In debugging an application just after opening it with ollydbg I see "13 heuristical procedures, 218 calls to known, 7 calls to guessed functions". Could someone explain the meaning of it? Thx.

Regards,
yaa

yaa: it is information from analysis module

13 heuristical procedures - 13 procedures detected (e.g. push ebp/mov ebp,esp intro)
218 calls to known - recognized APi calls (GetMessageA, CreateWindowExA,...)
7 calls to guessed functions - user routines called by "call ..."

also it provides info about detected switches, loops, ... good for "Search for/All ..." command

Ok for the APIs and user routines but could you further explain the procedures part. What are they? Also how can the switches, loops, etc. detection functionality be used. Please if you can use an example to clarify the concepts. Thx.

Regards,
yaa

yaa: forgot to login ?

so, a program is made from main part (what windows loader calls on running the exe) and procedures(or routines).

OllyDbg tries to find the procedures by searching for example the stack init - "push ebp/mov ebp,esp".

for example, in OllyDbg 1.08 at 0x4154F0 is procedure called "_Disasm"

for switches,loops,... you can use right-click/Search for/All ... it is easier than looking in table switches and try to remeber who jumps where it is just for easy understanding the code.

TBD what I'm still not getting is the difference between the user routines and those that ollydbg identifies as "heuristical" procedures. Aren't they also user routines??? How do they differ, if they do differ? About loops and switches where is it that you can look for loops?? I only see the possibility of requesting switches.
Thx.

Sorry for not logging in before, I didn't notice that the board lets you post without logging in.

Regards,
yaa

yaa: oops, no search for loops

i think a more detailed explanation is in ollydbg.hlp, in analysis section.
if it is still unclear feel free to ask questions here