Im not sure it this is only a bug from olly or if this also happens in other debuggers but when olly goes into api OutputDebugStringA with the argument: %s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s it closes with an error message.

Info about this api:

If the application has no debugger, the system debugger displays the string. If the application has no debugger and the system debugger is not active, OutputDebugString does nothing.

Im not sure if this is the correct place but the trick is from an protector .

Olly probably treats the string as a format like in printf, not literal. "%s%s" is enough to crash. Seems that patch is needed

This is an exploit published about 4 or 5 months ago, only OllyDbg. Perhaps there is a patch you can use for it. I'm not sure... But it's only called twice, right?.

As people moves to use Olly more and more packers start to add it to their blacklists.

See you,

well read this post copy pasted the string and assembled inline with olly
and singlestepped through it (f7)
it seems to work without crashing as you can see in the attached picture
it has broke on the second bp i set
if there is no bp it executes both the jump and loops on ebfe when i single stepped ( i used 98 se and single stepping inside kernel32.dll will work for only two or three instructions so i cant say more will test with w2k some time and trace it but till then thought ill post it)

if you f8 or f9 it crashes olly dbg
well cant do jit now but will make olly jitand debug this if possible

see http://www.woodmann.com/forum/showthread.php?t=6153 ("http://www.woodmann.com/forum/showthread.php?t=6153")

Ladies and Gentlemen, we seem to have evidence that Eggi failed to use the search function here before posting his question.

OutputDebugString would have been a good place to start that search.

Regards,