Armadillo crashes Olly

Hi JuneMouse,

That some advanced patch you got Looks like you don't like 25 (%) hehe Reason I say that is it looks to me you're searching on the stack through 139853913 bytes to find it. If Any 25 found, the you take drastic majors I don't think it actually finds that bad %s%s%s... but some other 25 could be of an address or something else. But it does the job

I ran that crackme and it sure does use same string format vulnerability as does Armadillo. Wish it was more unique like %sBad%sC%Bad%s though. I tried your patch and it works with Armadillo just fine. Oh and my patch works with that Crackme

MaRKuS-DJM:
Very good article here about the cause. hxxp://www.cs.ucsb.edu/~jzhou/security/formats-teso.html

TQN:
Where are the other patchers? I want them all

deXep:
That is what I kinda do, but you only need to kill the first %s for it to work. Olly copies the string until it reaches two null charecters 00,00 then it stops. So no reason to kill all of them. Actually it has no problems with % at all, you can put as many you like, its the %s folowed by another %s that causes chaos. %s is is used in 'C' programming language to handle Strings.


NOTE: The patch will make a backup of your Ollydbg.exe into Ollydbg.bak but as soon as you start Ollydbg it will overwrite this file with its own so its best that you rename or backup yourself if you ever decide you don't like the patch.

[upb]

the ROOT cause of this problem is that olly must be using a *printf* function and supply the debug string as the FORMAT parameter. while it should supply "%s" as the format parameter and the debug string as additional param. so maybe somene with a little bit of free time can find this place in olly and patch it.