Log in

View Full Version : Very strange behaviour

Firestream
January 14th, 2003, 15:16
Hello,

I'm dealing with a very strange problem when I'm working with the latest version of OllyDbg. The executable that I'm trying to load all of a sudden won't load even without OllyDbg. I try to execute the file and I get a GPF right away before even getting into the program. It's almost as if some system file got changed or corrupted.

My OS is Windows XP without SP1.

Here's what I've done to try and get this executable functioning again:
1. I've replaced the file in question with a backup.
2. I've done a repair install of Windows XP
3. I've deleted OllyDbg from my system.
4. I've deleted anything in c:\windows\prefetch

Nothing works except doing a clean install of XP.

Anyways does anyone know if OllyDbg changes any system files. Any ideas?

TIA
TBD
January 14th, 2003, 22:40
Firestream: OllyDbg doesnt change any system file, nor registry. Everything it creates in his directory (.ini,.udd & .bak)

maybe your program has a timeout routine, have you tried tracing the program
and see where it exits ?
Firestream
January 15th, 2003, 07:23
It's actually a program that we are writing in C++ and we needed OllyDbg to try and find the cause of a GPF while running a routine in the executable. Now OllyDbg reports the error on startup on an API called DuplicateHandle while setting up stout, stin, sterror. This occurs while trying to load the program before we ever get into the main loop. This has happened twice now while trying to find a GPF much further in the program.

I'm stumped and just about ready to repave this machine again. I really like OllyDbg so I'd like to prove to myself that this behaviour isn't caused by it so that I can feel comfident using it on othet projects.

I've also looked for any locked or corrupted files that our program uses and replaced them just in case. The new error occurs way before these files ever get touched though so I wasn't too hopeful this was the cause and sure enough, it wasn't.



I'm still hoping that XP caches executable somewhere that I'm not aware of or maybe OllyDbg does also and that is what I have to find and clean up. That's why I first thought to clean out c:\windows\prefetch
focht
January 15th, 2003, 10:34
Greets,

- does the startup error happen only with ollydbg or does it happen too in your development environment (debug program)/other debugger (windbg)?
- does it happen both in release and debug version?
- post the complete call stack (source level) of the thread where the exception occurred

So long...

Anastasius Focht