Log in

View Full Version : Total Useless Newbie trying to figure out OllyDbg.


HexScribe
April 28th, 2004, 15:50
Hi... I would like to know how to search for a command... let's say I want to put a breakpoint on some message box (MessageBoxA), how can I find it in the code window? I tried to search for the code Hex string I picked up from a disassembler, but it don't works... Also, why does the code begins at 75F51C96 in OllyDbg and at 00401000 in my disassembler...

Thanks! I know these are stupid questions but I just want to find out how to use this excellent tool everyone's talkin about! Btw, I won't use it for cracking purposes! :P

Ricardo Narvaja
April 28th, 2004, 16:29
If you put a BPX in messageboxa go to B window (DEBUG-BREAKPOINTS) and doble click in the BPX and you will go to the location in the CPU PANEL.

The other question is confuse, try clear the question

Ricardo

HexScribe
April 28th, 2004, 17:19
- How to put a BPX to messageboxa!! This is what i want to know!! How can I find where's the "MessageBoxA" in the code!!

- I think it's clear enough... The application start point isn't the same in OllyDbg and in PE Explorer disassembly... why?

HexScribe
April 28th, 2004, 20:40
Ah! I found that Ollyscript has nice ways to do it

Ricardo Narvaja
April 29th, 2004, 04:02
A application start in the EP and this point is in the exe, if olly stop before reach the EP are for.

1) a exception (skip with shift + f9 or put in debug breakpoint the mark in the type of exception,if you want olly don愒 stop more there).
2) if you dont know the type of exception go to debuggin options-exceptions and when you are sttoped in ths exception, press ADD LAST EXCEPTION and check IGNORE CUSTOM... and with this olly do愒 stop more in this exception.
And for type BP MessageBoxA or BPX MessageBoxA go to Stuph page of this forum and download the comanndbar plugin and with this you can type bp or bpxs directly.

Ricardo
Ricardo

Lord_Looser
April 30th, 2004, 01:06
how to find MessageBoxA code:
- go to the code window
- press right mouse button into the disassembly (popup menu will open)
- select 'Search for' - 'Name in all modules' ('All names' window will open)
- for searching your function write it down directly to the window (press M e s s a g e B o x A on your keyboard :-)
you can see what you are writing in the tiltle bar from olydbg (right at the top)
- select export line for code

result in Win2k:
77E23259 > 55 db 55 ; MessageBoxA

JDog45
April 30th, 2004, 02:44
Or Press Ctrl + N as a shortcut..

HexScribe
April 30th, 2004, 09:42
Ok thanks guys!