本文介绍了Ollydbg 1.10的“返回用户模式"不起作用的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

当出现一些麻烦时,我试图学习莱娜为新手求救" .我从ollyDbg开始Pixtopian Book,然后尝试让MessageBox包含有关未注册版本的消息.然后我切换到OllyDbg,停止执行程序,然后按"Alt + F9"作为返回用户模式",这将在程序从DLL退出后停止.

I tried to learn "Lena's reversing for newbies", when some trouble arise.I start Pixtopian Book with ollyDbg, then try to have MessageBox with message about uregistered version.Then i switch to OllyDbg, stop program executing and press "Alt+F9" for "Back to user mode" which stop the program after it exit from DLL.

但是此程序无法正常运行后,它被冻结并且无法响应我的操作.如果我关闭返回用户模式",程序将正常工作.

But after this program does not work, it's frozen and does not respond to my actions.If i turn off "Back to user mode" program normally work.

出了什么问题?我可以在IDA(使用WinDbg)或其他调试器中尝试使用返回用户模式"吗?我该怎么做?我可以在OllyDbg中修复它的功能吗?

P.S.就像程序在使用"ALT + F9"后停止并且没有运行.

P.S. It's like the program stopped and didn't run after use "ALT+F9".

/对不起,我的英语语言,我只是在学习;-)/

推荐答案

首先, Ollydbg 用于 32位平台.这意味着它将仅在32位操作系统上运行,并且只能调试32位应用程序.

First of all, Ollydbg is meant for 32 bit platform. It means that it will run only on a 32 bit OS and can only debug 32 bit apps.

在x64操作系统(尤其是Windows)中,有一个名为兼容模式的功能,可让您运行32位应用程序. 32位代码要么通过仿真运行,要么通过本机运行(当硬件本身实现指令集,然后称为x86-64时).

In x64 Operating Systems (specifically Windows) there is a feature called compatibility mode that lets you run 32 bit apps. The 32 bit code is either run by emulation or natively (when the hardware itself implements the instruction set and then it is called x86-64).

因此,当您尝试在x64环境中运行Ollydbg时,它将运行,但是您将遇到与您面临的问题类似的问题.发生这种情况是因为 Ollydbg在仿真模式下运行.作为调试器,它需要访问寄存器和其他系统结构,但被拒绝.它可以看到的是系统的虚拟映像.

So, when you try to run Ollydbg in a x64 environment it will run, but you will experience problems like the one you are facing. It occurs because Ollydbg is run in an emulation mode. Being a debugger it needs access to the registers and other system structures, which it is denied. What it can see is a virtual image of the system.

因此,解决问题的方法是使用 虚拟机 .

So the solution to the problem is using a Virtual Machine.

您将在其中安装32位操作系统,并使用Ollydbg调试应用程序.就虚拟机而言,我建议 VMWare .您可以使用工作站版本或播放器版本.后者是免费的,但不支持快照.

You would install a 32 bit OS in it and debug the app using Ollydbg. As far as Virtual Machines are concerned, I would recommend VMWare. You can use either the workstation or player version. The latter is free but does not support snapshots.

其他解决方案是 Virtual Box 并行工作站 Microsoft虚拟PC .它们的缺点是 Virtual Box不支持硬件断点从2014年起不再支持Parallels Workstation ,此外,您还会得到 BSOD ,如果您尝试单步执行FPU说明.我还没有测试Virtual PC.

Other solutions are Virtual Box, Parallels Workstation and Microsoft Virtual PC. The disadvantages of them are that Virtual Box does not support hardware breakpoints, Parallels Workstation is no longer supported as of 2014 and moreover there you would get a BSOD if you try to single step through FPU instructions. I have not tested Virtual PC though.

注意:Ollydbg不支持x64,但其作者正在使用x64版本.

这篇关于Ollydbg 1.10的“返回用户模式"不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

10-14 22:00