OllyDbg.exe + StrongOD deletes OllyDbg.exe
Posted: Thu Dec 31, 2015 5:42 am
1/ What I did:
2/ Next what I tried was moving this directory OUTSIDE sandboxie (to C:\tmp). (and re-adding the exe into it). Than I ran it again.
Weirdly, Sandboxie was STILL used to start it up!?
3/ So I restarted my computer, and tried re-run OllyDbg (now under C:\tmp). Sandboxie did not capture it anymore (as it is supposed to do).
And it did run normally, no deleting of OllyDbg.
==> I think it is because of this:
Inside StrongOD.dll there is this call:
call ds:GetCurrentProcess
I think it does not get the right process name (maybe Sandboxie one?), but definitely not OllyDbg.exe.
Code: Select all
- Extract OllyDbg (http://www.ollydbg.de/odbg110.zip)
- put StrongOD plugin in the ollydbg directory (https://tuts4you.com/download.php?view.2028)
- run OllyDbg (normal/admin, makes no difference) under Sandboxie
- "Click OK to Patch ClassName" > OK
- OllyDbg gets deleted.Weirdly, Sandboxie was STILL used to start it up!?
3/ So I restarted my computer, and tried re-run OllyDbg (now under C:\tmp). Sandboxie did not capture it anymore (as it is supposed to do).
And it did run normally, no deleting of OllyDbg.
==> I think it is because of this:
Inside StrongOD.dll there is this call:
call ds:GetCurrentProcess
I think it does not get the right process name (maybe Sandboxie one?), but definitely not OllyDbg.exe.