Unable to open a scenario DLL in OllyDbg

[Vagabond]

I'm trying to figure out how Outpost 2 calls for a specific video to be played at the end of a colony game. I don't see any references in the established Outpost 2 SDK, so I was going to try and load a colony game scenario DLL into OllyDbg and see if it would shed any light on how it is called. Keep in mind I've never used a program like OllyDbg before so I'm probably messing up something simple?

After opening the scenario, I get the following message in the bottom left of OllyDbg

Single step event at ntdll. 773D01C8 - use Shift+F7/F8/F9 to pass exception to program.

After pressing Shift+F7, I get the following message at the bottom left of OllyDbg.

Debugged program was unable to process exception.

After pressing Shift+F7 again, I get the following textbox:

Error: LOADDLL.EXE: Unable to load DLL.

I know Hooman mentioned that there are errors caused in using OllyDbg associated with loading DLLs and the Outpost 2 executable at different base addresses than the program expects, but I'm not really sure how to translate this into getting the scenario DLL hooked into OllyDbg. I'm trying to load CES1.dll although had same results with other tried scenario DLLs.

Line in main thread:
773D01C8  895C24 08  MOV DWORD PTR SS:[ESP+8],EBX

[Sirbomber]

Sounds like you're trying to load the DLL directly into OllyDbg.  You need to load OP2 into OllyDbg, then run the DLL as normal.

But the answer to your question is, OP2 is hardcoded to play a movie after a single-player game ends; which movie plays depends on the filename of the DLL.  The Survivor multiplayer missions use hacks to override OP2's default behavior when unloading a mission to play those movies.  You could ask BlackBox or Arklon more about that.

[Hooman]

Yes, load the executable in OllyDbg, then load the DLL by starting the level in game.

Technically you should be able to do what you did, but I think we messed up the exe with our patches. I suspect it was from our lack of awareness of the relocations table for some of the earlier patches. We changed instructions, but didn't update the relocations table pointing at those instructions. Everything is fine when the EXE is loaded to it's base address and doesn't need to be relocated. If you load a DLL in OllyDbg though, it first loads a dummy EXE at the usual base address, then loads the DLL which references Outpost2.exe, and so it then loads Outpost2.exe, but the base address is already taken by the dummy EXE, so Outpost2.exe gets relocated somewhere else, and references are patched up using the relocation table, which corrupts the patched code.

You can still load a DLL directly in OllyDbg and analyse it statically. You just can't run it because of the above problem. After loading the DLL, you can go to the modules window and choose the appropriate code section to view in the disassembly.


For this problem, the code you want to see is in Outpost2.exe, so you'd be better off loading that than the DLL. You can search the data section for references to the movie filenames and go from there.

If you still want to peek at the code, but aren't certain how to go about it, let me know and I can walk you through some of it.

[Vagabond]

Hooman and Sirbomber,

Thanks for the help. I have Outpost2.exe loaded now. I'll probably need help in the end but for now I'm happy to fiddle with it. I would also like to get Outpost2.udd loaded into Ollydbg. I see a post from 2008 with directions that I will try out.