Thread: Armadillo crashes Olly
View Single Post
  #2  
Old 01-22-2005, 15:49
JuneMouse
 
Posts: n/a
well i saw a crackme that was crashing ollydbg this way

the crakme is here
http://biw.rult.at/vbb/upload/showthread.php?threadid=1042

so i kinda modified ollydbg to prevent it from crashing

Code:
########################################################################################################################################################
DO NOT USE WORD WRAP IN NOTEPAD AND MAXIMIZE SCREEN FOR BETTER VIEWABILITY
########################################################################################################################################################

here is the modification i did to ollydbg

004AF644    > \60              PUSHAD                             ;  well safety
004AF645    .  6A 03           PUSH    3                           ;  MEM_RESILENT I THINK NOT SURE COPY PASTE 
004AF647    .  FF35 26574D00   PUSH    DWORD PTR DS:[4D5726]       ;  poked around  and saw olly using it so i am using it
004AF64D    .  FF35 20574D00   PUSH    DWORD PTR DS:[4D5720]       ;  poked around  and saw olly using it so i am using it
004AF653    .  52              PUSH    EDX                         ;  poked around  and saw olly using it so i am using it
004AF654    .  E8 B31CFBFF     CALL    OLLYDBGm._Readmemory        ;  what else reading memory
004AF659    .  B8 25000000     MOV     EAX, 25                     ;  set % as scan charecter
004AF65E    .  8B3C24          MOV     EDI, DWORD PTR SS:[ESP]     ;  you might have noticed i have not popped up stack 
004AF661    .  8B4C24 08       MOV     ECX, DWORD PTR SS:[ESP+8]   ;  you might have noticed i have not popped up stack 
004AF665    .  F2:AE           REPNE   SCAS BYTE PTR ES:[EDI]      ;  scanning for % in the debugstring 
004AF667    .  83F9 00         CMP     ECX, 0                      ;  will be zero only if the string didnt contain % 
004AF66A    .  75 0E           JNZ     SHORT OLLYDBGm.004AF67A     ;  bad boy 
004AF66C    .  83C4 10         ADD     ESP, 10                     ;  popping stack contents of ReadMemory call
004AF66F    .  61              POPAD                              ;  safety relese
004AF670    .  E8 B775FFFF     CALL    OLLYDBGm.004A6C2C           ;  restore old instruction that was buggered up for this check and call it 
004AF675    .^ E9 141CF8FF     JMP     OLLYDBGm.0043128E           ;  jmp back to original place
004AF67A    >  83C4 10         ADD     ESP, 10                     ;  popping up stack contents of Readmemory
004AF67D    .  61              POPAD                               ;  safety release
004AF67E    .  83C4 08         ADD     ESP, 8                      ;  popping the original args
004AF681    .^ E9 CD1CF8FF     JMP     OLLYDBGm.00431353           ;  jmping to readmemory failure place 


######################################################################################################################################################

this is the call i am diverting to my modification 
######################################################################################################################################################

00431289    . /E9 B6E30700     JMP     OLLYDBGm.004AF644

######################################################################################################################################################
the above is my code what i did was to parse the string any string that conmes to this place for % specifier if it existed it will not output that string
if it didnt exist it will output that string

hope it may be of help to some one can some one test this on armadillo and tell me whether it works properly i know it works on this crackme
ollydbg version 1.10
tested on w2k sp4
any other test reports on different os are also appreciated
Last edited by JuneMouse; 01-22-2005 at 17:08.
Reply With Quote