What You Need
- Ollydbg For Macvirtuallasopa 2
- Ollydbg For Macvirtuallasopa 4
- Ollydbg For Macvirtuallasopa Master
- Ollydbg For Macvirtuallasopa Mac
- Ollydbg For Macvirtuallasopa Windows
- A Windows machine, real or virtual. I tried this on Windows 7, 10, and Server 2008 and itworks on them all.
Quick start - version 1.10. Read this for quick start.Consult help file for details and more features. Installation is not necessary. Create new directory and unpack odbg110.zip - now you can start! GDB is the gold standard for debugging on.nix. GDB has all of the debugging features you would expect in a modern debugger. For example, reverse debugging is the best feature to have if you are modifying the binary in memory, when you make a mistake just step back and try again. Ollydbg shows you a lot of data, but for now just notice the Assembly Code in the top left pane, and the Paused message in the lower right. When you load a program into Ollydbg, it starts in a 'Paused' state, with the Assembly Code window showing the first instruction. Running Putty in Ollydbg In Ollydbg, from the menu bar, click Debug, Run.
Summary
This is just the beginning of Lab09-01,performing the first run-through.This analysis shows that if the code isexecuted as it is, it checksfor a certain registry key, and ifthat key is absent, it deletes itself.
OllyDbg with Plugin+ OllyDBG v1.1+ OllyDBG v2.0.1+ OllyDBG ShadowGUI with Vic Plug-In Enjoy! HideOD is a plugin that bypasses several anti-debugging techniques commonly found in malware, hence facilitating the analyst's analysis.
Get OllyDbg 1.10
Get OllyDbg 1.10 here:Don't waste your time on OllyDbg 2.00 or 2.01.They are both broken.
Finding the Main Entry Point
Open the Lab09-01.exe file in IDA Pro.Click Options, General.Check 'Line Prefixes', asshown below.
Click OK.
Click Windows, 'ResetDesktop'.
IDA Pro shows that main startsat 0x402AF0, as shown below:
Saving the Screen Image
Make sure you can see the0x402AF0 address,as shown above.On your keyboard, press the PrntScrn key.
Click Start, type in PAINT, andopen Paint.
Press Ctrl+V to paste in the image of yourdesktop.
YOU MUST SUBMIT WHOLE-DESKTOP IMAGES TO GET FULL CREDIT.
Save the imagewith a filename of 'Proj 11a from YOUR NAME'.
Using OllyDbg to Walk Through Quickly
Open Lab09-01.exe in OllyDbg.You start at a preamble, which comesbefore the entry pointyou saw in IDA Pro, as shown below.
Press F8 forty times, to step over untiladdress0x403933. In the upper left paneof OllyDbg, scroll down a few lines to showthe code that setsthe arguments and calls main,as highlighted below.
Press F7 five times to load parameters and call mainfrom 0x403945, showing a new section of codestarting at 0x402AF0,as shown below.
Press F7 twenty-one times to call a short subroutineand get to 0x402AFD,as shown below.
This CMP operation is testing tosee if the number of command-linearguments is 1.
Press F7 three times to pass thetest and jump to0x00401000, as shown below.
Now we are in the routine starting at0x401000.
It calls RegOpenKeyExA at 0x40101B.
Left-click the line starting with0x401021 and press F2 to put abreakpoint there. That address turnsred, as shown below.
Left-click the line starting with0x401000. Press F9 to run to thebreakpoint.
Look at the upper right to see theregisters. EAX now contains 2,as shown below.
This is a 'non-zero error code',as explained here:
That means the test failed--it did not findthe registry key it was looking for.
Press F7 three times to get to location 0x401027.
Press F7 to execute the JMP.
Press F7 three times to step through the subroutine andget to 0x402B08.
Press F7 three times to get to location0x402410, as shown below:
This function uses GetModuleFilenameto get the path to the current executableand builds the ASCII string
/c del path-to-executable >> NULTo see that, place a breakpoint just afterGetShortPathNameA, so its addressturns red, as shown below.
Click the line starting with0x402410 to highlight it.
Press F9 to run to the breakpoint.
You should now be at the line ending with'ASCII '/c del ',as shown below.
By holding F7 down or tapping it many times,you can play thecode forward like a movie in slow motion.
Watch as the code slowly steps through a longpath name in EDI. Then the path name flips quickly throughseveral registers, ending up in EDX.
Stop when you see a stringin EDX, starting with
ASCII '/c del C:
as shown below:
TroubleshootingIf you press F7 too many times, EDXempties. To return to this point youmust do these steps:
|
Saving the Screen Image
Make sure you can see theEDX register with a valuestarting withASCII '/c del C:as shown above.On your keyboard, press the PrntScrn key.
Click Start, type in PAINT, andopen Paint.
Press Ctrl+V to paste in the image of yourdesktop.
YOU MUST SUBMIT WHOLE-DESKTOP IMAGES TO GET FULL CREDIT.
Save the imagewith a filename of 'Proj 11b from YOUR NAME'.
Turning in Your Project
Email the images to: cnit.126sam@gmail.comwith a subject line of Proj 11 From Your Name,replacing Your Name with your own first and last name.Send a Cc to yourself.Last Modified: 3-21-16
Каждая сборка предварительно заточена под определенные задачи
OllyDbg BoomBox [Modification]
Author: BoomBox
Another OllyDbg modification, mainly changed for aesthetic reasons in an XP styles format.
Скачать: Odbg110_BoomBox.rar
Author: Esp!oN Le rAvaGe
Some useful stuff were included, like scripts and plugin's.
Скачать: OllyDBG_CiM's_Edition.rar
Author: KOrUPt
Improvements include added stealth capabilities and improved visuals along with a few other tweaks.
Скачать: OllyDbg_Dark_Olly.rar
Author: Diablo
Ollydbg For Macvirtuallasopa 2
Its mainly got a few aesthetic changes to the layout plus it includes all the basic plugins and scripts to get a first time user up and running.
Скачать: Odbg110_Diablo's_Edition.rar
Author: Angel-55
This version of OllyDbg is moded to be undetectable by protectors or protecting formulas, it is fast and with most needed plugins for everyday cracking! A few fixes where done, some where reported by the users thanks to them some changes in code for hidding and of course speed is as always even or better... DLL loader was added since first version hadn't one, added plugins and updated osme old version with newer ones... Most important to note i add a new plugin manager to this package that works on DeFixed only now instead of deleting your plugins you can easly choose which to disable and which to use and return them back too without any problem.
Скачать: Odbg110_FOFF_Team_Edition_v2.0.rar
Author: Sacrafice
HanOlly.exe + HanOlly.dll - [Themida 1.9.5.0]
- This is a custom Olly and Plugin that defeats Themida 1.9.5.0 Anti-Debugger checks.
- Olly is modified the least amount possible, only bypasses debugger checks, and nothing more, very close to original 'clean' olly.
Скачать: Odbg110_HanOlly.rar
Author: Life Engines
This tool can let you debug a client process as a normal process, you can use normal debugger (exp llydbg) to debug the parent process at the same time.
Скачать: Odbg110_LifeODBG_v1.4.rar
Author: Unknown Author
Скачать: Odbg110_9in1_for_Themida.rar
Author: Shadow
Apart from a couple of aesthetic modifications Shadow's Olly modification has quite a few bug fixes and changes. Not much is known about exactly what changes have been made but it is regarded as being one of the better modified OllyDbg versions available.
Скачать: Odbg110_Shadow.rar
Author: Unknown Author
A version of OllyDbg specifically modified to allow debugging of VMProtect protected applications.
+ latest version of StrongOD
Скачать: OllyDBG_VMP_Edition.rar
Author: WiKiNG
Another modified version of OllyDbg 1.10.
Скачать: Odbg110_YPOGEiOS.rar
Author: DeRoX
- New look
Look at the upper right to see theregisters. EAX now contains 2,as shown below.
This is a 'non-zero error code',as explained here:
That means the test failed--it did not findthe registry key it was looking for.
Press F7 three times to get to location 0x401027.
Press F7 to execute the JMP.
Press F7 three times to step through the subroutine andget to 0x402B08.
Press F7 three times to get to location0x402410, as shown below:
This function uses GetModuleFilenameto get the path to the current executableand builds the ASCII string
/c del path-to-executable >> NULTo see that, place a breakpoint just afterGetShortPathNameA, so its addressturns red, as shown below.
Click the line starting with0x402410 to highlight it.
Press F9 to run to the breakpoint.
You should now be at the line ending with'ASCII '/c del ',as shown below.
By holding F7 down or tapping it many times,you can play thecode forward like a movie in slow motion.
Watch as the code slowly steps through a longpath name in EDI. Then the path name flips quickly throughseveral registers, ending up in EDX.
Stop when you see a stringin EDX, starting with
ASCII '/c del C:
as shown below:
TroubleshootingIf you press F7 too many times, EDXempties. To return to this point youmust do these steps:
|
Saving the Screen Image
Make sure you can see theEDX register with a valuestarting withASCII '/c del C:as shown above.On your keyboard, press the PrntScrn key.
Click Start, type in PAINT, andopen Paint.
Press Ctrl+V to paste in the image of yourdesktop.
YOU MUST SUBMIT WHOLE-DESKTOP IMAGES TO GET FULL CREDIT.
Save the imagewith a filename of 'Proj 11b from YOUR NAME'.
Turning in Your Project
Email the images to: cnit.126sam@gmail.comwith a subject line of Proj 11 From Your Name,replacing Your Name with your own first and last name.Send a Cc to yourself.Last Modified: 3-21-16
Каждая сборка предварительно заточена под определенные задачи
OllyDbg BoomBox [Modification]
Author: BoomBox
Another OllyDbg modification, mainly changed for aesthetic reasons in an XP styles format.
Скачать: Odbg110_BoomBox.rar
Author: Esp!oN Le rAvaGe
Some useful stuff were included, like scripts and plugin's.
Скачать: OllyDBG_CiM's_Edition.rar
Author: KOrUPt
Improvements include added stealth capabilities and improved visuals along with a few other tweaks.
Скачать: OllyDbg_Dark_Olly.rar
Author: Diablo
Ollydbg For Macvirtuallasopa 2
Its mainly got a few aesthetic changes to the layout plus it includes all the basic plugins and scripts to get a first time user up and running.
Скачать: Odbg110_Diablo's_Edition.rar
Author: Angel-55
This version of OllyDbg is moded to be undetectable by protectors or protecting formulas, it is fast and with most needed plugins for everyday cracking! A few fixes where done, some where reported by the users thanks to them some changes in code for hidding and of course speed is as always even or better... DLL loader was added since first version hadn't one, added plugins and updated osme old version with newer ones... Most important to note i add a new plugin manager to this package that works on DeFixed only now instead of deleting your plugins you can easly choose which to disable and which to use and return them back too without any problem.
Скачать: Odbg110_FOFF_Team_Edition_v2.0.rar
Author: Sacrafice
HanOlly.exe + HanOlly.dll - [Themida 1.9.5.0]
- This is a custom Olly and Plugin that defeats Themida 1.9.5.0 Anti-Debugger checks.
- Olly is modified the least amount possible, only bypasses debugger checks, and nothing more, very close to original 'clean' olly.
Скачать: Odbg110_HanOlly.rar
Author: Life Engines
This tool can let you debug a client process as a normal process, you can use normal debugger (exp llydbg) to debug the parent process at the same time.
Скачать: Odbg110_LifeODBG_v1.4.rar
Author: Unknown Author
A version of OllyDbg specifically modified to allow debugging of Themida protected applications.
Скачать: Odbg110_9in1_for_Themida.rar
Author: Shadow
Apart from a couple of aesthetic modifications Shadow's Olly modification has quite a few bug fixes and changes. Not much is known about exactly what changes have been made but it is regarded as being one of the better modified OllyDbg versions available.
Скачать: Odbg110_Shadow.rar
Author: Unknown Author
A version of OllyDbg specifically modified to allow debugging of VMProtect protected applications.
+ latest version of StrongOD
Скачать: OllyDBG_VMP_Edition.rar
Author: WiKiNG
Another modified version of OllyDbg 1.10.
Скачать: Odbg110_YPOGEiOS.rar
Author: DeRoX
- New look
- Modified code for almost perfect hiding
- Modified code for expanded windows
- Modified code for %s overflow RCE exploit
- Modified code to make symbols load properly
- OllyDRX Plugin Patcher
Скачать: Odbg110_OllyDRX_Lite.rar
Author: Shaddy
Portable version. No need configurations.
Скачать: Odbg110_Portable_OllySnD.rar
Author: phpbb3
OllyDbg moded for ExeCryptor & THEMIDA
- Add the possibility of deleting all points of stopping Remove all breakpoints
- Auto path UDD & plugin
- Reference search directly from the toolbar
- Show offset in status bar
- Amendment to show the number of additions to the list
- Additions located
Скачать: Odbg110_RAMOllyDBG_v1.1.rar
Author: Sabre
This version has been modded to work with Themida and EXECryptor. It also has cosmetic changes to make the design and layout of OllyDbg more appealing.
Plugins and scripts provided in the archive for use on the above mentioned protectors.
Скачать: Odbg110_Sabre-Gold_Edition.rar
Ollydbg For Macvirtuallasopa 4
Author:
Ollydbg For Macvirtuallasopa Master
Unknown AuthorСкачать: Ollydbg_The0DBG.rar
Author: AnTiCDLoCK
Ollydbg For Macvirtuallasopa Mac
A nice modification of the original OllyDbg 1.10 engine. Contains; a quick breakpoint feature, common and popular plugins, toolbar, extra features and slight visual changes.Скачать: Odbg110_UST_2bg.rar
Ollydbg For Macvirtuallasopa Windows
