Jump to content
Tuts 4 You

2.xx Plugins

84 files

  1. OllyExt

    OllyExt is a plugin for Olly 2.xx debugger. The main intention of this plugin is to provide the biggest anti-anti debugging features and bug fixes for Olly 2.xx. VMProtect support!
    The currently available commands are the following:
    Code Rip to Clipboard Code Rip to Clipboard Recursive Data Rip to Clipboard Signature Rip to Clipboard The currently supported protections are the following:
    IsDebuggerPresent NtGlobalFlag HeapFlag ForceFlag CheckRemoteDebuggerPresent OutputDebugString NtClose SeDebugPrivilege BlockInput ProcessDebugFlags ProcessDebugObjectHandle TerminateProcess NtSetInformationThread NtQueryObject FindWindow NtOpenProcess Process32First Process32Next ParentProcess GetTickCount timeGetTime QueryPerformanceCounter ZwGetContextThread NtSetContextThread KdDebuggerNotPresent KdDebuggerEnabled NtSetDebugFilterState ProtectDRX HideDRX DbgPrompt CreateThread NtSystemDebugControl Custom ( Write your own ) The currently supported bug fixes are the following:
    Caption change Kill Anti-Attach ( dll integrity check ) Requirements:
    Microsoft Visual C++ 2010 Redistributable Package (x86) OS support:
    Windows XP Windows Server 2003 R2 Windows Server 2008 R2 Windows 7 Windows Server 2012 Windows 8 Windows Server 2012 R2 Windows 8.1 Limitations:
    Because of missing PDK function data ripping is ONLY on 2.01 latest supported If you have any problem just notify me.

    2,923 downloads

    0 comments

    Updated

  2. Vic Plug-In-2

    ----- [ MENU ] -----     Show the toolbar in the title of OllyDbg window     Maximize OllyDbg window when staring     Maximize OllyDbg child windows when staring     Show address info in status bar     Use APIs menu in OllyDbg menu bar     Apply confirm exit for OllyDbg     Make the transparency for OllyDbg window     Debuggee Data         Delete UDD data of the current session         Delete all UDD data         Open UDD data list         Delete recent debuggee files     Data Converter     DLL Process Viewer     File Location Converter     PE Viewer     Thread Viewer     Lookup Error Code     Find events of C++ Builder / Delphi VCL GUI application     Advanced Map File Importer         Map File Importer         Open Label window         Open Comment window     Bypass Anti Debugging         Hide the PEB     Data Copier         VA Address         RVA Address         Offset Address         ANSI String         UNICODE String         Code Ripped     Breakpoint Manager         INT3 Delete all         INT3 Import         INT3 Export         HWBP Delete all         HWBP Import         HWBP Export         MBP Delete all         MBP Import         MBP Export     Follow Me         Follow in Disassembler at <address>         Follow in Dump at <address>         Copy <address> to clipboard     Check for update     Information  

    1,281 downloads

    0 comments

    Updated

  3. Swordfish

    Swordfish is an OllyDbg 2 plugin, supports many useful features to simplify the OllyDbg use.

    639 downloads

    0 comments

    Updated

  4. OllyPath2

    When using OllyDbg as a portable version (e.g. on an USB stick) there are always problems with the UDD/Plugin path not being set correctly.
    The features:
    DLL, which sets Plugins, UDD and win32.hlp paths automatically Dummy export so it's easy to add the DLL to your olly mod Open source Attached is DLL + Source, I hope it's useful for somebody. Feel free to modify to your needs, just credit where you think it's needed.
    P.S. To add the DLL to your mod: Use CFF explorer to add the import "dummy" (which does nothing) to ollydbg.exe, this will execute the DllMain function (which can be considered illegal) and set the paths in the INI file.
    OllyPath2.dll must be in the same directory than ollydbg.exe

    65 downloads

    2 comments

    Submitted

  5. OllyDumpEx

    This plugin is process memory dumper for OllyDbg and Immunity Debugger.
    Very simple overview:
    OllyDumpEx = OllyDump + PE Dumper - obsoleted + useful features Features:
    Various debuggers supported Select to dump debugee exe, loaded dll or non-listed module Search PE File from memory Multiple Dump mode. Rebuild for typical PE dump, Binary for PE Carving PE32+ supported (Search and Binary Dump mode only available on 32bit debugger) Native 64bit process supported (IDA Pro, WinDbg and x64dbg) ELF supported (both of 32bit and 64bit) Standalone version available Dump any address space as section even if not in original section header Auto calculate many parameters (RawSize, RawOffset, VirtualOffset, ...) Supported Debugger:
    OllyDbg version 1.10 (tested 1.10) OllyDbg version 2.01 (tested 2.01) Immunity Debugger version 1.8x or higher (tested 1.85) IDA Pro 32bit build version 5.0 or higher (tested 6.9) IDA Pro 64bit build version 7.0 or higher (tested 7.1) IDA Freeware 32bit build version 5.0 (tested 5.0) IDA Freeware 64bit build version 7.0 (tested 7.0.190307) WinDbg version 6.x (tested 6.2) x64dbg (tested 20170822 snapshot)

    238 downloads

    0 comments

    Submitted

  6. StrFinder

    I always wanted to write an OD plug-in for myself. Finally referenced many codes. After copying the code of many people I have written an OD2.01 character search plugin.
    I have never touched the OD plug-in before, and it took about two and a half days to write this.
    I feel that the OD2.01 plug-in is simpler to write than 1.x because most of the code I refer to is 1.x, which feels a bit complicated. After trying to figure out the whole structure by myself, it feels quite simple.
    The main difficulty is that there is no API manual. The API on the official website is not complete. Basically, it takes more time to test the API.
    Can search ASCII and UNICODE. Includes "Find" and "FindNext" options.

    144 downloads

    0 comments

    Submitted

  7. ScyllaHide

    ScyllaHide is an open-source x64/x86 usermode Anti-Anti-Debug library. It hooks various functions in usermode to hide debugging. This will stay usermode! For kernelmode hooks use TitanHide.

    Debugger Hiding:
    PEB - BeingDebugged, NtGlobalFlag, Heap Flags NtSetInformationThread - ThreadHideFromDebugger NtQuerySystemInformation - SystemKernelDebuggerInformation, SystemProcessInformation NtQueryInformationProcess - ProcessDebugFlags, ProcessDebugObjectHandle, ProcessDebugPort, ProcessBasicInformation, ProcessBreakOnTermination, ProcessHandleTracing NtSetInformationProcess - ProcessBreakOnTermination, ProcessHandleTracing NtQueryObject - ObjectTypesInformation, ObjectTypeInformation NtYieldExecution NtSetDebugFilterState NtUserBuildHwndList - EnumWindows NtUserFindWindowEx - FindWindowA/W, FindWindowExA/W NtUserQueryWindow NtClose NtCreateThreadEx BlockInput Remove Debug Privileges OutputDebugStringA - OutputDebugStringW Timing Hooks:
    GetTickCount GetTickCount64 GetLocalTime GetSystemTime NtQuerySystemTimeHook NtQueryPerformanceCounter Special functions:
    Prevent Thread creation - for protectors like Execryptor. Only use if you know what you are doing ! Malware RUNPE Unpacker - Hooks NtResumeThread and terminates + dumps the process created by malware Protecting and Stealthing DRx (Hardware Breakpoints):
    NtGetContextThread NtSetContextThread KiUserExceptionDispatcher (only x86) NtContinue (only x86) Hooks:
    Stealth hooks for 32-bit targets (Tested against Themida/VMProtect)

    195 downloads

    0 comments

    Submitted

  8. Debug Plugin

    DebugPlugin allows you to debug other plugins of OllyDbg 2.

    132 downloads

    0 comments

    Updated

  9. ODbgScriptO2

    ODbgScript is a plugin for OllyDbg, which is, in our opinion, the best application-mode debugger out there. One of the best features of this debugger is the plugin architecture which allows users to extend its functionality. ODbgScript is a plugin meant to let you automate OllyDbg by writing scripts in an assembly-like language. Many tasks involve a lot of repetitive work just to get to some point in the debugged application. By using this plugin you can write a script once and for all.
     

    162 downloads

    0 comments

    Submitted

  10. OD2-ExPlug

    + Main Menu +

    - Breakpoint Manager
    . Import Breakpoints
    . Export Breakpoints
    - MAP File Master
    . Import Labels
    . Import Comments
    . Import MAP To Library
    . Clear All Labels
    . Clear All Comments
    - Open Label Tabel
    - Plugin Debug Break
    . DoMyJob
    . Support..
    - Option
    - About...

    + Disasm Memu +

    - Data Copy
    . ASNI (str) (Copy ansi string to clipboard) (Ctrl + Alt + A)
    . WIDE (str) (Copy wide string to clipboard) (Ctrl + Alt + W)
    . BYTE (Copy 1 BYTE)
    . WORD (Copy 2 BYTE)
    . DWORD (Copy 4 Byte)
    . Address (Copy selected address) (Alt + Insert)
    - Breakpoint Manager
    . Import Breakpoints
    . Export Breakpoints
    . Delete All INT3 BPs (Delete all INT3 Breakpoints)
    . Delete All Hard BPs (Delete all Hardware Breakpoints)
    . Delete All Mem BPs (Delete all Memory Breakpoints)
    - Tools
    . Notepad
    . Calculator
    . TaskMgr
    . HashTool
    . Configuration
    - Label Master
    . Add New Label (Ctrl + Shift + E)
    . Open Label Table (Ctrl + Shift + T/L)
    . Follow In Dump (Ctrl + D)
    . Search By Google (Ctrl + Shift + G)
    - ASM2Clipboard (Ctrl + Shift + A)
    - ASCII Hint
    - ByteCounter
    - Go EIP (Shortcut Only: Esc)

    + Dump Menu +

    - Data Copy
    . ASNI (str) (Copy ansi string to clipboard) (Ctrl + Alt + A)
    . WIDE (str) (Copy wide string to clipboard) (Ctrl + Alt + W)
    . BYTE (Copy 1 BYTE)
    . WORD (Copy 2 BYTE)
    . DWORD (Copy 4 Byte)
    . Address (Copy selected address)(Alt + Insert)
    - Follow In Dump (Ctrl + D)
    - Follow In Disassembler (Ctrl + Alt + D)
    - Create DumpWindow (Ctrl + Alt + C)
    - ReverseHex (Ctrl + Z)
    - MiNiHash (Ctrl + Alt + Z)

    + Info Bar +

    - Add selected count(er)

    + Register Menu +

    - Hardware Breakpoint [ESP]

    + INT3Breakpoint Menu +

    - Breakpoint->
    . Set a few breakpoint

    + HotKey +
    PRESS and HOLD "H" key in 0.5s to Register/Unregister Hotkey You must PRESS and HOLD the hotkey in 0.1s for it work
    . "Esc" : go EIP(current origin) (Allow on any MDIWindows)
    . "," : Copy BYTE
    . "." : Copy WORD
    . "/" : Copy DWORD
    . "`" : Copy Address
    . "[" : Go to start of function (You must analysis code before use it)
    . "]" : Go to end (RET) of function
    . "Gray *" : Set "Malware Analysis" breakpoint group
    . "Gray /" : Set "NET" breakpoint group
    . NOTE: MAYBE THE HOTKEY DO NOT WORK WITH THE MOD OLLYDBG (SND v2.2) (Use OllyDbg2FixeR Plugins To Fix Bug In SnD v2.2)

    150 downloads

    0 comments

    Submitted

  11. TraceAPI

    This plugin allows to trace all calls to system DLLs in a single thread by setting one-time memory breakpoints. 
    API trace can be started only if process is paused. Plugin sets break on access on user code. When user code is reached, it removes break on access from user code and sets it on system code, and so on. 
    Of course, it is possible that user code accesses data in the system area or vice versa. In this case I step over this command and restore breakpoint. Such cases are rare.

    This plugin is by no means ideal. It runs only single thread, and there may be problems if program calls ZwContinue(). If DLL unloads, plugin doesn't delete call records. It doesn't check whether one-time breakpoints are already set by user. It doesn't allow to protocol only selected APIs, and so on.    

    100 downloads

    0 comments

    Submitted

  12. HolyshitO2

    The first version of this plugin had only one feature, that was to add a label list. The second edition includes a feature to let OllyDbg load .sys files. I added this feature for common use (but with this plugin - so far - you can't unpack driver files, it can't even get you to the EP). In a future edition we will be able to unpack a packed driver in OllyDbg, in ring3!
    The toolbar is from IDAFicator, I just improved it. It is flexible and supports OllyDbg 2.01h.
    I have written all details in toolbar.ini in Chinese because this plugin was only released yesterday and I had never thought it would be released on Tuts 4 You.
    The main goal of this plugin is same as IDAFicator: "This plugin tries to make the life of OllyDBG users easier by bringing to him some fast and frequently used function."
    HolyshitO2 release: several buttons have been added to facilitate searches in Olly it is always configurable with the .ini file.

    98 downloads

    0 comments

    Submitted

  13. AnalyzeThis

    Sometimes (especially when dealing with packers) you may need to run OllyDbg's code analysis function, only to find it's not available to you because the EIP is currently outside the code segment as defined by the PE header. AnalyzeThis! is an OllyDbg plugin to allow OllyDbg's analysis function to operate outside of the marked code segment, by telling OllyDbg the current segment *is* the code segment.

    Caveats: If the EIP is outside the range of a known executable module, AnalyzeThis! will not work. Also, OllyDbg can only store one analysis table, so if you analyze a new segment, it will remove any existing analysis that has been done.

    Source code has not been included; not because I don't want to release it at this time, but because I can't find it offhand. If you really need it, email me and I'll look harder for it.

    107 downloads

    0 comments

    Submitted

  14. AntiDebugTimePlugin

    Modern computer programs are more complex in writing and more difficult for reversing. Serious programs have various means of protection against debugging. It prevents application reversing. There are a number of various approaches, like Debug Blocker, Nanomites, others.

    Measuring time to identify that an application is being debugged becomes the widespread practice lately. The OllyDbg has the HideOD and Hide Debugger anti-debug plugins, which have no possibility to hide actual time. This causes difficulties in application reversing.

    Let's consider the system of debugger identification. The debuggers are capable of making breakpoints in code. In this case the operation of the program is suspended. The program can detect such stopping by monitoring the system time. If there is a too long pause between the instructions - most likely the program has been stopped for analysis.

    95 downloads

    0 comments

    Submitted

  15. CmdBarO2

    Help command bar for OllyDbg version 2.01. All functions and commands of the regular cmdbar run.
    Shortcut for command line plugin: Alt+F1         
    Shortcut for  focus combobox: Crtl+Alt+D
    Commands are not case-sensitive, parameters in brackets are optional.

    110 downloads

    0 comments

    Submitted

  16. OllyDbg2FixeR

    OllyDbg2FixeR is a plugin for OllyDbg201(I). OllyDbg2FixeR allows you to fix OllyDbg assemble BUG when you press space/double-click on CALL/JUMP commands.

    If you have chosen "Show Symbolic Addresses" in OllyDbg options, this BUG only decode by name of API/Label when it's exist.

    You must be checked in "Fix Assemble" to Fix BUG or Uncheck if you want to "ReStore Assemble" as "default" of ollyDbg.

    You can also ADD NEW PARAMETER by Manual for OllyDbg2FixeR to Patch OllyDbg2, include (ManualPatch, Address, OldByte NewByte, PatchLen, PatchTime)

    ManualPatch must be = 1 (Flag to Enable)
    PathTime must be valid.
    Address[x] must be valid.
    PatchLen[x] must be <= 1024 Byte.
    OldByte[x] = Original Byte at adress.
    NewByte[x] = New Byte to patch at address.
    See "OllyDbg2FixeR.PNG" for more detail.

    It's easy to fix SMALL BUG of OllyDbg automatic way when you run OllyDbg2 with OllyDbg2FixeR plugin.

    62 downloads

    0 comments

    Updated

  17. Advanced Labels

    Advanced labels with user datatypes support. Pointers and arrays are supported too. Datatypes support embedding.

    51 downloads

    0 comments

    Submitted

  18. TransOlly2

    TransOlly2 allows to make transparent Olly to see the application in debugging under Olly.
    It can be activated or deactivated with the Alt + F11 keyboard shortcut.

    62 downloads

    0 comments

    Submitted

  19. OllyHandles

    OllyHandles is a plugin for OllyDBG 2, it will show the handles opened by the debuggee. This feature exists in Immunity Debugger but was not available in Olly, that is why I wrote that plugin.
    It is easy to use OllyHandles, just put the file "OllyHandles.dll" into the root directory of OllyDBG 2. Launch an executable with Olly and then select "Plugins > OllyHandles" from the menu.

    55 downloads

    0 comments

    Submitted

  20. OllyAddMenu

    Hey all! Not sure if this is of interest or useful to anyone.
    I coded this cause RagDog has not updated the OllyMoreMenu plugin and thought i'd share.
    Allows 'OllyMoreMenu by RagDog' config file to run in ollydbg 2.01g.
    Please note; this plugin only allows the menu's to load. You CAN NOT add, delete or modify any of the already existing menus through this plugin.
    If you choose to modify the cfg.ini file manually, you should know that this plugin will only allow a maximum of 32 menus with 32 items each. This is strictly a work around until 'RagDog' gets the plugin operational for ollydbg 2.xx.
    Just copy this plugin & the cfg.ini to the plugin dir.

    48 downloads

    0 comments

    Submitted

  21. FireFly

    An embedded C++ script plugin for Ollydbg.

    40 downloads

    0 comments

    Submitted

  22. Ollight

    A Code highlighting plugin for OllyDbg 2.01.

    42 downloads

    0 comments

    Submitted

  23. Address Shortcuts

    This plugin adds highly needed shortcuts to OllyDbg including Follow DWORD in Disassembler (Ctrl+Enter), Follow DWORD in Dump (Alt+Enter), and Copy RVA (Alt+"+").
    This plugin adds the following menu options / shortcuts to OllyDbg v2.01:
    Follow DWORD in Disassember (Ctrl+Enter) Follow DWORD in Dump (Alt+Enter) Follow DWORD in Stack Copy RVA — Similar to Alt+Ins in Olly, except that the address will be relative to the start of the module. Copy RVA (pretty) (Alt+"+") — The string will be formatted as helloworld+0x36a4. Copy file offset — Similar to Alt+Ins in Olly, except that the address will be relative to the start of the file. Copy file offset (pretty) (Ctrl+"+") — The string will be formatted as helloworld.dll+0x36a4. Note: The "+" key is at the top row of the keyboard, not the number pad.
    The above keyboard shortcuts (Alt vs. Ctrl, etc.) were chosen rather arbitrarily, so feel free to change them.
    Usage
    Simply drop address_shortcuts.dll next to your OllyDbg.exe, then restart OllyDbg, and Address Shortcuts should appear under your right-click menu.
    Now, look at a C++ object (with virtual functions) in the Memory Dump pane. The first dword should be a vtable address. Press Alt+Enter to follow it. Now press Ctrl+Enter to quickly pull up any function in the Disassembly Pane, and Alt+"+" to copy its RVA in a pretty format (helloworld+0x36a4). And, as usual, use the familiar Numpad-Plus/Minus to navigate forwards/backwards and Alt+Ins to copy raw addresses. Copy/paste hex bytes with Ctrl+Ins/Shift+Ins, and generate pretty hexdumps with Ctrl+C.
    Compiling
    You will need the OllyDbg Plugin SDK (ollydbg.lib).
    Using GCC:
    Copy CodeBlocks/plugin.h and CodeBlocks/ollydbg.lib from plug201h.zip into the current directory, then run:
    gcc -std=c99 -Wall -m32 -Os -g0 -funsigned-char -shared -nostartfiles -s -static-libgcc -o address_shortcuts.dll address_shortcuts.c ollydbg.lib  

    44 downloads

    0 comments

    Submitted

  24. Portablizer

    This plugin makes your copy of OllyDbg portable, which means that you can copy the OllyDbg folder to another location without having to fix ollydbg.ini manually. OllyDbg v1.10 and OllyDbg v2 are supported.
    OllyDbg v1.10 Usage:
    Copy portablizer.dll to the plugins folder. Apply the ollydbg-patch.exe patch on ollydbg.exe. The patch is needed because by default, OllyDbg loads the plugins at a later stage. Run OllyDbg from the correct folder, then close it. Make sure that the entries of ollydbg.ini contain relative paths (the [History] section). Limitations:
    The plugin DLL file must be named portablizer.dll. OllyDbg v2 Usage:
    Copy portablizer_odbg2.dll to the plugins folder. Run OllyDbg from the correct folder, then close it. Make sure that the entries of ollydbg.ini contain relative paths (the [History] section).

    38 downloads

    0 comments

    Submitted

  25. Hardware Info

    This plugin was developed to help keygenners retrieve information about system hardware. This is useful when generating serial numbers dependent on hardware ID; CPU, memory, MAC address, motherboard, hard drisk volumes, etc.

    44 downloads

    0 comments

    Updated


×
×
  • Create New...