|
|
#1
05-10-2013, 12:52
|
|||
|
|||
|
Is there anything wrong with OllyDbg's conditional breakpoint
In Windows XP SP3, there is an instruction
call [ebp+8] at address +77D18731 for message processing: 77D1870C push ebp 77D1870D mov ebp, esp 77D1870F push esi 77D18710 push edi 77D18711 push ebx 77D18712 push DCBAABCD 77D18717 push esi 77D18718 push dword ptr [ebp+18] 77D1871B push dword ptr [ebp+14] 77D1871E push dword ptr [ebp+10] 77D18721 push dword ptr [ebp+C] 77D18724 mov eax, fs:[18] 77D1872A or byte ptr [eax+FB4], 1 ==>77D18731 call [ebp+8] 77D18734 mov ecx, fs:[18] 77D1873B and byte ptr [ecx+FB4], 0 77D18742 cmp dword ptr [esp+4], DCBAABCD 77D1874A jnz 77D403B0 77D18750 add esp, 8 77D18753 pop ebx 77D18754 pop edi 77D18755 pop esi 77D18756 pop ebp 77D18757 retn 14 If I set a breakpoint at +77D18731 with the condition as follows: [esp+4]==SomeHandle && [SomeAddress]==SomeValue that breakpoint always fails, that is to say, the breakpoint will not be triggered when the conditions have been true. So, is there anything wrong with OllyDbg? 
|
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| how does ollydbg memory breakpoint works | deXep | General Discussion | 5 | 10-15-2005 21:48 |
| Olly conditional BP syntax? | Rhodium | General Discussion | 2 | 07-20-2004 20:30 |
| Olly conditional breakpoint help | Rhodium | General Discussion | 9 | 07-21-2003 14:19 |
Threaded Mode