Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page Armadillo crashes Olly
Register Forum Rules FAQ Calendar

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #14  
Old 01-25-2005, 04:26
Flagmax
 
Posts: n/a
Problem Solved...
Hi JuneMouse,

I did more tracing and found the root cause of the problem. It seems in this Armadillo, the address that holds the length of message also gets filled up with some junk. And in your patch you are Pushing DWORD to the stack. Instead you need to push just a WORD. The Code here shows the proper way:
Code:
00431294    0FB71D 26574D00     MOVZX EBX,WORD PTR DS:[4D5726]           ; Copies just a WORD
...
00431336    53                  PUSH EBX                                 ; Push Length to Stack
00431337    A1 20574D00         MOV EAX,DWORD PTR DS:[4D5720]
0043133C    50                  PUSH EAX
0043133D    8D95 98FDFFFF       LEA EDX,DWORD PTR SS:[EBP-268]
00431343    0355 F4             ADD EDX,DWORD PTR SS:[EBP-C]
00431346    52                  PUSH EDX
00431347    E8 C0FF0200         CALL OLLYDBG_._Readmemory                ; Read a Chunk of Memory
Oh so here is a minor fix that I made. Now I believe its 100% working.
Code:
004AF644    60                  PUSHAD
004AF645    6A 03               PUSH 3
004AF647    0FB71D 26574D00     MOVZX EBX,WORD PTR DS:[4D5726]           ; Copies a WORD from 4D5726h and strips the rest junk
004AF64E    53                  PUSH EBX                                 ; Now Push the correct Length of Message to Stack
004AF64F    FF35 20574D00       PUSH DWORD PTR DS:[4D5720]
004AF655    52                  PUSH EDX
004AF656    E8 B11CFBFF         CALL OLLYDBG_._Readmemory
004AF65B    B8 25000000         MOV EAX,25
004AF660    8B3C24              MOV EDI,DWORD PTR SS:[ESP]
004AF663    8B4C24 08           MOV ECX,DWORD PTR SS:[ESP+8]
004AF667    F2:AE               REPNE SCAS BYTE PTR ES:[EDI]
004AF669    83F9 00             CMP ECX,0
004AF66C    75 0E               JNZ SHORT OLLYDBG_.004AF67C
004AF66E    83C4 10             ADD ESP,10
004AF671    61                  POPAD
004AF672    E8 B575FFFF         CALL OLLYDBG_.004A6C2C
004AF677  ^ E9 121CF8FF         JMP OLLYDBG_.0043128E
004AF67C    83C4 10             ADD ESP,10
004AF67F    61                  POPAD
004AF680    83C4 08             ADD ESP,8
004AF683  ^ E9 CB1CF8FF         JMP OLLYDBG_.00431353
Last edited by Flagmax; 01-26-2005 at 08:10.
Reply With Quote
 

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
help unpacked .dll now crashes Mitchjs General Discussion 3 04-28-2008 07:41
Armadillo 4.42 & Olly TmC General Discussion 1 04-23-2006 09:22
Ida2Sice crashes Softice?! bEaST General Discussion 0 09-07-2005 22:17
OllyScript 0.85 and Olly 1.10 crashes ??!? Shub-Nigurrath General Discussion 6 07-11-2004 19:10


All times are GMT +8. The time now is 03:00.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )