Jump to content
Tuts 4 You

OllyDbg

Sign in to follow this  

Sub Category  

32-bit assembler level analysing debugger for Microsoft Windows...

33 files

  1. OllyDbg

    OllyDbg is a 32-bit assembler level analysing debugger for Microsoft® Windows®. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable. OllyDbg is a shareware, but you can download and use it for free. Special highlights are:
    Intuitive user interface, no cryptical commands Code analysis - traces registers, recognizes procedures, loops, API calls, switches, tables, constants and strings Directly loads and debugs DLLs Object file scanning - locates routines from object files and libraries Allows for user-defined labels, comments and function descriptions Understands debugging information in Borland® format Saves patches between sessions, writes them back to executable file and updates fixups Open architecture - many third-party plugins are available No installation - no trash in registry or system directories Debugs multithread applications Attaches to running programs Configurable disassembler, supports both MASM and IDEAL formats MMX, 3DNow! and SSE data types and instructions, including Athlon extensions Full UNICODE support Dynamically recognizes ASCII and UNICODE strings - also in Delphi format! Recognizes complex code constructs, like call to jump to procedure Decodes calls to more than 1900 standard API and 400 C functions Gives context-sensitive help on API functions from external help file Sets conditional, logging, memory and hardware breakpoints Traces program execution, logs arguments of known functions Shows fixups Dynamically traces stack frames Searches for imprecise commands and masked binary sequences Searches whole allocated memory Finds references to constant or address range Examines and modifies memory, sets breakpoints and pauses program on-the-fly Assembles commands into the shortest binary form Starts from the floppy disk and much, much more!

    802 downloads

    0 comments

    Updated

  2. OllyICE

    This is an updated release based upon the final OllyDbg release from Hacnho, his further enhanced OllyDbg Hacnho modification. It includes all the bug fixes from his original Hacnho. It is also compressed using the Themida 1.xx Ring-0 engine to help hide the debugger from detection. Be warned it runs quite slowly because of this and it is not very compatible with certain operating systems (WinXP SP2) and applications like anti-virus tools. Blue Screens of Death (BOD) are quite common with this Olly.

    237 downloads

    0 comments

    Updated

  3. RAMOllyDBG

    OllyDbg moded for ExeCryptor & THEMIDA

    Add the possibility of deleting all points of stopping Remove all breakpoints
    Auto path UDD & plugin
    Reference search directly from the toolbar
    Show offset in status bar
    Amendment to show the number of additions to the list
    Additions located

    1 - advancedolly.dll
    2 - analyzethis.dll
    3 - API_Break.dll
    4 - bookmarks2.dll
    5 - cmdbar.dll
    6 - HideOD.dll
    7 - NonaWrite.dll
    8 - ODbgScript.dll
    9 - OllyBugfix.dll
    10 - OllyDump.dll
    11 - OllyMoreMenu.dll
    12 - PhantOm.dll
    13 - Poison.dll
    14 - ustrref.dll
    15 - StrongOD.dll

    This amendment took me time so there is no difference between them and the original
    They accept each others additions modified
    Do not forget pray for me and my family

    171 downloads

    0 comments

    Updated

  4. LifeODBG

    This tool can let you debug a client process as a normal process,you can use normal debugger(exp:ollydbg) to debug the parent process at the same time.

    Usage help:
     
    This tool must inject into the parent process and listen client process create event. If the parent process not started with the client process at the same time and parent process first.we need inject the debugger by myself.Just selete a process in list and click "inject" ,a debugger will be started. if not please check the lifeODBG's privilege or selected "step up privilege" have another try.when the debugger started,it's just like a simple debugger,if you not selected "Auto listen" be front of Inject you must start listen manually.Just use debugger open a program(exp:notepad.exe).After listen started,the debugger just like fool until the client process created. If the parent and client process start at the same time,we only click "O" to select the program we need,type in the command line in left edit control and click "Debug",the process and debugger will be created automatically.But if not select "auto listen" beforehand,we need start listen manually.(exp:Armadillo) Options:
    "Inject":Just inject the debugger into selected process. "Inject DLL":Just inject a DLL into selected process. "Refresh":Refresh the processes list. "Single debug mode":Let the injected debugger just like a simple debugger,It is can debug but not client process. "Disable handle close":Disable the client process close the handles in debug event.(exp:Debug EncryptPE). "Set up privilege":Set up the LifeODBG.exe's privilege. "Auto listen":turn into debug stats automatically when the debugger be injected. "Passive mode":Just use for the process we started is a client process when the parent process append start debugger automatically. "Call back debug event":Set up who will be call back to the debugger.

    51 downloads

    0 comments

    Updated

  5. FOFF Team Edition

    This version of OllyDbg is moded to be undetectable by protectors or protecting formulas, it is fast and with most needed plugins for everyday cracking! A few fixes where done, some where reported by the users thanks to them some changes in code for hidding and of course speed is as always even or better......DLL loader was added since first version hadn't one, added plugins and updated osme old version with newer ones..... Most important to note i add a new plugin manager to this package that works on DeFixed only now instead of deleting your plugins you can easly choose which to disable and which to use and return them back too without any problem !!

    144 downloads

    0 comments

    Updated

  6. diablo2oo2's Ollydbg

    This is Diablo's modified version of OllyDbg. Its mainly got a few aesthetic changes to the layout plus it includes all the basic plugins and scripts to get a first time user up and running.

    79 downloads

    0 comments

    Submitted

  7. EvO_DBG

    This is my version of OllyDBG. I removed all useless plugins and put my preferred ones, and also I set-up a good configuration. With it you should be able to load any protected file (Themida for example).

    Sometimes you have to change some options inside plugins (with Obsidium for example), but the current setting is good in 90% of cases.

    It has also a more advanced loaddll.exe that allows you to load dll's in different memory locations, so you can rebuild relocations in an easy way.

    75 downloads

    0 comments

    Submitted

  8. Execryptor (ODbyDYK) Edition

    This engine isn't intentionally called ExeCryptor Edition its actually called ODbyDYK (after the author) but since its been commonly used for ExeCryptor and more generally known as such thats how I've named it here.

    I think there has been quite a few modifications to it but not being Chinese I'm unable to read and understand the information within the archive correctly to discover exactly what. Maybe a native or Chinese literate person could pass on to me further details about this engine or translate the included .txt file for me, please.

    59 downloads

    0 comments

    Submitted

  9. 9in1 for Themida

    A version of OllyDbg specifically modified to allow debugging of Themida protected applications.
    Functions:
    1.Hide IsDebuggerPresent
    2.Hide NtGlobalFlag
    3.Hide ProcessHeapFlag
    4.Patch ZwQueryInformationProcess (==patch UnhandledExceptionFilter)
    5.Patch ZwSetInformationThread
    6.Patch CheckRemoteDebuggerPresent
    7.Patch OutputDebugStringA
    8.Anti heap-checking (For themida1.9.5.0)
    V1.02:
    ! Fixed the bug of patching ZwSetInformationThread (For themida 1.9.5.0)
    + ADD heap-checking.
    Debug themida1.9.5
    1.Modify window caption in the file ollydbg.exe (CPU,OLLYDBG...)
    2.Click "Hide ALL" (choose HideDBG plugin)

    129 downloads

    0 comments

    Submitted

  10. BoomBox

    Another OllyDbg modification, mainly changed for aesthetic reasons in an XP styles format.

    19 downloads

    0 comments

    Submitted

  11. Chinese Edition

    This is a Chinese edition of OllyDbg translated specifically for the Chinese literate people among our community.

    25 downloads

    0 comments

    Submitted

  12. CiMs Edition

    If you wanna work with this modified version of OllyDBG, please don't Add it to menu in Windows Explorer. To do : run "CiM's.exe" then F3 to chose the target file. Else you wont be satisfied by the result of the analyse (it may also crash)...

    28 downloads

    0 comments

    Submitted

  13. OllyDRX Lite

    + New look
    + Modified code for almost perfect hiding
    + Modified code for expanded windows
    + Modified code for %s overflow RCE exploit
    + Modified code to make symbols load properly
    + OllyDRX Plugin Patcher

    44 downloads

    0 comments

    Submitted

  14. OllyPortable

    OllyPortable is my portable version of OllyDbg extended with plugins and patches for a good looking and decently working debugger environment.

    Main features:
    Good looking buttons (thanks to the author of Olly Shadow) Full portability (OllyPath.dll, source is included) Tested & working on both XP SP3 and Win7 x64 Manifest to make olly look less Win98 Useful plugins, sometimes with custom patches Plugin descriptions:
    analyzeThis: Analyze code outside the code section of the debugged program. Asm2Clipboard: Quickly copy ASM code (with labels) to the clipboard. ClearUDD: Plugin to clear the UDD directory from within olly. CmdBar: Command bar to quickly set breakpoints/registers etc. DataRipper: Rip selected data in various formats. HiddenThreads: Plugin that finds hidden threads. ICanAttach2: Plugin that fixed anti-attach tricks. ida_sigs: Plugin to import IDA signatures to the debugged file. IDAFicator: Great plugin with many features, check the manual. MnemonicHelp: Simply plugin that loads a help file for the selected mnemonic. ModuleBCL: Import&Export labels, comments and breakpoints. multiasm_odbg: Extremely useful plugin for writing code caves. ODbgScript: Script OllyDbg (Patched by me) ODBJscript: Script OllyDbg using javascript oDump: Fixed version of OllyDump that bypasses anti-dump techniques. OllyCopy: Great plugin to copy addresses, bytes and patterns to the clipboard. OllyFlow: Generate an IDA graph from analyzed code. OllyWow64_0.2: Compatibility plugin for WOW64 RemoveCriticality: Plugin that fixes an exploit that could crash the system when debugging. SehSpy: Show the SEH context before the reached exception. SigMaker: Easily make patterns and signatures. StollyStruct: Plugin that allows viewing memory in structure form (Patched by me) StrongOD: Hide & Bugfix plugin (Patched by me) TLSCatch: Plugin that sets a breakpoint on TLS callbacks (when found) X_CRYPTO: Plugin to hash bytes or text inside olly.
    I also included the help files for ODbgScript, ODBJScript, Multiasm, Win32 API and x86 opcodes.

    108 downloads

    0 comments

    Submitted

  15. Portable OllySnD

    It is a version of "Emergency" is the basics to make a good crackeo, this is a package "Reduced", but I want to make portable versions of several programs, and As ultraedit and others that require installation and makes heavy.

    THIS OLLYSND PORTABLE NOT NEED CONFIGURARSE, THE ROUTE OF THIS PLUGINS AUTO-CONFIGURADA.

    So he can run from anywhere without the need to change Nothing is prepared and ready for use.

    55 downloads

    0 comments

    Submitted

  16. Hacnho

    This modified OllyDbg version has some bug fixes from the original OllyDbg such as the buffer overflow bug.

    25 downloads

    0 comments

    Submitted

  17. HanOlly

    HanOlly.exe + HanOlly.dll - [Themida 1.9.5.0]

    - This is a custom Olly and Plugin that defeats Themida 1.9.5.0 Anti-Debugger checks (tested with Shooo's unpackme).
    - Olly is modified the least amount possible, only bypasses debugger checks, and nothing more, very close to orgional "clean" olly.
    - The plugin also works with OllyIce but I dont know exactly what has been modified in OllyIce so I cannot guarentee it is stable.

    35 downloads

    0 comments

    Submitted

  18. NoLoVeR

    Plug-in to load, additional support for the mouse wheel window, Execryptor been detected. Rear number library functions. Paste to copy BUG. Closed OD shortcuts ALT + Q, the environment variable settings can be automatically downloaded and loaded PDB, and so on. Part of the revised approach from the Internet. There have been some changes do not remember where it is taken from the ... Amended the title of the window. Unmodified category, can make its own decisions. STRONGOD or with the use of. 
    Annex contains some of his extracted LIB file. Can be identified only some of the serial number and not the function of CALL or JMP 
    To load signs need to set the environment variable. 
    Set the environment variable name: _NT_SYMBOL_PATH 
    Content 
    SRV * F: \ Ollydbg \ Symbols * http://msdl.microsoft.com/download/symbols;; F: \ Ollydbg \ Symbols make its own decisions as needed. 
    Of course, we can not set the environment variable load PDB. But the need to batch or CMD window to run the following command. 
    set _NT_SYMBOL_PATH = SRV * F: \ Tools \ Ollydbg \ Symbols * http://msdl.microsoft.com/download/symbols;; F: \ Ollydbg \ Symbols make its own decisions as needed. 
    NoLoVeR.exe (based on the need to amend its own name OD) 
    The annex is symchk.exe download symbols (PDB) with the use of methods can be used symchk 😄 \ windows \ system32 \ *. dll download this way, and not set the environment variable to use / s parameter setting when Symbol path Will automatically use the default path SRV *% SYSTEMROOT% \ SYMBOLS * http://msdl.microsoft.com/download/symbols that under the system directory SYMBOLS directory. 
    SYMCHK.EXE use symchk [/r] [/q] [Input options] <Filename> [/s <SymbolPath>] [options] <Filename>      Name of the file or directory that contains the executables                 to perform symbol checking on. /s <SymbolPath> Semi-colon separated list of symbol paths.  Symbol server                 paths are allowed.  To retrieve symbols to a downstream                 store, use "SRV*<downstream store>*<symbol server>" for                 the symbol path.  See the debugger documentation for more                 details. /r              Perform recursive operations on the <Filename> specified.  The                 wildcard * can be used in filenames. /q              Turn off all output options by default. Only output turned on                 with a output flag (see below) will be printed -------------------------------------------------------------------------------- * Input options (choose only one): /if <Filename>       Input is a file name.  Wildcards can be used to specify                      the file name. Default if nothing is specified. /id <DumpFile>       Input is a dump file. /ih <HotFix>         Input is a self-extracting Hotfix cab. /ie <ExeName>        Input is an application name that is currently running.                      If the provided ExeName is '*', all currently running                      processes will be checked. /im <ManifestList>   Input is a manifest previously created using the /om <file>                      option. /ip <ProcessId>      Input is a process id. If the provided ProcessID is '*',                      all currently running processes will be checked. /it <TextFileList>   Input is a list of files, one per line, inside of a text                      file. -------------------------------------------------------------------------------- * Action options (choose only one): /av  For each binary, Verify symbols exist and match.  Default. -------------------------------------------------------------------------------- * Symbol checking options: /cc  when symbol checking a hotfix cab, don't look for symbols inside the cab.      By default, symchk will look for symbols in the cab as well as in the      provided symbol path. /cn  When symbol checking a running process, don't suspend that process.  User      must ensure the process doesn't exit before symbol checking finishes. /cs  Skip verifying that there is CodeView data. Symchk will verify that there      IS codeview data by default. - Symbol checking options for DBG information (choose one): /ds  If image was built so that there is information that belongs in a DBG      file, then this option verifies that the DBG information is stripped      from the image and that the image points to a DBG file. Default. /de  If image was built so that there is information that belongs in a DBG      file, then this option verifies that the DBG information is STILL in the      image and that the image does not point to a DBG file. /dn  Verify that the image does not point to a DBG file and that DBG      information is not in the image. - Symbol checking options for PDB files: /pa  Allow both public and private PDBs.  Default. /pf  Verify that PDB files contain full source information. /ps  Verify that PDB files are stripped and do not contain full source      (private) information. /pt  Verify that PDB files are stripped, but do have type information.  Some      PDB files may be stripped but have type information added back in. -------------------------------------------------------------------------------- * Symbol checking exclude options: /ea <Filename>  Don't perform symbol checking for the binaries listed in the                 file specified.  <Filename> is a text file that contains the                 name of each binary, one per line. /ee <Filename>  Perform symbol checking and report files that pass or are                 ignored, but don't report errors for binaries listed in the                 file specified.  <Filename> is a text file that contains the                 name of each binary, one per line. -------------------------------------------------------------------------------- * Symbol path options: /s[epsu]  <SymbolPath>  Use <SymbolPath> as the search path.    NOTE: If the '/s' option is not used, SymChk defaults to using the value          in %_NT_SYMBOL_PATH%. If %_NT_SYMBOL_PATH% is not defined, then SymChk          will default to:            SRV*%SYSTEMROOT%\SYMBOLS*http://msdl.microsoft.com/download/symbols * Modifiers (choose all that apply):    e - check each path individually instead of checking all paths at once.    p - force checking for private symbols.  Public symbols will be treated as        not matching. (Implies the 'e' and 'u' modifiers.)    s - force checking for public (split) symbols. Private symbols will be        treated as not matching. (Implies the 'e' and 'u' modifiers.)    u - force updating of downstream stores. If the symbol path includes a        downstream store, always re-check the server for the symbol. Only        stores that are checked against will be updated.    NOTE: The 's' and 'p' options are mutually exclusive. Only the last one          present will be used. -------------------------------------------------------------------------------- * Output options (choose all that apply): /ob       Give the full path for binaries in the output messages for symbol           checking. /oc[x[a]] <Directory>    Create a flat symbols tree in <Directory> which           contains all matching symbols. If 'x' is also used, copy the matching           binaries into <Directory> as well. If 'a' is also present, the binary           will always be copied to the flat symbol tree even if symbol checking           failed. /od       List all details.  Same as /oe /op /oi /oe       List individual errors.  Errors will be sent to the output by default.           This option is only needed when using /q /oi       List each file that is ignored. /op       List each file that passes. /os       Give the full path for symbols in the output messages for symbol           checking. /ot       Send totals to the output.  Totals are sent to the output by default.           This option is only needed when using /q /ov       Print version information for checked binaries as well. - Extended output options: /ol <File>     In addition to the messages sent to standard out, write a                file that contains a comma separated list of all the                binaries and their symbols that pass symbol checking. /om <Manifest> Print out a manifest file for later use with the '/im' option. /v             Turn on verbose output mode. -------------------------------------------------------------------------------- * Module filtering options when checking processes or dump files (choose one): /fm <Module>  Filter results to only include the named module. -------------------------------------------------------------------------------- * Misc options /port     Old usage to new usage quick porting table --------------------------------------------------------------------------------  

    18 downloads

    0 comments

    Submitted

  19. YPOGEiOS

    Another modified version of OllyDbg 1.10.

    20 downloads

    0 comments

    Submitted

  20. Shadow

    Apart from a couple of easthetic modifications Shadow's Olly modification has quite a few bug fixes and changes. Not much is known about exactly what changes have been made but it is regarded as being one of the better modified OllyDbg versions available.

    114 downloads

    0 comments

    Submitted

  21. SnD Olly

    After a longer time I created a new SnD - version 2.2 - by request from our board member DMichael. Normally I still do not like to use Olly 2 version [many basic features missing / changed etc] but anyway... I have taken some time to create all patches in OllyDbg 2.01h like in my older version + some little more checks etc. So now you can use this version with Windows 8 [testing done by DMichael - thanks again] without any problems. If there are any problems with ASLR (for example) then you will get a message with info about the problem and what to do. I also changed the look a little, maybe you like it as I do. All is ready to go and is setup by me [.ini file like I prefer] so that you can start directly after unpacking the .rar file. Some information can be read in the info text file.

    Have fun with the new 2.2 version [odbg201h] and post some feedback on the board if you like it or if there is any problem.

    Modifications:
    Added PEB Hide patch Added ZWQIP patch Changed OllyDBG names Changed CPU Added SnD patch section where you can see my patches Added some new resources Added manifest for XP style [just rename manifest if you get problem to use it on other OS etc] Added quick origin pop if you press the "C" button Added Win7 | Win8 support only with static original base of SnD 2.2 Added quick self check of loaded SnD 2.2 base. If not original or a problems comes at startup then you get info message Setup of SnD .ini file + color-scheme
    So all was again patched like in my older SnD 2.0 / 2.1 versions plus some more checks and different patching ways of the intern ZWQIP API.

    Testing by me on XP SP3.
    Testing by DMichael on Windows 8. Thanks again. 

    Info: If you want to use int3 breakpoints instead of HWBPs [Debugging Options] then do not set a HWBP on ZWQIP API before you did stop at TLS or EP. Don't set the HWBP at systemBP.
    Int3 + HWBP on ZWQIP before TLS or EP = No API patch! Int3 + No HWBP on ZWQIP before TLS or EP = Ok HWBP + HWBP = All ok no problems. Just keep this info in your mind if you wanna change the option.

    Info: So I also insert the original Olly version which you will also need to read all plugins so that you don't need to change the OllyDBG.exe to SND.exe name in the plugins itself.

    70 downloads

    0 comments

    Submitted

  22. UST_2bg

    A nice modification of the original OllyDbg 1.10 engine. Contains; a quick breakpoint feature, common and popular plugins, toolbar, extra features and slight visual changes.

    28 downloads

    0 comments

    Submitted

  23. VicOlly Debugger

    This update, my vicOlly can run very well on Windows 7, x86 & x64. All for fun.

    67 downloads

    0 comments

    Submitted

  24. Windows 7 (Virtualized)

    Some beloved plugins for Olly stopped working when used with Windows 7, among these are OllyAdvanced and Conditional Branch Logger just to name two of them. To overcome this issue I virtualized Olly and now the plugins are working again.

    You can customize this Olly as usual. Note, that you have to set the Plugins- and UDD- directory when starting it for the first time. Unfortunately there is a small shortcoming - Every part of a plugin that is driver-based is NOT working. This is due to the fact, that drivers cannot be virtualized. For instance while everything else in OllyAdvanced is working, it's driver-based Anti-RTDSC is not but that does not hinder the plugin to work great. The same goes for other plugins that have drivers involved. Sorry for that, virtualization nowadays is pretty good but not perfect.

    Also, there may be an issue with non-latin charactersets which I'm unable to confirm because I haven't got a non-latin Windows.

    35 downloads

    0 comments

    Submitted

  25. Russian Edition

    This is the Russian translated version of OllyDbg 1.10.

    27 downloads

    0 comments

    Submitted

Sign in to follow this  
×
×
  • Create New...