nOOb Question :( Sry for nOObisme [Archive] - RCE Messageboard's Regroupment

View Full Version : nOOb Question :( Sry for nOObisme

baxis

June 3rd, 2005, 08:05

Hi,

I'm new in the world of disassembly, and i want to try ollydbg.
My first question :
How can i say to olly, make a break when anywhere in the memory you see "coucou".
I think that it's with breakpoint>set_condition, but i'm don't manage to find a list of expression annd how to use it.

I looking for something like
if memory like '%coucou%'
make_breakpoint
endif

in a upper level of code.

My second question :
When i manage to do what i want manually (i want to send a new packet when the program send a particular packet), can i devlop a program that do my action automatically by pressing a key for example.

Thanks by advance.

blabberer

June 3rd, 2005, 08:51

well your explanations are not clear you should be looking at writing a custom debugger to suit your need
i dont think any general purpose application would be
doing this kind of search it is very exhaustive requirement to the least

well if the above rambling doesnt make sense ill tell what i assume of your request

execute one single instruction
recheck_routine:
parse the whole process memory for a specific string (can be 4 gb of space theoratically)
if found { do my bidding}
if not execute second instruction
jump to rechecking routine

is that what you are aiming at ??

if not and you have narrowed down you requirement to a certain
memory place like a dword in data section or a register content
or in stack or in heap

then ollydbg can do it without problems

look at ollydbg help and search for expression help

you will find STRING [your memory place]

for example taking Createfile api for example
HANDLE CreateFile(

LPCTSTR lpFileName, // pointer to name of the file
DWORD dwDesiredAccess, // access (read-write) mode

you can set STRING [esp+0x4] == "your file name" on the first instruction of procedure so if the program is creating 1000s of files
olly will parse every file name and will break when it is opening your named file

hope that is what you are looking for

bud_gd

June 25th, 2005, 18:45

everything I have learned,PACKET SENDIND? Cracking or hacking?

bud_gd

June 25th, 2005, 18:48

I will help no one hack! Reverse Engineering is A Skill most likely advancing to .ASM of a sort, Hopefully.