Comments (2)
According to the list of modules, I'm guessing this is IE -- if you run it
manually, does OllyDbg stop at 0x014f03ae? Because Run__() will just run
the process until having some sort of stopping events. If it doesn't stop
manually, is there specific at 0x014f03ae?
2015-04-15 12:57 GMT-07:00 RealGame (Tomer Zait) [email protected]:
Code:
bp = SoftwareBreakpoint(0x128B401)
print "BreakPoint Address=%X" % bp.address
display_global_registers()
Run__()
display_global_registers()
print "CheckForDebugEvent=%s" % CheckForDebugEvent()
print "isDebuggeeFinished=%s" % IsDebuggeeFinished()Output:
File 'xxxxxxxxxxxxxxxxxxxxxxxxxxx.exe'
New process (ID 00001AE4) created
014F03AE Main thread (ID 000007C8) created
76E30000 Unload hidden module 76E30000
76C30000 Unload hidden module 76C30000
76E30000 Unload hidden module 76E30000
76F50000 Unload hidden module 76F50000
01230000 Module 'xxxxxxxxxxxxxxxxxxxxxxxxxxx.exe'
01299794 Module contains TLS callback(s)
70670000 Module 'C:\Windows\system32\WINMM.dll'
71E20000 Module 'C:\Windows\system32\webio.dll'
Invalid Image Export Directory, or system update is pending
71E80000 Module 'C:\Windows\system32\WINHTTP.dll'
72550000 Module 'C:\Windows\system32\Secur32.dll'
725B0000 Module 'C:\Windows\system32\version.DLL'
726A0000 Module
'C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll'
72F70000 Module 'C:\Windows\SysWOW64\SYSFER.DLL'
74C40000 Module 'C:\Windows\syswow64\CRYPTBASE.dll'
74C50000 Module 'C:\Windows\syswow64\SspiCli.dll'
74CB0000 Module 'C:\Windows\syswow64\WINTRUST.dll'
74CE0000 Module 'C:\Windows\syswow64\OLEAUT32.dll'
Code size is extended to include all sections marked as CODE
Code sections '.text' and '.orpc' will be merged to a single memory block
74D70000 Module 'C:\Windows\syswow64\ADVAPI32.dll'
74E70000 Module 'C:\Windows\syswow64\profapi.dll'
Invalid or compressed Image Export Directory
74E80000 Module 'C:\Windows\syswow64\shlwapi.DLL'
74EE0000 Module 'C:\Windows\syswow64\NSI.dll'
74EF0000 Module
'C:\Windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll'
74F00000 Module 'C:\Windows\syswow64\PSAPI.DLL'
74FA0000 Module 'C:\Windows\syswow64\ole32.dll'
Code sections '.text' and '.orpc' will be merged to a single memory block
75100000 Module 'C:\Windows\syswow64\msvcrt.dll'
751B0000 Module 'C:\Windows\syswow64\WININET.dll'
Code size in header is 00168800, extended to end of section '.wpp_sf'
Code sections '.text' and '.orpc' will be merged to a single memory block
Code sections '.orpc' and '.wpp_sf' will be merged to a single memory block
75370000 Module
'C:\Windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll'
75380000 Module 'C:\Windows\SysWOW64\sechost.dll'
753A0000 Module 'C:\Windows\syswow64\LPK.dll'
753B0000 Module 'C:\Windows\syswow64\normaliz.DLL'
75420000 Module 'C:\Windows\syswow64\USERENV.dll'
Code size is extended to include all sections marked as CODE
Code sections '.text' and '.orpc' will be merged to a single memory block
75440000 Module
'C:\Windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll'
75450000 Module 'C:\Windows\syswow64\MSASN1.dll'
754D0000 Module 'C:\Windows\syswow64\CRYPT32.dll'
755F0000 Module
'C:\Windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll'
75600000 Module 'C:\Windows\syswow64\user32.DLL'
75700000 Module 'C:\Windows\syswow64\iertutil.dll'
Code size is extended to include all sections marked as CODE
Code sections '.text' and '.wpp_sf' will be merged to a single memory block
75990000 Module 'C:\Windows\syswow64\WS2_32.dll'
759D0000 Module 'C:\Windows\syswow64\KERNELBASE.dll'
76670000 Module 'C:\Windows\syswow64\USP10.dll'
76840000 Module 'C:\Windows\syswow64\RPCRT4.dll'
Code size is extended to include all sections marked as CODE
76930000 Module
'C:\Windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll'
76C30000 Module 'C:\Windows\syswow64\kernel32.dll'
76DA0000 Module 'C:\Windows\syswow64\GDI32.dll'
77230000 Module 'C:\Windows\SysWOW64\ntdll.dll'
Code size is extended to include all sections marked as CODE
72FE0000 Module (anonymous)
Not an 80x86 executable
72FF0000 Module (anonymous)
Not an 80x86 executable
73050000 Module (anonymous)
Not an 80x86 executable
77050000 Module (anonymous)
Not an 80x86 executable
014F03AE Entry point of main module
74E10000 Module 'C:\Windows\system32\IMM32.DLL'
76B60000 Module 'C:\Windows\syswow64\MSCTF.dll'
[python-loader] Trying to execute the script located here: 'test.py'..
BreakPoint Address=128B401
EAX: 0x76c43378, ECX: 0x00000000
EDX: 0x014f03ae, EBX: 0x7efde000
ESP: 0x0041fe9c, EBP: 0x0041fea4
ESI: 0x00000000, EDI: 0x00000000
EIP: 0x014f03ae
75A20000 Module 'C:\Windows\syswow64\SHELL32.dll'
EAX: 0x76c43378, ECX: 0x00000000
EDX: 0x014f03ae, EBX: 0x7efde000
ESP: 0x0041fe9c, EBP: 0x0041fea4
ESI: 0x00000000, EDI: 0x00000000
EIP: 0x014f03ae
CheckForDebugEvent=0
isDebuggeeFinished=False
[python-loader] Execution is done!
75480000 Module 'C:\Windows\syswow64\WLDAP32.dll'
71080000 Module 'C:\Windows\system32\ntmarta.dll'
77282E65 New thread 2. (ID 00001784) created
75900000 Module 'C:\Windows\syswow64\CLBCatQ.DLL'
77283E85 New thread 3. (ID 00002028) created
72490000 Module 'C:\Windows\system32\CRYPTSP.dll'
72350000 Module 'C:\Windows\system32\rsaenh.dll'
72570000 Module 'C:\Windows\system32\RpcRtRemote.dll'
77283E85 New thread 4. (ID 00001014) created
74FCD864 New thread 5. (ID 00002398) created
74FCD864 New thread 6. (ID 0000226C) created
6F000000 Module 'C:\Windows\system32\uxtheme.dll'
76710000 Module 'C:\Windows\SysWOW64\urlmon.dll'
Code sections '.text' and '.wpp_sf' will be merged to a single memory block
77200000 Module 'C:\Windows\syswow64\api-ms-win-downlevel-ole32-l1-1-0.dll'
68CD0000 Module 'C:\Program Files (x86)\Internet Explorer\ieproxy.dll'
Code sections '.text' and '.orpc' will be merged to a single memory block
6EFE0000 Module 'C:\Windows\system32\dwmapi.dll'
71550000 Module 'C:\Windows\system32\bcrypt.dll'
71570000 Module 'C:\Windows\system32\ncrypt.dll'
69400000 Module 'C:\Windows\system32\RstrtMgr.dll'
71510000 Module 'C:\Windows\SysWOW64\bcryptprimitives.dll'
693B0000 Module 'C:\Windows\system32\VssTrace.DLL'
71830000 Module 'C:\Windows\system32\ATL.DLL'
660C0000 Module 'C:\Windows\system32\VSSAPI.DLL'
693C0000 Module 'C:\Windows\system32\SPP.dll'
693F0000 Module 'C:\Windows\system32\srclient.dll'
043B0000 Module C:\Windows\SysWOW64\ole32.dll - failed to initialize
01248D60 New thread 7. (ID 00001D80) created
759DC42D VC service exception: Thread 00001D80 is named
'RecoveryComponentIO' - passed to application
0128B401 Breakpoint at software_removal_tool.0128B401—
Reply to this email directly or view it on GitHub
#9.
from ollydbg2-python.
It stopped on 0x128B401 and i don't have any other stopping event.
from ollydbg2-python.
Related Issues (10)
- python-loader: launch the scripts in a dedicated thread
- ollydbg2-swig_wrap.c could not found. HOT 3
- isnt working
- python-loader: add keyboard shortcut to launch a script / open the window
- python-loader: IMPROVE the command bar
- samples: try to find more real case scenario
- ollydb2-python: testingtestingtestingtesting! HOT 23
- Scripts are not executed, and the information is not displayed in the log. HOT 25
- How to build working OllyDbg2-Python Plugin? HOT 30
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ollydbg2-python.