flat assembler
Message board for the users of flat assembler.

flat assembler > Main > trapping int3 with OllyDbg

Author
Thread Post new topic Reply to topic
BiDark



Joined: 22 Jun 2003
Posts: 110
Location: .th
Hi all,

I need participants who have running OllyDbg 1.09d on Win2K or XPsp1 system for testing the following code (a bit heap-related but I'm using Fasm to test so I think it should be here).

Code:
main:
        xor     eax,eax
        jnz     main
        int3
        ret
    


Compile and run by double click (don't forget to set OllyDbg as JIT too).
Please don't ask about flow of code coz i know everything about it.
The problem on my system is when trapped, EIP pointed in the middle of jnz opcode (between 75 and FC).

Code:
problem.<ModuleE>  31C0              xor     eax, eax
00401002         ^    75 FC               jnz     short problem.<ModuleEntryPoi>
00401004               CC                   int3
00401005               C3                   retn
    


Do you have the same result as mine?
Thanks.
Post 24 Oct 2003, 10:33
View user's profile Send private message Reply with quote
roticv



Joined: 19 Jun 2003
Posts: 374
Location: Singapore
It does happen sometimes. Just right click on the int 3 and select new orgin here and there you go.. cool huh?
Post 24 Oct 2003, 14:27
View user's profile Send private message Visit poster's website MSN Messenger Reply with quote
BiDark



Joined: 22 Jun 2003
Posts: 110
Location: .th
roticv wrote:
It does happen sometimes. Just right click on the int 3 and select new orgin here and there you go.. cool huh?


All the times on my machine especially when there is the condition jump followed by int3 code.

The boring task is... yes, I have to adjust the EIP to the right place every time it broke. I don't want that.

Hmm.. how comes..
Anyway, thanks for your kind.

BTW, could you inform this to the author for me? I'm afraid about my english.
Post 24 Oct 2003, 15:01
View user's profile Send private message Reply with quote
roticv



Joined: 19 Jun 2003
Posts: 374
Location: Singapore
It is done, the mail sent.
Post 24 Oct 2003, 17:49
View user's profile Send private message Visit poster's website MSN Messenger Reply with quote
BiDark



Joined: 22 Jun 2003
Posts: 110
Location: .th
Thanks.
Post 25 Oct 2003, 03:39
View user's profile Send private message Reply with quote
roticv



Joined: 19 Jun 2003
Posts: 374
Location: Singapore
Olly's reply was

"Dear roticv,

thank you very much for your bug report. Hopefully I will be able to solve this
problem in v1.10 (final).

Sincerely,

Olly
"
Post 31 Oct 2003, 04:17
View user's profile Send private message Visit poster's website MSN Messenger Reply with quote
BiDark



Joined: 22 Jun 2003
Posts: 110
Location: .th
roticv wrote:
Olly's reply was

"Dear roticv,

thank you very much for your bug report. Hopefully I will be able to solve this
problem in v1.10 (final).

Sincerely,

Olly
"


Yeh!, the credit should be your Cool .
And f*uck the people on the OllyDbg board who think I was "kiddie" with the int3 problem.
Post 31 Oct 2003, 13:11
View user's profile Send private message Reply with quote
JohnFound



Joined: 16 Jun 2003
Posts: 3499
Location: Bulgaria
I have a problem with OllyDbg and INT3. When the program stops on INT3 (without OllyDbg loaded) and I click on [Debug] button, Olly starts OK and loads the program, but sometimes it stops somewhere in the Kernel32 or simply terminates my program instead of stop on the breakboint. Sometimes it work OK, sometimes not. Unfortunately I can't get some rule when this happens and when not.

Regards
Post 31 Oct 2003, 16:06
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2019, Tomasz Grysztar.

Powered by rwasa.