flat assembler
Message board for the users of flat assembler.

Index > Windows > My code behaves properly but crashes OllyDBG?

Author
Thread Post new topic Reply to topic
ragnar_graybeard87



Joined: 28 Mar 2016
Posts: 4
ragnar_graybeard87 11 Apr 2016, 23:11
I have a fairly simple program that I did for my Udemy course. It just finds and prints the largest number in an array. I finally got it to work, however if I try to open it in OllyDBG I get:

Exception occured @Address 00491200...

I've used the included print_eax functions in many programs without error so I don't think it could be those. Just wondering if this is a normal thing or perhaps I just coded something wrong. Thanks for viewing!


Description:
Download
Filename: 1testing.asm
Filesize: 3.68 KB
Downloaded: 361 Time(s)

Post 11 Apr 2016, 23:11
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20357
Location: In your JS exploiting you and your system
revolution 12 Apr 2016, 02:39
Does not assemble so cannot test.
Quote:
Code:
flat assembler  version 1.71.51  (3145344 kilobytes memory)
1testing.asm [71]:
include 'training.inc'
error: file not found.    
However, I note that you do not define any ".code" section, and the ".data" section is not marked executable.
Post 12 Apr 2016, 02:39
View user's profile Send private message Visit poster's website Reply with quote
ragnar_graybeard87



Joined: 28 Mar 2016
Posts: 4
ragnar_graybeard87 13 Apr 2016, 13:09
Thanks a lot for the advice. I made the changes to include the
section '.text' code readable executable

and added executable to the data section however I'm still getting the same. I also noticed that all other programs define

entry start

before doing any includes so I switched that but still no go. It's not imperative I get this code to debug it just makes me wonder why... I'll attach the training.inc incase your also curious.

Thanks again!


Description:
Download
Filename: training.inc
Filesize: 5.67 KB
Downloaded: 395 Time(s)

Description:
Download
Filename: 1testing.asm
Filesize: 3.73 KB
Downloaded: 353 Time(s)

Post 13 Apr 2016, 13:09
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20357
Location: In your JS exploiting you and your system
revolution 13 Apr 2016, 13:54
It doesn't crash ollydbg on my system.
Post 13 Apr 2016, 13:54
View user's profile Send private message Visit poster's website Reply with quote
system error



Joined: 01 Sep 2013
Posts: 670
system error 13 Apr 2016, 15:43
Your have a flaw in loop design. Don't use loop loop_tester and jmp loop_tester at the same time because your counter doesn't get updated accurately. It's only updated when using "loop" but not via "jmp". That may not be threatening in normal condition but in debugging mode, your flag register gets changed by the debugger due to task switch. That affects your loop condition regardless of your loop count.
Post 13 Apr 2016, 15:43
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20357
Location: In your JS exploiting you and your system
revolution 13 Apr 2016, 15:47
system error wrote:
... but in debugging mode, your flag register gets changed by the debugger due to task switch ...
Wot? Shocked I've never seen any debugger do that. And if it did, it is not anything that I would consider using as a debugger.
Post 13 Apr 2016, 15:47
View user's profile Send private message Visit poster's website Reply with quote
system error



Joined: 01 Sep 2013
Posts: 670
system error 13 Apr 2016, 16:11
the possibility is there. A "jmp" affects the flags only when a task switch occurs. Debugging involves task switching to some degree. So a faulty jmp like this can alter the flags.
Post 13 Apr 2016, 16:11
View user's profile Send private message Reply with quote
l_inc



Joined: 23 Oct 2009
Posts: 881
l_inc 13 Apr 2016, 16:26
system error
Quote:
the possibility is there. A "jmp" affects the flags only when a task switch occurs.

Whoa. One never knows, what dangerous mix of information someone's mind can keep inside. Near/short jmp's never affect the flags. Windows doesn't have the referred kind of task switching.

_________________
Faith is a superposition of knowledge and fallacy
Post 13 Apr 2016, 16:26
View user's profile Send private message Reply with quote
system error



Joined: 01 Sep 2013
Posts: 670
system error 13 Apr 2016, 16:36
l_inc wrote:
system error
Quote:
the possibility is there. A "jmp" affects the flags only when a task switch occurs.

Whoa. One never knows, what dangerous mix of information someone's mind can keep inside. Near/short jmp's never affect the flags. Windows doesn't have the referred kind of task switching.


From the Manual

Code:
Flags affected

All flags are affected if a task switch occurs; no flags are affected if a task switch does not occur.     


The evidence can be seen here from the OP's faulty loop - works at runtime, but fails in debugging mode but then again, it works on revo's debugger. The only logical explanation here lies in the eflags. There's no other possible answer. Hmmm..
Post 13 Apr 2016, 16:36
View user's profile Send private message Reply with quote
l_inc



Joined: 23 Oct 2009
Posts: 881
l_inc 13 Apr 2016, 16:48
system error
This statement in the manual refers to far jump's through a task gate selector (or alternatively TSS). Even if you were willing to cause a task switch with a far jump, you wouldn't be able to do so, because Windows does not create task gates.
Quote:
The evidence can be seen here from the OP's faulty loop

I haven't looked in the source (I probably will do that in the evening), but you'd better not be looking for evidence of impossible things.

_________________
Faith is a superposition of knowledge and fallacy
Post 13 Apr 2016, 16:48
View user's profile Send private message Reply with quote
system error



Joined: 01 Sep 2013
Posts: 670
system error 13 Apr 2016, 16:56
Let's not forget the fact that it runs errant in INT 3 mode.
Post 13 Apr 2016, 16:56
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20357
Location: In your JS exploiting you and your system
revolution 13 Apr 2016, 16:56
system error: What you explain simply does not happen in Windows (or any well written OSes). There is just no way any task switching will change the programs view of the flags or any other register whether being debugged or not. If this were not the case then programs would be randomly crashing all the time.
Post 13 Apr 2016, 16:56
View user's profile Send private message Visit poster's website Reply with quote
system error



Joined: 01 Sep 2013
Posts: 670
system error 13 Apr 2016, 17:00
LMAO
Post 13 Apr 2016, 17:00
View user's profile Send private message Reply with quote
l_inc



Joined: 23 Oct 2009
Posts: 881
l_inc 13 Apr 2016, 21:02
There's indeed no reason for the program to crash. Maybe something's misconfigured in OllyDbg or a faulty OllyDbg plugin is installed. From the first post it isn't even clear whether the program crashes or OllyDbg itself. In the former case OllyDbg should catch the exception and show what exact instruction caused it. But the wording "exception occurred at address" rather indicates the latter.

_________________
Faith is a superposition of knowledge and fallacy
Post 13 Apr 2016, 21:02
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.