View Full Version : OllyDbg and "Name Deleted"
dexta666
July 13th, 2006, 21:05
hi, learning a new thing and all i can find is references to Softice everywhere on the net and none to do with OllyDbg. i came across this when trying reverse name deleted and was wonder how to do this in Olly
--------
|
:00405CA6 FF150C0C4A00 Call dword ptr [004A0C0C]
:00405CAC 8D862A020000 lea eax, dword ptr [esi+22A] ;load username address into eax
Type 'db eax' to see the user name you entered. Now set a breakpoint
on the memory location where the name is stored (we want to try and
see how/where it is manipulated/compared):
----------
what is the equivalent command in olly to the 'db eax' command
can anyone help please?
JMI
July 13th, 2006, 21:25
You
OBVIOUSLY DID NOT READ THE FAQ. Had you actually done so, you would KNOW that you are
NOT to post
BOTH target name and target code. You posted BOTH.
Now
GO BACK and
READ THE FAQ carefully.
It's also an Ollydbg question, and belongs here, even if
you are a Newbie.
Regards,
dexta666
July 13th, 2006, 21:47
sorry dude.
SiGiNT
July 14th, 2006, 00:15
This can be done in a round about way if you have Winhex - simply open Winhex - tools - open ram - pick your target - do a text search for "your name" - try both unicode and ascii - the one you find in the 0x00100000 -0x00200000 range is the one you want - take note of the address, go back to olly pick the range in the memory window and go to that address, highlight the beginning of "your name" and set a memory breakpoint on it.
I'm sure that you also can use a conditional breakpoint, but I've never tried it - I'll have to play around a little just to see.
SiGiNT
naides
July 14th, 2006, 01:08
Quote:
[Originally Posted by dexta666]hi, learning a new thing and all i can find is references to Softice everywhere on the net and none to do with OllyDbg. i came across this when trying reverse name deleted and was wonder how to do this in Olly
--------
|
:00405CA6 FF150C0C4A00 Call dword ptr [004A0C0C]
:00405CAC 8D862A020000 lea eax, dword ptr [esi+22A] ;load username address into eax; Here instead of typing db EAX (Sice style), RIGHT click on EAX in the registers window, and then pick "Follow in Dump". Now the dump window will display the contents of the EAX address as long as the format of the dump window is correct (IF not, right click somewhere in the dump window, select: Text)
Type 'db eax' to see the user name you entered. Now set a breakpoint
on the memory location where the name is stored (we want to try and
see how/where it is manipulated/compared):
To set a memory BP, higlight that memory location in the dump window, right click on it and pick breakpoint-> memory on access
----------
what is the equivalent command in olly to the 'db eax' command
can anyone help please? |
In blue
blabberer
July 14th, 2006, 10:22
alt+f1 --->db eax
MR eax,eax+10
MW eax,eax+10
Powered by vBulletin® Version 4.2.2 Copyright © 2018 vBulletin Solutions, Inc. All rights reserved.