How come not all the string references show in Olly, that show in W32DSM?

Wdasm only show a 10 % of strings you can view in olly, only you have configure olly well.

If is a packed program wdasm not show references of the original program, olly yes.
with olly you can view all strings of all sections and dlls of the program, with wdasm not.

Only in debugging Options-Debug put the mark in

memory block currently selected in dissasembler

and with this olly show the string of the section or dll listed in CPU, if you need the strings of the first section (the most common) go to expression=401000 for display in CPU the first section and SEARCH FOR THE REFERENCES.

And for RESOURCE STRINGS go to VIEW-EXECUTABLE mark the line of the exe and right click SHOW RESOURCE STRINGS and look

Ricardo

Even with those changes, with the program Webwhacker version 5, available at hxxp://www.bluesquirrel.com/free_download.html, I cant get it to show the evaluation expired strings, whereas in W32DSM it does, why would this be?

you go to 401000 and search strings with olly well configured?

And go to view-executables right click and go to VIEW-RESOURCE WINDOWS and the string is not here.

Verify well the two options

Ricardo

The string is actually in the ix.dll file in this case, and yes if you click on view/resource you can see it, but from here why cant you double click on it, and go to it in the cpu window, also it doesn't show you every instance of it in the program, and you can never get it to show in the cpu window of the ix.dll file, it just shows the resource number.
It is a lot clearer in this intance to look at it in W32DSM, which is a dissapointment, because in every other respect Olly is great.

Write to olleh and tell if in the next beta add the resource strings in the common string reference list, and with a double click go to the cpu for view.
In the resurce strings you can view the number of this resource, if you search this number or PUSH (this number) you found the same locations in the olly than wdasm, but you can write to olly for improve this method, with one only list of strings with double click for go to the code when the string are used.

Ricardo

Yes, I guess I should drop the author a note about it.

Pompeyfan have a look to my comment in this post in the topic "Strange string"

Yes, thanks for that, that makes it a bit easier to find what you are looking for, I still think that Olly needs to do some work, so that these references show as well as they do in W32DSM.