2.xx Plugins
84 files
-
AntiDebugTimePlugin
By Teddy Rogers
Modern computer programs are more complex in writing and more difficult for reversing. Serious programs have various means of protection against debugging. It prevents application reversing. There are a number of various approaches, like Debug Blocker, Nanomites, others.
Measuring time to identify that an application is being debugged becomes the widespread practice lately. The OllyDbg has the HideOD and Hide Debugger anti-debug plugins, which have no possibility to hide actual time. This causes difficulties in application reversing.
Let's consider the system of debugger identification. The debuggers are capable of making breakpoints in code. In this case the operation of the program is suspended. The program can detect such stopping by monitoring the system time. If there is a too long pause between the instructions - most likely the program has been stopped for analysis.
408 downloads
0 comments
Submitted
-
Asm2Clipboard
By Teddy Rogers
With this plugin you can copy selected Olly assembler code from the clipboard.
There are four functions available to be asked:
1st Rip code (MASM)
2nd Rip code (inline assembly language C / C + +)
3rd Copy hex code
4th Lines of code Copy
The first two functions knnt your use, if your code in your MASM and C / C + + want to re-use projects.
The code is in accordance with the MASM / C / C + + syntax, including calls and adjust the jump destinations.
With the third Function is exclusively the hex code into the clipboard.
The last function will copy the selected lines of code (no hex) including the comments.
172 downloads
0 comments
Submitted
-
BinaryCopyEx
By Teddy Rogers
BinaryCopyEx is a plugin for OllyDbg 2.01 debugger. The plugin allows to extend the OllyDbg capabilities. Now binary code can be copied with following syntax's:
Hex Values Assembler C/C++ Pascal Basic Binary As ASCII String Binary As Unicode String Also binary code can be copied with following data types:
Byte Word Dword Qword Installation:
Extract BinaryCopyEx.dll in OllyDbg plugin folder. Main features allow:
to select vitual memory address/address range directly in CPU Pane (Disasm, Dump or Stack panes) to enter vitual memory address/address range in window manually to copy binary to clipboard (according to selected format: syntax, data type, etc.) to save binary to text file (according to selected format: syntax, data type, etc.) Some format features allow:
to set items (byte, word, dword, qword) per line to set leading zero (if it is necessary) to split items by any characters (also spaces, tabs and etc.) to swap bytes of items (word, dword, qword) Some plugin options allow:
to create toolbar button on startup (default is on) to change toolbar button offset (position in toolbar) to switch on/off flashes (messages) in the OllyDbg info line when vitual memory address/address range is selected to change text file extention (default is .txt) Shortcut:
Use ALT+Q to open BinaryCopyEx window228 downloads
0 comments
Updated
-
Bookmark
By Teddy Rogers
The default bookmark plugin for OllyDbg 2 by the author Oleh Yuschuk. Includes source code examples for; Borland C++ Builder 5.0, Borland C++ 5.5, Visual C++ 2005 (Express Edition) and Code::Blocks (MinGW).
203 downloads
0 comments
Submitted
-
0 comments
Submitted
-
CleanUDD
By Teddy Rogers
Erases the *.udd and *.bak files from the OllyDbg UDD folder to the Windows Trash.
155 downloads
0 comments
Submitted
-
0 comments
Submitted
-
Command Bar
By Teddy Rogers
Gigapede's Command Bar 3.20.110 ported to OllyDbg 2.01g.
t_command cmdlist[] = { // "Assignment" command, must be first in the list. { _T("SET"), _T("LV"), 0, Setcmnd, _T("Writes value of expression to reg|mem") }, // Assign to lvalue // Disassembler commands. { _T("AT"), _T("A"), 0, Dasmcmd, _T("Disassemble at address") }, // Disassemble at address { _T("FOLLOW"),_T("A"), 0, Dasmcmd, _T("Disassemble at address") }, // Ditto { _T("ORIG"), _T(""), 0, Dorigin, _T("Disassemble at EIP") }, // Disassemble at EIP { _T("*"), _T(""), 0, Dorigin, _T("Disassemble at EIP") }, // Ditto // Dump and stack commands. { _T("D"), _T("A"), 0, Dumpcmd, _T("Dump at address") }, // Dump at address { _T("DUMP"), _T("A"), 0, Dumpcmd, _T("Dump at address") }, // Dump at address { _T("DA"), _T("a"), DU_DISASM|0x0011, Dumpcmd, _T("Dump as disassembly") }, // Dump as disassembly { _T("DB"), _T("a"), DU_HEXTEXT|0x0101, Dumpcmd, _T("Dump in hex byte format") }, // Dump in hex byte format { _T("DC"), _T("a"), DU_TEXT|0x0401, Dumpcmd, _T("Dump in ASCII format") }, // Dump in ASCII format { _T("DD"), _T("a"), DU_ADDR|0x0014, Dumpcmd, _T("Dump in stack format") }, // Dump in stack format { _T("DU"), _T("a"), DU_UNICODE|0x0402, Dumpcmd, _T("Dump in UNICODE format") }, // Dump in UNICODE format { _T("DW"), _T("a"), DU_IHEX|0x0082, Dumpcmd, _T("Dump in hex word format") }, // Dump in hex word format { _T("STK"), _T("A"), 0, Stakcmd, _T("Go to address in stack") }, // Go to address in stack // Assembling commands. { _T("A"), _T("AS"), 0, Assembl, _T("Assemble at address") }, // Assemble at address // Comments and labels. { _T("L"), _T("AS"), NM_LABEL, Commlab, _T("Label at address") }, // Label at address { _T(":"), _T("AS"), NM_LABEL, Commlab, _T("Label at address") }, // Ditto { _T("C"), _T("AS"), NM_COMMENT, Commlab, _T("Comment at address") }, // Comment at address // Breakpoint commands. { _T("BP"), _T("AS"), 0, Breakpt, _T("Break with condition") }, // Break with condition { _T("BPX"), _T("S"), 0, Brkname, _T("Break on all calls") }, // Break on all calls { _T("BPD"), _T("S"), 1, Brkname, _T("Delete break on all calls") }, // Delete break on all calls { _T("BC"), _T("A"), 0, Delbkpt, _T("Delete breakpoint") }, // Delete breakpoint { _T("ME"), _T("Av"), MEMBP_EXETURE, Membkpt, _T("Memory breakpt on execute") }, // Memory breakpt on execute { _T("MR"), _T("Av"), MEMBP_READ, Membkpt, _T("Memory breakpt on access") }, // Memory breakpt on access { _T("MW"), _T("Av"), MEMBP_WRITE, Membkpt, _T("Memory breakpt on write") }, // Memory breakpt on write { _T("MERW"), _T("Av"), MEMBP_ERWALL, Membkpt, _T("Memory breakpt on E.R.W") }, // Memory breakpt on E.R.W { _T("MD"), _T("Av"), 0, Membkpt, _T("Remove memory breakpoint") }, // Remove memory breakpoint { _T("HR"), _T("A"), HB_ACCESS, Hwbreak, _T("HW break on access") }, // HW break on access { _T("HW"), _T("A"), HB_WRITE, Hwbreak, _T("HW break on write") }, // HW break on write { _T("HE"), _T("A"), HB_CODE, Hwbreak, _T("HW break on execution") }, // HW break on execution { _T("HD"), _T("a"), HB_FREE, Hwbreak, _T("Remove HW breakpoint") }, // Remove HW breakpoint // Stepping and tracing commands. //{ _T("STOP"), _T(""), VK_F12, Keystrk, _T("Pause execution") }, // Pause execution //{ _T("PAUSE"), _T(""), VK_F12, Keystrk, _T("Pause execution") }, // Ditto //{ _T("RUN"), _T(""), 0, Runprog, _T("Run program") }, // Run program //{ _T("G"), _T("a"), 0, Runprog, _T("Run till address") }, // Run till address //{ _T("GE"), _T("a"), 1, Runprog, _T("Run and pass exception") }, // Run and pass exception //{ _T("S"), _T(""), 0, Stepper, _T("Step into") }, // Step into //{ _T("SI"), _T(""), 0, Stepper, _T("Step into") }, // Ditto //{ _T("SO"), _T(""), 1, Stepper, _T("Step over") }, // Step over //{ _T("T"), _T("a"), 0, Tracing, _T("Trace in till address") }, // Trace in till address //{ _T("TI"), _T("a"), 0, Tracing, _T("Trace in till address") }, // Ditto //{ _T("TO"), _T("a"), 1, Tracing, _T("Trace over till address") }, // Trace over till address //{ _T("TC"), _T("S"), 0, Tracing, _T("Trace in till condition") }, // Trace in till condition //{ _T("TOC"), _T("S"), 1, Tracing, _T("Trace over till condition") }, // Trace over till condition //{ _T("TR"), _T(""), VK_F9, Ctrlkey, _T("Till return") }, // Till return //{ _T("TU"), _T(""), VK_F9, Altkeyd, _T("Till user code") }, // Till user code // Table window commands. //{ _T("LOG"), _T(""), _T('L'), Altkeyd, _T("View Log window") }, // View Log window //{ _T("MOD"), _T(""), _T('E'), Altkeyd, _T("View Modules window") }, // View Modules window //{ _T("MEM"), _T(""), _T('M'), Altkeyd, _T("View Memory window") }, // View Memory window //{ _T("CPU"), _T(""), _T('C'), Altkeyd, _T("View CPU window") }, // View CPU window //{ _T("CS"), _T(""), _T('K'), Altkeyd, _T("View Call Stack") }, // View Call Stack //{ _T("BRK"), _T(""), _T('B'), Altkeyd, _T("View Breakpoints window") }, // View Breakpoints window //{ _T("OPT"), _T(""), _T('O'), Altkeyd, _T("Open Options") }, // Open Options // Application commands. //{ _T("EXIT"), _T(""), _T('X'), Altkeyd, _T("Quit OllyDbg") }, // Quit OllyDbg //{ _T("QUIT"), _T(""), _T('X'), Altkeyd, _T("Quit OllyDbg") }, // Ditto // Miscellaneous commands. //{ _T("OPEN"), _T("S"), 0, Openexe, _T("Open executable file") }, // Open executable file //{ _T("CLOSE"), _T(""), VK_F2, Altkeyd, _T("Close executable") }, // Close executable //{ _T("RST"), _T(""), VK_F2, Ctrlkey, _T("Restart current program") }, // Restart current program //{ _T("HELP"), _T("S"), 0, Heeeelp, _T("Help on API function") }, // Help on API function //{ _T("H"), _T("S"), 0, Heeeelp, _T("Help on API function") }, // Ditto // My commands. { _T("ASM"), _T("S"), 0, LineAsm, _T("Assemble (if command needs it's own addres, \"ASM COMMAND\;ADDRESS\")")}, // Assemble { _T("DASM"), _T("S"), 0, LineDsm, _T("Disassemble immediate opcode") }, // Dump at address //{ _T("FR"), _T(""), _T('R'), CtlDasm, _T("Find reference to selected command/address")}, // Find Reference to selected command/address //{ _T("AC"), _T(""), _T('A'), CtlDasm, _T("Analyse code") }, // Analyse Code //{ _T("SN"), _T(""), _T('N'), CtlDasm, _T("Search for Name(label) in current module") }, // Search for Name(label) in current module //{ _T("SOB"), _T(""), _T('O'), CtlDasm, _T("Scan object files") }, // Scan OBJect files // Macro command { _T("MAC"), _T("S"), 0, LoadMac, _T("Execute Macro Command") }, // Execute Macro Command { _T("OSC"), _T("S"), 0, GoScrpt, _T("Execute OllyScript script") }, // Execute Macro Command // Calculator and watch commands. { _T("CALC"), _T("V"), 0, Express, _T("Estimate expression") }, // Estimate expression { _T("?"), _T("V"), 0, Express, _T("Estimate expression") }, // Ditto //{ _T("WATCH"), _T("S"), 0, Addwtch, _T("Add watch expression") }, // Add watch expression //{ _T("W"), _T("S"), 0, Addwtch, _T("Add watch expression") }, // Ditto { _T(""), _T("V"), 0, Express, _T("Estimate expression") } // Ditto };
289 downloads
0 comments
Updated
-
DEF2
By Teddy Rogers
DEF is a small plugin to search for Delphi events.
The events was saved in the UDD file.
254 downloads
0 comments
Submitted
-
DiffSnake
By Teddy Rogers
Inspired by the Olly Hit Snake plugin I wrote something similar for Olly 2. I am calling it DiffSnake.
Basically you use the Hit Trace feature in Olly. Run the hit trace up to some point. Then take a snapshot. Continue running the hit trace up to some other point, then call the diff. You will see a window with all the code addresses called since. The color of the hit trace 'dots' for the new code will be changed to black (from the original red).
125 downloads
0 comments
Submitted
-
DragAttach
By Teddy Rogers
This plugin allows you to quickly attach a running process by dragging a pointer from OllyDbg to the running process' window.
128 downloads
0 comments
Submitted
-
DumpAddressColor
By Teddy Rogers
Colorizes the double-words in the CPU dump of OllyDbg 2 by the following rules:
Red: an address to a code block of a module.
Magenta: an address to a non-code block of a module.
Yellow: an address to a non-module memory block.
Black: a handle of a window which belongs to the debuggee process.
The colors can be changed in the .ini file.
Limitations: double-words across rows are not processed.
170 downloads
0 comments
Submitted
-
DumpHistoryNavFixer
By Teddy Rogers
This plugin fixes a minor, but annoying issue with the CPU dump history navigation on OllyDbg 2.
Without the plugin:
With the plugin:
105 downloads
0 comments
Submitted
-
Fastpad
By Teddy Rogers
FastpadPlugin allows to take notes in Ollydbg the Fastpad windows hides automatically when not in use. To open it just put the cursor on the left of the screen, the cursor turns red on contact.
One can save directly from Olly the selected text using the shortcut CTRL+q.
Fastpad automatically saves the text in the plugin \ fastpad directory (each debuggee has a different .txt file)
344 downloads
0 comments
Submitted
-
FollowImmediateConstant
By Teddy Rogers
Adds the missing option to follow immediate constant in OllyDbg 2, just like in OllyDbg 1.10.
151 downloads
0 comments
Updated
-
Hardware Info
By Teddy Rogers
This plugin was developed to help keygenners retrieve information about system hardware. This is useful when generating serial numbers dependent on hardware ID; CPU, memory, MAC address, motherboard, hard drisk volumes, etc.
234 downloads
0 comments
Updated
-
0 comments
Submitted
-
Hyde
By Teddy Rogers
Hyde is a plugin for OllyDbg v2.xx, it's purpose is to hide OllyDbg from detection by the debugee. This is done by patching memory and API's, and the options (or patch sets) can be saved to file, for easy reloading.
For example, with an ASProtect target you can set the patches that you need for ASProtect and save to a file "ASProtect.SET". This patch-set file can then be loaded whenever you need to debug ASProtect.
Features:
All patched apis should work "normally" - They should only hide OllyDbg, but work for other windows/processes etc. All patches/hooks are selectable from the menu for quick access, or from options dialog. Optional Jmp variations (Push/Ret or Jmp[xxxxxxxx]) for patches. Load/Save patch sets. Patch Sets are simply INI files, so can also be edited in notepad. Remote allocated memory is seperated into code and data with appropriate access so should be no problems with DEP. Patches:
PEB.IsDebugged PEB.NtGlobalFlag PEB.HeapFlags Hooks:
NtQueryInformationProcess NtQuerySystemInformation NtSetInformationThread FindWindowA FindWindowW FindWindowExA FindWindowExW EnumWindows Process32NextW OutputDebugStringA OutputDebugStringW NtQueryObject GetTickCount NtOpenProcess BlockInput NtClose GetStartupInfo Future:
Support any suggested hooks. Possibly change exception options for OllyDbg in patch-sets? Maybe detection of packer targets?355 downloads
0 comments
Submitted
-
Imprimer La Selection
By Teddy Rogers
This plugin allows you to print the selected text using CTRL+I.
88 downloads
0 comments
Submitted
-
Jumper
By Teddy Rogers
I always use Olly Expression window to enter many addresses and APIs but Olly does not save them all so that I have to enter the same addresses again and again so this sucks. Now I have a better and faster solution to handle this problem, Jumper.
Install:
Copy files Jumper.dll(OllyDbg1)/Jumper2.dll(OllyDbg2) and Jumper.ini to OllyDbg Plugin dir.
154 downloads
0 comments
Submitted
-
LabelArgs
By Teddy Rogers
This hooks the GetArgs function in Olly and will provide arguments for custom functions.
You can easily create labels like SomeFunction(int arg1, char* arg2) and this plugin will have arg1/arg2 placed in your code. (Note you will need to reanalyze the code).
107 downloads
0 comments
Submitted
-
MapImp
By Teddy Rogers
This is an OllyDbg plugin which will help you to import map files exported by IDA, Dede, IDR, Microsoft and Borland linkers.
170 downloads
0 comments
Submitted
-
Multiline Ultimate Assembler
By Teddy Rogers
Multiline Ultimate Assembler is a multiline (and ultimate) assembler (and disassembler) plugin for OllyDbg. It's a perfect tool for modifying and extending a compiled executable functionality, writing code caves, etc.
Installation
The plugin works with OllyDbg v1.10, OllyDbg v2, Immunity Debugger, and x64dbg.
To install the plugin, copy the appropriate DLL file to the plugin directory:
multiasm_odbg.dll - OllyDbg v1.10. multiasm_odbg2.dll - OllyDbg v2. multiasm_immdbg.dll - Immunity Debugger. multiasm_x64dbg.dp[32|64] - x64dbg.491 downloads
0 comments
Updated
-
Symbols on Demand
By Teddy Rogers
OllyDbg is able to use dbghelp.dll and symsrv.dll to show extended debug information, such as the module source code (if referenced by the debug information) or module symbols from a PDB file (which can be fetched from the Microsoft Symbol Server for system modules). The problem is that if you turn on this option, module loading becomes much slower. On the other hand, this information is very handy, so there’s a dilemma as of whether to turn it on.
The Symbols on Demand plugin provides the best of both worlds: it disables loading of this extended debug information by default, but allows to load it explicitly for any module, at any time. Using this approach, loading is still fast, but if you need to load extended debug information for a module, you can easily do that.
OllyDbg v1.10 and v2.01 are supported. For, OllyDbg v1.10, there’s additional functionality: you can set the symbols search path, which is set by default to SRV*.\Symbols*http://msdl.microsoft.com/download/symbols. You can also choose to retrieve undecorated symbol names. These options can be set in the INI file of OllyDbg, in the plugin’s section.
117 downloads
0 comments
Submitted
-
LCB
By Teddy Rogers
Ollydbg plugin to export and import labels, comments and breakpoints.
140 downloads
0 comments
Submitted
-
Download Statistics