Quote:
Originally Posted by magicanoo
-problem in breakpoints: for example I set breakpoints on 15 commands..1 by 1..It passes the first 10 commands without pausing,but when after it pauses in the 11th command,it pauses again in the previous commands which confuses me which ones are the related offsets.
|
If it doesn't pause there, the commands were not executed.
There might be a JMP command somewhere.
INT3 Breakpoints only work on code that is executed, if you want to pause at points where the process accesses specific memory regions you will have to use Memory/Hardware breakpoints(the number of hardware breakpoints is very limited)
Quote:
|
-Is there a more distinct way to figure the offsets for a certain function instead of setting a breakpoint on every search result?some search results"only PUSH" are over 100 results.
|
Don't really know what you mean
Quote:
|
-Am I doing it right?search for all constants -> hexadecimal XX->set breakpoint on each push+mov commands and hit start?because sometimes the application bugs after changes made in the assembler and it won't run again.
|
Normally INT3 breakpoints shouldn't make any troubles
BUT code can be dynamic and if you set a breakpoint there and the code is modified afterwards the breakpoint is lost(obviously) and olly will tell you so
