jadesk99
January 10th, 2004, 16:34
Can not Olly debug DLL ?
Let me know how to debug DLL code with Olly !
Thanks
Let me know how to debug DLL code with Olly !
Thanks
View Full Version : How to debug DLL ?
Ricardo Narvaja
January 10th, 2004, 21:02
In Nt/2000 and XP olly can debug all DLLS.
Run the principal program (the program use the dll you can debug) and put in EVENTS the mark in STOP IN DLL LOAD.
Olly stop in the load of any dll, go to view-executables, right click FOLLOW ENTRY and you can view the entry point of the dll, you can put a BP here, or a BPM in the code section of the dll, and you can debug the dll.
Ricardo
Run the principal program (the program use the dll you can debug) and put in EVENTS the mark in STOP IN DLL LOAD.
Olly stop in the load of any dll, go to view-executables, right click FOLLOW ENTRY and you can view the entry point of the dll, you can put a BP here, or a BPM in the code section of the dll, and you can debug the dll.
Ricardo
blabberer
January 11th, 2004, 02:25
well ihave a template program written with just LoadLibrary and GetProcAddress coded in it and if there are dlls that i need to study and no app that uses it
i open this proggie in olly and supply the name of Dll and say load
and ricardo has said how to do the other things once it has loaded
view-->exemodules--->follow --->analyze ---> then what ever you like to do
i open this proggie in olly and supply the name of Dll and say load
and ricardo has said how to do the other things once it has loaded
view-->exemodules--->follow --->analyze ---> then what ever you like to do
MrWizard
January 19th, 2004, 02:31
I use a simple template program as well, you can download it at http://www20.brinkster.com/qweerdy/ ("http://www20.brinkster.com/qweerdy/") (It's called DllLoad)
It takes the DLL to load as a commandline argument, and it loads the DLL without calling DLLMain. That way you don't have to set OllyDbg to break on every Dll load.
As soon as the DLL is loaded it hits a built-in breakpoint and you can start exploring the DLL.
It takes the DLL to load as a commandline argument, and it loads the DLL without calling DLLMain. That way you don't have to set OllyDbg to break on every Dll load.
As soon as the DLL is loaded it hits a built-in breakpoint and you can start exploring the DLL.
mcnorth
January 19th, 2004, 21:40
MrWizard. Thanks for sharing that!
If I may be so bold as to ask a stupid question, how do you tell it what dll to load? I loaded it in Ollydbg and it looks like it breaks on "GetCommandLineA". What next? Or is that wrong already? I'm really new at this (as if you couldn't tell) and since it is all a real struggle for me I'd appreciate some instruction.
Thanks
If I may be so bold as to ask a stupid question, how do you tell it what dll to load? I loaded it in Ollydbg and it looks like it breaks on "GetCommandLineA". What next? Or is that wrong already? I'm really new at this (as if you couldn't tell) and since it is all a real struggle for me I'd appreciate some instruction.
Thanks
TBD
January 20th, 2004, 03:05
mcnorth: here are the steps:
* open OllyDbg
* load dllload.exe
* enter in Debug|Arguments the name of the DLL
* F9 (run)
* dllload will stop after loading the DLL (by using a int3)
* now you have the DLL loaded and do whatever you want (ALT+E - View modules to see it, usually red marked)
* open OllyDbg
* load dllload.exe
* enter in Debug|Arguments the name of the DLL
* F9 (run)
* dllload will stop after loading the DLL (by using a int3)
* now you have the DLL loaded and do whatever you want (ALT+E - View modules to see it, usually red marked)
blabberer
January 20th, 2004, 08:29
that link doesnt seem to work
but a small observation i had during my own coding of one such program
instead of using int3 using jmp eip (db 0ebh,db 0feh) works better as if you have check marked int3 in the option ignore(pass to program following exceptions in debugging options--exceptions f9inng the program would terminate without one being able to do any thing)
but a small observation i had during my own coding of one such program
instead of using int3 using jmp eip (db 0ebh,db 0feh) works better as if you have check marked int3 in the option ignore(pass to program following exceptions in debugging options--exceptions f9inng the program would terminate without one being able to do any thing)
TBD
January 20th, 2004, 08:47
oh me anon: link is working
it is a simple LoadLibraryEx,"dll_name",0,DONT_RESOLVE_DLL_REFERENCES and INT3 after.
it is a simple LoadLibraryEx,"dll_name",0,DONT_RESOLVE_DLL_REFERENCES and INT3 after.
naceur
January 20th, 2004, 10:17
please step by step
mcnorth
January 20th, 2004, 10:58
TDB:
Thanks!
Thanks!
Powered by vBulletin® Version 4.2.2 Copyright © 2018 vBulletin Solutions, Inc. All rights reserved.