OpenRCE

📚 OpenRCE is preserved as a read-only archive. Launched at RECon Montreal in 2005. Registration and posting are disabled.

About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New

Customize Theme

Flag: Tornado! Hurricane!

Topic created on: June 21, 2005 08:10 CDT by anonymouse .

wow one more place to talk about ollydbg
should be fun with so much of l33t gang members lurking around
hi pedram :)

pedram		June 21, 2005 09:24.20 CDT
hmmm, can't quite tell how facetious you are being, or more importantly who you are ;-) the hope for the ollydbg forums is not to mirror the general (and very good) forums such as http://ollydbg.win32asmcommunity.net/ but rather to serve as a place to discuss more advanced usage and plug-in development. the whole site is an experiment so the forums could very well be changing. what you see is the first list of topics i put together and thought would be pertinent.

anonymouse		June 23, 2005 07:44.30 CDT
facetious you mean in the sense of joke or may be jocular nope i am not joking you do have an impressive list of famous users registered to your forum :) or more importantly i dont know if you remember the guy who writes exotic codes :) any way hope this place will develop into a good place for discussing some finer nuances of ollydbg :) thanks and regards as always some anonymouse nicks

pedram		June 23, 2005 09:58.07 CDT
ahhh, good clue. exotic code guy ;-) in fact the olly forums here would be the perfect place for you to discuss your exotic code. unfortunately that would give away your identity now.

anonymouse		June 27, 2005 01:59.43 CDT
hi pedram , give away identity :) is the identity that will be given away an identity in the first place :) any way else it turns into offtopic let me get into the matter i was searching why for that deadlock hang crap on and in the process i happened to read this blog from mgrier looks like he hits the point [quote] Calling any function from within your DLL_PROCESS_ATTACH which requires synchronization can deadlock. Obviously it doesn't have to deadlock; a lot of folks get away with a lot of bad stuff. They're getting lucky for the most part. A great example is the process heap. Did you know that you can lock it? You can! You can probably have a lot of fun by calling HeapLock(GetProcessHeap())? Why would you do that? I don't know! Who can know? Can we stop it? People want to but just wait for the black helicopter crowd to show up saying that it's really a collusion/conspiracy to get people to upgrade software on Windows. If someone locks it (or maybe calls HeapWalk on the process heap which I assume locks it for the duration of the walk) and then calls into the loader... well... boom. You're deadlocked. Those are two easy cases. Clearly you can deadlock in additional ways (RPC calls to another process or machine which have to reenter your process on a different thread which then might need the Mythical Loader Lock) and being creative with things like the thread pool, windows messages, etc. you can come up with a million variations on the theme. Thus, DLL_PROCESS_ATTACH rule #1: Don't do anything that requires synchronization. Currently, even heap allocation is suspect. [/quote] the link http://blogs.msdn.com/mgrier/archive/2005/06/21/431378.aspx hope you get some research material :)

Note: Registration is required to post to the forums.

There are 31,328 total registered users.

Recently Created Topics
[help] Unpacking VMP...	Mar/12
Reverse Engineering ...	Jul/06
let 'IDAPython' impo...	Sep/24
set 'IDAPython' as t...	Sep/24
GuessType return une...	Sep/20
About retrieving the...	Sep/07
How to find specific...	Aug/15
How to get data depe...	Jul/07
Identify RVA data in...	May/06
Question about memor...	Dec/12

Recent Forum Posts
Finding the procedur...	rolEYder
Question about debbu...	rolEYder
Identify RVA data in...	sohlow
let 'IDAPython' impo...	sohlow
How to find specific...	hackgreti
Problem with ollydbg	sh3dow
How can I write olly...	sh3dow
New LoadMAP plugin v...	mefisto...
Intel pin in loaded ...	djnemo
OOP_RE tool available?	Bl4ckm4n

Recent Blog Entries
	halsten	Mar/14
Breaking IonCUBE VM
	oleavr	Oct/24
Anatomy of a code tracer
	hasherezade	Sep/24
IAT Patcher - new tool for ...
	oleavr	Aug/27
CryptoShark: code tracer ba...
	oleavr	Jun/25
Build a debugger in 5 minutes
More ...

Recent Blog Comments
	nieo on:	Mar/22
IAT Patcher - new tool for ...
	djnemo on:	Nov/17
Kernel debugger vs user mod...
	acel on:	Nov/14
Kernel debugger vs user mod...
	pedram on:	Dec/21
frida.github.io: scriptable...
	capadleman on:	Jun/19
Using NtCreateThreadEx for ...
More ...

Imagery

SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit