Full ollydbg tutorial on how to start debugging [How to start debugging session] CPU window [CPU window]

7. How to start debugging [How to start debugging session]

The simplest method is to run ollydbg, click the file [file] | open [open] on the menu, and select the program you want to debug. If the program requires command line parameters, you can enter parameters in the input column at the bottom of the dialog box or select a parameter that was previously entered during debugging.

The ollydbg can debug an independent DLL [stand-alone DLLs]. In this case, ollydbg will create and run a small application to load the Linked Library and call the output function as needed.

If you want to restart the program that was last debugged, just press Ctrl + F2 (this is the shortcut key for restarting the program) so that ollydbg will run the program with the same parameters. Another way is to select the file [file] in the menu and select a program from the history list. You can also drag executable files or DLL files to ollydbg in Windows Resource Manager.

Of course, you can run the program to be debugged with specified running parameters when the ollydbg is started. For example, you can create an ollydbg shortcut on the desktop, right-click and select "properties", and add the full path of the program to "target" in "shortcut. In this way, every time you double-click the shortcut, ollydbg will automatically run the program to be debugged. Note: DLL files do not support this method.

You can mount a running process to the ollydbg. Open the file [file] | attach [Attach] in the menu, and select the process to attach from the process list. Note: When you close the ollydbg, the process is also disabled. Do not mount system processes. Otherwise, the entire operating system may crash. (In fact, in most cases, the operating system prohibits you from attaching sensitive processes ).

Ollydbg can be used as the instant [just-in-time] debugger. This requires registration in the system registry. Select the option [Options] | instant debugging [just-in-time debugging] in the menu, and click "set ollydbg as instant Debugger" in the pop-up dialog box [make ollydbg just-in -Time debugger]. In the future, if an application suffers an illegal operation, the system will prompt you whether to use ollydbg to debug the program. The operating system starts ollydbg and stops it directly in the abnormal place. If you select "Do Not Ask when mounting" [attaching without confirmation], the ollydbg dialog box does not pop up during instant debugging. If you want to restore it to the previous instant debugger [restore old just-in-time debuger], click the appropriate button.

Another way is to add the ollydbg to the shortcut menu associated with the executable file (this idea was proposed by Jochen Gerster ). In the main menu, select [Options] | add to resource manager [add to Explorer]. In the future, you can right-click the executable file or DLL in the list of all files and select ollydbg from the shortcut menu. This function creates four registry key values:

Hkey_classes_root/exefile/Shell/open with ollydbg
Hkey_classes_root/exefile/Shell/open with ollydbg/command
Hkey_classes_root/dllfile/Shell/open with ollydbg
Hkey_classes_root/dllfile/Shell/open with ollydbg/command

Ollydbg can debug console programs (text-based ).

Ollydbg cannot Debug. NET applications .. Net programs are composed of pseudo commands such as Microsoft's intermediate language, or on-the-fly to native? 6 commands compiled.

Note: If you are running a Windows NT, 2000, or XP operating system, you should have administrator privileges to debug the program ..,

8. CPU window [CPU window]

For users, the CPU window is the most important window in ollydbg. Most of the operations to debug your program must be performed in this window. It includes the following five panels (the sizes of these five panels can be adjusted ):

Disassembly [discycler]
Information [information]
Data [dump]
Register [registers]
Stack [Stack]

Press the tab key to switch to the next CPU panel (clockwise ).

Press SHIFT + TAB to switch to the previous CPU panel (counterclockwise ).