exe and send it 408 As, simply type
$ Perl -e "exec 'F:\\toolz\\odbg110\\OLLYDBG.EXE', 'c:\\meet.exe', 'Mr',('A'
x 408)"
The preceding command line will launch meet.exe inside of OllyDbg.
When learning OllyDbg, you willwant to knowthe following common commands:
Shortcut Purpose
F2 Set breakpoint (bp)
F7 Step into a function
F8 Step over a function
F9 Continue to next bp, exception, or exit
CTRL-K Show call tree of functions
SHIFT-F9 Pass exception to program to handle
Click in code section, press ALT-E for list of
linked executable modules
List of linked executable modules
Right-click on register value, select Follow
in Stack or Follow in Dump
Look at stack or memory location that
corresponds to register value
CTRL-F2 Restart debugger
When you launch a program in OllyDbg, the debugger automatically pauses. This
allows you to set breakpoints and examine the target of the debugging session before
continuing. It is always a good idea to start off by checking what executable modules are
linked to our program (ALT-E).
Chapter 11: Basic Windows Exploits
255
PART III
In this case, we see that only kernel32.dll and ntdll.dll are linked to meet.exe. This information
is useful to us. We will see later that those programs contain opcodes that are
available to us when exploiting.
Pages:
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472