infinity+
January 12th, 2004, 18:37
I have unpacked a program that was packed with upx. Do I need to do anything to correct the string references?..... Right now, the only way to break on them is with an int3 bp.
View Full Version : MUP Upx
dELTA
January 13th, 2004, 08:16
Huh? How do you break on string references with an int3 breakpoint?
infinity+
January 13th, 2004, 09:22
After unpacking I have string references but...
When trying to set a bp on the string references in ollydbg i get the message...
--------------------
Suspicious breakpoint
--------------------
You want to place a bp outside the code section. INT3 bp set on data will not execute and may have disastrous influence on the debugged program. Do you really want to set a bp here?
004011F8 68 74644000 PUSH 00000000.00406474 ; ASCII "
Should i just disable/ignore this message? or should i do something else to correct the string references?
When trying to set a bp on the string references in ollydbg i get the message...
--------------------
Suspicious breakpoint
--------------------
You want to place a bp outside the code section. INT3 bp set on data will not execute and may have disastrous influence on the debugged program. Do you really want to set a bp here?
004011F8 68 74644000 PUSH 00000000.00406474 ; ASCII "
Should i just disable/ignore this message? or should i do something else to correct the string references?
Mr. Blue
January 13th, 2004, 10:15
My guess (a wild one) is that you want to make the debugger break when the code references the
string. To do so, you can place a memory breakpoint (Read, Write or both) at the first byte of the string or even all bytes of the string.
In Olly you should select the Dump view, then using "Go to expression" you can navigate to the desired address (start of the string) . Now mark the bytes (in the Dump) that you want to be monitored and using the context menu select Breakpoint and put a memory breakpoint.
string. To do so, you can place a memory breakpoint (Read, Write or both) at the first byte of the string or even all bytes of the string.
In Olly you should select the Dump view, then using "Go to expression" you can navigate to the desired address (start of the string) . Now mark the bytes (in the Dump) that you want to be monitored and using the context menu select Breakpoint and put a memory breakpoint.
Mr. Blue
January 13th, 2004, 10:25
Uh-oh, I was too quick in posting the previous reply. I apologize for that.
Now to answer your question - yes, you can safely ignore this message. I think it can be disabled from the options dialog - I don't have Olly on this machine to confirm it. You will see this message almost each time when you are working with packed executables.
Now to answer your question - yes, you can safely ignore this message. I think it can be disabled from the options dialog - I don't have Olly on this machine to confirm it. You will see this message almost each time when you are working with packed executables.
infinity+
January 13th, 2004, 17:19
Thanks Mr. Blue
This was the first time that I unpacked upx and was just curious if i forgot something
This was the first time that I unpacked upx and was just curious if i forgot something
dELTA
January 13th, 2004, 18:06
But still, since you are after all talking about string references I think Mr Blue's first reply was quite to the point, I was just going to reply something similar myself. I.e. you cannot use int3 breakpoints on strings to break when they are accessed, you must use memory breakpoints.
But just as Mr Blue also says, even when setting normal int3 breakpoints on normal code in packed programs, Olly might indeed issue this warning (due to issues having to do with section characteristics and entrypoint section location), and in THAT case you can safely ignore it.
But just as Mr Blue also says, even when setting normal int3 breakpoints on normal code in packed programs, Olly might indeed issue this warning (due to issues having to do with section characteristics and entrypoint section location), and in THAT case you can safely ignore it.
Powered by vBulletin® Version 4.2.2 Copyright © 2018 vBulletin Solutions, Inc. All rights reserved.