Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

(SOLVED) ODBG2 plugins: permanent breakpoint

mArTi
mArTi
in Programming and Coding

Featured Replies

Posted

Hello !

I'm currently writing some ollydbg plugin and I'm trying to put some breakpoint on a few external functions, because I need to get the passed values to those at each hit.

 

I'm using this snippet to set the breakpoint :

t_module* module = Findmodulebyname(L"(nameofthemodule)");wchar_t* error = L"Error";ulong funcaddress = 0;FindaddressW(L"(function name)",module,&funcaddress,error);Setint3breakpoint(funcaddress,BP_TEMP,0,0,0,BA_PERMANENT|BA_PLUGIN ,NULL,NULL,NULL);
But, even with a BA_PERMANENT (even with changing ODBG2_Plugintempbreakpoint to ODBG2_Pluginexception to catch the bp), the breakpoints are deleted... meaning I only can break at those functions once, at the first hit.

 

Do you have an idea on how to bp on *every* call to those functions (and not getting the bp deleted at each hit) ?

 

Many thanks for your answers !

Edited by mArTi

intercept the code that deletes this breakpoint (should be possible in plugin interface) and re-set it :)

greetings

  • Author

Re-setting the breakpoint each time would slow a lot the debugging (the breakpoint is deleted right after the callback function has been deleted, even if flag BA_PERMANENT has been set). Got any idea that would not slow that much, and that would permit to break each time at those functions ?


 


Thank you for your answer ;)


ehm, you could hook the remove_breakpoint function to not remove your breakpoint (just redirect, check addr, return if it's one of yours, continue if it's another one)...

I dont know much about the olly engine so I really can't tell.. maybe email oleh for some help (he said he would answer emails regarding the new plugin interface).

out of curiosity: what are you making??

greetings

well, i a mguessing this is the culprit: BP_TEMP.


INT3 Breakpoints should be permanent by default, no hooking required.


Does it work if you set the BP manually?


 


Are you sure writing a script wouldnt be easier here?


  • Author

@Mr. eXoDia: Well, hooking ollydbg is not my goal :rudolph:

@deepzero: I'd prefer to write a plugin  :smilie3: BP_TEMP is the best way to use bp from a plugin, and it was written that it would be keeped if BA_PERMANENT flag was kept. However I did as exodia told.

 

I emailed Oleh, as exodia said and here's the answer if anyone's interested :

thank you for the bug report. Currently temporary breakpoints must be enabled in Options|Debugging options|Set permanent breakpoints on system calls, otherwise flag BA_PERMANENT is ignored, even for plugins. This issue will be corrected in the next OllyDbg release.

Edited by mArTi

great news!

now what are you working on?? im really curious :D

Greetings

Create an account or sign in to comment

Go to topic listing

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.