Jump to content
Tuts 4 You

OllyDbg2-Python 1.0.0

Teddy Rogers

By Teddy Rogers

 Share

2 Screenshots

About This File

Nowadays in the reverse-engineering world, almost everything is scriptable using Python: IDA Pro, WinDbg, ImmunitDebugger, etc. The thing is OllyDbg2 wasn't. The only way to interact with OllyDbg2's API was by creating a C/C++ plugin. But we all know everything is easier in Python, that's the reason why I started this project back in 2012 summer.

Under the hoods

To be able to export OllyDbg2's API to Python (currently Py275), we need two important things:

  1. python-loader: this is an OllyDbg2 plugin that imports the Python engine ; with that plugin you can launch some Python into your debugger
  2. python-bindings-swig: this project builds the connectors you need to poke OllyDbg2's API with Python

The python-loader tries also to enhance user experience by adding a command-line edit bar in order to write easily Python one-liner without loading a script. At the moment, that bar isn't working very well (I'm not a GUI expert at all.), but I will give it a try to build better one.

The python-bindings-swig project is a bit more touchy, it is using SWIG in order to generate the bindings automatically and it seems to work pretty great so far. But SWIG can be sometimes a bit weird to play with, so if I made some mistakes don't hesitate to pull-requests corrections!

Features

  • I've tried to expose the main features we would like to have when it comes to script a debugger:
  • CPU state inspection: get/set x86 registers, get information about segment selectors
  • memory: read, write in the debuggee memory ; also obtain information about specific memory regions
  • assembler/disassembler: interact with the internal x86 assembler/disassembler
  • breakpoints: easily set/remove software/hardware normal/conditionnal breakpoints wherever you want
  • symbols: try to use Microsoft/OllyDbg2 API to obtain symbols information (like a function name by its address)
  • enhance the disassembly: you can add comments and/or labels easily
  • looking for something in memory: there are also a couple of methods to look for some hexadecimal bytes or instructions in memory, really handy
  • instrument the debugger: ask the debugger to StepInto/StepOver/ExecuteUntilRet in the debuggee
  • etc.

If you want to see real examples, check out the samples/ directory! If you have idea of cool examples to show case the API feel free to contact me.

 

 Share
Previous File OllyDetach
Next File OllyDBG Backup

User Feedback

Recommended Comments

There are no comments to display.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...