Log in

View Full Version : Any interactive cmd to modify register and/or memory contents like sice ?

yalcm
April 1st, 2005, 22:32
Hi,
I am newbie here and start to learn using ollydbg. I have had some expericence of sice before. Usually when I debug something when breakpoint reached, I need to change register(s) and/or memory contents. In sice I can use, for example, "REG EAX=00112233h or REG EIP=EIP-1 or E DS:EBX 12345678" etc to modify register/memory contents interactively. So my question is that "is there a counterpart like this in ollydbg" ? I have tried to input something in the cmdbar of ollydbg interactively, but I just couldn't find out any solution for my needs.
And I have spent a lot of time to read/search here in this forum to find out a solution/info for myself, but with NO such luck about this. So please help me out and thanks a lot for your attention.

A truely ollydbg newbie -- yalcm
blabberer
April 2nd, 2005, 09:34
i dont know if a commandline command exist or not (never used it much)
but to modify a register it takes two mouse click

select register and hit enter olly will pop up a modify eax,ebx,ecx dialog
or select register and right click and select modify

to write to the place in ebx viz ds:ebx
select register >>>right click >>> follow in dump >>>> use ctrl+e (edit data dialog to modify data in dump )
yalcm
April 2nd, 2005, 12:49
Thanks for the quick reply. Modifying registers' content and/or memory's content with your method is no problem. But I'm coming from sice side, so I'm trying to find if there is an interactive way for olly like sice. Besides this, with your registers' content modifying method, it does NOT work for EIP register. I dunn know why ? So in olly is there a way to change the program execution flow(for example EIP=EIP-1) ?
Ricardo Narvaja
April 2nd, 2005, 13:24
yes mark the line you want, right click NEW ORIGIN HERE and EIP change pointing to this line.

Ricardo Narvaja
bigglass
April 2nd, 2005, 22:28
read Cmdline.rtf from plug110.zip (or view source).
use SET command from Command Line plugin (ALT+F1).
//clear debug bit
ex: set [BYTE [(FS:[18])+30]+2]=0
P.S. CommandBar not support SET command
yalcm
April 3rd, 2005, 00:10
wow, olly is really a great great great tool!!!
Thanks for all of these quick reply. Greeting fly out to all of good guys here, especially to this great tool's developer.

Have a good day, all
-yalcm
blabberer
April 3rd, 2005, 01:01
ctrl+g ---> type eip-1 hit ok
ctrl+* eip will be modified

get the .hlp out and give it a read all these questions are answered there