WineHQ

OllyDbg

OllyDbg is a 32-bit assembler level analysing debugger for Microsoft Windows. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable.

Application Details:

Version: 1.10
License: Shareware
URL: http://www.ollydbg.de/
Votes: 0
Latest Rating: Gold
Latest Wine Version Tested: 1.3.20

Maintainers: About Maintainership

No maintainers. Volunteer today!

Test Results

Old test results
The test results for this version are very old, and as such they may not represent the current state of Wine. Please consider submitting a new test report.
Selected Test Results

What works

  • Debugging multithreaded applications
  • Attaching to running programs
  • Sets conditional, logging, memory and hardware breakpoints
  • Dynamically traces stack frames
  • Searches whole allocated memory
  • Finds references to constant or address range
  • Examines and modifies memory, sets breakpoints and pauses program on-the-fly
  • Assembles commands into the shortest binary form
  • Properly decodes Wine API when Wine was compiled with debugging symbols (-g)

What does not

Some dlls are reported as "unkown format" upon load event.

Workarounds

What was not tested

Some plugins.

Hardware tested

Graphics:

  • GPU:
  • Driver:

Additional Comments

selected in Test Results table below
Operating systemTest dateWine versionInstalls?Runs?Used
Workaround?
RatingSubmitter
CurrentUbuntu 10.10 "Maverick" i386 (+ variants like Kubuntu)May 20 20111.3.20Yes Yes NoGoldAnastasius Focht 
ShowFedora 12 x86_64Jul 22 20101.2Yes Yes NoGoldAnastasius Focht 
ShowGentoo Linux x86_64Dec 22 20081.1.11Yes Yes NoGoldan anonymous user 
ShowUbuntu 7.04 "Feisty" amd64 (+ variants like Kubuntu)Feb 27 20080.9.56.N/A Yes NoGoldJeffZ 
ShowFedora 8Jan 25 20080.9.54.Yes Yes NoGoldAnastasius Focht 

Known Bugs

Bug # Description Status Resolution Other apps affected

Show all bugs

HowTo / Notes

Error: Unable to open or read executable file 'foo'

­When applications are first­ loaded in to debugger, you might get message boxes with following errors:

Unable to o­pen or read executable file 'foo.dll'

or

­Bad or unknown format 'foo.dll'

This is expected (and annoying) behaviour. The debugger tried to physically read the dll by looking into "system32" directory of the WINEPREFIX. Most Wine builtins don't have a fake placeholder by default hence the error.

Just dismiss the message boxes with 'OK'.

You can work around this problem by adding the dll in question to "[FakeDllsSection]" of "tools/wine.inf" (wine source tree) and then rerun 'wineboot --update' to have it installed in WINEPREFIX.

Disassembly (CPU Window) goes blank while stepping/pausing

When the disassembly window goes blank (after pausing, single stepping into wine, etc.) you probably hit a code location which the debugger can't properly handle due to design of Wine/Linux.

The debugger hits ELF code in wine builtins outside of win32 API virtual mapping range which leads to empty code/disassembly window (debugger needs to read memory in order to disassemble it). Look at registers window while you step, you can see EIP still changing but no code is actually displayed. Just hit a few times run until return until the code reaches PE/win32 memory range again. Then the code/disassembly will reappear.

This is expected behaviour and by design.

Debugging/Tracing is slow

Depending on situation, the debugger reads large memory chunks from target process (debuggee). The transfer of large memory chunks between wineserver and debugger process leads to performance loss.

Technically, wineserver uses Linux ptrace facility to read remote process memory. Only 32-bit integers can be read/written at a time which causes extreme overhead for large blocks.

This performance problem has been solved in Ollydbg v2 which optimized the needed memory reads (for disassembly, memory view) to much smaller chunks.

With commit 1a79912a10a6cded54d1f1de5f746bbffec3ffee (Wine post-1.2) the s­ituation somewhat improved. WIneserver now uses /proc/pid/mem to read process memory since it should be faster.

Comments

Comments Disabled

Comments for this application have been disabled because there are no maintainers.
Back