[Bug 7635] OllyDbg 1.10 blanks on pause or attach
Wine Bugs
wine-bugs at winehq.org
Wed Apr 25 11:58:11 CDT 2007
http://bugs.winehq.org/show_bug.cgi?id=7635
------- Additional Comments From focht at gmx.net 2007-25-04 11:58 -------
Hello,
this is due to the technical nature of wine.
Basically the debugger can't read/disassemble the memory location of the current
EIP.
Remember: Wine is a different beast, not a "pure" windows PE user process
environment.
The suspended threads EIP is very likely in ELF/thunk/syscall area - this
address space is usually not seen by windows usermode debugger (using process
APIs, mapped views/virtual queries).
Single step/over (F7/F8), look at EIP and you will notice it changes.
The 0x8000004 exceptions in console each time you step are the debuggers single
step event/exception.
Open "memory" window and compare EIP range.
If you see EIP pointing to an area not being mapped as memory range, it's
probably executing in ELF/thunk/syscall area.
It happens in various situations, for instance if you instruct the debugger to
"break on new modules" event.
It will always stop in ELF code.
Resolution:
1) single /step/over/run until return/ to get the EIP into mapped range.
The disassembly will appear again and all is fine.
2) open the "excutable modules" window and click any PE module - it will show
disassembly again (though EIP remains in ELF code).
3) put breakpoints on imports that will be executed first
(after debuggee was paused due to dll loader event)
It's nasty, i know ...
Though i retired from ollydbg/win32asm/RCE community long time ago, i will of
course help/explain any issues regarding this fine piece of software :)
Regards
--
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the wine-bugs
mailing list