Currently following Lenas ODBG guide and have so far found Olly 2 much nicer to work with. I can not find the Call Stack Trace windows in v2 can someone point me into the right direction?

Bare in mind that ODBG 2.0 currently does not have plug-ins activated or available.



Regards,

Thank you

It's not even a plugin, it's builtin functionality in Olly 1.10. But as you should know, Olly 2.0 is still beta and it simply doesn't *have* this window yet.

Manually backtrace religion does not allow or what?

Thats what I figured, just wanted to make sure that I did not miss the window in any way.



I am still pretty new and have been following Lena151's guide but after playing around with certain features I did realize that doing a logged trace pretty much gives me the same information and the logged trace seems to be more complete.

deamon32
The sequence of procedures and they use local variables addressable Ebp form a chain of stack frames, which can be deployed. Backtrace - enumeration of stack frames in the chain. Link to the end of the chain is in the register Ebp (beginning at the bottom of the stack, link to the top of the stack is in the register Esp):
http://img704.imageshack.us/img704/8384/sf1i.png
http://img689.imageshack.us/img689/5503/sf2y.png

Well, I still look forward to the stack window in the final version, running traces on some targets gets you tied up in a loop that requires you to break, single step and then resume the trace, I never realized how much I relied on the stack window until I started working with ver. 2.0, but we certainly don;t want to complain considering the RE community would be pretty desolate without Olegh's work.

SiGiNT (Grampy 2)

Understanding the architecture is necessary and sufficient to not use plugins

Thank you!!! this helped out a lot

Keep in mind that this ebp trick doesn't always work. Using ebp as a frame pointer is only a convention and is not required by the architecture. Some compilers (like msvc) offer an option called "omit frame pointer" which makes the program access local variables directly through esp instead of ebp. This way, ebp is free to be used as an additional general purpose register. If you encounter a program that uses this option, the trick shown in those screenshots obviously won't work anymore.

I hope that oleh will restore call stack in his stable version together with memory BP on sections! oneshot bp on access (using int3) are easily detectable and not very reliable as memory bp!
Setting a mem bp on section using the dump is too long

For anyone interested Indy's screen shots and Lena151's tutorial #15 are a really good resource to fully understand this concept.

Helped me reverse one of the applications for the company I work at today

The Call Stack window is not a plugin - it's the big blue K at the top.

SiGiNT

I do not see, where?
http://img22.imageshack.us/img22/6738/seei.png

Indy!

Geesh! the whole point of this thread is it's missing in 2.0 - it is an integrated part of Olly 1.X and is missing so far in 2.X, we're all wondering if and when it will be incorporated in 2.X - your assignment for today is to reread this thread! , and learn how to attach images.

SiGiNT