Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   Another Ollydbg question DLL loading in Program (https://forum.exetools.com/showthread.php?t=7715)

hobferret 06-18-2005 23:15
Another Ollydbg question DLL loading in Program
 
Hey there it's me again :)

Being as I am only just "getting" converted to Olly, I have what is probably a very simple question for you guys :eek:

When I was messing around with a program for ivanov, I wanted the program to break on access to vboxb410.dll. The only way I managed it was to set a break on "new modules (DLL), but that breaks on every dll it loads. :confused:

So how the hell can you get it to break on a specific DLL :confused:

Any reply will be appreciated, no matter how "daft" it may be :cool:

/hobferret

MaRKuS-DJM 06-19-2005 00:12
you can use DllBreakEx for that task. it's an olly plugin.

hobferret 06-19-2005 02:13
Cheers MaRKuS-DJM :)

I will see if it kick's ass :D

/hobferret

hobferret 06-19-2005 03:31
OK MaRKuS :)

That only let's you know a DLL is being loaded :D

It don't stop the process, get my drift :confused:

/hobferret

MaRKuS-DJM 06-19-2005 04:06
did you also check the option break on new modules in olly options? it should stop at the corresponding dll then.

hobferret 06-19-2005 18:24
MaRKuS-DJM mate :)

Rite, when I do as you suggest it does break on the DLL loading, a msgbox tells me so :D

OK having gotten that far, how do I now get to the program :confused:

You can't click on anything until you get rid of the msgbox, so pray tell me what I am doing wrong :eek:

Obviously after getting rid of the msgbox the program just runs, I need to be able to stop the God darn thing :confused:

If I can't get this to work I think I will have to revert to SICE, it's most likely me being as I'm a noob with Olly :cool:

/hobferret

MaRKuS-DJM 06-19-2005 18:36
ok, if all doesn't work, i can suggest another way.
1. search for the dll in executable modules
2. right click on it and then go to follow entry
3. in CPU-window, you are on the entry-point now
4. right click in CPU-window, Breakpoint > Hardware, on execution.
5. next time it starts you will break when the entrypoint of the dll is touched.

hobferret 06-19-2005 19:02
Cheers mate :)

That works, however, I need to do a little more work, because I keep getting Vbox injection error and then terminates :eek:

Anyways, thanks, I'm sure I will ger round it now :mad:

/hobferret

JuneMouse 06-19-2005 21:46
hey its me again :) hope you remember me from 1847 :)
may be you could try my plugin ntGlobalFlag
take a look at the using tls in ollydbg thread in this forum its still in view some 10 15 posts below :) for a link
but it too will stop on all dlls init routine :( you will be forced to f9 till you are on your required dll :)

hobferret 06-19-2005 23:32
Hey JuneMouse :)

I assume you mean this "NtGlobalFlag v 1.1 OllyDbgPlugin", thanks for the info, but my memory from 1847 is rather vague. I know there was "soft ice" around then but no olly's. :D

Well I'll give it a try anyways :cool:

/hobferret


All times are GMT +8. The time now is 23:19.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX