Beta
August 5th, 2005, 12:28
I have no idea how olly could be improved after this.It's stable(usually) .Does any body out there know anything about 2.0?
View Full Version : What will olly 2.0 improve on?
ssb
August 6th, 2005, 04:31
I'm afraid that nobody, except Oleh, really knows anything about 2.0. Sometimes I doubt it will ever release 
Ricardo Narvaja
August 6th, 2005, 16:03
RING0 maybe?
Ricardo Narvaja
Ricardo Narvaja
1bitshort
August 7th, 2005, 00:15
i didnt think he could add or improve much on it either, but he is taking a long time so maybe he is adding a lot of new stuff or something like ring0 support
Ricardo Narvaja
August 7th, 2005, 09:16
if he in the page request for originals of all SO i think is for RING0 support, for RING3 is not necesary have all SO originals
Ricardo Narvaja
Ricardo Narvaja
1bitshort
August 8th, 2005, 04:19
It would be quite a party trick
Beta
August 12th, 2005, 03:47
What is ring0 may i ask?
1bitshort
August 12th, 2005, 09:50
No, you may not. Go back to jail. Do not pass go. Do not collect $200. 
If you(/anyone) dont know the difference between ring 3 to ring 0 you should do a little bit more reading before burying your head in debuggers, it will save you a lot of confusion - fundamentals are fundamental for a reason.
To cut to the chase, in the Windows operating systems ring 0 is essentially "kernel mode" whereas ring 3 is "user mode", a less-privileged level. Windows only uses these two rings. Any program you write will be a ring 3/usermode program, but if you want to go to ring0/kernel mode you basically need to write a kernel driver (.vxd for win9x/.sys for nt/2k/xp/vista), unless you use a ring3->ring0 trick.
If you(/anyone) dont know the difference between ring 3 to ring 0 you should do a little bit more reading before burying your head in debuggers, it will save you a lot of confusion - fundamentals are fundamental for a reason.
To cut to the chase, in the Windows operating systems ring 0 is essentially "kernel mode" whereas ring 3 is "user mode", a less-privileged level. Windows only uses these two rings. Any program you write will be a ring 3/usermode program, but if you want to go to ring0/kernel mode you basically need to write a kernel driver (.vxd for win9x/.sys for nt/2k/xp/vista), unless you use a ring3->ring0 trick.
mr haggar
August 12th, 2005, 13:40
Maybe it will fix bugs related to exceptions and tracing what I read in couple tutorials:
What did I learn from reversing this beast?
c) Few Olly bugs (incorrect processing of lock int3, lock int1,
ds:int3, etc.)
d) Olly trace feature is buggy. Really buggy.
From kao solution for execryptor on crackmes.de.
What did I learn from reversing this beast?
c) Few Olly bugs (incorrect processing of lock int3, lock int1,
ds:int3, etc.)
d) Olly trace feature is buggy. Really buggy.
From kao solution for execryptor on crackmes.de.
mr haggar
August 12th, 2005, 13:41
PS
Plus, OllyDbg cannot handle TLS calls so debugger can be descovered before target is loaded.
Plus, OllyDbg cannot handle TLS calls so debugger can be descovered before target is loaded.
Ricardo Narvaja
August 12th, 2005, 22:22
If you know how use olly is easy solve this
1)change the mark in debuggin options - events to stop in SYSTEM BREAKPOINT, next when stop in system breakpoint put a MEMORY BREAKPOINT ON ACCESS in the seccion of start and you stop in the TLS.
Or when you stop in the breakpoint look in peeditor in directories and look in TLS the value and FOLLOW IN DUMP this value and look for the content, and put a BPX in this adress and you start in the TLS too
Ricardo Narvaja
Olly trace is perfect i have no problems at all, the only bug is in ILLEGAL EXCEPTION and is easy repared only changing a byte in OLLY, if you know how use the trace option there are no problem at all and there are no bugs at all.
INT3 have no problema at all is perfect handled
lock INT3, LOCK INT1 are illegal exceptions and are the same case only changing a jmp is solved.
Ricardo Narvaja
1)change the mark in debuggin options - events to stop in SYSTEM BREAKPOINT, next when stop in system breakpoint put a MEMORY BREAKPOINT ON ACCESS in the seccion of start and you stop in the TLS.
Or when you stop in the breakpoint look in peeditor in directories and look in TLS the value and FOLLOW IN DUMP this value and look for the content, and put a BPX in this adress and you start in the TLS too
Ricardo Narvaja
Olly trace is perfect i have no problems at all, the only bug is in ILLEGAL EXCEPTION and is easy repared only changing a byte in OLLY, if you know how use the trace option there are no problem at all and there are no bugs at all.
INT3 have no problema at all is perfect handled
lock INT3, LOCK INT1 are illegal exceptions and are the same case only changing a jmp is solved.
Ricardo Narvaja
mr haggar
August 13th, 2005, 02:49
Gonna try that trick with TLS. Thanks.
blabberer
August 13th, 2005, 07:00
hehe haggar olly can handle tls callbacks too
may be you should take a look at NtGlobalFlag plugin
its available for download where you posted your recent pespin tut
may be you should take a look at NtGlobalFlag plugin
its available for download where you posted your recent pespin tut
Powered by vBulletin® Version 4.2.2 Copyright © 2018 vBulletin Solutions, Inc. All rights reserved.