ollydbgis a 32-bit assembly-analysis debugger with a visual interface. What makes it special is that it can solve problems without source code, and can handle problems that other compilers cannot solve.
Version 1.10is the final release version. This project has been stopped and I am not going to support this software anymore. But don't worry: the newly created ollydbg will soon be available in 2.00!
operating Environment: ollydbg can work in any Windows 95, 98, ME, NT, or XP (untested) operating system with a Pentium processor, but we strongly recommend that you use a Pentium processor above 300-mhz to achieve the best results. Also, ollydbg is very memory-aware, so if you need to use extensions such as tracking debug [trace], it is recommended that you use more than 128MB of memory.
Supported processors: OLLYDBG supports all 80x86, Pentium, MMX, 3dnow! , Athlon extension instruction set, SSE instruction set, and related data formats, but does not support the SSE2 instruction set.
configuration: There are as many as hundred (God!) ) option to set the appearance and operation of the ollydbg.
data format: ollydbg Data window can display all data formats: HEX, ASCII, UNICODE, 16/32-bit with/unsigned/hex integer, 32/64/80 bit floating point number, address, disassembly (MASM, ideal, or HLA), PE file header or thread data block.
Help: This file contains the necessary information about understanding and using ollydbg. If you also have a Windows API Help file (because the copyright issue Win32.hlp is not included), you can hang it in ollydbg so you can quickly get help with system functions.
Start: You can specify the executable file as a command line, or you can choose from the menu, or drag and drop it directly into ollydbg, or restart the previous debugger, or hook up a running program [Attach]. OLLYDBG supports instant debugging. OLLYDBG does not need to be installed at all, it can be run directly on floppy disk!
Debug DLLs: You can debug a standard dynamic-link library (DLLs) with ollydbg. OllyDbg will automatically run an executable program. This program loads the link library and allows you to invoke the output function of the link library.
Source-level debugging: ollydbg can identify debug information in all Borland and Microsoft formats. This information includes source code, function name, label, global variable, and static variable. Limited support for dynamic (stack) variables and structures.
code highlighting: OllyDbg's disassembler can highlight different types of instructions (e.g., jump, conditional jump, stack, out stack, call, return, special or invalid instruction) and different operands (normal [general],
Fpu/sse, Segment/system registers, operands in stacks or in memory, constants). You can customize the personalized highlighting scheme.
Threads: ollydbg can debug multithreaded programs. So you can convert between multiple threads, suspend, resume, terminate a thread, or change the priority of a thread. and the thread window will display the error for each thread (just as the call GetLastError returns).
Analysis: One of the biggest features of ollydbg is analysis. It parses function procedures, loop statements, select statements, tables [tables], constants, strings in code, deceptive directives [tricky constructs], API calls, number of arguments in functions, import tables, and so on. These analyses increase the readability of binary code and reduce the likelihood of errors, making our debugging work easier.
ObjectScan. OllyDbg can scan the object file/library (including OMF and COFF formats), extract the code snippet [code segments] and orient its position.
ImplibScan. Because of the index numbers used by the output functions of some DLL files, these index numbers have no practical meaning for people. If you have an input library corresponding to the DLL [import library],ollydbg, you can convert the ordinal to a symbol name.
Unicode is fully supported: Almost all ASCII-enabled operations also support Unicode, and vice versa.
Name: ollydbg can display input/output symbols and names based on debug information in Borland and Microsoft formats. The Object scanner can recognize library functions. You can add any of the names and comments. If some functions in a DLL are output through an index number, you can restore the original function name by hooking up the input library [import library]. Not only that, ollydbg can also recognize a large number of constant symbol names (such as: Window messages, error codes, bit field [bit fields] ... ) and be able to decode to a known function call.
known functions: ollydbg can identify more than 2,300 common functions in the C and Windows APIs and the parameters they use. You can add descriptive information, predefined decoding. You can also set a log breakpoint on a known function and record the parameters.
function Call: ollydbg can backtrack on recursive calls without debugging information or function procedures using nonstandard start parts [Prolog] and end parts [Epilog].
Translator Note:
004010D0 push EBP \
004010D1 mov Ebp,esp |
004010d3 Sub esp,10h |prolog
004010D6 Push EBX |
004010d7 Push ESI |
004010D8 Push EDI/
......
004010C5 pop EDI \
004010c6 pop esi |
004010C7 pop ebx |epilog
004010C8 mov esp,ebp |
004010CA Pop EBP |
004010CB ret/
stack: In the Stack window, ollydbg can intelligently identify the return address and stack frame [stack Frames]. And will leave some previous calls. If the program is stopped on a known function, the Stack window will parse its parameters for decoding.
Note: Stack frame [stack Frames] refers to a memory area for storing function parameters and local variables.
SEHchain: Tracks the stack and displays a structured exception handle chain. The entire chain is displayed in a separate window.
Search: There are so many ways! Precise, fuzzy search commands or sequence of commands, search for constants, search for binary, text strings, search all command addresses, search all constant or address fields [address range], search all jumps to the selected address, search all calls and called functions, search all reference strings, Search all calls in different modules, search for function names, and search for binary sequences in all allocated memory. If you search for multiple results, you can quickly manipulate them.
window: ollydbg can list various windows in the debugger, and can set breakpoints on Windows, classes, and even selected messages.
resource: If the Windows API function uses a reference resource string, ollydbg can display it. The type of support shown is limited to the list of accompanying resources [attached resource], data display, and binary editing.
Breakpoints: ollydbg supports various breakpoints: General breakpoint, conditional breakpoint, record breakpoint (such as record function parameter to record window), memory read and write breakpoint, hardware breakpoint (only for me/nt/2000), etc. In a hit tracking scenario, you can set the INT3 breakpoint on each command in the module. In Windows NT with the 500-mhz processor, the ollydbg can handle up to 5,000 interrupts per second.
monitoring and monitoring: each monitor is an expression and can display the value of an expression in real time. You can use registers, constants, address expressions, Boolean values, and any complex algebra operations, and you can compare ASCII andUnicode
String. The monitor [inspectors] is an index sequence containing two of the monitoring [Watches], which is presented in the form of a two-dimensional table, you can allow the salary of the starch syrup gong? nbsp;
Heap walk.: In a Win95-based system, ollydbg can list all of the allocated heaps.
Handle : In an NT-based system, ollydbg can list all the system handles of the program being debugged.
execute:. You can step through, walk into a subroutine, or step over a subroutine. You can also execute the program until the function returns, at the specified address, and automatically. While the program is running, you can still manipulate the program and be able to view memory, set breakpoints, and even modify code. You can also arbitrarily pause or restart the program you are debugging.
HitTrace:. Hit tracking can show instructions or function procedures that have been executed to help you examine the various branches of your code. The hit trace sets a breakpoint before the specified instruction arrives, and after the command executes, the breakpoint is cleared out.
The Translator notes: Hit in English is the meaning of "hitting", if the instruction is run to indicate that the command was "hit", no execution of the instruction is "not hit", so we can easily see which parts of the debugger is running, and which is not running.
RunTrace: Run trace can step into a program, which simulates running a program in a large loop buffer. This emulator contains the registers, flags, thread errors, messages, and parameters of the function that are already in addition to the SSE instruction set. You can save the command so that you can easily debug the self-modifying code (such as the shell program). You can set conditional interrupts, including address ranges, expressions, and commands. You can addRun
The trace information is saved to a file so that you can compare the differences between the two runs. The run trace can retrospectively analyze the various details of the millions command that has been performed.
Statistics: Statistics [Profiler] can calculate the number of occurrences of certain instructions at the time of tracing. So you can see which part of the code is being executed frequently.
Patch: The built-in assembler can automatically find the modified code snippet. The binary editor synchronously displays the modified data in ASCII, Unicode, or hexadecimal format. The modified data, like other data, is able to copy-paste operations. The original data is automatically backed up for use when the data is restored. You can copy the modified parts directly into the execution file, ollydbg will be automatically corrected. OLLYDBG also records all the patches that were used during the previous debugging process. You can activate or disable patches by using the SPACEBAR.
self-extracting files: When debugging self-extracting files, you often want to skip the decompression section and stop directly at the original entry point of the program. OllyDbg's self-extracting tracking will enable you to do this. Self-extracting traces tend to fail if the self-extracting segment is protected. Once ollydbg has found the entry point, it will skip the decompression section and arrive at the entry point exactly.
Plugins: You can add your own plugins to the ollydbg, adding new features. OLLYDBG's plug-in provides access to almost all of the important data structures, the ability to add menus and shortcut keys in ollydbg windows, and the ability to use more than 100 plug-in API functions. Plug-in API functions are documented in detail. The default installation already contains two plugins: command line plugin and bookmark plugin.
UDD: ollydbg saves all program or module related information to a separate file and continues to be used when the module is reloaded. This information includes tags, annotations, breakpoints, monitoring, analysis data, conditions, and more
MORE: The features described here are just some of the features of ollydbg. Because it is so rich in functionality that ollydbg can be a very handy debugger!
http://t.qq.com/baijialeyi6756
http://t.qq.com/wangxiaoku5044
Http://t.qq.com/t2015baixiaojie
http://t.qq.com/fenghuangm1172
http://t.qq.com/shenbotaiy4153
http://t.qq.com/dianziyouyi777
http://t.qq.com/manhadunyu5085
http://t.qq.com/malaixiyad3041
http://t.qq.com/zhongyuany9865
Http://t.qq.com/baixiaojiepingte
http://t.qq.com/baijialepo2587
http://t.qq.com/zhengguiwa9381
http://t.qq.com/xin2zuixin2667
Http://t.qq.com/tangrenyulecheng
http://t.qq.com/huangguany1925
http://t.qq.com/aomenweini3897
http://t.qq.com/aomenducha7461
http://t.qq.com/nhbgf545564
http://t.qq.com/t888zhenre4625
http://t.qq.com/xinaomenyu9729
Http://t.qq.com/amyhdc123?firstin
Http://t.qq.com/baijialepojiefa
Http://t.qq.com/fddrrrpet?preview
http://t.qq.com/baijialepo8016
Http://t.qq.com/rgfdff
http://t.qq.com/baijialeyo6708
Http://t.qq.com/fdbngfd
What is ollydbg often do crack software I ask you know olldbg is what?