OllyDbg is a 32-bit assembler level analysing debugger for Microsoft® Windows®. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable. OllyDbg is a shareware, but you can download and use it for free. Special highlights are:
- Intuitive user interface, no cryptical commands
- Code analysis - traces registers, recognizes procedures, loops, API calls, switches, tables, constants and strings
- Directly loads and debugs DLLs
- Object file scanning - locates routines from object files and libraries
- Allows for user-defined labels, comments and function descriptions
- Understands debugging information in Borland® format
- Saves patches between sessions, writes them back to executable file and updates fixups
- Open architecture - many third-party plugins are available
- No installation - no trash in registry or system directories
- Debugs multithread applications
- Attaches to running programs
- Configurable disassembler, supports both MASM and IDEAL formats
- MMX, 3DNow! and SSE data types and instructions, including Athlon extensions
- Full UNICODE support
- Dynamically recognizes ASCII and UNICODE strings - also in Delphi format!
- Recognizes complex code constructs, like call to jump to procedure
- Decodes calls to more than 1900 standard API and 400 C functions
- Gives context-sensitive help on API functions from external help file
- Sets conditional, logging, memory and hardware breakpoints
- Traces program execution, logs arguments of known functions
- Shows fixups
- Dynamically traces stack frames
- Searches for imprecise commands and masked binary sequences
- Searches whole allocated memory
- Finds references to constant or address range
- Examines and modifies memory, sets breakpoints and pauses program on-the-fly
- Assembles commands into the shortest binary form
- Starts from the floppy disk
and much, much more!
What's New in Version 2.01h
See changelogReleased
New version with many new features, among them:
- Help on 77 pages. Please read it first - most of new features are described there
- Multilanguage GUI (experimental, as yet no translation files - please do it by yourself)
- Support for AVS instuctions (as yet no AVS2 and high 16 bytes of YMM registers are not displayed)
- Call stack window (similar to the version 1.10)
- Handles window (similar to the version 1.10)
- SEH and VEH chains. To decode addresses of VEH handlers, OllyDbg hacks NTDLL.RtlAddVectoredExceptionHandler(), therefore process must be started from the OllyDbg
- Multibyte character dumps
- .udl image libraries, replace scan of object files from v1.10
- Search for integers and floats in dump
- Search for procedures (entry points)
- Limited support for NTFS streams
- Drive dump
- Software breakpoints that use INT1, HLT, CLI, STI or INSB instead of INT3
- Multiple watches in one line, support for repeat count
- Dump of arrays of structures
- Micro-analysers
- Accelerated search
- Assembling of immediate data statements (DB xx etc.)
- Highlighting in run trace
- Up to 2 ordinals per address
- Limited support for Win95 via Microsoft Layer for UNICODE
- More tricky code sequences
- Show free memory, or was it the previous version?
- Multiple bugfixes
Yes, you understand it correctly. OllyDbg graphic interface supports multiple languages. All you need is the corresponding language file. Currently there are none, but I expect that the volunteers will be able to make more or less complete translations.
Plugins compiled for OllyDbg 2.01 beta are 100% compatible with v2.01. PDK will be updated... soon...
Preliminary version of Disassembler 2.01 is almost ready. That is, the sources are more or less final but documentation and ready-to-use DLLs are still missing. I release Disasm 2.01 under GPL v3. Commercial licenses are also possible.
-
1
Recommended Comments
Create an account or sign in to comment