#11 FindOpRev makes Ollydbg freeze

Milestone: v1.0 (example)

Status: open

Owner: nobody

Labels: None

Priority: 5

Updated: 2018-02-15

Created: 2018-02-14

Creator: Daniello Alto

Private: No

**### Phenom
->When using the command FindOpRev in a script (to search certain command backwards) there's a great change to make Ollydbg hung and not responding anymore.

background:

bool OllyLang::DoFINDOPREV(string args)
in ODbgScript.1.82.src\OllyLangCommands.cpp
gets stucked in a endlessloop in case there is nothing found.

Workaround/Fix:

If Ollydbg gets freezed.
Start another Ollydbg instance and attach it to the hunged Ollydbg. Pause and trace with F8 a while. You'll probably get soon into the endless loop and do something to break out of it.

More in detail

the problem is that boader check in the find Loop:
do
{
addr = Disassembleback( 0, tmem->base, tmem->size, addr, 1, 0);
endaddr = Disassembleback( 0, tmem->base, tmem->size, addr, 1, 0);
ok = Readcommand(addr, cmd);

        if(addr == tmem->base + tmem->size)
            ok = 0;

        if(ok)
            result = FindWithWildcards(cmd, ops[1].c_str(), endaddr - addr);
    } while(result != 0 && ok != 0);

While
Since the index in loop is running backwards it should check for lower boundary.
~~if(addr == tmem->base + tmem->size)~~ will check the upper boundary (<-which is excellent for FindOp ) but to make FindOpRev work change it to:

if ( addr =< tmem->base )

Quickfix/Download:

However here's a fixed binary.
Hehe just two NOP's and the bug is gone. smile
Jay Hoo ya probably all know this game.

Beside that I also packed->
OdbgScript.xml
in the Zip. It a language definition file for Notepad++ that enables code folding & syntax highlighting to make look ya script shiny colorful and well organized.
Original name is '*OdbgScript4npp by SpeedJack.rar' *

Off topic:

Well I'm sorry for that flaw .
Some years ago I did that Olly Script 0.93 -> 0.94 update. Since reverse engineering needed some search for commands that can also run in reverse.
Wow its a real honor to see that it made its way into ODbgScript!
I even loved ODbgScript before and now when I got the Update to maybe add the FindOp_r I saw that it's already there. Wow magic.

Oops I yeah I'm really sorrow for this little glitch.

Okay

That's it.

1 Attachments

ODbgScript 1_82_6_FindOpRev_BugFix #1.zip

Discussion

SHaG - 2018-02-15

Nice to see my ages-old project still being alive and kicking! :) Will fix this - my first fix since v0.93 or something.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

FindOpRev makes Ollydbg freeze

Group

Searches

Help