1.
How to search for bytes?

In SoftICE s 0 l ffffffff 90,90,90,...
In OllyDbg ???

2.
I have win2000 and I want set breakpoint on GetVolumeInformationA... or GetProcAddress, but how???

Thx,
Bruce Lee

in ollydbg, the right click is like talking to god; everything is done with right click (well almost). do right click -> search for -> binary string. you can even use ?? for wildcards i think. for setting bpx on imports, do ctrl-N for a list, and then ... right click to bpx.

In packed target when press ctrl+n found missing imports
And now what?

here's a trick most people dont know. it was in some olly tips i forget which #. you can get around this by doing view -> executable modules, and locate the library where the call is, in other words kernel32.dll or whatever. then from inside that library you can do ctrl-N and set a breakpoint on the EXPORT you are interested in. then it will break when your app calls that export of that lib. its not the easiest solution, but it can be useful when you are not sure where the import calls are in your app.

if you want to set breakpoint on GetVolumeInformationA... or GetProcAddress, etc easily in Ollydbg, just do:

bp GetVolumeInformationA

or

bp GetProcAddress

Other useful commands are:

D expression Follow address in dump
DUMP expression Ditto
DA [expression] Dump in assembler format
DB [expression] Dump in hex byte format
DC [expression] Dump as ASCII text
DD [expression] Dump as addresses (stack format)
DU [expression] Dump as UNICODE text
DW [expression] Dump in hex word format
STK expression Follow address in stack
BP expression [,condition] Set INT3 breakpoint at address
BPX label Set breakpoint on each call to external 'label' within the current module
BC expression Delete breakpoint at address
MR expression1 [,expression2] Set memory breakpoint on access to range
MW expression1 [,expression2] Set memory breakpoint on write to range
MD Remove memory breakpoint
HR expression Set 1-byte hardware breakpoint on access to address
HW expression Set 1-byte hardware breakpoint on write to address
HE expression Set hardware breakpoint on execute at address
HD [expression] Remove hardware breakpoint(s) at address
STOP Pause execution
PAUSE Ditto
RUN Run program
G [expression] Run till address
GE [expression] Pass exception to handler and run till address
S Step into
SI Ditto
SO Step over
T [expression] Trace in till address
TI [expression] Ditto
TO [expression] Trace over till address
TC condition Trace in till condition
TOC condition Trace over till condition
TR Execute till return
TU Execute till user code

and others that you can find in the documentation...