PDA

View Full Version : Help - problem loading a program for debugging

pepak
October 9th, 2006, 10:09
I am trying to write a Win32 application in assembler. I have started with various tutorials and it seems straightfoward enough. The problem is that I need something to debug my applications with. OllyDbg looks just right, except that I don't seem to be able to actually debug m program in it: The program loads, but the first breakpoint occurs AFTER the program finishes. How do I tell OllyDbg to only load the program but stop before executing my code? I am trying it on a bare skeleton of a program:

<code>
.486
.model flat, stdcall
option casemap :none

include c:\masm32\include\windows.inc
include c:\masm32\include\user32.inc
include c:\masm32\include\kernel32.inc

includelib c:\masm32\lib\user32.lib
includelib c:\masm32\lib\kernel32.lib

.data

AppName db 'Test application', 0

.code

start:

INVOKE GetCommandLine
INVOKE MessageBox, 0, EAX, ADDR AppName, MB_OK
INVOKE ExitProcess, 0

end start
</code>
fr33ke
October 9th, 2006, 10:32
Check out Options -> Debugging options -> Events. Maybe there's something wrong there.
blabberer
October 9th, 2006, 14:54
Quote:

but the first breakpoint occurs AFTER the program finishes


what do you mean ?

you mean ollydbg shows you that the process has terminated ?

where does it indeed break ? is it your break point or some ghost breakpoint ?

are you sure it broke some where ?

is the analysis being done ( a black progress bar will show up)
does the log window say the program has been analysed ?

if you still have some problems just post few lines from your log window
may be there is some clue in there

does your program run outside the debugger without problems

or are you confusing yourself with the initial break point in system breakpoint ?

if it indeed has broke on system breakpoint look at log window
you will see this line
Log data, item 0
Address=7C901230
Message=System startup breakpoint
if it there then go to
option debugging options events -> and set make first pause at
entry point of main module radio button and click ok and restart your debuggee
pepak
October 10th, 2006, 01:01
Quote:
[Originally Posted by fr33ke]Check out Options -> Debugging options -> Events. Maybe there's something wrong there.

I tried all three events. All of them trigger after my program finishes.
pepak
October 10th, 2006, 01:12
(edit: damn these notebook keyboards, so many misspellings)

Quote:
[Originally Posted by blabberer]what do you mean ?

you mean ollydbg shows you that the process has terminated ?

It shows that the program loaded OK and lets me debug. Unfortunatelly, all three WinAPI calls of my application occur before that. So the sequence is

1) Open the application in OllyDbg
2) Process GetCommandLine, MessageBox, ExitProcess
3) OllyDbg's breakpoint triggers

Quote:
are you sure it broke some where ?

No. But I am pretty certain that it would be more useful for me to debug the application before it finishes rather than after :-)

Quote:
is the analysis being done ( a black progress bar will show up)
does the log window say the program has been analysed ?

I tried it with a modified skeleton application, one that displays a form and an edit box, then waits for the user to terminate it. The log looks like this:

Code:


Log data

Address    Message

           OllyDbg v1.10

           Bookmarks sample plugin v1.06 (plugin demo)

             Copyright (C) 2001, 2002 Oleh Yuschuk

           Command line plugin v1.10

             Written by Oleh Yuschuk



           File 'D:\Pepa\Skola\Programovaci techniky\Prace\_main.exe'

           New process with ID 000004CC created

00401040   Main thread with ID 0000037C created

00400000   Module D:\Pepa\Skola\Programovaci techniky\Prace\_main.exe

             Size changed, discarding .udd data

77D30000   Module C:\WINDOWS\system32\user32.dll

77F10000   Module C:\WINDOWS\system32\GDI32.dll

7C800000   Module C:\WINDOWS\system32\kernel32.dll

7C900000   Module C:\WINDOWS\system32\ntdll.dll

746F0000   Module C:\WINDOWS\system32\MSCTF.dll

77C00000   Module C:\WINDOWS\system32\msvcrt.dll

77DC0000   Module C:\WINDOWS\system32\ADVAPI32.dll

008F0000   Module C:\Program Files\Ad Muncher\AdMunch.dll

77E70000   Module C:\WINDOWS\system32\RPCRT4.dll

71A90000   Module C:\WINDOWS\system32\ws2_32.dll

71A80000   Module C:\WINDOWS\system32\WS2HELP.dll

           Process terminated, exit code 0

00400000   Unload D:\Pepa\Skola\Programovaci techniky\Prace\_main.exe

008F0000   Unload C:\Program Files\Ad Muncher\AdMunch.dll

71A80000   Unload C:\WINDOWS\system32\WS2HELP.dll

71A90000   Unload C:\WINDOWS\system32\ws2_32.dll

746F0000   Unload C:\WINDOWS\system32\MSCTF.dll

77C00000   Unload C:\WINDOWS\system32\msvcrt.dll

77D30000   Unload C:\WINDOWS\system32\user32.dll

77DC0000   Unload C:\WINDOWS\system32\ADVAPI32.dll

77E70000   Unload C:\WINDOWS\system32\RPCRT4.dll

77F10000   Unload C:\WINDOWS\system32\GDI32.dll

7C800000   Unload C:\WINDOWS\system32\kernel32.dll

7C900000   Unload C:\WINDOWS\system32\ntdll.dll



           File 'D:\Pepa\Skola\Programovaci techniky\Prace\_main.exe'

           New process with ID 00000694 created

00401040   Main thread with ID 00000248 created

00400000   Module D:\Pepa\Skola\Programovaci techniky\Prace\_main.exe

             CRC changed, discarding .udd data

77D30000   Module C:\WINDOWS\system32\user32.dll

77F10000   Module C:\WINDOWS\system32\GDI32.dll

7C800000   Module C:\WINDOWS\system32\kernel32.dll

7C900000   Module C:\WINDOWS\system32\ntdll.dll

746F0000   Module C:\WINDOWS\system32\MSCTF.dll

77C00000   Module C:\WINDOWS\system32\msvcrt.dll

77DC0000   Module C:\WINDOWS\system32\ADVAPI32.dll

008F0000   Module C:\Program Files\Ad Muncher\AdMunch.dll

77E70000   Module C:\WINDOWS\system32\RPCRT4.dll

71A90000   Module C:\WINDOWS\system32\ws2_32.dll


Mind you, this is the status when my window is already running and receiving input, though OllyDbg doesn't show anything at all yet. I have to close the window, only then does OllyDbg trigger; the log shows:

Code:


 Message=Process terminated, exit code 0


Quote:
does your program run outside the debugger without problems

It runs without problems even in the debugger. The only problem is that I can't get the debugger to debug it. Anyway, you can try for yourself: The application and its source code are at http://www.pepak.net/tmp/asm.zip.
pepak
October 10th, 2006, 01:17
Well, never mind, I found it: Firewall is the culprit here! It triggers on rule "process writes to memoryspace of system"