Categorized Downloads. OllyDbg Plugins. OllyScript, SHaG, OllyScript is a plugin for OllyDbg, which is, in my opini. Nov 20, 2007. I have compiled a list of what I consider to be the most important Olly plugins for reverse engineering. Every one of these will be used at some point in my tutorials. Of course, this list is nowhere near exhaustive (for that I would go to ), and I’m sure there are plenty that I am missing that some would consider ‘vital’. Mostly, I have listed these here for convenience for people going through my tutorials. I have included the name, the latest version that I could find, the author, and a quick outline of what they do. All of these can be downloaded from my page. +BP-OLLY Ver. 2.0 beta 4 By: This plugin open up a new ‘floating’ toolbar at the top of Olly. It provides quick access to setting BP’s on popular API’s (with some for VB as well), Also provides a couple buttons for quickly launching some applications (Notepad, Calc, A user specified folder, and a command prompt) Anti-Anti Hardware Breakpoint Ver: 0.1 By: Mattwood^FRET Single minded, but does what it’s supposed to. It hooks ntdll to restore the Drx registers after a Structured Exception Handler. AnalyzeThis+ ver: 0.24 By: SMK I think the author says it best: “Sometimes (especially when dealing with packers) you may need to run OllyDbg’s code analysis function, only to find it’s not available to you because the EIP is currently outside the code segment as defined by the PE header. The band recorded its second album Fly or Die during 2003. Yannick noah best of torrent. ![]() Is an OllyDbg plugin to allow OllyDbg’s analysis function to operate outside of the marked code segment, by telling OllyDbg the current segment *is* the code segment. “ This is another ‘can’t do without’ plugin. It is indispensable, especially when working with packers. API Break Ver: 0.2 By: Dazzling Blue & Baby2008 This plugin allows you to set a breakpoint on many popular Windows API’s. It opens a dialog listing many API’s by category. It is nicer than trying to remember what the API call is to get the current time (in millis) ASCII Table Ver: 1.1 By: REACTION AsciiTable quickly displays the ASCII chart in hex, decimal, octal and ascii. I hope the author get’s around to fixing some of the bugs, tho (when you first load it, everything is highlighted, the window is not sizable, the text is editable). ![]() But overall, extremely helpful. Attach Anyway Ver: 0.1 By: Jow Stewart From the author: “AttachAnyway is a PoC OllyDbg plugin designed to show how to remove a process’ hook on NtContinue by the anti-debugger-attach method devised by Piotr Bania here. [This is not intended to be a universal plugin for all anti-attach methods, just one example of how you can do it. It works by enumerating all processes, searching their virtual memory space for a JMP hook on the NtContinue method, then replacing the jump with the original bytes from a non-hooked process, then calling the OllyDbg Attachtoactiveprocess API.” Bookmark Ver: 1.06 By: Oleh Yuschuk & Eviloid This handy plugin allows the user to set bookmarks (no more using BP’s to remember where that code was!!!). Simply right-click on an instruction and choose bookmark->New bookmark. Simple, but sweet. Code Ripper Ver: 1.3 By: Ziggy This nice plugin allows you to copy code from the binary in a nicely formatted way. Very convenient if you need to copy sections of code to look at later or show someone else. CommandBar Ver: 3.20.110 By: Gigapede Allows quickly applying breakpoints, finding API’s etc. Sometimes typing is a lot quicker than searching thru windows HideDebugger Ver: 1.2.4 By: Asterix This plugin hides OllyDbg from many debugger detection tricks. These include IsDebuggerPresent, FindWindow, TerminateProcess, Unhandled Exception tricks, OutputDebugString, and some heap-checking tricks. HideOD Ver: 0.181 By: Kanxue HideOD allows Olly to be hidden from the debugged application. It allows setting the following: 1. HideNtDebugBit (IsDebuggerPrestn, NtGlobalFlags, HeapFlags, ForceFlags) 2. ClearHeadpmagic 3. SetDebugPrivilege 4. Process32Next 5. OutDebugStringA 6. CheckRemoteDebuggerPresent 7. ZwSetInformationThread 8. UnhandledExceptionFilter 9. ZwQueryInformationProcess It also has an autoset feature and a memory allocator (I think for code caves, tho I could be wrong ) Most of these features are included in Olly Advanced (see below). Installer linux mint. IDAFicator Ver: 2.0.11.45 By: IDAFicator is an immense collection of utilities for Olly. It add a new toolbar at the top of the screen with various cool features, such as go to next/previous line I was on, Go to beginning/end of current method (nice!), a displayable hardware breakpoint window (finally!), a button to immediately search for referenced text strings, a button to open the folder of the target app, and an assembler window similar to NanoWrite. Culvertmaster user manual. The 1-5 icons are user settable (though I didn’t find this to be the case in all versions of this plugin ) Next, IDAFicator has added several options for the mouse middle button, such as copying and pasting binary data, RVA’s etc. It allows setting of breakpoints in the dump window, and a handy stolen bytes retriever (that even changes the bytes to match a specific compiler).
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |