Log in

View Full Version : Ollybug?

Eggi
December 19th, 2004, 07:03
I debugged a program which calls RaiseException with the follwing arguments:

0012BA34 77E749F4 /CALL to RaiseException from kernel32.77E749EF
0012BA38 40010006 |ExceptionCode = 40010006
0012BA3C 00000000 |ExceptionFlags = EXCEPTION_CONTINUABLE
0012BA40 00000002 |nArguments = 2
0012BA44 0012BC70 \pArguments = 0012BC70

after i executed the call to RtlRaiseException i get 3 error messages and after that olly closes... but i dont ignore this exception... so normaly olly should catch it and not close.
Eggi
December 19th, 2004, 08:29
ok this gets called from the kernel32.OutputDebugStringA with the argument:
%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s %s%s%s%s%s%s%s%s%s

and i think that it produces an buffer overflow in olly and so olly produces an error and kills himself :/.
VolX
December 19th, 2004, 21:00
Armadillo 4 , hehe....
deli
December 27th, 2004, 10:54
read this

http://www.securiteam.com/windowsntfocus/5ZP0N00DFE.html ("http://www.securiteam.com/windowsntfocus/5ZP0N00DFE.html")
Bob
December 30th, 2004, 07:16
This works also with just 3 %s in a string anywhere..

eg passing "ab%Scdef%sghijklmnopqr%stuvwxyz"

to Olly thru OutPutDebugString will crash Olly.

~BoB~