2.xx Plugins
84 files
-
ZsHBPBar
By Teddy Rogers
An OllyDbg hardware breakpoint bar, something similar to that in LCF-AT's version of OllyDbg.
676 downloads
0 comments
Updated
-
StrFinder
By Teddy Rogers
I always wanted to write an OD plug-in for myself. Finally referenced many codes. After copying the code of many people I have written an OD2.01 character search plugin.
I have never touched the OD plug-in before, and it took about two and a half days to write this.
I feel that the OD2.01 plug-in is simpler to write than 1.x because most of the code I refer to is 1.x, which feels a bit complicated. After trying to figure out the whole structure by myself, it feels quite simple.
The main difficulty is that there is no API manual. The API on the official website is not complete. Basically, it takes more time to test the API.
Can search ASCII and UNICODE. Includes "Find" and "FindNext" options.
611 downloads
0 comments
Submitted
-
TraceAPI
By Teddy Rogers
This plugin allows to trace all calls to system DLLs in a single thread by setting one-time memory breakpoints.
API trace can be started only if process is paused. Plugin sets break on access on user code. When user code is reached, it removes break on access from user code and sets it on system code, and so on.
Of course, it is possible that user code accesses data in the system area or vice versa. In this case I step over this command and restore breakpoint. Such cases are rare.
This plugin is by no means ideal. It runs only single thread, and there may be problems if program calls ZwContinue(). If DLL unloads, plugin doesn't delete call records. It doesn't check whether one-time breakpoints are already set by user. It doesn't allow to protocol only selected APIs, and so on.
371 downloads
0 comments
Submitted
-
Debug Plugin
By Teddy Rogers
DebugPlugin allows you to debug other plugins of OllyDbg 2.
520 downloads
0 comments
Updated
-
HolyshitO2
By Teddy Rogers
The first version of this plugin had only one feature, that was to add a label list. The second edition includes a feature to let OllyDbg load .sys files. I added this feature for common use (but with this plugin - so far - you can't unpack driver files, it can't even get you to the EP). In a future edition we will be able to unpack a packed driver in OllyDbg, in ring3!
The toolbar is from IDAFicator, I just improved it. It is flexible and supports OllyDbg 2.01h.
I have written all details in toolbar.ini in Chinese because this plugin was only released yesterday and I had never thought it would be released on Tuts 4 You.
The main goal of this plugin is same as IDAFicator: "This plugin tries to make the life of OllyDBG users easier by bringing to him some fast and frequently used function."
HolyshitO2 release: several buttons have been added to facilitate searches in Olly it is always configurable with the .ini file.
409 downloads
0 comments
Submitted
-
TransOlly2
By Teddy Rogers
TransOlly2 allows to make transparent Olly to see the application in debugging under Olly.
It can be activated or deactivated with the Alt + F11 keyboard shortcut.
251 downloads
0 comments
Submitted
-
ODbgScriptO2
By Teddy Rogers
ODbgScript is a plugin for OllyDbg, which is, in our opinion, the best application-mode debugger out there. One of the best features of this debugger is the plugin architecture which allows users to extend its functionality. ODbgScript is a plugin meant to let you automate OllyDbg by writing scripts in an assembly-like language. Many tasks involve a lot of repetitive work just to get to some point in the debugged application. By using this plugin you can write a script once and for all.
714 downloads
0 comments
Submitted
-
OllyPath2
By Teddy Rogers
When using OllyDbg as a portable version (e.g. on an USB stick) there are always problems with the UDD/Plugin path not being set correctly.
The features:
DLL, which sets Plugins, UDD and win32.hlp paths automatically Dummy export so it's easy to add the DLL to your olly mod Open source Attached is DLL + Source, I hope it's useful for somebody. Feel free to modify to your needs, just credit where you think it's needed.
P.S. To add the DLL to your mod: Use CFF explorer to add the import "dummy" (which does nothing) to ollydbg.exe, this will execute the DllMain function (which can be considered illegal) and set the paths in the INI file.
OllyPath2.dll must be in the same directory than ollydbg.exe
286 downloads
Submitted
-
CmdBarO2
By Teddy Rogers
Help command bar for OllyDbg version 2.01. All functions and commands of the regular cmdbar run.
Shortcut for command line plugin: Alt+F1
Shortcut for focus combobox: Crtl+Alt+D
Commands are not case-sensitive, parameters in brackets are optional.
638 downloads
0 comments
Submitted
-
OllyAddMenu
By Teddy Rogers
Hey all! Not sure if this is of interest or useful to anyone.
I coded this cause RagDog has not updated the OllyMoreMenu plugin and thought i'd share.
Allows 'OllyMoreMenu by RagDog' config file to run in ollydbg 2.01g.
Please note; this plugin only allows the menu's to load. You CAN NOT add, delete or modify any of the already existing menus through this plugin.
If you choose to modify the cfg.ini file manually, you should know that this plugin will only allow a maximum of 32 menus with 32 items each. This is strictly a work around until 'RagDog' gets the plugin operational for ollydbg 2.xx.
Just copy this plugin & the cfg.ini to the plugin dir.
241 downloads
0 comments
Submitted
-
RestoreCPU
By Teddy Rogers
Those who have used OD1.x are accustomed to point C to return to the current EIP / ESP function.
The patch version of SnD also has this function, but the original OD2.x version does not include these functions.
For the convenience of everyone, I made a small plug-in.
If the OD is renamed and is not OllyDbg.exe, and there is no ollydbg.exe plug-in in the directory will fail. This is because the import table of this DLL requires ollydbg.exe.
170 downloads
0 comments
Submitted
-
0 comments
Submitted
-
Pyllow
By Teddy Rogers
Pyllow aims to integrate Python into Ollydbg to automate common debugging tasks or extend Ollydbg with new features. Scripts are run from within Ollydbg and have access to most of the Olly API.
Compilation
To build Pyllow, you need:
Visual Studio 2010 [Express] Boost with compiled Boost.Python a 32-bit Python 3.x install (tested with 3.2) Depending on your system you may need to point Boost to the correct Python version before compiling Boost.Python. What you'll want to do is tell Boost about all the available Python installs, and then choose one during the build process. This is done by adding them to /boost-dir/tools/build/v2/user-config.jam, like this:
using python : 3.2 : "C:/Program Files (x86)/Python32/python.exe" # path to your Python setup : : : 32 # x86-32 only ; You can add more, e.g. a 2.x version or an x86-64 version (change the 32 to 64), just make sure you set the right path to the interpreter (python.exe), Boost will infer the include and lib paths automatically.
Then, you can build Boost.Python like this:
bjam --toolset=msvc-10.0 --build-type=complete --with-python python=3.2 address-model=32 For more info: http://www.boost.org/doc/libs/1_49_0/libs/python/doc/building.html#configuring-boost-build
193 downloads
0 comments
Submitted
-
Portablizer
By Teddy Rogers
This plugin makes your copy of OllyDbg portable, which means that you can copy the OllyDbg folder to another location without having to fix ollydbg.ini manually. OllyDbg v1.10 and OllyDbg v2 are supported.
OllyDbg v1.10 Usage:
Copy portablizer.dll to the plugins folder. Apply the ollydbg-patch.exe patch on ollydbg.exe. The patch is needed because by default, OllyDbg loads the plugins at a later stage. Run OllyDbg from the correct folder, then close it. Make sure that the entries of ollydbg.ini contain relative paths (the [History] section). Limitations:
The plugin DLL file must be named portablizer.dll. OllyDbg v2 Usage:
Copy portablizer_odbg2.dll to the plugins folder. Run OllyDbg from the correct folder, then close it. Make sure that the entries of ollydbg.ini contain relative paths (the [History] section).176 downloads
0 comments
Submitted
-
0 comments
Submitted
-
OllyHandles
By Teddy Rogers
OllyHandles is a plugin for OllyDBG 2, it will show the handles opened by the debuggee. This feature exists in Immunity Debugger but was not available in Olly, that is why I wrote that plugin.
It is easy to use OllyHandles, just put the file "OllyHandles.dll" into the root directory of OllyDBG 2. Launch an executable with Olly and then select "Plugins > OllyHandles" from the menu.
332 downloads
0 comments
Submitted
-
Address Shortcuts
By Teddy Rogers
This plugin adds highly needed shortcuts to OllyDbg including Follow DWORD in Disassembler (Ctrl+Enter), Follow DWORD in Dump (Alt+Enter), and Copy RVA (Alt+"+").
This plugin adds the following menu options / shortcuts to OllyDbg v2.01:
Follow DWORD in Disassember (Ctrl+Enter) Follow DWORD in Dump (Alt+Enter) Follow DWORD in Stack Copy RVA — Similar to Alt+Ins in Olly, except that the address will be relative to the start of the module. Copy RVA (pretty) (Alt+"+") — The string will be formatted as helloworld+0x36a4. Copy file offset — Similar to Alt+Ins in Olly, except that the address will be relative to the start of the file. Copy file offset (pretty) (Ctrl+"+") — The string will be formatted as helloworld.dll+0x36a4. Note: The "+" key is at the top row of the keyboard, not the number pad.
The above keyboard shortcuts (Alt vs. Ctrl, etc.) were chosen rather arbitrarily, so feel free to change them.
Usage
Simply drop address_shortcuts.dll next to your OllyDbg.exe, then restart OllyDbg, and Address Shortcuts should appear under your right-click menu.
Now, look at a C++ object (with virtual functions) in the Memory Dump pane. The first dword should be a vtable address. Press Alt+Enter to follow it. Now press Ctrl+Enter to quickly pull up any function in the Disassembly Pane, and Alt+"+" to copy its RVA in a pretty format (helloworld+0x36a4). And, as usual, use the familiar Numpad-Plus/Minus to navigate forwards/backwards and Alt+Ins to copy raw addresses. Copy/paste hex bytes with Ctrl+Ins/Shift+Ins, and generate pretty hexdumps with Ctrl+C.
Compiling
You will need the OllyDbg Plugin SDK (ollydbg.lib).
Using GCC:
Copy CodeBlocks/plugin.h and CodeBlocks/ollydbg.lib from plug201h.zip into the current directory, then run:
gcc -std=c99 -Wall -m32 -Os -g0 -funsigned-char -shared -nostartfiles -s -static-libgcc -o address_shortcuts.dll address_shortcuts.c ollydbg.lib
317 downloads
Submitted
-
LosWeiterOlly
By Teddy Rogers
LosWeiterOlly is a very simple plugin for OllyDbg 2.01 that drastically decreases attach/load time for process debugging from several seconds/minutes to be virtually instant by disabling some features. Instant load time is especially useful when repeatedly debugging a crashing process.
Usage
Place LosWeiterOlly.DLL inside of OllyDbg's folder and start OllyDbg.
Details
The plugin uses an extremely simple and naive approach: preventing OllyDbg from analyzing and processing all loaded modules by patching EnumProcessModules. As such, not all OllyDbg features (e.g navigation via the modules list) are available when using the plugin. A slightly more sophisticated approach in the same simple vein would be to allow filtering of modules, so as to filter out and avoid OllyDbg from wasting time only on uninteresting modules, which would still save a considerable amount of time on each attach/load.
260 downloads
0 comments
Submitted
-
0 comments
Submitted
-
Holyshit
By Teddy Rogers
The first version of this plugin had only one feature, that was to add a label list. The second edition includes a feature to let OllyDbg load .sys files. I added this feature for common use (but with this plugin - so far - you can't unpack driver files, it can't even get you to the EP). In a future edition we will be able to unpack a packed driver in OllyDbg, in ring3!
The toolbar is from IDAFicator, I just improved it. It is flexible and supports OllyDbg 2.01h.
I have written all details in toolbar.ini in Chinese because this plugin was only released yesterday and I had never thought it would be released on Tuts 4 You.
The main goal of this plugin is same as IDAFicator: "This plugin tries to make the life of OllyDBG users easier by bringing to him some fast and frequently used function."
221 downloads
0 comments
Submitted
-
OllyDbg2FixeR
By Teddy Rogers
OllyDbg2FixeR is a plugin for OllyDbg201(I). OllyDbg2FixeR allows you to fix OllyDbg assemble BUG when you press space/double-click on CALL/JUMP commands.
If you have chosen "Show Symbolic Addresses" in OllyDbg options, this BUG only decode by name of API/Label when it's exist.
You must be checked in "Fix Assemble" to Fix BUG or Uncheck if you want to "ReStore Assemble" as "default" of ollyDbg.
You can also ADD NEW PARAMETER by Manual for OllyDbg2FixeR to Patch OllyDbg2, include (ManualPatch, Address, OldByte NewByte, PatchLen, PatchTime)
ManualPatch must be = 1 (Flag to Enable)
PathTime must be valid.
Address[x] must be valid.
PatchLen[x] must be <= 1024 Byte.
OldByte[x] = Original Byte at adress.
NewByte[x] = New Byte to patch at address.
See "OllyDbg2FixeR.PNG" for more detail.
It's easy to fix SMALL BUG of OllyDbg automatic way when you run OllyDbg2 with OllyDbg2FixeR plugin.
290 downloads
0 comments
Updated
-
CleanupExEx
By Teddy Rogers
CleanupExEx is a plugin for OllyDbg 2.XX. It's a new plugin BUT it's improving with a good idea from CleanupEx (by Gigapede and atom0s) to work on OllyDbg 2.XX. The plugin allows to delete OllyDbg data (*.UDD,*.BAK) into UDD directory.
Plugin isn't good but source code is OPEN (Delphi IDE). You can improve/add/modify code whenever as you like.
Why was "CleanupExEx" created? I found BUG in both plugins CleanupEx v2 and VicPlugIn2, both plugins weren't work on OllyDbg 2.01(G,H,I). So i decided to create my own plugin to do that.
199 downloads
0 comments
Submitted
-
AAHWBP
By Teddy Rogers
This is a plugin for OllyDbg 2 that can be used to help hide hardware breakpoints from being modified by SEH.
173 downloads
0 comments
Submitted
-
Advanced Labels
By Teddy Rogers
Advanced labels with user datatypes support. Pointers and arrays are supported too. Datatypes support embedding.
260 downloads
0 comments
Submitted
-
AnalyzeThis
By Teddy Rogers
Sometimes (especially when dealing with packers) you may need to run OllyDbg's code analysis function, only to find it's not available to you because the EIP is currently outside the code segment as defined by the PE header. AnalyzeThis! is an OllyDbg plugin to allow OllyDbg's analysis function to operate outside of the marked code segment, by telling OllyDbg the current segment *is* the code segment.
Caveats: If the EIP is outside the range of a known executable module, AnalyzeThis! will not work. Also, OllyDbg can only store one analysis table, so if you analyze a new segment, it will remove any existing analysis that has been done.
Source code has not been included; not because I don't want to release it at this time, but because I can't find it offhand. If you really need it, email me and I'll look harder for it.
426 downloads
0 comments
Submitted
-
Download Statistics
2,105
Files230
Comments894
Reviews