OllyDbg newb

06/26/2012 23:19 theevilworm#1

Hi, I wanted to give OllyDbg a try. I dont know much about assembler, but I wanted to try anyway.
I wrote a simple 'Hello World' program. Code:

[Only registered and activated users can see links. Click Here To Register...]

It writes 'Hallo Welt' into Label1. What I wanted to do is change this into writing 'Hammo World', so just changing two letters.
I found this spot in OllyDbg:

[Only registered and activated users can see links. Click Here To Register...]

As you see, I tried the most intuitive thing: Change the string to 'Hammo Welt'. But OllyDbg does not know this command. That's strange since it is already in the program. If I doubleclick the unaltered line and try to save it again, I cannot because OllyDbg does not know what it read itself.

So I tried something else:
[Only registered and activated users can see links. Click Here To Register...]

Using binary edit, I wanted to change the text to 'Hammo Welt' by swapping 6C with 6D. Saving this produced the following:

[Only registered and activated users can see links. Click Here To Register...]

Totally not what I wanted. It messed everything up.
So I wonder: Does OllyDbg suck or do I suck? I heard so much about this disassembler being to 'intuitive' but I don't see much of that.

06/27/2012 13:56 MrSm!th#2

It messes up, because you try to overwrite code with strings.
Olly doenst suck, but you :p It is intuitive, but you have to know what you are doing.

The analysis failed for that code section, otherwise you would see something like
push some_offset "Hallo Welt"

You have to go to that offset in the dumb window and change the string via binary edit.

You could try to reanalyse that code or rightclick -> some submenu -> treat section as code.
Or you could try the plugin AnalyzeThis, which improves Ollys analysis capabilities.

Btw. you should change the color theme, everything in black and white is not very easy to analyze (for your eyes).

06/28/2012 19:24 tnd0#3

Code:

nanoex Project1.exe
size: 42,424 Byte
> strrplc
> 1
> "Hallo Welt"
> "Hello Worl"
"Hallo Welt" 1 occurance replaced.
^[

Linux.

Oh by the way since you're using Delphi, download and install the cnWizards pack for delphi. There is imho no code editor which compete with a delphi code editor with cnWizards.

Imagine this to just be black and white:
[Only registered and activated users can see links. Click Here To Register...]

06/29/2012 02:37 link#4

Glatze! Glatze! MEINE AUGEN!!

Did you even execute it after modifying? Because it actually works and everything is correct. There's just a small analysis-problem after the modification. Simply try Ctrl+A again or use right-click, analysis, during next analysis treat as ascii text.

Can't even read the code in your pic, it's more like I was reading the colors