the EIP register goes to a completely different instruction as expected and I have absolutely no idea why, this can be seen in the after JMP.gif. I have stepped over plenty of instructions in this code already and have not found any other weird issues, as far as I know this is just straight c++ code with no self modifying code or any sort of debugging techniques or countermeasures.
*edit* The URL's seem to only work sometimes so I have included the direct links *edit*
Before ("http://picasaweb.google.com/lh/photo/YWSh9cnCGfbgUCZ1vnzHMw?feat=directlink")
http://picasaweb.google.com/lh/photo/YWSh9cnCGfbgUCZ1vnzHMw?feat=directlink
After ("http://picasaweb.google.com/lh/photo/bdJ0xIZK6ksPySPQIkZdqQ?feat=directlink")
http://picasaweb.google.com/lh/photo/bdJ0xIZK6ksPySPQIkZdqQ?feat=directlink
I am running Windows XP SP3 x86 with the latest version of Olly 2.0
I have attached two screen shots of the issue so hopefully this will provide enough information to help explain what I am talking about. The before JMP.gif shows olly right before executing the jump, the jump is supposed to be followed and the EIP register points at the correct instruction.
Once I step over the instruction the EIP register goes to a completely different instruction as expected and I have absolutely no idea why, this can be seen in the after JMP.gif. I have stepped over plenty of instructions in this code already and have not found any other weird issues, as far as I know this is just straight c++ code with no self modifying code or any sort of debugging techniques or countermeasures.
*edit* The URL's seem to only work sometimes so I have included the direct links *edit*
Before ("http://picasaweb.google.com/lh/photo/YWSh9cnCGfbgUCZ1vnzHMw?feat=directlink")
http://picasaweb.google.com/lh/photo/YWSh9cnCGfbgUCZ1vnzHMw?feat=directlink
After ("http://picasaweb.google.com/lh/photo/bdJ0xIZK6ksPySPQIkZdqQ?feat=directlink")
http://picasaweb.google.com/lh/photo/bdJ0xIZK6ksPySPQIkZdqQ?feat=directlink
I am running Windows XP SP3 x86 with the latest version of Olly 2.0
.