In OLLYBG if you are in CPU window, you easy go to offset with right click- VIEW- EXECUTABLE FILE, but if you in the offset window, you work here and look a interesting line, no existe the commando to view this line in dissassembler window (CPU), only searching for the sequence of the bytes hexa y can detect this line in CPU pane.

CPU to OFFSET is EASY
OFFSET to CPU is very difficult

Ricardo Narvaja

ricnar456: can you give an example where is really needed this feature ? because you can browse in CPU window perfectly

I compare two files with file compare and the results of the differences is in offset, well, open the file, view executalble and GO TO OFFSET put the result and i found the sentence with the difference, but for found the same sentence in the CPU window and if not is in the same section is very difficult, i go to VIEW-MEMORY and search in all memory for the bytes and is very slow, if the results of FILE COMPARE are 35, is very slow use this metod for view in CPU pane the differences one for one and serching for chains of bytes.

Ricardo Narvaja

ricnar456: why dont you add to the modified offset the base address (from PE header) and follow the changes in CPU window ?

Well the image base of this crackem is 400000, PeEditor says.

In OLLY this sentence

00401318 > $ /EB 10 JMP SHORT SXEA163.0040132A


is go to VIEW - EXECUTABLE FILE is

00000918 EB 10 JMP SHORT 0000092A

How i add this and in other sections is worst.

In all crackmes and programs isnt Imagebase + offset= RVA

if the sections are not aligned (FIX DUMP) and if i aligne dont function more.

Ricardo