OLLYDBG Entry Record

1. Software Window description

The names of each window in the ollydbg are as follows. Simply explain the functions of each window,

Disassembly window: Displays the disassembly code of the debugged program, the address on the title bar, HEX data, disassembly, and comments can be toggled by right-clicking the menu interface options in the window to hide the title or display the caption. Use the left mouse button to click on the Comment tab to toggle the way comments are displayed.

Register window: Displays the contents of the CPU register for the currently selected thread. Also click on the label Register (FPU) to toggle the display of registers.

Information window: Displays the parameters of the first command selected in the Disassembly window and some jump destination addresses, strings, and so on.

Data window: Displays the contents of the memory or file. The right-click menu can be used to toggle display mode.

Stack window: Displays the stack of the current thread.

To adjust the size of the above window, just left-click and hold the border to drag, and so on, and then restart the ollydbg can be effective.

2. Software shortcut keys

F2//Down Breakpoint

F3//Loading an executable program

F4//program execution to Cursor

F5//Zoom out, restore current window

F7//out Step Into

F8//Single Step through

F9//Run the program directly, at the breakpoint, the program will pause

Ctrl+f2 re-run the program to the beginning to re-debug the program

CTRL+F9//Executes to the return of the function, used to jump out of the function

ALT+F9//Execute to user code for quick jump out of system functions

Ctrl+g//Enter hex address to quickly navigate to this address

CTRL+F2//re-run the currently debugged program

Alt+f2 ending the currently debugged program

Temporarily stop the execution of the Debugged program (F12)

followed by the call of the Debugged program (CTRL+F11)

Skip the call (CTRL+F12) of the debugged program when tracing

Execution until return (CTRL+F9)

Show Record window (ALT+L)

Display Module window (alt+e)

Display Memory window (ALT+M)

Show CPU window (ALT+C)

Show Patch window (ctrl+p)

Show Call Stack (ALT+K)

Show Breakpoints Window (ALT+B)

Open the Debug Options window (Alt+o)

3. Basic Debugging Methods

OllyDbg There are three ways to load the program for debugging,

One is to click the menu file--open (shortcut key is F3) to open an executable file for debugging,

Another is to click on the menu file, attach to attach to a running process to debug. Note that the program you want to attach here must already be running.

The third is to use the right-click menu to load the program (I do not know this count). In general, we choose the first way. For example, we choose a test.exe to debug, through the menu file--open to load this program

The shortcut keys we often use in debugging are these:

F2: Set a breakpoint, as long as the cursor location (in the gray bar) to press the F2 key, and then press the F2 key will delete the breakpoint. (equivalent to F9 in SoftICE)

F8: One step at a walk. Each time you press this key to execute an instruction in an disassembly window, you encounter a call such as a subroutine that does not enter its code. (equivalent to F10 in SoftICE)

F7: Step Into. The function is similar to step by step (F8), the difference is to encounter the call and other sub-program will enter into it, the first will stay in the sub-program on the first instruction. (equivalent to F8 in SoftICE)

F4: Runs to the selected location. The function is to run directly to the cursor at the location of the pause. (equivalent to F7 in SoftICE)

F9: Run. Press this key if the corresponding breakpoint is not set, the program being debugged will start running directly. (equivalent to F5 in SoftICE)

CTR+F9: Execution to return. This command pauses when executing to a RET (return instruction) instruction and is often used to return from the system's airspace to the program airspace we have debugged. (equivalent to F12 in SoftICE)

ALT+F9: Executes to user code. Can be used to quickly return from system airspace to the program airspace we have debugged. (equivalent to F11 in SoftICE)

OllyDbg Entry Record