mArTi Posted May 15, 2013 Share Posted May 15, 2013 (edited) Hello !I'm currently writing some ollydbg plugin and I'm trying to put some breakpoint on a few external functions, because I need to get the passed values to those at each hit. I'm using this snippet to set the breakpoint :t_module* module = Findmodulebyname(L"(nameofthemodule)");wchar_t* error = L"Error";ulong funcaddress = 0;FindaddressW(L"(function name)",module,&funcaddress,error);Setint3breakpoint(funcaddress,BP_TEMP,0,0,0,BA_PERMANENT|BA_PLUGIN ,NULL,NULL,NULL);But, even with a BA_PERMANENT (even with changing ODBG2_Plugintempbreakpoint to ODBG2_Pluginexception to catch the bp), the breakpoints are deleted... meaning I only can break at those functions once, at the first hit. Do you have an idea on how to bp on *every* call to those functions (and not getting the bp deleted at each hit) ? Many thanks for your answers ! Edited May 22, 2013 by mArTi Link to comment
mrexodia Posted May 15, 2013 Share Posted May 15, 2013 intercept the code that deletes this breakpoint (should be possible in plugin interface) and re-set it greetings Link to comment
mArTi Posted May 16, 2013 Author Share Posted May 16, 2013 Re-setting the breakpoint each time would slow a lot the debugging (the breakpoint is deleted right after the callback function has been deleted, even if flag BA_PERMANENT has been set). Got any idea that would not slow that much, and that would permit to break each time at those functions ? Thank you for your answer Link to comment
mrexodia Posted May 16, 2013 Share Posted May 16, 2013 ehm, you could hook the remove_breakpoint function to not remove your breakpoint (just redirect, check addr, return if it's one of yours, continue if it's another one)... I dont know much about the olly engine so I really can't tell.. maybe email oleh for some help (he said he would answer emails regarding the new plugin interface). out of curiosity: what are you making?? greetings Link to comment
deepzero Posted May 16, 2013 Share Posted May 16, 2013 well, i a mguessing this is the culprit: BP_TEMP.INT3 Breakpoints should be permanent by default, no hooking required.Does it work if you set the BP manually? Are you sure writing a script wouldnt be easier here? Link to comment
mArTi Posted May 22, 2013 Author Share Posted May 22, 2013 (edited) @Mr. eXoDia: Well, hooking ollydbg is not my goal @deepzero: I'd prefer to write a plugin BP_TEMP is the best way to use bp from a plugin, and it was written that it would be keeped if BA_PERMANENT flag was kept. However I did as exodia told. I emailed Oleh, as exodia said and here's the answer if anyone's interested : thank you for the bug report. Currently temporary breakpoints must be enabled in Options|Debugging options|Set permanent breakpoints on system calls, otherwise flag BA_PERMANENT is ignored, even for plugins. This issue will be corrected in the next OllyDbg release. Edited May 22, 2013 by mArTi Link to comment
mrexodia Posted May 22, 2013 Share Posted May 22, 2013 great news! now what are you working on?? im really curious Greetings Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now