Bugtraq mailing list archives
OllyDbg long process Module debug Vulnerability
From: ATmaCA ATmaCA <atmaca () atmacasoft com>
Date: 19 Mar 2005 06:11:51 -0000
Vendor: Oleh Yuschuk Application: OllyDbg http://home.t-online.de/home/Ollydbg/ Introduction: OllyDbg is a 32-bit assembler level analysing debugger for Microsoft® Windows®. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable. Affected Versions: 1.10 (final version) and prior versions. Overview: In OllyDbg, if a target process loads modules that contains long name (greater than around 200 bytes), OllyDbg will be crashed. This hole can be used for an anti-debug method for OllyDbg. Vendor Status: No vendor response. Discovery: ATmaCA atmaca () atmacasoft com www.atmacasoft.com www.spyinstructors.com Credit to Kozan POC: Debug this program with OllyDbg, when the program runs, a folder that named "olly hole" will be created on desktop and a long named dll will be created in this folder. then it will load this and finally olly debug will be crashed. http://www.atmacasoft.com/exp/OllyHole.exe
Current thread:
- OllyDbg long process Module debug Vulnerability ATmaCA ATmaCA (Mar 19)