1.17. MORE ABOUT STRINGS
Optimizing MSVC + OllyDbg
We can try this (optimized) example in OllyDbg. Here is the first iteration:
Figure 1.58:OllyDbg: first iteration startWe see that OllyDbg found a loop and, for convenience,wrappedits instructions in brackets. By clicking
the right button onEAX, we can choose “Follow in Dump” and the memory window scrolls to the right
place. Here we can see the string “hello!” in memory. There is at least one zero byte after it and then
random garbage.
If OllyDbg sees a register with a valid address in it, that points to some string, it is shown as a string.