Thread: Is there anything wrong with OllyDbg's conditional breakpoint
View Single Post
  #1  
Old 05-10-2013, 12:52
BlackWhite BlackWhite is offline
Friend
  
Join Date: Apr 2013
Posts: 85
Rept. Given: 4
Rept. Rcvd 14 Times in 6 Posts
Thanks Given: 14
Thanks Rcvd at 56 Times in 25 Posts
BlackWhite Reputation: 14
Is there anything wrong with OllyDbg's conditional breakpoint
In Windows XP SP3, there is an instruction
call [ebp+8]
at address +77D18731 for message processing:
77D1870C push ebp
77D1870D mov ebp, esp
77D1870F push esi
77D18710 push edi
77D18711 push ebx
77D18712 push DCBAABCD
77D18717 push esi
77D18718 push dword ptr [ebp+18]
77D1871B push dword ptr [ebp+14]
77D1871E push dword ptr [ebp+10]
77D18721 push dword ptr [ebp+C]
77D18724 mov eax, fs:[18]
77D1872A or byte ptr [eax+FB4], 1
==>77D18731 call [ebp+8]
77D18734 mov ecx, fs:[18]
77D1873B and byte ptr [ecx+FB4], 0
77D18742 cmp dword ptr [esp+4], DCBAABCD
77D1874A jnz 77D403B0
77D18750 add esp, 8
77D18753 pop ebx
77D18754 pop edi
77D18755 pop esi
77D18756 pop ebp
77D18757 retn 14

If I set a breakpoint at +77D18731 with the condition as follows:
[esp+4]==SomeHandle && [SomeAddress]==SomeValue
that breakpoint always fails, that is to say, the breakpoint
will not be triggered when the conditions have been true.

So, is there anything wrong with OllyDbg?
Reply With Quote