Log in

View Full Version : OllyDbg unable to proceed


alan
May 21st, 2005, 08:38
When I attach OllyDbg to a program, I get the message:

Quick statistical test of module "xxx" reports that its code section is either compressed, encrypted, or contains large amounts of embedded data. Results of code analysis can be very unreliable or simply wrong. Do you want to continue analysis?

I would be grateful if someone could give me a few hints as to how to proceed with this project?

I am currently at grade "nobrainer", but I am 25% towards grade "lamer".

Regards,
Alan

blabberer
May 21st, 2005, 13:27
it means olly has analysed the exe and found that it is packed or compressed or encrypted or whatever like it says
now if you still say yes olly will assume you know better and analyse the app and show you the garbage analysis
if you say no olly wont analyse but will just stop on the code and will let you find what is the mystery

that means you have to find some file identification programs
which would do some analysis based on predefined signatures and
may give you an educated guess as to what this app might be packed or compressed or encrypted with

there are many floating around the most popular one is peid by snaker

now if you run peid on the app it may say
packed with upx --- blah blah blah by blah blah version blah blha blah

if it was that simple then you can use upx itself with commandline option
-d to unpack it or if you are faced with some tough jock like
execryptor or similar then you are doomed for now or till you learn
more about packing unpacking crypting and such nocturnal roaming stuffs
have fun

alan
May 22nd, 2005, 08:13
Thanks. PEID identified the packer.

Regards,
Alan

cridia
May 22nd, 2005, 21:26
PEID always error when system running other program,why? i use win2000.