Log in

View Full Version : Olly Debugger

mR_gANDALF
December 14th, 2002, 23:57
I would like to resolve a question...

What do you think about Olly Debugger in comparison to SoftIce?
Should we prefer this new program instead of SoftIce?
Is it Better?

Thanks
naides
December 15th, 2002, 00:25
NO
Iwarez
December 15th, 2002, 00:40
I like olly more than SoftICE. Olly makes the things clearer sometimes.
tgodd
December 15th, 2002, 06:45
A would agree with naides.

It is not better.

It can be used along-side softice just as IDA can be used along-side.

It can be a great tool, but nothing replaces a good system debugger.


My 3 cents.

Regards,

tgodd
_Servil_
December 15th, 2002, 09:34
yes and no.

ice is a kernel-level debugger and olly application-level, this means while ice lays under OS olly is on top. Each has obviously its pros and cons. In this I agree with iwarez, unless you need to struggle anti-debug/seh/interrupts/driver probs/... i found olly more handy. Olly is weak.
mR_gANDALF
December 15th, 2002, 11:31
Thanks to all for your replies,


but I would like to get deepen...

Which is the difference regarding antidebugging tricks/SEH/interrupts, which is better and why?

Why is Olly weak? Wich are thier "weakness"?

Thanks again

mR_gANDALF
squidge
December 15th, 2002, 14:20
I prefer using Ollydbg when tracing through an app to find out what it's doing as it's far friendly with system API calls etc and generally much more user friendly. However, when working on packed exe's and system level breakpoints (eg. bpx'ing in sys libs) then it's Softice all the way. Once a programs unpacked and I'm no longer interested in system calls, I use Ollydbg alongside IDA and it makes commenting the IDA source much easier. Perfect for creating keygens and the like.
Zero
December 18th, 2002, 11:12
mR_gANDALF:

Quote:
but I would like to get deepen...

Which is the difference regarding antidebugging tricks/SEH/interrupts, which is better and why?

Why is Olly weak? Wich are thier "weakness"?


Olly is weak because it is an Application Level Debugger.

One silly example:

imagine your target has some anti-disassembler tricks inside.
Olly starts with a disassembly before you can debug it. Therefore Olly will crash. (Like w32Dasm).
SoftIce is a real-time debugger so anti-disassembler protections does not harm it.

Next Olly is getting better with identifying SEH structures but Olly has not the advantages of a real-time debugger like SI

Anti-Debugger tricks will crash both (sure there are ways to work around this)

One nice feature of Olly is that you can comment your code und Olly remembers these comments in the next debugging session.

Hope this helps you a little...
raffaelo
December 29th, 2002, 19:37
use both, make the tools work together