Login/Register
OllyDbg catching/throwing exceptions
Asked Answered
Solved reverse-engineeringollydbg
C

1

6

Every time I am trying to debug something with OllyDbg 1.10 (on Windows 7 32-bit), it keeps throwing exceptions for no reason. I skip them with Shift + F7/F8/F9, and at the end it throws an exception saying EIP = 00000000.

Can someone please tell me how to fix it?

Concuss answered 24/10, 2011 at 12:45 Comment(4)
what's your ollydbg version? Get the newest at ollydbg.de/version2.html Also does it really do that on every exe you open? What OS are you using? Did you install plugins? More details please!Reborn
@龚元程 am using odbg110 and yeah with every exe :S , ruining it on win7 32bitConcuss
Do you have all the necessary plugins so your ollydbg is not detected by the program? Maybe you have to unpack the program first? The program was written in C, Delphi, .NET?Eardrum
@César Bustíos was written in C++.Concuss
G
12

The following applies to OllyDbg 1.10; for other versions, YMMV.

Options > Debugging Options > Exceptions

enter image description here

This setting allows you to set OllyDbg to ignore each/any exception thrown (use specific numbers for specific exceptions or 00000000 .. FFFFFFFF to ignore all).

Also, for your convenience, I'd recommend the following settings for OllyDbg, in case you don't have them:

Start analysis of main module

Options -> Debugging Options -> Analysis 1

enter image description here

With this option activated Olly will analyze the program being debugged at start.

Highlighting jumps and calls

Options -> Appearance -> Defaults -> Default syntax highlighting -> Jumps'n'calls

Or, for current window, using right click:

enter image description here

Show jump path

Options -> Debugging Options -> CPU

enter image description here

With this options you can see the path of the jumps.

Finally, I recommend virtualize XP inside your Windows 7 with a tool of your choice, as it may make your debugging easier.

Groot answered 3/11, 2011 at 22:33 Comment(1)
@Groot although your hints are extremely helpful (I honestly wonder why those settings ain't the default ones!), I'd strongly suggest to put them in a separate self-answered Q&A (e.g. "What initial settings are helpful for people new to OllyDbg?"), since AFAIK they are completely unrelated to OP's question - also, putting that Q&A on reverseengineering.stackexchange.com would make it even better IMO.Scaleboard

© 2022 - 2024 — McMap. All rights reserved.