From Collaborative RCE Tool Library

Jump to: navigation, search

OllyDbg 2.x Extensions


Tool name: CmdbarO2
Rating: 0.0 (0 votes)
Author: VieuxCrapaud                        
Website: http://sourceforge.net/projects/cmdlineo2/
Current version: v2.01
Last updated:
Direct D/L link: http://sourceforge.net/projects/cmdlineo2/files/latest/download
License type: free
Description: expression Calculate value of expression (1er character is not letter)
expression=expression Set register or memory (1er character is not letter)
* Follow address in Disassembler
: expression, label Assign symbolic label to address
? expression Calculate value of expression
A expression [,command] Assemble at address
ASM command [;address] Assemble ligne
AT expression Follow address in Disassembler
BC expression Delete breakpoint at address, WITHOUT ARGUMENTS DELETE ALL BREAKPOINT
BD expression Disable breakpoint at address, WITHOUT ARGUMENTS DISABLE ALL BREAKPOINT
BE expression Enable breakpoint at address, WITHOUT ARGUMENTS ENABLE ALL BREAKPOINT
BP expression [,condition] Set INT3 breakpoint at address
BV expression Validate breakpoint at address, WITHOUT ARGUMENTS VALIDATE ALL BREAKPOINT
BPX label Set breakpoint on each call to external 'label' within the current module
BRK View Breakpoints window
C expression, comment Set comment at address
CALC expression Calculate value of expression
CLOSE Close debugged program
CPU View CPU window
CS View Call Stack
D expression Follow address in dump
DA [expression] Dump in assembler format
DASM expression [;address] Deassemble ligne
DB [expression] Dump in hex byte format & ASCII text
DBA [expression] Dump in hex byte format & ASCII text
DBU [expression] Dump in hex byte format & UNICODE text
DC [expression] Dump as ASCII text
DD [expression] Dump as addresses (stack format)
DU [expression] Dump as UNICODE text
DUMP expression Dump in assembler format
DW [expression] Dump in hex word format
EXIT Close OllyDbg
FOLLOW expression Follow address in Disassembler
G [expression] Run till address
GE [expression] Pass exception to handler and run till address
H Show this help
H APIfunction Show help on API function
H OllyDbg Show OllyDbg help
HBRK View Hardware breakpoints window
HC [expression] Remove HW breakpoint at address, WITHOUT ARGUMENTS DELETE ALL HW BREAKPOINT
HD [expression] Disable HW breakpoint at address, WITHOUT ARGUMENTS DISABLE ALL HW BREAKPOINT
HE expression Set HW breakpoint on execute at address
HELP Show this help
HELP APIfunction Show help on API function
HELP OllyDbg Show OllyDbg help
HR expression Set 1-byte HW breakpoint on access to address
HV [expression] Validate HW breakpoint at address, WITHOUT ARGUMENTS VALIDATE ALL HW BREAKPOINT
HW expression Set 1-byte HW breakpoint on write to address
L expression, label Assign symbolic label to address
LOG View Log window
MBRK View Memory breakpoints window
MC expression Remove memory breakpoint
MD expression Disable memory breakpoint
MEM View Memory window
MOD View Executable modules
MR expression1 [,expression2] Set memory breakpoint on access to range
MV expression Validate memory breakpoint, WITHOUT ARGUMENTS VALIDATE ALL HW BREAKPOINT
MW expression1 [,expression2] Set memory breakpoint on write to range
OPEN [filename] Open executable file for debugging
OPT Edit options
ORIG Go to actual EIP
OSC execute ODbgScript Exemple: osc d:\upx.txt
PAUSE Pause execution
QUIT Close OllyDbg
RST Restart current program
RUN Run program
S Step into
SE Pass exception and Step into
SEI Pass exception and Step into
SEO Pass exception and Step over
SET expression=expression Set register or memory
SI Step into
SO Step over
STK expression Follow address in stack
STOP Pause execution
T [expression] Trace in till address
TC condition Trace in till condition (Only Condition 1 is set)
TCI condition Trace in till condition (Only Condition 1 is set)
TCO condition Trace over till condition (Only Condition 1 is set)
TIO [expression] Trace in till address
TO [expression] Trace over till address
THREAD View Threads window
TR Execute till return
TRACE View Trace window
TU Execute till user code
W expression Add watch
WATCH expression Add watch
======= All functions run ==========
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: DebugPluginO2
Rating: 0.0 (0 votes)
Author: VieuxCrapaud                        
Website: http://sourceforge.net/u/vieuxcrapaud/profile/
Current version: 201
Last updated:
Direct D/L link: http://sourceforge.net/projects/debugplugin/files/latest/download
License type: Free
Description: Loads OllyDbg, breakpoints on loading plugin and analyse the plugin
Each time you press the shortcut(Alt Shift F1) the following plugin is Annalyse
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: FastpadPlugin
Rating: 0.0 (0 votes)
Author: VieuxCrapaud                        
Website: http://sourceforge.net/u/vieuxcrapaud/profile/
Current version: 2.02
Last updated:
Direct D/L link: http://sourceforge.net/projects/fastpadplugin2/index.html
License type: free
Description: FastpadPlugin allows to take notes in ollydbg the faspad windows hides automatically when not in use. To open it just put the cursor on the left of the screen, the cuseuur turns red on contact.
One can save directly from olly the selected text using the shortcut CTRL+Q.
Faspad automatically saves the text in the plugin \ fastpad directory (each debuggee has a different .txt file)
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Hyde
Rating: 0.0 (0 votes)
Author: BoB                        
Website: http://bob.droppages.com/
Current version: 1.01
Last updated: December 12, 2011
Direct D/L link: http://bob.droppages.com/Projects/OllyDbg2/Hyde
License type:
Description: Hyde is a plugin for OllyDbg v2.xx, it's purpose is to hide ollyDbg from detection by the debugee.
This is done by patching memory and apis, and the options (or patch sets) can be saved to file, for easy reloading.

For example, with an ASProtect target you can set the patches that you need for ASProtect and save to a file "ASProtect.SET". This patch-set file can then be loaded whenever you need to debug ASProtect.



Features:

o All patched apis should work "normally" - They should only hide OllyDbg, but work for other windows/processes etc.
o All patches/hooks are selectable from the menu for quick access, or from options dialog.
o Optional Jmp variations (Push/Ret or Jmp[xxxxxxxx] or fake SysCall) for hooks.
o If possible to hot-patch api then will do this, if syscall then uses fake syscall, else uses selected jmp style.
o Load/Save patch sets. Patch Sets are simply INI files, so can also be edited in notepad.
o Remote allocated memory is seperated into code and data with appropriate access so should be no problems with DEP.
o If you right-click a patch in Options dialog, the code window view will jump to that Api.



Patches:

o PEB.IsDebugged
o PEB.NtGlobalFlag
o PEB.HeapFlag
o NtQueryInformationProcess
o NtSetInformationThread
o FindWindowA
o FindWindowW
o FindWindowExA
o FindWindowExW
o EnumWindows
o Process32NextW
o OutputDebugString
o NtQueryObject
o GetTickCount
o NtOpenProcess
o BlockInput
o NtClose
o GetStartupInfo
o NtQuerySystemInformation
o NtYieldExecution
o GetForegroundWindow
o EnumDesktopWindows
o GetWindowThreadProcessId



Future:

o Custom patches/hooks.
o Repair hooks if app unhooks the Apis.
o Possibly change exception options for OllyDbg in patch-sets?
o Maybe detection of packer targets?



Past:

-> Release [v1.01]
o Fixed hang if OllyDbg closed while Options window was still open
o Check/repair Api bytes more before patch
o Copies bytes without breakpoint byte, if set on Api
o Detects LCF-AT's OllySND 2.1 and disables NtQueryInformationProcess patch
o Added NtYieldExecution check code (by Peter Ferrie) to CheckDebug.exe test program
o Patching is now done at EP, or if target is DLL then DLL EP
o Added NtYieldExecution hook
o Added GetForegroundWindow hook
o Added EnumDesktopWindows hook
o Added GetWindowThreadProcessId hook
o Patching is done at first TLS in EXE that has callbacks
o If SysCall api detected, uses fake SysCall Jmp
o If can hot-patch an Api then will do that instead of selected patch-style
o Fixed weird bug where patches were applied twice sometimes

-> Initial Release [v1.00]
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: ODbgScript
Rating: 0.0 (0 votes)
Author: VieuxCrapaud                        
Website: http://sourceforge.net/projects/odbgsrcriptv202/index.htm
Current version: v2.02
Last updated: June 26, 2015
Direct D/L link: http://sourceforge.net/projects/odbgsrcriptv202/files/latest/download
License type: Public Domain
Description: ODbgScript is a plugin for OllyDbg, which is, in our opinion, the best application-mode debugger out there. One of the best features of this debugger is the plugin architecture which allows users to extend its functionality. ODbgScript is a plugin meant to let you automate OllyDbg by writing scripts in an assembly-like language. Many tasks involve a lot of repetitive work just to get to some point in the debugged application. By using my plugin you can write a script once and for all.



For OllyDbg v2.01




with some bugs less

I wish I had feedback for faster corrected bugs thank you!
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: OllyResourceRefs
Rating: 0.0 (0 votes)
Author: Austyn Krutsinger                        
Website: https://github.com/akrutsinger/OllyResourceRefs
Current version: 0.1.0
Last updated: November 22, 2014
Direct D/L link: https://github.com/akrutsinger/OllyResourceRefs/raw/master/bin/release/OllyResourceRefs.dll
License type:
Description: OllyResourceRefs is a plugin for OllyDbg 2.01 that will find possible references to the resource's within the current module being debuged by OllyDbg. This is accomplished find all "push imm" commands where 'imm' is the value of a resource ID. Because some functions may have a constant as a parameter, OllyResourceRefs can only guarantee possible references to the modules resources.

To use, copy the plugin to OllyDbg's plugin directory and once you load, or attach, OllyDbg to the module you want to debug, use the plugins menu to find possible references to resources within that module.

Double clicking on any row in the OllyResourceRefs Log window will bring you to the callers location in the OllyDbg disassembly window.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: OllySpelunk
Rating: 0.0 (0 votes)
Author: Austyn Krutsinger                        
Website: https://github.com/akrutsinger/OllySpelunk
Current version: 0.3.0
Last updated: November 23, 2014
Direct D/L link: https://github.com/akrutsinger/OllySpelunk/raw/release/bin/release/OllySpelunk.dll
License type:
Description: OllySpelunk is a code cave finder for OllyDbg v2.01.

You can search code caves that are null-byte, NOP, INT3, or a user-defined byte value.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)


RSS feed Feed containing all updates and additions for this category.

RSS feed Feed containing all updates and additions for this category, including sub-categories.





Views
Category Navigation Tree
   Code Coverage Tools  (13)
   Code Ripping Tools  (2)
   Helper Tools  (3)
   Hex Editors  (13)
   Memory Patchers  (7)
   Packers  (19)
   Profiler Tools  (11)
   String Finders  (10)
   Tool Hiding Tools  (7)
   Tracers  (20)
   Needs New Category  (3)