OllyDbg.exe + StrongOD deletes OllyDbg.exe

Ideas for enhancements to the software
Post Reply
g00fy
Posts: 4
Joined: Fri Apr 05, 2013 3:53 am

OllyDbg.exe + StrongOD deletes OllyDbg.exe

Post by g00fy » Thu Dec 31, 2015 5:42 am

1/ What I did:

Code: Select all

- Extract OllyDbg (http://www.ollydbg.de/odbg110.zip)
- put StrongOD plugin in the ollydbg directory (https://tuts4you.com/download.php?view.2028)

- run OllyDbg (normal/admin, makes no difference) under Sandboxie

- "Click OK to Patch ClassName" > OK
- OllyDbg gets deleted.
2/ Next what I tried was moving this directory OUTSIDE sandboxie (to C:\tmp). (and re-adding the exe into it). Than I ran it again.
Weirdly, Sandboxie was STILL used to start it up!?

3/ So I restarted my computer, and tried re-run OllyDbg (now under C:\tmp). Sandboxie did not capture it anymore (as it is supposed to do).
And it did run normally, no deleting of OllyDbg.


==> I think it is because of this:
Inside StrongOD.dll there is this call:
call ds:GetCurrentProcess

I think it does not get the right process name (maybe Sandboxie one?), but definitely not OllyDbg.exe.

Craig@Invincea
Sandboxie Support
Sandboxie Support
Posts: 3523
Joined: Thu Jun 18, 2015 3:00 pm
Location: DC Metro Area
Contact:

Re: OllyDbg.exe + StrongOD deletes OllyDbg.exe

Post by Craig@Invincea » Thu Dec 31, 2015 8:38 am

What are your trying to achieve? And items will remain in the sandbox until you delete them.

Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests