kangdangda
March 17th, 2007, 22:31
I am debugging a game exe file using Olly. That exe file was encrypted and Peid 0.93 sees nothing,so I decided to manually unpack it.However,when I load it using Olly,it crashes Olly before reaches its EP.After more exploration,I found the app will stop at its EP and don't crash if I minimize the Dessembly window of Olly to just 10 lines.The Displayed asm code is:
006FE014 > B8 00000000 MOV EAX,0 <--- EP here,
006FE019 60 PUSHAD
006FE01A 0BC0 OR EAX,EAX
006FE01C 74 68 JE SHORT Game.006FE086
006FE01E E8 00000000 CALL Game.006FE023
006FE023 58 POP EAX
006FE024 05 53000000 ADD EAX,53
006FE029 8038 E9 CMP BYTE PTR DS:[EAX],0E9
006FE02C 75 13 JNZ SHORT Game.006FE041
006FE02E 61 POPAD <--- Ok ,nothing happens when Dessembly windows is small enough only to see this line and above.
006FE02F EB 45 JMP SHORT GAME.006FE076 <---Crashes When I Continue dragging to Expand Dessembly window to see this line
So I wonder if it is an Anti-Olly protection or just an Olly bug? The poped out error msgbox says olly crashes at 0x0004AA2F2 in ollydbg.exe by a floating operation error
Thanks for any suggestions.
006FE014 > B8 00000000 MOV EAX,0 <--- EP here,
006FE019 60 PUSHAD
006FE01A 0BC0 OR EAX,EAX
006FE01C 74 68 JE SHORT Game.006FE086
006FE01E E8 00000000 CALL Game.006FE023
006FE023 58 POP EAX
006FE024 05 53000000 ADD EAX,53
006FE029 8038 E9 CMP BYTE PTR DS:[EAX],0E9
006FE02C 75 13 JNZ SHORT Game.006FE041
006FE02E 61 POPAD <--- Ok ,nothing happens when Dessembly windows is small enough only to see this line and above.
006FE02F EB 45 JMP SHORT GAME.006FE076 <---Crashes When I Continue dragging to Expand Dessembly window to see this line
So I wonder if it is an Anti-Olly protection or just an Olly bug? The poped out error msgbox says olly crashes at 0x0004AA2F2 in ollydbg.exe by a floating operation error
Thanks for any suggestions.