OutputDebugString

From aldeid
Jump to navigation Jump to search

Description

Outputs a string to a debugger if one is attached.

Note

Syntax

void WINAPI OutputDebugString(
  _In_opt_ LPCTSTR lpOutputString
);

Parameters

lpOutputString [in, optional]
The null-terminated string to be displayed.

Return value

This function does not return a value.

Examples

Detect the presence of a debugger with OutputDebugString

Here is an example (see The-FLARE-On-Challenge-01/Challenge-7)

Assembly C code
DWORD errorValue = 1234;
SetLastError(errorValue);
OutputDebugString("bah!");
if(GetLastError() == errorValue)
{
    /* ExitProcess */
    [...SNIP...]
}
else
{
    /* RunNextInstructions */
    [...SNIP...]
}

Crash OllyDbg with OutputDebugString

OllyDbg version 1.1 may crash when executing a call to OutputDebugString with a string of %s as parameter, such as:

OutputDebugString("%s%s%s%s%s%s%s%s%s%s")

Below is an example:

.text:00401920
.text:00401920 f_crash_debugger proc near
.text:00401920                 push    esi
.text:00401921                 push    0               ; lpWindowName
.text:00401923                 push    offset ClassName ; "OLLYDBG"
.text:00401928                 call    ds:FindWindowW
.text:0040192E                 test    eax, eax
.text:00401930                 jz      short loc_40193D
.text:00401932                 push    offset OutputString ; "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%"...
.text:00401937                 call    ds:OutputDebugStringW
.text:0040193D
.text:0040193D loc_40193D:
.text:0040193D                 push    0               ; lpWindowName
.text:0040193F                 push    offset aOllydbg_0 ; "ollydbg"
.text:00401944                 call    ds:FindWindowW
.text:0040194A                 test    eax, eax
.text:0040194C                 jz      short loc_401959
.text:0040194E                 push    offset aSSSSSSSSSSSS_0 ; "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%"...
.text:00401953                 call    ds:OutputDebugStringW