Jump to content
Tuts 4 You

2.xx Plugins

84 files

  1. Asm2Clipboard

    With this plugin you can copy selected Olly assembler code from the clipboard.

    There are four functions available to be asked:

    1st Rip code (MASM)
    2nd Rip code (inline assembly language C / C + +)
    3rd Copy hex code
    4th Lines of code Copy

    The first two functions knnt your use, if your code in your MASM and C / C + + want to re-use projects.

    The code is in accordance with the MASM / C / C + + syntax, including calls and adjust the jump destinations.

    With the third Function is exclusively the hex code into the clipboard.

    The last function will copy the selected lines of code (no hex) including the comments.

    38 downloads

    0 comments

    Submitted

  2. BinaryCopyEx

    BinaryCopyEx is a plugin for OllyDbg 2.01 debugger. The plugin allows to extend the OllyDbg capabilities. Now binary code can be copied with following syntax's:
    Hex Values Assembler C/C++ Pascal Basic Binary As ASCII String Binary As Unicode String Also binary code can be copied with following data types:
    Byte Word Dword Qword Installation:
    Extract BinaryCopyEx.dll in OllyDbg plugin folder. Main features allow:
    to select vitual memory address/address range directly in CPU Pane (Disasm, Dump or Stack panes) to enter vitual memory address/address range in window manually to copy binary to clipboard (according to selected format: syntax, data type, etc.) to save binary to text file (according to selected format: syntax, data type, etc.) Some format features allow:
    to set items (byte, word, dword, qword) per line to set leading zero (if it is necessary) to split items by any characters (also spaces, tabs and etc.) to swap bytes of items (word, dword, qword) Some plugin options allow:
    to create toolbar button on startup (default is on) to change toolbar button offset (position in toolbar) to switch on/off flashes (messages) in the OllyDbg info line when vitual memory address/address range is selected to change text file extention (default is .txt) Shortcut:
    Use ALT+Q to open BinaryCopyEx window

    49 downloads

    0 comments

    Updated

  3. Bookmark

    The default bookmark plugin for OllyDbg 2 by the author Oleh Yuschuk. Includes source code examples for; Borland C++ Builder 5.0, Borland C++ 5.5, Visual C++ 2005 (Express Edition) and Code::Blocks (MinGW).

    45 downloads

    0 comments

    Submitted

  4. Call Stack

    Shows the call stack in a window.

    45 downloads

    0 comments

    Submitted

  5. CleanUDD

    Erases the *.udd and *.bak files from the OllyDbg UDD folder to the Windows Trash.

    35 downloads

    0 comments

    Submitted

  6. ClearOD

    Automatically clear OllyDbg history (UDD directory, etc.)

    30 downloads

    0 comments

    Submitted

  7. Command Bar

    Gigapede's Command Bar 3.20.110 ported to OllyDbg 2.01g.
    t_command cmdlist[] = { // "Assignment" command, must be first in the list. { _T("SET"), _T("LV"), 0, Setcmnd, _T("Writes value of expression to reg|mem") }, // Assign to lvalue // Disassembler commands. { _T("AT"), _T("A"), 0, Dasmcmd, _T("Disassemble at address") }, // Disassemble at address { _T("FOLLOW"),_T("A"), 0, Dasmcmd, _T("Disassemble at address") }, // Ditto { _T("ORIG"), _T(""), 0, Dorigin, _T("Disassemble at EIP") }, // Disassemble at EIP { _T("*"), _T(""), 0, Dorigin, _T("Disassemble at EIP") }, // Ditto // Dump and stack commands. { _T("D"), _T("A"), 0, Dumpcmd, _T("Dump at address") }, // Dump at address { _T("DUMP"), _T("A"), 0, Dumpcmd, _T("Dump at address") }, // Dump at address { _T("DA"), _T("a"), DU_DISASM|0x0011, Dumpcmd, _T("Dump as disassembly") }, // Dump as disassembly { _T("DB"), _T("a"), DU_HEXTEXT|0x0101, Dumpcmd, _T("Dump in hex byte format") }, // Dump in hex byte format { _T("DC"), _T("a"), DU_TEXT|0x0401, Dumpcmd, _T("Dump in ASCII format") }, // Dump in ASCII format { _T("DD"), _T("a"), DU_ADDR|0x0014, Dumpcmd, _T("Dump in stack format") }, // Dump in stack format { _T("DU"), _T("a"), DU_UNICODE|0x0402, Dumpcmd, _T("Dump in UNICODE format") }, // Dump in UNICODE format { _T("DW"), _T("a"), DU_IHEX|0x0082, Dumpcmd, _T("Dump in hex word format") }, // Dump in hex word format { _T("STK"), _T("A"), 0, Stakcmd, _T("Go to address in stack") }, // Go to address in stack // Assembling commands. { _T("A"), _T("AS"), 0, Assembl, _T("Assemble at address") }, // Assemble at address // Comments and labels. { _T("L"), _T("AS"), NM_LABEL, Commlab, _T("Label at address") }, // Label at address { _T(":"), _T("AS"), NM_LABEL, Commlab, _T("Label at address") }, // Ditto { _T("C"), _T("AS"), NM_COMMENT, Commlab, _T("Comment at address") }, // Comment at address // Breakpoint commands. { _T("BP"), _T("AS"), 0, Breakpt, _T("Break with condition") }, // Break with condition { _T("BPX"), _T("S"), 0, Brkname, _T("Break on all calls") }, // Break on all calls { _T("BPD"), _T("S"), 1, Brkname, _T("Delete break on all calls") }, // Delete break on all calls { _T("BC"), _T("A"), 0, Delbkpt, _T("Delete breakpoint") }, // Delete breakpoint { _T("ME"), _T("Av"), MEMBP_EXETURE, Membkpt, _T("Memory breakpt on execute") }, // Memory breakpt on execute { _T("MR"), _T("Av"), MEMBP_READ, Membkpt, _T("Memory breakpt on access") }, // Memory breakpt on access { _T("MW"), _T("Av"), MEMBP_WRITE, Membkpt, _T("Memory breakpt on write") }, // Memory breakpt on write { _T("MERW"), _T("Av"), MEMBP_ERWALL, Membkpt, _T("Memory breakpt on E.R.W") }, // Memory breakpt on E.R.W { _T("MD"), _T("Av"), 0, Membkpt, _T("Remove memory breakpoint") }, // Remove memory breakpoint { _T("HR"), _T("A"), HB_ACCESS, Hwbreak, _T("HW break on access") }, // HW break on access { _T("HW"), _T("A"), HB_WRITE, Hwbreak, _T("HW break on write") }, // HW break on write { _T("HE"), _T("A"), HB_CODE, Hwbreak, _T("HW break on execution") }, // HW break on execution { _T("HD"), _T("a"), HB_FREE, Hwbreak, _T("Remove HW breakpoint") }, // Remove HW breakpoint // Stepping and tracing commands. //{ _T("STOP"), _T(""), VK_F12, Keystrk, _T("Pause execution") }, // Pause execution //{ _T("PAUSE"), _T(""), VK_F12, Keystrk, _T("Pause execution") }, // Ditto //{ _T("RUN"), _T(""), 0, Runprog, _T("Run program") }, // Run program //{ _T("G"), _T("a"), 0, Runprog, _T("Run till address") }, // Run till address //{ _T("GE"), _T("a"), 1, Runprog, _T("Run and pass exception") }, // Run and pass exception //{ _T("S"), _T(""), 0, Stepper, _T("Step into") }, // Step into //{ _T("SI"), _T(""), 0, Stepper, _T("Step into") }, // Ditto //{ _T("SO"), _T(""), 1, Stepper, _T("Step over") }, // Step over //{ _T("T"), _T("a"), 0, Tracing, _T("Trace in till address") }, // Trace in till address //{ _T("TI"), _T("a"), 0, Tracing, _T("Trace in till address") }, // Ditto //{ _T("TO"), _T("a"), 1, Tracing, _T("Trace over till address") }, // Trace over till address //{ _T("TC"), _T("S"), 0, Tracing, _T("Trace in till condition") }, // Trace in till condition //{ _T("TOC"), _T("S"), 1, Tracing, _T("Trace over till condition") }, // Trace over till condition //{ _T("TR"), _T(""), VK_F9, Ctrlkey, _T("Till return") }, // Till return //{ _T("TU"), _T(""), VK_F9, Altkeyd, _T("Till user code") }, // Till user code // Table window commands. //{ _T("LOG"), _T(""), _T('L'), Altkeyd, _T("View Log window") }, // View Log window //{ _T("MOD"), _T(""), _T('E'), Altkeyd, _T("View Modules window") }, // View Modules window //{ _T("MEM"), _T(""), _T('M'), Altkeyd, _T("View Memory window") }, // View Memory window //{ _T("CPU"), _T(""), _T('C'), Altkeyd, _T("View CPU window") }, // View CPU window //{ _T("CS"), _T(""), _T('K'), Altkeyd, _T("View Call Stack") }, // View Call Stack //{ _T("BRK"), _T(""), _T('B'), Altkeyd, _T("View Breakpoints window") }, // View Breakpoints window //{ _T("OPT"), _T(""), _T('O'), Altkeyd, _T("Open Options") }, // Open Options // Application commands. //{ _T("EXIT"), _T(""), _T('X'), Altkeyd, _T("Quit OllyDbg") }, // Quit OllyDbg //{ _T("QUIT"), _T(""), _T('X'), Altkeyd, _T("Quit OllyDbg") }, // Ditto // Miscellaneous commands. //{ _T("OPEN"), _T("S"), 0, Openexe, _T("Open executable file") }, // Open executable file //{ _T("CLOSE"), _T(""), VK_F2, Altkeyd, _T("Close executable") }, // Close executable //{ _T("RST"), _T(""), VK_F2, Ctrlkey, _T("Restart current program") }, // Restart current program //{ _T("HELP"), _T("S"), 0, Heeeelp, _T("Help on API function") }, // Help on API function //{ _T("H"), _T("S"), 0, Heeeelp, _T("Help on API function") }, // Ditto // My commands. { _T("ASM"), _T("S"), 0, LineAsm, _T("Assemble (if command needs it's own addres, \"ASM COMMAND\;ADDRESS\")")}, // Assemble { _T("DASM"), _T("S"), 0, LineDsm, _T("Disassemble immediate opcode") }, // Dump at address //{ _T("FR"), _T(""), _T('R'), CtlDasm, _T("Find reference to selected command/address")}, // Find Reference to selected command/address //{ _T("AC"), _T(""), _T('A'), CtlDasm, _T("Analyse code") }, // Analyse Code //{ _T("SN"), _T(""), _T('N'), CtlDasm, _T("Search for Name(label) in current module") }, // Search for Name(label) in current module //{ _T("SOB"), _T(""), _T('O'), CtlDasm, _T("Scan object files") }, // Scan OBJect files // Macro command { _T("MAC"), _T("S"), 0, LoadMac, _T("Execute Macro Command") }, // Execute Macro Command { _T("OSC"), _T("S"), 0, GoScrpt, _T("Execute OllyScript script") }, // Execute Macro Command // Calculator and watch commands. { _T("CALC"), _T("V"), 0, Express, _T("Estimate expression") }, // Estimate expression { _T("?"), _T("V"), 0, Express, _T("Estimate expression") }, // Ditto //{ _T("WATCH"), _T("S"), 0, Addwtch, _T("Add watch expression") }, // Add watch expression //{ _T("W"), _T("S"), 0, Addwtch, _T("Add watch expression") }, // Ditto { _T(""), _T("V"), 0, Express, _T("Estimate expression") } // Ditto };  

    56 downloads

    0 comments

    Updated

  8. DEF2

    DEF is a small plugin to search for Delphi events.
    The events was saved in the UDD file.

    56 downloads

    0 comments

    Submitted

  9. DiffSnake

    Inspired by the Olly Hit Snake plugin I wrote something similar for Olly 2. I am calling it DiffSnake.
     
    Basically you use the Hit Trace feature in Olly. Run the hit trace up to some point. Then take a snapshot. Continue running the hit trace up to some other point, then call the diff. You will see a window with all the code addresses called since. The color of the hit trace 'dots' for the new code will be changed to black (from the original red).

    26 downloads

    0 comments

    Submitted

  10. DragAttach

    This plugin allows you to quickly attach a running process by dragging a pointer from OllyDbg to the running process' window.

    22 downloads

    0 comments

    Submitted

  11. DumpAddressColor

    Colorizes the double-words in the CPU dump of OllyDbg 2 by the following rules:
    Red: an address to a code block of a module.
    Magenta: an address to a non-code block of a module.
    Yellow: an address to a non-module memory block.
    Black: a handle of a window which belongs to the debuggee process.
    The colors can be changed in the .ini file.
    Limitations: double-words across rows are not processed.

    41 downloads

    0 comments

    Submitted

  12. DumpHistoryNavFixer

    This plugin fixes a minor, but annoying issue with the CPU dump history navigation on OllyDbg 2.
    Without the plugin:

    With the plugin:

    25 downloads

    0 comments

    Submitted

  13. Fastpad

    FastpadPlugin allows to take notes in Ollydbg the Fastpad windows hides automatically when not in use. To open it just put the cursor on the left of the screen, the cursor turns red on contact.
    One can save directly from Olly the selected text using the shortcut CTRL+q.
    Fastpad automatically saves the text in the plugin \ fastpad directory (each debuggee has a different .txt file)

    70 downloads

    0 comments

    Submitted

  14. FollowImmediateConstant

    Adds the missing option to follow immediate constant in OllyDbg 2, just like in OllyDbg 1.10.
     

    35 downloads

    0 comments

    Updated

  15. Hardware Info

    This plugin was developed to help keygenners retrieve information about system hardware. This is useful when generating serial numbers dependent on hardware ID; CPU, memory, MAC address, motherboard, hard drisk volumes, etc.

    44 downloads

    0 comments

    Updated

  16. HideOd

    A plugin to hide Olly.

    99 downloads

    0 comments

    Submitted

  17. Hyde

    Hyde is a plugin for OllyDbg v2.xx, it's purpose is to hide OllyDbg from detection by the debugee. This is done by patching memory and API's, and the options (or patch sets) can be saved to file, for easy reloading.
    For example, with an ASProtect target you can set the patches that you need for ASProtect and save to a file "ASProtect.SET". This patch-set file can then be loaded whenever you need to debug ASProtect.
    Features:
    All patched apis should work "normally" - They should only hide OllyDbg, but work for other windows/processes etc. All patches/hooks are selectable from the menu for quick access, or from options dialog. Optional Jmp variations (Push/Ret or Jmp[xxxxxxxx]) for patches. Load/Save patch sets. Patch Sets are simply INI files, so can also be edited in notepad. Remote allocated memory is seperated into code and data with appropriate access so should be no problems with DEP. Patches:
    PEB.IsDebugged PEB.NtGlobalFlag PEB.HeapFlags Hooks:
    NtQueryInformationProcess NtQuerySystemInformation NtSetInformationThread FindWindowA FindWindowW FindWindowExA FindWindowExW EnumWindows Process32NextW OutputDebugStringA OutputDebugStringW NtQueryObject GetTickCount NtOpenProcess BlockInput NtClose GetStartupInfo Future:
    Support any suggested hooks. Possibly change exception options for OllyDbg in patch-sets? Maybe detection of packer targets?

    76 downloads

    0 comments

    Submitted

  18. Imprimer La Selection

    This plugin allows you to print the selected text using CTRL+I.

    24 downloads

    0 comments

    Submitted

  19. Jumper

    I always use Olly Expression window to enter many addresses and APIs but Olly does not save them all so that I have to enter the same addresses again and again so this sucks. Now I have a better and faster solution to handle this problem, Jumper.
    Install:
    Copy files Jumper.dll(OllyDbg1)/Jumper2.dll(OllyDbg2) and Jumper.ini to OllyDbg Plugin dir.

    33 downloads

    0 comments

    Submitted

  20. LabelArgs

    This hooks the GetArgs function in Olly and will provide arguments for custom functions.
    You can easily create labels like SomeFunction(int arg1, char* arg2) and this plugin will have arg1/arg2 placed in your code. (Note you will need to reanalyze the code).

    21 downloads

    0 comments

    Submitted

  21. MapImp

    This is an OllyDbg plugin which will help you to import map files exported by IDA, Dede, IDR, Microsoft and Borland linkers.

    43 downloads

    0 comments

    Submitted

  22. Multiline Ultimate Assembler

    Multiline Ultimate Assembler is a multiline (and ultimate) assembler (and disassembler) plugin for OllyDbg. It's a perfect tool for modifying and extending a compiled executable functionality, writing code caves, etc.
    Installation
    The plugin works with OllyDbg v1.10, OllyDbg v2, Immunity Debugger, and x64dbg.
    To install the plugin, copy the appropriate DLL file to the plugin directory:
    multiasm_odbg.dll - OllyDbg v1.10. multiasm_odbg2.dll - OllyDbg v2. multiasm_immdbg.dll - Immunity Debugger. multiasm_x64dbg.dp[32|64] - x64dbg.

    112 downloads

    0 comments

    Updated

  23. Symbols on Demand

    OllyDbg is able to use dbghelp.dll and symsrv.dll to show extended debug information, such as the module source code (if referenced by the debug information) or module symbols from a PDB file (which can be fetched from the Microsoft Symbol Server for system modules). The problem is that if you turn on this option, module loading becomes much slower. On the other hand, this information is very handy, so there’s a dilemma as of whether to turn it on.
    The Symbols on Demand plugin provides the best of both worlds: it disables loading of this extended debug information by default, but allows to load it explicitly for any module, at any time. Using this approach, loading is still fast, but if you need to load extended debug information for a module, you can easily do that.
    OllyDbg v1.10 and v2.01 are supported. For, OllyDbg v1.10, there’s additional functionality: you can set the symbols search path, which is set by default to SRV*.\Symbols*http://msdl.microsoft.com/download/symbols. You can also choose to retrieve undecorated symbol names. These options can be set in the INI file of OllyDbg, in the plugin’s section.

    27 downloads

    0 comments

    Submitted

  24. LCB

    Ollydbg plugin to export and import labels, comments and breakpoints.

    36 downloads

    0 comments

    Submitted

  25. OD2-ExPlug

    + Main Menu +

    - Breakpoint Manager
    . Import Breakpoints
    . Export Breakpoints
    - MAP File Master
    . Import Labels
    . Import Comments
    . Import MAP To Library
    . Clear All Labels
    . Clear All Comments
    - Open Label Tabel
    - Plugin Debug Break
    . DoMyJob
    . Support..
    - Option
    - About...

    + Disasm Memu +

    - Data Copy
    . ASNI (str) (Copy ansi string to clipboard) (Ctrl + Alt + A)
    . WIDE (str) (Copy wide string to clipboard) (Ctrl + Alt + W)
    . BYTE (Copy 1 BYTE)
    . WORD (Copy 2 BYTE)
    . DWORD (Copy 4 Byte)
    . Address (Copy selected address) (Alt + Insert)
    - Breakpoint Manager
    . Import Breakpoints
    . Export Breakpoints
    . Delete All INT3 BPs (Delete all INT3 Breakpoints)
    . Delete All Hard BPs (Delete all Hardware Breakpoints)
    . Delete All Mem BPs (Delete all Memory Breakpoints)
    - Tools
    . Notepad
    . Calculator
    . TaskMgr
    . HashTool
    . Configuration
    - Label Master
    . Add New Label (Ctrl + Shift + E)
    . Open Label Table (Ctrl + Shift + T/L)
    . Follow In Dump (Ctrl + D)
    . Search By Google (Ctrl + Shift + G)
    - ASM2Clipboard (Ctrl + Shift + A)
    - ASCII Hint
    - ByteCounter
    - Go EIP (Shortcut Only: Esc)

    + Dump Menu +

    - Data Copy
    . ASNI (str) (Copy ansi string to clipboard) (Ctrl + Alt + A)
    . WIDE (str) (Copy wide string to clipboard) (Ctrl + Alt + W)
    . BYTE (Copy 1 BYTE)
    . WORD (Copy 2 BYTE)
    . DWORD (Copy 4 Byte)
    . Address (Copy selected address)(Alt + Insert)
    - Follow In Dump (Ctrl + D)
    - Follow In Disassembler (Ctrl + Alt + D)
    - Create DumpWindow (Ctrl + Alt + C)
    - ReverseHex (Ctrl + Z)
    - MiNiHash (Ctrl + Alt + Z)

    + Info Bar +

    - Add selected count(er)

    + Register Menu +

    - Hardware Breakpoint [ESP]

    + INT3Breakpoint Menu +

    - Breakpoint->
    . Set a few breakpoint

    + HotKey +
    PRESS and HOLD "H" key in 0.5s to Register/Unregister Hotkey You must PRESS and HOLD the hotkey in 0.1s for it work
    . "Esc" : go EIP(current origin) (Allow on any MDIWindows)
    . "," : Copy BYTE
    . "." : Copy WORD
    . "/" : Copy DWORD
    . "`" : Copy Address
    . "[" : Go to start of function (You must analysis code before use it)
    . "]" : Go to end (RET) of function
    . "Gray *" : Set "Malware Analysis" breakpoint group
    . "Gray /" : Set "NET" breakpoint group
    . NOTE: MAYBE THE HOTKEY DO NOT WORK WITH THE MOD OLLYDBG (SND v2.2) (Use OllyDbg2FixeR Plugins To Fix Bug In SnD v2.2)

    150 downloads

    0 comments

    Submitted


×
×
  • Create New...