Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

OllyDbg2-Python 1.0.0

Teddy Rogers

By Teddy Rogers

2 Screenshots

Nowadays in the reverse-engineering world, almost everything is scriptable using Python: IDA Pro, WinDbg, ImmunitDebugger, etc. The thing is OllyDbg2 wasn't. The only way to interact with OllyDbg2's API was by creating a C/C++ plugin. But we all know everything is easier in Python, that's the reason why I started this project back in 2012 summer.

Under the hoods

To be able to export OllyDbg2's API to Python (currently Py275), we need two important things:

  1. python-loader: this is an OllyDbg2 plugin that imports the Python engine ; with that plugin you can launch some Python into your debugger
  2. python-bindings-swig: this project builds the connectors you need to poke OllyDbg2's API with Python

The python-loader tries also to enhance user experience by adding a command-line edit bar in order to write easily Python one-liner without loading a script. At the moment, that bar isn't working very well (I'm not a GUI expert at all.), but I will give it a try to build better one.

The python-bindings-swig project is a bit more touchy, it is using SWIG in order to generate the bindings automatically and it seems to work pretty great so far. But SWIG can be sometimes a bit weird to play with, so if I made some mistakes don't hesitate to pull-requests corrections!

Features

  • I've tried to expose the main features we would like to have when it comes to script a debugger:
  • CPU state inspection: get/set x86 registers, get information about segment selectors
  • memory: read, write in the debuggee memory ; also obtain information about specific memory regions
  • assembler/disassembler: interact with the internal x86 assembler/disassembler
  • breakpoints: easily set/remove software/hardware normal/conditionnal breakpoints wherever you want
  • symbols: try to use Microsoft/OllyDbg2 API to obtain symbols information (like a function name by its address)
  • enhance the disassembly: you can add comments and/or labels easily
  • looking for something in memory: there are also a couple of methods to look for some hexadecimal bytes or instructions in memory, really handy
  • instrument the debugger: ask the debugger to StepInto/StepOver/ExecuteUntilRet in the debuggee
  • etc.

If you want to see real examples, check out the samples/ directory! If you have idea of cool examples to show case the API feel free to contact me.

 

Previous File OllyDetach
Next File OllyDBG Backup

User Feedback

Recommended Comments

There are no comments to display.

Create an account or sign in to comment

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.