0

I have got a minigame.exe which crashes at some point inside the game. It does not show any error message and it just says Not Responding. I am using Win 7. I want to identify the crashing point and try to fix the games problem. I think the problem might be caused due to a specific DLL imported by the executable. However, I have no clue about how to find out that specific assembly line and try to patch the executable with OllyDBG.

FreeMind
  • 213
  • 3
  • 20

1 Answers1

1

With the information given, this answer would need a full tutorial style, which is considered as too broad for this site. But the first step, finding out what type of crash it is and where it occurs can be explained.

I'll use WinDbg as the debugger, since I'm not familiar with OllyDbg. It is is part of the Debugging Tools for Windows and it's freely available. Install the versions, x64 or x86, that matches minigame.exe.

  1. Start WinDbg, use the correct bitness
  2. Run minigame.exe under WinDbg (File/Open executable). It will stop at the initial breakpoint.
  3. Set up the symbols, at least .symfix c:\debug\symbols and .reload. This will download information needed to construct the callstack.
  4. Continue running the application with g
  5. Reproduce the issue / wait until it crashes
  6. When WinDbg stops,
    • create a crash dump with .dump /ma c:\debug\minigame.dmp so you can analyze it later, e.g. for asking questions here, so that you needn't reproduce the bug again.
    • get information about the exception with .exr -1
    • switch to the thread that caused the exception with ~#s
    • look at the callstack with k

Now you should have a better understanding of the crash, perhaps enough to apply a patch, maybe not. At least it's a better starting point for further exploration.

Community
  • 1
  • 1
Thomas Weller
  • 55,411
  • 20
  • 125
  • 222
  • Is not there any way to do so in the x64_DBG? When I run the WinDBG64 it says debugee is busy and it also does not show the windows for registers, memory, and ... Even opening registers window will not show the registers. It is not really a user friendly or even comfortable debugger to work with. – FreeMind Sep 04 '15 at 14:55
  • Yes, WinDbg is quite command oriented. Its GUI is not really intuitive, neither are the commands. But it is the most powerful debugger available. You can potentially do the same in OllyDbg, but as I said, I don't know how to use it. – Thomas Weller Sep 04 '15 at 15:04
  • Is minigame.exe available for free? Perhaps it applies anti-debugging techniques – Thomas Weller Sep 04 '15 at 15:05
  • No, it is not a free game. I see GetThreadContext stuff in it. – FreeMind Sep 04 '15 at 15:24