OllyDbg Engines / Modifications Instuction File Eng ver

[GULU]

"This engine isn't intentionally called ExeCryptor Edition its actually called ODbyDYK (after the author) but since its been commonly used for ExeCryptor and more generally known as such thats how I've named it here.I think there has been quite a few modifications to it but not being Chinese I'm unable to read and understand the information within the archive correctly to discover exactly what. Maybe a native or Chinese literate person could pass on to me further details about this engine or translate the included .txt file for me, please :)"

 

I translated the file and posting here may be this will be helpfull for someone

 

*******************************************************************************************************

 

ODbyDYK v1.10 Speaking modified version [2005.12.25]≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡         ★ ★ ★ ★ Description ★ ★ ★ ★
1, this modified version based OllyDbg.V1.10 hear the wind listen to the rain finished the second edition to be modified, reverse Antidbg with the following features:
   
   1) CMPXCHG8B illegal instruction patch;   2) to avoid detection window names like anti-tracking: protection of God such as software testing Ollydbg, ACPU, ACPUASM ......;
    
   3) Avoid ACProtect detection parent process name;   4) Avoid COOL for XP.exe detection DBGHELP.DLL so on.   5) ollydbg format string vulnerabilities [OutPutDebugString] patch, you can fight the new Armadillo; ***** [04.03 modified version]
     Note: This section uses a modified version of the goldenegg fly the latest relevant patch code, a better solution OutPutDebugString problem.   Others, such as time of detection, such as anti-tracking methods must inject themselves during commissioning manually tripped. Compressed within the Test folder has several Anti example, we can compare to see.2, the main remaining changes are as follows:
   
   1), remove the loaded Packers entrance warning dialog box;   2), making use of BoOMBoX/TSRh2004 XP interface style, mainly for aesthetics;   3), the reference askformore the "build your favorite Ollydbg" a text attachment code, diy a little program, add "Custom Tools" menu. Mainly for the convenience.
       Note: already removed. Exe extension displays and correct code can not be displayed using the original list of recently opened a bug.   4), use to produce their own automatic configuration UDD, PLUGIN, LIB an absolute path patch, this patch reference FreeCat brother of thinking, can automatically modify Ollydbg.ini file Chinese and English related configuration is an absolute path,
       A good solution to some of the plug-in configuration using English, and some plug-ins to use Chinese configuration. ***** [04.07 modified version]       Tip: The default configuration of the default folder for the UDD, PLUGIN, LIB, as appropriate folder renamed, please set your own AutoPath.ini.   5), amended OllyDbg.V1.10 hear the wind listen to the rain finished the second edition of the lowermost prompt bar fonts too small problem. ***** [04.03 modified version]   6), amended OllyDbg.V1.10 hear the wind listen to the rain finished the second edition of the finished result can not be undone Explorer menu associated with the bug. ***** [04.07 modified version]
 
   7), amended OllyDbg.V1.10 hear the wind listen to the rain finished the second edition of a finished stack parameters caused by incorrect bug. ***** [04.09 modified version]       Tip: remove the version of the OD has been unable to load more than 32 plug-in patch, this patch still need testing. Do not load too much personal recommendations plugin, because some of the conflict between the plug,
       The best method is not commonly used for shielding plug.   8), the modified version of the finished part of the basic resources for the original, I just do a little bit to change, after all, hear the wind listen to the rain brother finished this version has been very good indeed. ***** [04.09 modified version]   9), [04.10 modified version] to change a few places.3, if the shelling, recommended in Win XP, 2000,2003 analysis system platform. Win9X on a modified version of the "command line" and other plug-ins can not be loaded or properly use!4, compressed package OllyDbg.exe did not make any changes to the original program finished moderator, Explorer.exe is modified main program.
 
5, the configuration file on the basis of minor changes in the original.   Tip: If you modify the configuration file OD Ollydbg.ini, please pay attention to [settings] in the following two.  1) Topmost window = 0 ****** 1, when open the "Customize Tools" menu, select the exe file, the pop-up window can not be set before the show.
      
  2) Analyse main module automatically = 0 ****** 1, when debugging packers, it will pop-up "is a compressed code you" dialog box.
      If you think there is a warning debug runtime packers better, then set to 1, and then in the pop-up "is a compressed code you" dialog box, select "NO."≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
   [04.25] modified version:1 main reference Speaking of the new century cao_cong finished version made the following changes.  1) Fixed hear the wind listen to the rain finished the second edition of the finished result in an apparent bug: After running the program, a list of currently open windows in the original English version should be in the "Window" (Window menu), the    In the finished version, but in the "File" (File menu) and the display is not normal.  2) partial finished Reference cao_cong finished version has been modified.    Speaking personally feel that it is better in terms of cao_cong finished version hear the wind listen to the rain finished the second edition (the authors hope to see not mind),    However, to avoid causing bug localization aspects cao_cong finished version to do better, the time is really a good look.2 plug-in part to do the following updates:   1) shortcut commands plugin CmdBar.dll (v3.10.109c Chinese Version)   2) shelling plug OllyDump.dll (V3.00.110 Chinese Version)   3) Bookmarks plugin labeler.dll (V1.33.108 Chinese Version)   4) The new OD shelling plug pedumper.dll (v3.02 Chinese Version)     Note: The plug-in IsDebug.dll (v1.40), UnhExcFlt.DLL (v0.22p) in winxp + sp2 under normal use.≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
   [04.30] modified version:1. "Window" (Window menu) method by kimmal change back Chinese, in gratitude for kimmal.2 Corrected from the Custom Tools menu to open some custom tools, the program window is not visible issue. The proposed reference abxy the nShowCmd ShellExecute parameter to 1, that SW_SHOWNORMAL, right abxy equally grateful.3 OD shelling plug pedumper.dll update is v3.03 (Chinese Version).≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
  [05.09] modified version:1 solution to run a modified version of the head OD, and then directly open the software encryption software protection of God, is a modified version of OD Kill issue.2 Reference nbw of "OD replication BUG analysis and correction," a text, use the OD corrected copy data from a memory area, and sometimes not all the data is copied to the clipboard bug.3 new plug-ins and shelling some scripts.≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
  [07.27] modified version:Amendment to the original Chinese version two localization caused due to the incorrect call parameters bug≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
  [12.06] modified version:1 Some references Speaking English translation of the new century cao_cong OllyDbg.V1.10 finished second edition has been modified.2 Character Reference plug ustrref.dll replaced heng9ml in the old code based on the modified luoyuan enhanced version adds a character to automatically increase to find the address corresponding to the Disassembly window function comment field.
  This plug-in has finished.3. Packing some new plug-ins.≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡
  [12.25] modified version:1 modified OllyDbg plug-processing part of the code, solve OllyDbg load plug-ins more than 32, the startup crash.
  Patch, when the number of plug-in directory plugin when more than 32, OllyDbg only load one of 32, automatically shield the rest of plug-ins, and pop up a warning dialog.
 
  Note: The patch wanted to make OllyDbg can load more than 32 plug-ins, but in testing found that when modified OllyDbg plug-related data address, and brought some problems,
  And affect the stability when running OllyDbg, then dispel this idea.(2) modify the OllyDbg can not load non-standard PE header of the bug.3 major adjustment for packaged plug-ins, updates, plug-ins and a lot of tools.≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡ ≡   Because I am limited, may be due to OllyDbg diy or modify finished part caused bug, welcome criticism! Thank you!   In addition, you really found in the use of localization caused by the bug, but also reflects to me, I try to see whether individual effort to help fix it. I personally think that this is still relatively familiar with some.                                         dyk158 on 2005.12.25

 

[xxmehmetcc]

thanks

[xxmehmetcc]

thankssss