hi all,

Olly still continue to BSOD my system. It crashes my firewall, and at end bsod my pc. This on both my machines, old (SP1) and new (xp full updated).

On this new machine i did nothing! I found no thread related, so can anyone have an idea? due to various tools, I have problems with sice etc.

On older machine it seemed to 'take' all machine resources over the time (i.e. if I leave pc opened and olly paused when i go dinner).

boh :?

Hi M.
Did you try to analyze the crash dump? Does the bsod starts happening after the installation of a particular program?
I think the problem is surely related with an external behaviour...

oh, sure, I did not mean olly is unstable, it's the exact opposite, sorry.
I were curious to know if anyone has experienced such problems. Surely it is related to some driver (as bsods are not so easy on r3).
I think Kerio firewall (i swap firewall every 3-6 months as I cannot still find a decent one...) driver is responsible. What is fuzzying me is that I keep HIPS off, so debugging should not be checked at all.
(Kerio at a certain point says that cannot connect to the gui services anymore and shut down -this might be an interesting attack on such firewall. however, since sedebugprivilege is granted only at admin, it is not still useful for domain user exploits, but who knows?)
Firewalls have problems with debuggers i.e. I noted agnitum fw transformed my IDE debugger (ASM view) into a slow turtle :-? .

(ps: I've reset when crash dump was building, as it were taking ages...)

Hey.
I read somewhere about a similar problem, it was caused by an antivirus program. The problem stops when the antivirus was removed. Maybe trying to remove Kerio you'll known if the firewall is your problem.... or have you already tried?

This bsod happened today, i'll try to change firewall... tomorrow

My firewall, Outpost, detects and does not like when a process, Olly, reads the memory of another, debuggee, and opens a window wanting to kill both processes. (It also detects Armadillo father modifying the Armadillo son process memory and complains formally about it)
I am sure your FW have similar technology, hooking in the debugging API or zw APIs. If one of the FW drivers has gone amoc, may well be BSODing your machine in response to Olly.

But I know for sure that my Outpost allows me to use Olly of I tell it to shut up.

i have Kerio and it works just fine with olly (i'm running xpsp2).
i have turned off "system security module".
Kerio (fwdrv.sys) hooks:

ZwClose
ZwCreateFile
ZwCreateKey
ZwCreateProcess
ZwCreateProcessEx
ZwCreateThread
ZwDeleteFile
ZwDeleteKey
ZwDeleteValueKey
ZwOpenFile
ZwOpenKey
ZwResumeThread
ZwSetInformationFile
ZwSetValueKey
ZwWriteFile

maybe some plugin antiantidbg code is causing it?
you should run olly without plugins (period )...and add them back one by one.

try writing a minidump and let your system autoreboot analyze the minidump to get some pointers if it is taking ages to write full dump

I have run ollydbg with kerio i didnt happen to encounter any bsods
infact i havent encountered a bsod till date that was caused by ollydbg

sounds interesting

Kerio personal firewall seems to be quite unstable in general. Three of my friends have tried it, and they all started getting random BSODs from this point on.

For some reason I believe this to be overheating issues.

I've noticed my CPU temperature go up when debugging a program and pausing it with OllyDbg, or running conditional breakpoints.

It doesn't go up enough to hang the machine though, but if the cooling system was obstructed it probably would.

mmh... on my older machine, it might have been possible. But even the new one? I checked Kerio, and the GUI problem is related to the fact the GUI and the Service communicates using blocking calls. I haven't reinstalled a r0 debugger, but I'm curious to set a bpx on the failing condition, run olly and wait until it trigs (hoping the system dont crash before).
I believe it is a time-out error (almost sure), because my mp3 player 'chockes' sometime (and often when i close olly). Something in my system must take an high degree of CPU resource, and it was pretty noticeable on single-core cpu.
(well, I have windows debugger, but admittely I do not know an hell nothing of its commands... learn, always learn heh...)