Hello I'm italian, and I'nt speak english very well!

I would know were I can fin (in olly dbg) command line, I want creat a break point to a setTime string, but the file that i want to debug is a dll, and I can't load only its, there are a tutorial for using ollydbg with command line??

Benvenuto.

If I understood well what you are asking for you can download the command line plugin for OllyDbg from the following page http://ollydbg.win32asmcommunity.net/stuph/
("http://ollydbg.win32asmcommunity.net/stuph/
")

But really to place a breakpoint on a DLL you don't need the command line plugin. To put a breakpoint on a statement inside a DLL you need "someone" that will load that DLL for you ... and then you need to have OllyDbg "analyze" the DLL (this in order to have OllyDbg "keep" the set breakpoints). You'll then be able to put (and retain) all the breakpoints you want on the DLL's code.

Se hai problemi ad esprimerti in inglese lascia anche la "versione" italiana della tua richiesta. La tua domanda risulterà sicuramente più chiara almeno a chi capisce la lingua italiana.

Cya,
EsseEmme

Ciao esseEmme, il mio problema è questo:

Innanzi tutto devo fare il debug di un file .cpl, e allora agisco in questo modo lancio l'applicazione che userà questo cpl, poi lancio ollydbg e attacco l'applicazione che usa il cpl, poi eseguo la cpl! Ora quello che a me interessa sapere è perchè ogni 30 sec emette un beep dopo 10 minuti di funzionamento, come posso settare olly dbg per scoprirlo??

Excuse me english user, but i don't speack english very well, and so i don't write in this language, if into you, are a italian user please give me a hands!

I read very well english language, but i don't speak and write english language, excuse me!

Peace!

mskeng per consentire a tutto il forum di poter eventualmente contribuire ti risponderò in inglese.

What mskeng is saying is that he has a .cpl file (which if I'm not mistaken is a specialized dll) used by some application. He is able to start the host application and attach the cpl file and would like to know how to discover why this cpl file emits a beep every 30 seconds after the initial 10 minutes.

Well my friend, I'll be honest, I don't know in what languages this cpl can be made. Supposing it is C and supposing the beep is made using the Beep or MessageBeep win32 APIs you'll have to search for the "Names" in the cpl file (the imported functions) and put a breakpoint on all instances of the beep functions (Beep and/or MessageBeep APIs). Pay attention to put the breakpoints on the imported functions of the cpl file and not the host application. After that just run the application. At the first beep OllyDbg should break (meaning it should stop) on the guilty call.

Cya,
EsseEmme

Tnks, essemme, I understood your explication, I know that the .cpl file using the messagebeep API! I have put a breakpoint on all istances of beep function!
But, how I, after breaking the messagebeep API, can exit to this fuction, and execute the coice string per string?? What is the command (keycommand, shortcuts, or other!), for escape to breakpoint to messagebeep API, and run the coice of the program string per string??

Thanks for all message yor are posting, and for explication to my question!!
Best Regards, this is a very Cool forum, I like You!!
...

mskeng I can't understand what you are saying. Please clarify your post.

EsseEmme

Well, I have putted a break point on SetTimer api, and ollydbg break on this import, well, I have analized the code, and I have see the routine that set the timer. this is the code:
10003C40 >/$ 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+4]
10003C44 |. 57 PUSH EDI
10003C45 |. 25 FFFF0000 AND EAX,0FFFF
10003C4A |. 33FF XOR EDI,EDI
10003C4C |. 8D0480 LEA EAX,DWORD PTR DS:[EAX+EAX*4]
10003C4F |. C1E0 05 SHL EAX,5
10003C52 |. 8B5408 44 MOV EDX,DWORD PTR DS:[EAX+ECX+44]
10003C56 |. 8B41 20 MOV EAX,DWORD PTR DS:[ECX+20]
10003C59 |. 85C0 TEST EAX,EAX
10003C5B |. 7E 3E JLE SHORT asio2ks.10003C9B
10003C5D |. 8B4424 0C MOV EAX,DWORD PTR SS:[ESP+C]
10003C61 |. 53 PUSH EBX
10003C62 |. 56 PUSH ESI
10003C63 |. 8D3400 LEA ESI,DWORD PTR DS:[EAX+EAX]
10003C66 >|> 8B99 14050000 /MOV EBX,DWORD PTR DS:[ECX+514]
10003C6C |. 33C0 |XOR EAX,EAX
10003C6E |. 85DB |TEST EBX,EBX
10003C70 |. 7E 1C |JLE SHORT asio2ks.10003C8E
10003C72 |> 8B99 78040000 |/MOV EBX,DWORD PTR DS:[ECX+478]
10003C78 |. 83C2 02 ||ADD EDX,2
10003C7B |. 40 ||INC EAX
10003C7C |. 66:8B1C33 ||MOV BX,WORD PTR DS:[EBX+ESI]<<<<-------se metto nop nop nop nop sull'indirizzo 1003c7c il beep non si sente, ma dopo dieci min si sente un vuoto (si stoppa l'audio!) per un secondo, se invece annullo tutto il ciclo che va da 1003c72 a 1003c80 mi si sente un rumore strano che non è proprio un beep ma quasi!

10003C80 |. 66:895A FE ||MOV WORD PTR DS:[EDX-2],BX
10003C84 |. 8B99 14050000 ||MOV EBX,DWORD PTR DS:[ECX+514]
10003C8A |. 3BC3 ||CMP EAX,EBX
10003C8C |.^7C E4 |&#92;JL SHORT asio2ks.10003C72
10003C8E |> 8B41 20 |MOV EAX,DWORD PTR DS:[ECX+20]
10003C91 |. 83C6 02 |ADD ESI,2
10003C94 |. 47 |INC EDI
10003C95 |. 3BF8 |CMP EDI,EAX
10003C97 |.^7C CD &#92;JL SHORT asio2ks.10003C66
10003C99 |. 5E POP ESI
10003C9A |. 5B POP EBX
10003C9B |> 5F POP EDI
10003C9C &#92;. C2 0800 RETN 8

10003c9d Nop

Well, that I can do for bypassing this procedure, what breakpoint that I can put in my code for test if this routine Only Set Timer, or Do any other operation??

The program entry point is: 10003C7C, well, but the routine start at 10003C40!!
If i jmp the complete routine:
10003c40 jmp 0003c9d the program host of cpl file, crash after 10 minute!
What can i do for bypassing the Timer, but non create a crash of the program Host, after 10 minute???

Tnks a lot, fo space that you are give me for posting this question,
You are My Big FrendzZ!

Peace!

Are, you understend?
I have pose a Bad question?
I have fail?
.
.
..
...
....
Tnks!

If the procedure starting at 10003C40 is the procedure called by the SetTimer function, and this procedure does not do anything that is "necessary" to the application, you can simply modify the time-out value (3rd parameter of the SetTimer function) to such a huge value that the procedure will never be called (or it will be called after a few days).

For example, if you set the 3rd parameter to decimal 864000000 (337F9800 in hexadecimal) the procedure starting at 10003C40 will only be called after 10 days of your application's consecutive execution.

EsseEmme

Excuse me EsseEmme, but I'm very Big stupid! confused):, but: What is 3rd parameter??
I waiting for.....



RETNKS!

Take a look at this link ("http://msdn.microsoft.com/library/default.asp?url=/library/en-us/winui/winui/windowsuserinterface/windowing/timers/timerreference/timerfunctions/settimer.asp").

The third parameter (uElapse) controls after how long the procedure (lpTimerFunc) is called.

EsseEmme