Jump to content
Tuts 4 You

2.xx Plugins

84 files

  1. ZsHBPBar

    An OllyDbg hardware breakpoint bar, something similar to that in LCF-AT's version of OllyDbg.

    689 downloads

    0 comments

    Updated

  2. StrFinder

    I always wanted to write an OD plug-in for myself. Finally referenced many codes. After copying the code of many people I have written an OD2.01 character search plugin.
    I have never touched the OD plug-in before, and it took about two and a half days to write this.
    I feel that the OD2.01 plug-in is simpler to write than 1.x because most of the code I refer to is 1.x, which feels a bit complicated. After trying to figure out the whole structure by myself, it feels quite simple.
    The main difficulty is that there is no API manual. The API on the official website is not complete. Basically, it takes more time to test the API.
    Can search ASCII and UNICODE. Includes "Find" and "FindNext" options.

    622 downloads

    0 comments

    Submitted

  3. TraceAPI

    This plugin allows to trace all calls to system DLLs in a single thread by setting one-time memory breakpoints. 
    API trace can be started only if process is paused. Plugin sets break on access on user code. When user code is reached, it removes break on access from user code and sets it on system code, and so on. 
    Of course, it is possible that user code accesses data in the system area or vice versa. In this case I step over this command and restore breakpoint. Such cases are rare.

    This plugin is by no means ideal. It runs only single thread, and there may be problems if program calls ZwContinue(). If DLL unloads, plugin doesn't delete call records. It doesn't check whether one-time breakpoints are already set by user. It doesn't allow to protocol only selected APIs, and so on.    

    377 downloads

    0 comments

    Submitted

  4. Debug Plugin

    DebugPlugin allows you to debug other plugins of OllyDbg 2.

    530 downloads

    0 comments

    Updated

  5. HolyshitO2

    The first version of this plugin had only one feature, that was to add a label list. The second edition includes a feature to let OllyDbg load .sys files. I added this feature for common use (but with this plugin - so far - you can't unpack driver files, it can't even get you to the EP). In a future edition we will be able to unpack a packed driver in OllyDbg, in ring3!
    The toolbar is from IDAFicator, I just improved it. It is flexible and supports OllyDbg 2.01h.
    I have written all details in toolbar.ini in Chinese because this plugin was only released yesterday and I had never thought it would be released on Tuts 4 You.
    The main goal of this plugin is same as IDAFicator: "This plugin tries to make the life of OllyDBG users easier by bringing to him some fast and frequently used function."
    HolyshitO2 release: several buttons have been added to facilitate searches in Olly it is always configurable with the .ini file.

    417 downloads

    0 comments

    Submitted

  6. TransOlly2

    TransOlly2 allows to make transparent Olly to see the application in debugging under Olly.
    It can be activated or deactivated with the Alt + F11 keyboard shortcut.

    255 downloads

    0 comments

    Submitted

  7. ODbgScriptO2

    ODbgScript is a plugin for OllyDbg, which is, in our opinion, the best application-mode debugger out there. One of the best features of this debugger is the plugin architecture which allows users to extend its functionality. ODbgScript is a plugin meant to let you automate OllyDbg by writing scripts in an assembly-like language. Many tasks involve a lot of repetitive work just to get to some point in the debugged application. By using this plugin you can write a script once and for all.
     

    728 downloads

    0 comments

    Submitted

  8. OllyPath2

    When using OllyDbg as a portable version (e.g. on an USB stick) there are always problems with the UDD/Plugin path not being set correctly.
    The features:
    DLL, which sets Plugins, UDD and win32.hlp paths automatically Dummy export so it's easy to add the DLL to your olly mod Open source Attached is DLL + Source, I hope it's useful for somebody. Feel free to modify to your needs, just credit where you think it's needed.
    P.S. To add the DLL to your mod: Use CFF explorer to add the import "dummy" (which does nothing) to ollydbg.exe, this will execute the DllMain function (which can be considered illegal) and set the paths in the INI file.
    OllyPath2.dll must be in the same directory than ollydbg.exe

    290 downloads

    2 comments

    Submitted

  9. CmdBarO2

    Help command bar for OllyDbg version 2.01. All functions and commands of the regular cmdbar run.
    Shortcut for command line plugin: Alt+F1         
    Shortcut for  focus combobox: Crtl+Alt+D
    Commands are not case-sensitive, parameters in brackets are optional.

    647 downloads

    0 comments

    Submitted

  10. OllyAddMenu

    Hey all! Not sure if this is of interest or useful to anyone.
    I coded this cause RagDog has not updated the OllyMoreMenu plugin and thought i'd share.
    Allows 'OllyMoreMenu by RagDog' config file to run in ollydbg 2.01g.
    Please note; this plugin only allows the menu's to load. You CAN NOT add, delete or modify any of the already existing menus through this plugin.
    If you choose to modify the cfg.ini file manually, you should know that this plugin will only allow a maximum of 32 menus with 32 items each. This is strictly a work around until 'RagDog' gets the plugin operational for ollydbg 2.xx.
    Just copy this plugin & the cfg.ini to the plugin dir.

    248 downloads

    0 comments

    Submitted

  11. RestoreCPU

    Those who have used OD1.x are accustomed to point C to return to the current EIP / ESP function.
    The patch version of SnD also has this function, but the original OD2.x version does not include these functions.
    For the convenience of everyone, I made a small plug-in.
    If the OD is renamed and is not OllyDbg.exe, and there is no ollydbg.exe plug-in in the directory will fail. This is because the import table of this DLL requires ollydbg.exe.

    173 downloads

    0 comments

    Submitted

  12. FireFly

    An embedded C++ script plugin for Ollydbg.

    180 downloads

    0 comments

    Submitted

  13. Pyllow

    Pyllow aims to integrate Python into Ollydbg to automate common debugging tasks or extend Ollydbg with new features. Scripts are run from within Ollydbg and have access to most of the Olly API.
    Compilation
    To build Pyllow, you need:
    Visual Studio 2010 [Express] Boost with compiled Boost.Python a 32-bit Python 3.x install (tested with 3.2) Depending on your system you may need to point Boost to the correct Python version before compiling Boost.Python. What you'll want to do is tell Boost about all the available Python installs, and then choose one during the build process. This is done by adding them to /boost-dir/tools/build/v2/user-config.jam, like this:
    using python : 3.2 : "C:/Program Files (x86)/Python32/python.exe" # path to your Python setup : : : 32 # x86-32 only ; You can add more, e.g. a 2.x version or an x86-64 version (change the 32 to 64), just make sure you set the right path to the interpreter (python.exe), Boost will infer the include and lib paths automatically.
    Then, you can build Boost.Python like this:
    bjam --toolset=msvc-10.0 --build-type=complete --with-python python=3.2 address-model=32 For more info: http://www.boost.org/doc/libs/1_49_0/libs/python/doc/building.html#configuring-boost-build

    196 downloads

    0 comments

    Submitted

  14. Portablizer

    This plugin makes your copy of OllyDbg portable, which means that you can copy the OllyDbg folder to another location without having to fix ollydbg.ini manually. OllyDbg v1.10 and OllyDbg v2 are supported.
    OllyDbg v1.10 Usage:
    Copy portablizer.dll to the plugins folder. Apply the ollydbg-patch.exe patch on ollydbg.exe. The patch is needed because by default, OllyDbg loads the plugins at a later stage. Run OllyDbg from the correct folder, then close it. Make sure that the entries of ollydbg.ini contain relative paths (the [History] section). Limitations:
    The plugin DLL file must be named portablizer.dll. OllyDbg v2 Usage:
    Copy portablizer_odbg2.dll to the plugins folder. Run OllyDbg from the correct folder, then close it. Make sure that the entries of ollydbg.ini contain relative paths (the [History] section).

    182 downloads

    0 comments

    Submitted

  15. ManagedPluginHelper

    OllyDbg v2.01 Managed Plugin Helper/Loader

    216 downloads

    0 comments

    Submitted

  16. OllyHandles

    OllyHandles is a plugin for OllyDBG 2, it will show the handles opened by the debuggee. This feature exists in Immunity Debugger but was not available in Olly, that is why I wrote that plugin.
    It is easy to use OllyHandles, just put the file "OllyHandles.dll" into the root directory of OllyDBG 2. Launch an executable with Olly and then select "Plugins > OllyHandles" from the menu.

    337 downloads

    0 comments

    Submitted

  17. Address Shortcuts

    This plugin adds highly needed shortcuts to OllyDbg including Follow DWORD in Disassembler (Ctrl+Enter), Follow DWORD in Dump (Alt+Enter), and Copy RVA (Alt+"+").
    This plugin adds the following menu options / shortcuts to OllyDbg v2.01:
    Follow DWORD in Disassember (Ctrl+Enter) Follow DWORD in Dump (Alt+Enter) Follow DWORD in Stack Copy RVA — Similar to Alt+Ins in Olly, except that the address will be relative to the start of the module. Copy RVA (pretty) (Alt+"+") — The string will be formatted as helloworld+0x36a4. Copy file offset — Similar to Alt+Ins in Olly, except that the address will be relative to the start of the file. Copy file offset (pretty) (Ctrl+"+") — The string will be formatted as helloworld.dll+0x36a4. Note: The "+" key is at the top row of the keyboard, not the number pad.
    The above keyboard shortcuts (Alt vs. Ctrl, etc.) were chosen rather arbitrarily, so feel free to change them.
    Usage
    Simply drop address_shortcuts.dll next to your OllyDbg.exe, then restart OllyDbg, and Address Shortcuts should appear under your right-click menu.
    Now, look at a C++ object (with virtual functions) in the Memory Dump pane. The first dword should be a vtable address. Press Alt+Enter to follow it. Now press Ctrl+Enter to quickly pull up any function in the Disassembly Pane, and Alt+"+" to copy its RVA in a pretty format (helloworld+0x36a4). And, as usual, use the familiar Numpad-Plus/Minus to navigate forwards/backwards and Alt+Ins to copy raw addresses. Copy/paste hex bytes with Ctrl+Ins/Shift+Ins, and generate pretty hexdumps with Ctrl+C.
    Compiling
    You will need the OllyDbg Plugin SDK (ollydbg.lib).
    Using GCC:
    Copy CodeBlocks/plugin.h and CodeBlocks/ollydbg.lib from plug201h.zip into the current directory, then run:
    gcc -std=c99 -Wall -m32 -Os -g0 -funsigned-char -shared -nostartfiles -s -static-libgcc -o address_shortcuts.dll address_shortcuts.c ollydbg.lib  

    321 downloads

    2 comments

    Submitted

  18. LosWeiterOlly

    LosWeiterOlly is a very simple plugin for OllyDbg 2.01 that drastically decreases attach/load time for process debugging from several seconds/minutes to be virtually instant by disabling some features. Instant load time is especially useful when repeatedly debugging a crashing process.
    Usage
    Place LosWeiterOlly.DLL inside of OllyDbg's folder and start OllyDbg.
    Details
    The plugin uses an extremely simple and naive approach: preventing OllyDbg from analyzing and processing all loaded modules by patching EnumProcessModules. As such, not all OllyDbg features (e.g navigation via the modules list) are available when using the plugin. A slightly more sophisticated approach in the same simple vein would be to allow filtering of modules, so as to filter out and avoid OllyDbg from wasting time only on uninteresting modules, which would still save a considerable amount of time on each attach/load.

    263 downloads

    0 comments

    Submitted

  19. Ollight

    A Code highlighting plugin for OllyDbg 2.01.

    221 downloads

    0 comments

    Submitted

  20. Holyshit

    The first version of this plugin had only one feature, that was to add a label list. The second edition includes a feature to let OllyDbg load .sys files. I added this feature for common use (but with this plugin - so far - you can't unpack driver files, it can't even get you to the EP). In a future edition we will be able to unpack a packed driver in OllyDbg, in ring3!
    The toolbar is from IDAFicator, I just improved it. It is flexible and supports OllyDbg 2.01h.
    I have written all details in toolbar.ini in Chinese because this plugin was only released yesterday and I had never thought it would be released on Tuts 4 You.
    The main goal of this plugin is same as IDAFicator: "This plugin tries to make the life of OllyDBG users easier by bringing to him some fast and frequently used function."

    226 downloads

    0 comments

    Submitted

  21. OllyDbg2FixeR

    OllyDbg2FixeR is a plugin for OllyDbg201(I). OllyDbg2FixeR allows you to fix OllyDbg assemble BUG when you press space/double-click on CALL/JUMP commands.

    If you have chosen "Show Symbolic Addresses" in OllyDbg options, this BUG only decode by name of API/Label when it's exist.

    You must be checked in "Fix Assemble" to Fix BUG or Uncheck if you want to "ReStore Assemble" as "default" of ollyDbg.

    You can also ADD NEW PARAMETER by Manual for OllyDbg2FixeR to Patch OllyDbg2, include (ManualPatch, Address, OldByte NewByte, PatchLen, PatchTime)

    ManualPatch must be = 1 (Flag to Enable)
    PathTime must be valid.
    Address[x] must be valid.
    PatchLen[x] must be <= 1024 Byte.
    OldByte[x] = Original Byte at adress.
    NewByte[x] = New Byte to patch at address.
    See "OllyDbg2FixeR.PNG" for more detail.

    It's easy to fix SMALL BUG of OllyDbg automatic way when you run OllyDbg2 with OllyDbg2FixeR plugin.

    294 downloads

    0 comments

    Updated

  22. CleanupExEx

    CleanupExEx is a plugin for OllyDbg 2.XX. It's a new plugin BUT it's improving with a good idea from CleanupEx (by Gigapede and atom0s) to work on OllyDbg 2.XX. The plugin allows to delete OllyDbg data (*.UDD,*.BAK) into UDD directory.

    Plugin isn't good but source code is OPEN (Delphi IDE). You can improve/add/modify code whenever as you like.

    Why was "CleanupExEx" created? I found BUG in both plugins CleanupEx v2 and VicPlugIn2, both plugins weren't work on OllyDbg 2.01(G,H,I). So i decided to create my own plugin to do that.

    202 downloads

    0 comments

    Submitted

  23. AAHWBP

    This is a plugin for OllyDbg 2 that can be used to help hide hardware breakpoints from being modified by SEH.

    177 downloads

    0 comments

    Submitted

  24. Advanced Labels

    Advanced labels with user datatypes support. Pointers and arrays are supported too. Datatypes support embedding.

    265 downloads

    0 comments

    Submitted

  25. AnalyzeThis

    Sometimes (especially when dealing with packers) you may need to run OllyDbg's code analysis function, only to find it's not available to you because the EIP is currently outside the code segment as defined by the PE header. AnalyzeThis! is an OllyDbg plugin to allow OllyDbg's analysis function to operate outside of the marked code segment, by telling OllyDbg the current segment *is* the code segment.

    Caveats: If the EIP is outside the range of a known executable module, AnalyzeThis! will not work. Also, OllyDbg can only store one analysis table, so if you analyze a new segment, it will remove any existing analysis that has been done.

    Source code has not been included; not because I don't want to release it at this time, but because I can't find it offhand. If you really need it, email me and I'll look harder for it.

    436 downloads

    0 comments

    Submitted


×
×
  • Create New...