In OllyDbg how do you force/hint disassembly at a location?

StackOverflow https://stackoverflow.com/questions/13812554

Question

I have some code that OllyDbg is having trouble disassembling. This mostly happens at indirect jumps. For example in the code shown in the image below you can see that the EIP (CPU instruction pointer) is at 401839 which is a valid code address. 0x83F800 should disassemble to "cmp eax 0", but OllyDbg is not doing it. The CPU happily runs the code but I can't see the disassembly.

enter image description here

Is there any way to hint OllyDbg to disassemble the code (starting at 401836, eg)?

I tried using the menu choice "Analyse Code" (ctrl+A), but that did not work in this instance.

Was it helpful?

Solution

If "Analyse Code" doesn't change anything, try the reverse; removing it with "Remove analysis from selection"

OTHER TIPS

Right Click -> Analysis -> During Next analysis, treat selection as -> Command

Select Your db ?? and Analyze again,

You should get more familiar with Analysis. Unfortunatly I don't have any doc or link for you.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top