OllyDbg Debuger.

Slides:



Advertisements
Similar presentations
Operating Systems Components of OS
Advertisements

Slide 1CPU Emulator Tutorial This program is part of the software suite that accompanies the book The Digital Core, by Noam Nisan and Shimon Schocken 2003,
Utilizing the GDB debugger to analyze programs Background and application.
Mehmet Can Vuran, Instructor University of Nebraska-Lincoln Acknowledgement: Overheads adapted from those provided by the authors of the textbook.
Debugging What can debuggers do? Run programs Make the program stops on specified places or on specified conditions Give information about current variables’
Lab6 – Debug Assembly Language Lab
Lecture Roger Sutton CO331 Visual programming 15: Debugging 1.
Architectural Support for OS March 29, 2000 Instructor: Gary Kimura Slides courtesy of Hank Levy.
The IDE (Integrated Development Environment) provides a DEBUGGER for locating and correcting errors in program logic (logic errors not syntax errors) The.
1 Homework Reading –PAL, pp , Machine Projects –Finish mp2warmup Questions? –Start mp2 as soon as possible Labs –Continue labs with your.
Table 1. Software Hierarchy Levels.. Essential Tools An assembler is a program that converts source-code programs into a machine language (object file).
1-1 Embedded Software Development Tools and Processes Hardware & Software Hardware – Host development system Software – Compilers, simulators etc. Target.
Introduction to Interrupts
Memory & Storage Architecture Seoul National University Computer Architecture “ Bomb Lab Hints” 2nd semester, 2014 Modified version : The original.
MDK-ARM Microcontroller Development Kit MDK: Microcontroller Development Kit.
Chapter 2 Software Tools and Assembly Language Syntax.
Silicon Labs ToolStick Development Platform
CHAPTER 1 XNA Game Studio 4.0. Your First Project A computer game is not just a program—it is also lots of other bits and pieces that make playing the.
System Calls 1.
Practical Malware Analysis Ch 8: Debugging Rev
Interrupts. What Are Interrupts? Interrupts alter a program’s flow of control  Behavior is similar to a procedure call »Some significant differences.
P.1ECE 331, Prof. A. Mason Professor Andrew Mason Michigan State University Spring 2013 ECE 331: PC Lab 1: Using HC12 ASM Simulators.
Chapter 3 Elements of Assembly Language. 3.1 Assembly Language Statements.
Part 3: Advanced Dynamic Analysis Chapter 8: Debugging.
ZONG Wen Department of Computer Science and Engineering The Chinese University of Hong Kong
Chapter 2: Operating-System Structures. 2.2 Silberschatz, Galvin and Gagne ©2005 Operating System Concepts Chapter 2: Operating-System Structures Operating.
Vintage Computer Hardware 101 Featuring the MITS Altair 680b Bill Degnan.
Goals: To gain an understanding of assembly To get your hands dirty in GDB.
Debugging an Application Lab. Build/Debug Process A start Load Closest Sample “debug” into MULTI editor Cut and Paste Changes into Sample Build Modified.
Debugging in Java. Common Bugs Compilation or syntactical errors are the first that you will encounter and the easiest to debug They are usually the result.
Objective At the conclusion of this chapter you will be able to:
Module 6: Debugging a Windows CE Image.  Overview Debug Zones IDE Debug Setup IDE Debug Commands Platform Builder Integrated Kernel Debugger Other Debugging.
CS CS CS IA: Procedural Programming CS IB: Object-Oriented Programming.
Copyright 2006 by Timothy J. McGuire, Ph.D. 1 MIPS Assembly Language CS 333 Sam Houston State University Dr. Tim McGuire.
© 2008, Renesas Technology America, Inc., All Rights Reserved 1 Introduction Purpose  This training module provides an overview of debugging features.
Operating System Principles And Multitasking
Bit-DSP-MicrocontrollerTMS320F2812 Texas Instruments Incorporated European Customer Training Center University of Applied Sciences Zwickau (FH)
Interrupt driven I/O. MIPS RISC Exception Mechanism The processor operates in The processor operates in user mode user mode kernel mode kernel mode Access.
Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.
CS Computer Science I. BCPL was developed in 1967 as a language for writing operating systems and software compilers In 1970, the creators of the.
Introduction to Information Security ROP – Recitation 5.
Interrupt driven I/O Computer Organization and Assembly Language: Module 12.
Copyright 2006 by Timothy J. McGuire, Ph.D. 1 MIPS Assembly Language CS 333 Sam Houston State University Dr. Tim McGuire.
Some of the utilities associated with the development of programs. These program development tools allow users to write and construct programs that the.
Lab (6) Introduction to Assembly Language 1. Introduction Objectives : Learn EMU8086 installation EMU8086 environment Learn how to: Assemble instructions.
Introduction to Information Security
Computer System Laboratory
Foundations of Computer Science C & C++ programming lecture 2
Live Phishing Attack Authentication Activity from a Foreign Address.
Microprocessor and Assembly Language
Dynamic Analysis ddaa.
Protection of System Resources
Assembly Language Programming Part 3
ACOE301: Computer Architecture II Labs
Debugging with gdb gdb is the GNU debugger on our CS machines.
PRU-ICSS Programming with CCS
Malware Incident Response  Dynamic Analysis - 2
Computer Architecture “Bomb Lab Hints”
Assembly Language Programming II: C Compiler Calling Sequences
CPU Emulator Tutorial This program is part of the software suite
Architectural Support for OS
CSC235 - Visual Studio Tutorial
Chapter 2: Operating-System Structures
CS IA: Procedural Programming CS IB: Object-Oriented Programming
8051 ASSEMBLY LANGUAGE PROGRAMMING
Architectural Support for OS
Chapter 2: Operating-System Structures
Several Tips on Project 1
Exploitation Part 1.
Some Assembly
Presentation transcript:

OllyDbg Debuger

What is OllyDbg OllyDbg is a debugger that emphasizes binary code analysis, which is useful when source code is not available. It traces registers, recognizes procedures, API calls, switches, tables, constants and strings, as well as locates routines from object files and libraries http://en.wikipedia.org/wiki/OllyDbg

Versions Version 1.10 is the final 1.x release. Version 2.0 is in development and is being written from the ground up. Note: The current version of OllyDbg cannot disassemble binaries compiled for 64 bit processors.

Features Executes program in a controlled environment. Allows the flow of the program to be controlled. Uses a convenient layout showing hexadecimal, assembly, CPU registers and stack. Allows the program to be dumped from the memory onto the hard-disk. Highlights recently changed values in memory/stack/CPU registers.

Window Layouts Window layouts are the various parts of the UI that contain pertinent information Code window – Displays the executable machine code Register window – Allows the user to watch the contents of each register during execution Memory window – Allows the user to view the contents of various memory locations Stack window – Displays the stack, including memory addresses and values

Working in OllyDbg Navigation Commenting Listing Names Showing Memory Moving Searching Commenting Can be entered in the code window with the ; or : keys Listing Names The names window displays all functions or imported functions used in the program Listing them is easy via the shortcut Ctrl + N Showing Memory Displaying memory can be useful when looking for strings or other important data Displaying the memory map window can be achieved via Alt + M

Working in OllyDbg Cont… Breakpoints Breakpoints allow the debugger to stop at a specified address or instruction There are two types of breakpoints in general Software breakpoints Handled by the operating system Set by navigating to the specified address and hitting F2 Hardware breakpoints Handled by the processor Set by finding a place in memory you want to break on access and right clicking selecting the proper option Olly also provides a way to view and turn on and off breakpoints via the breakpoints window with Alt + B

Working in OllyDbg Cont… Controlling Execution Starting the process Once the target program is either loaded or attached in Olly you can start execution. This will actually set up an initial breakpoint at the application entry point There are several ways you can proceed from the entry point Single stepping Executes one instruction at a time and can be achieved by hitting F7 Steps into every function Tedious as fuck Execute until return Executes until the ret instuction is encoutered which can be achieved by hitting Ctrl + F9 Executes all instructions in the current function Faster than single stepping but not as comprehensive

Working in OllyDbg Cont… Watching execution Registers Handled in the register window Red highlighting indicates a register has changed Stack Handled in the stack window Display can be address or relative address from ebp Call stack Displays the functions the current function has been called from Can be displayed with the shortcut Alt + K

Demo Cracking a program using buffer overflow Rfile() function address: 0x004013B0 Register address: 0x0013FB78 Return address: 0x0040132C Buffer address: 0x0013FB6C Buffer length: 10 Bytes Address length: 2 Bytes

Tota Tota Story End… The End