From Collaborative RCE Tool Library

Jump to: navigation, search

OllyDbg Extensions


Tool name: CPU Initialization Patch
Rating: 5.0 (1 vote)
Author: blurcode                        
Website: http://www.woodmann.com/forum/showthread.php?t=11302
Current version: 1.0.0.1
Last updated: April 12, 2008
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: This is a plugin for OllyDbg 1.10, which hot-patches Olly's code to resolve the issue of OllyDbg taking 100% CPU time as soon as the debugged process is running (i.e. after having pressed F9 inside OllyDbg).

If nothing else, this problem causes any laptop that you might be reversing on to lose much more battery life than necessary, and also to sound like a jet plane due to constant maximum fan rotation, so this plugin will come in hand for any laptop reversers at least.

For more info, please see the following thread:
http://www.woodmann.com/forum/showthread.php?t=11302

Changelog:
Version 1.0.0.1
April 12, 2008
- keeps the last selected option after restart
Version
February 11, 2008
Version 1.0.0.0
- initial release
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Cleanup Ex
Rating: 5.0 (1 vote)
Author: Gigapede                        
Website: N/A
Current version: 1.12
Last updated: March 11, 2003
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Deletes all .udd, .bak files. Plugin & udd dir support.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: CommandBar
Rating: 5.0 (1 vote)
Author: Gigapede                        
Website: N/A
Current version: 3.20.110
Last updated: April 18, 2006
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: SoftICE commands in a small bar on the bottom. Macro function support.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: IDAFicator
Rating: 5.0 (3 votes)
Author: Zool@nder - AT4RE                        
Website: http://www.at4re.com
Current version: 2.0.1.48
Last updated: February 18, 2011
Direct D/L link: http://www.at4re.com/request.php?6
License type: Free
Description: This plugin tries to make the life of OllyDBG© users easier by bringing to him some fast and frequently used function.

What's new in v.2.0.1.48:
~~~~~~~~~~~~~~~~~~
- Completely re wrote multi assembler. aka ROTE aka Rainbow Ollydbg Text Assembler
- New Goto dialogbox with code completion
- A lot of new shortcuts

[+]: Added mouse scrolling ability to Goto listbox.
[+]: Added a workaround StrongOD problem hooking NtCreateProcess: You have to
go to settings>rote tab, then set the number of milliseconds to sleep
after compilation (500 ms works fine form me on a core 2 duo 1.60GHz).
Thus, I noticed that it succeed only if THERE ARE NO ERRORS in the code.
[+]: Ability to supersede StrongOD and AdvancedOlly Goto dialogbox even if
not disabled ('Choosable').
[+]: Ability to supersede StrongOD status bar info (idaficator must be loaded
last, and to do so, just execute ollydbg without idaficator, then add it
and re-run (after checking 'Supremacy mode' from settings)).
[!]: Fix various tiny bugs.

You can download the Full package of IDAFicator from this link:
http://www.multiupload.com/UEKJ0DV8DA
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: OllyDump
Rating: 5.0 (2 votes)
Author: Gigapede                        
Website: N/A
Current version: 3.00.110
Last updated: March 24, 2005
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Dump debuggee process memory and Rebuild IAT.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: PhantOm
Rating: 5.0 (2 votes)
Author: Hellsp@wn & Archer & Olenevod                        
Website: N/A
Current version: 1.54
Last updated: January 7, 2009
Direct D/L link: Locally archived copy
License type: Free
Description: Plugin (with driver) for hiding OllyDbg from following methods of detection:

// driver - extremehide.sys

[+] NtQueryInformationProcess.
[+] SetUnhandledExceptionFilter.
[+] OpenProcess.
[+] Invalid Handle.
[+] NtSetInformationThread.
[+] RDTSC.
[+] NtYieldExecution.
[+] NtQueryObject.
[+] NtQuerySystemInformation.
[+] Windows hide.
[+] GetProcessTimes.
[+] NtSetContextThread.

// plugin - PhantOm.dll

[+] PEB BeingDebugged.
[+] PEB NtGlobalFlag.
[+] GetStartupInfo.
[+] Process Heaps.
[+] GetTickCount.
[!] Protect DRx.
[!] Hide DRx.
[!] Fake Windows version.
[!] Custom Handler.
[+] BlockInput


What's new - 1.30
[*] Captions of main and CPU windows can be manually set (CAPTEXT and PRETEXT in OllyDbg's ini-file). By default, they are named "PhantOm" and "o_O".
[*] Fixed some bugs in "custom handler exceptions" feature
[*] Other minor fixes

What's new - 1.26
[*] Fixed bug with loading driver
[*] Fixed bug with memory breakpoints
(Now, when "custom handler exceptions" option is
checked - memory breapoints on access/write will work,
but break-on-access won't work)
[*] Fixed bug with updating plugin (after previous version)

What's new - 1.25
[*] Now you can manually set names of services (HIDENAME and RDTSCNAME)
[*] Fixed some minor bugs
[*] Fixed bug with memory breakpoints

What's new - 1.20
[*] Added own exception handler (C0000005)
[*] Added option to change caption of main OllyDbg window
[*] Added own exception handler (OUTPUT_DEBUG_STRING_EVENT)
[*] Impoved removing of int 3 breakpoint at EP, when pause is set to "system breakpoint"
[*] Added hook for BlockInput (only for Windows XP)
[*] Added own exception handler (C0000094)
[*] Added hide from GetStartupInfo
[*] Fixed bug with plugin options
[*] Added protection from detecting driver
Also listed in: Tool Hiding Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: OllyHeapTrace
  • Currently3.6666666666667/5
  • 1
  • 2
  • 3
  • 4
  • 5
Rating: 3.7 (3 votes)
Author: Stephen Fewer                        
Website: http://www.harmonysecurity.com/OllyHeapTrace.html
Current version: 1.0
Last updated: February 23, 2008
Direct D/L link: Locally archived copy
License type:
Description: OllyHeapTrace is a plugin for OllyDbg (version 1.10) to trace the heap operations being performed by a process. It will monitor heap allocations and frees for multiple heaps, as well as operations such as creating or destroying heaps and reallocations. All parameters as well as return values are recorded and the trace is highlighted with a unique colour for each heap being traced.

The primary purpose of this plugin is to aid in the debugging of heap overflows where you wish to be able to control the heap layout to overwrite a specific structure such as a chunk header, critical section structure or some application specific data. By tracing the heap operations performed during actions you can control (for example opening a connection, sending a packet, closing a connection) you can begin to predict the heap operations and thus control the heap layout.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Immunity Debugger
Rating: 3.0 (1 vote)
Author: Immunity Inc / Oleh Yuschuk                        
Website: http://debugger.immunityinc.com
Current version: 1.6
Last updated: March 27, 2008
Direct D/L link: N/A
License type: Free
Description: Immunity Debugger is based on OllyDbg.

Immunity Debugger is a powerful new way to write exploits, analyze malware, and reverse engineer binary files. It builds on a solid user interface with function graphing, the industry's first heap analysis tool built specifically for heap creation, and a large and well supported Python API for easy extensibility.

* A debugger with functionality designed specifically for the security industry
* Cuts exploit development time by 50%
* Simple, understandable interfaces
* Robust and powerful scripting language for automating intelligent debugging
* Lightweight and fast debugging to prevent corruption during complex analysis
* Connectivity to fuzzers and exploit development tools
Also listed in: OllyDbg Custom Versions, Ring 3 Debuggers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: API Help
Rating: 0.0 (0 votes)
Author: Phoenix                        
Website: N/A
Current version:
Last updated: June 26, 2006
Direct D/L link: Locally archived copy
License type: Free
Description: Assists in finding API addresses and setting breakpoints, includes auto-completion feature. Supports ~120 DLL and ~14000 API.
For XPsp2 only! (place aphlp.ahd in main OllyDbg directory)
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: aadp
Rating: 0.0 (0 votes)
Author: nahuelriva / rcerage                        
Website: http://code.google.com/p/aadp/
Current version: 0.2.1
Last updated: November 21, 2010
Direct D/L link: N/A
License type: GPLv3
Description: aadp is a collection of plugins that aims to hide most of the well knowns debuggers from most of anti-debugging techniques.
Also listed in: Tool Hiding Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: AnalyzeThis!
Rating: 0.0 (0 votes)
Author: Joe Stewart                        
Website: http://www.joestewart.org
Current version:
Last updated: October 26, 2004
Direct D/L link: Locally archived copy
License type: Free
Description: This plugin allows the OllyDbg analysis function to operate outside of the standard code segment as defined by the PE header. Particularly useful for packed files.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Asm2Clipboard
Rating: 0.0 (0 votes)
Author: fatmike                        
Website: N/A
Current version:
Last updated: April 8, 2005
Direct D/L link: Locally archived copy
License type: Free
Description: Copy asm code to clipboard.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: AttachAnyway
Rating: 0.0 (0 votes)
Author: Joe Stewart                        
Website: N/A
Current version: 0.3
Last updated: September 7, 2005
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: AttachAnyway is a PoC OllyDbg plugin designed to show how to remove a process' hook on NtContinue by the anti-debugger-attach method devised by Piotr Bania here:

http://pb.specialised.info/all/anti-dattach.asm

This is not intended to be a universal plugin for all anti-attach methods, just one example of how you can do it. It works by enumerating all processes, searching their virtual memory space for a JMP hook on the NtContinue method, then replacing the jump with the original bytes from a non-hooked process, then calling the OllyDbg Attachtoactiveprocess API.

attach-test.exe is an assembled version of Piotr's anti-dattach.asm you can use to test the plugin with.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: AttachExtended
Rating: 0.0 (0 votes)
Author: Hero                        
Website: http://www.woodmann.com/forum/showthread.php?t=12499
Current version:
Last updated: March 4, 2009
Direct D/L link: Locally archived copy
License type: Free
Description: This is a really small plugin that I have written for improving attach feature of OllyDbg.
With this plugin,you can attach to process by identifing its PID directly,not only selecting process list. In addition,you can find PID of process by dragging a small cursor on each window(This can be used on some protection which remove process from process list like GameGuard).

Please let me know about Bugs, and your suggestions for more process attaching options.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: BlkLabel
Rating: 0.0 (0 votes)
Author: Veronica Chapman                        
Website: http://www.veronicachapman.com/OllyDbg/
Current version: 1.0
Last updated: September 30, 2008
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: BlkLabel is a bulk labelling plugIn for OllyDbg.

The objective is to take a Memory Map listing from a compilation and extract all Label-Address (Symbol-Address) pairs from such a (text) file. These are then fed into OllyDbg such that it will display Symbols rather than Memory Addresses. This renders OllyDbg's presentations about as readable as is possible in a Debugging Environment.

The precursor is, of course, the availability of a Memory Map in textual format. Most IDEs (Linkers) should be able to produce that.

This is the link:

http://www.VeronicaChapman.com/OllyDbg/BlkLabel.zip

There is a ReadMe that explains the package. The PlugIn comes with a Help File that explains everything anyway (as far as I can see).

The main PlugIn (BlkLabel.dll) calls a Sub-Plugin (SubLabel.dll). All of the reformatting to support the extraction of Label-Address pairs for a specific Memory Map File Format is contained within SubLabel.dll. Write a different one of those, and you can decipher the Memory Map File of your choice. You just need to create an Export to handle (maybe translate) each Character, and another to decipher each Text Record. BlkLabel itself handles all the rest.

Oh. There's just one small thing. The Source Code is contained in the package, but the PlugIn is written in Clarion ... so I don't know if it will be much use to you but if it is you are welcome to use it.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: CLBPlus!
Rating: 0.0 (0 votes)
Author: Robert Ayrapetyan                        
Website: N/A
Current version: 1.0
Last updated: October 1, 2005
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Extends standard capabilities of conditional log breakpointing, utilizing OllyDbg feature which allows passing commands to plugins from "Set conditional log breakpoint window". Version only supports a DUMP command, but with included source this is great example for creating additional functions.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: CmdbarO2
Rating: 0.0 (0 votes)
Author: VieuxCrapaud                        
Website: http://sourceforge.net/projects/cmdlineo2/
Current version: v2.01
Last updated:
Direct D/L link: http://sourceforge.net/projects/cmdlineo2/files/latest/download
License type: free
Description: expression Calculate value of expression (1er character is not letter)
expression=expression Set register or memory (1er character is not letter)
* Follow address in Disassembler
: expression, label Assign symbolic label to address
? expression Calculate value of expression
A expression [,command] Assemble at address
ASM command [;address] Assemble ligne
AT expression Follow address in Disassembler
BC expression Delete breakpoint at address, WITHOUT ARGUMENTS DELETE ALL BREAKPOINT
BD expression Disable breakpoint at address, WITHOUT ARGUMENTS DISABLE ALL BREAKPOINT
BE expression Enable breakpoint at address, WITHOUT ARGUMENTS ENABLE ALL BREAKPOINT
BP expression [,condition] Set INT3 breakpoint at address
BV expression Validate breakpoint at address, WITHOUT ARGUMENTS VALIDATE ALL BREAKPOINT
BPX label Set breakpoint on each call to external 'label' within the current module
BRK View Breakpoints window
C expression, comment Set comment at address
CALC expression Calculate value of expression
CLOSE Close debugged program
CPU View CPU window
CS View Call Stack
D expression Follow address in dump
DA [expression] Dump in assembler format
DASM expression [;address] Deassemble ligne
DB [expression] Dump in hex byte format & ASCII text
DBA [expression] Dump in hex byte format & ASCII text
DBU [expression] Dump in hex byte format & UNICODE text
DC [expression] Dump as ASCII text
DD [expression] Dump as addresses (stack format)
DU [expression] Dump as UNICODE text
DUMP expression Dump in assembler format
DW [expression] Dump in hex word format
EXIT Close OllyDbg
FOLLOW expression Follow address in Disassembler
G [expression] Run till address
GE [expression] Pass exception to handler and run till address
H Show this help
H APIfunction Show help on API function
H OllyDbg Show OllyDbg help
HBRK View Hardware breakpoints window
HC [expression] Remove HW breakpoint at address, WITHOUT ARGUMENTS DELETE ALL HW BREAKPOINT
HD [expression] Disable HW breakpoint at address, WITHOUT ARGUMENTS DISABLE ALL HW BREAKPOINT
HE expression Set HW breakpoint on execute at address
HELP Show this help
HELP APIfunction Show help on API function
HELP OllyDbg Show OllyDbg help
HR expression Set 1-byte HW breakpoint on access to address
HV [expression] Validate HW breakpoint at address, WITHOUT ARGUMENTS VALIDATE ALL HW BREAKPOINT
HW expression Set 1-byte HW breakpoint on write to address
L expression, label Assign symbolic label to address
LOG View Log window
MBRK View Memory breakpoints window
MC expression Remove memory breakpoint
MD expression Disable memory breakpoint
MEM View Memory window
MOD View Executable modules
MR expression1 [,expression2] Set memory breakpoint on access to range
MV expression Validate memory breakpoint, WITHOUT ARGUMENTS VALIDATE ALL HW BREAKPOINT
MW expression1 [,expression2] Set memory breakpoint on write to range
OPEN [filename] Open executable file for debugging
OPT Edit options
ORIG Go to actual EIP
OSC execute ODbgScript Exemple: osc d:\upx.txt
PAUSE Pause execution
QUIT Close OllyDbg
RST Restart current program
RUN Run program
S Step into
SE Pass exception and Step into
SEI Pass exception and Step into
SEO Pass exception and Step over
SET expression=expression Set register or memory
SI Step into
SO Step over
STK expression Follow address in stack
STOP Pause execution
T [expression] Trace in till address
TC condition Trace in till condition (Only Condition 1 is set)
TCI condition Trace in till condition (Only Condition 1 is set)
TCO condition Trace over till condition (Only Condition 1 is set)
TIO [expression] Trace in till address
TO [expression] Trace over till address
THREAD View Threads window
TR Execute till return
TRACE View Trace window
TU Execute till user code
W expression Add watch
WATCH expression Add watch
======= All functions run ==========
Also listed in: OllyDbg 2.x Extensions
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Code Ripper
Rating: 0.0 (0 votes)
Author: Ziggy                        
Website: N/A
Current version:
Last updated: April 19, 2006
Direct D/L link: Locally archived copy
License type: Free
Description: Rips selected code from OllyDbg disassembler window and formats according to MASM, C/C++ (inline assembler) or Delphi (inline assembler). Customizable, supports labels, comments, detailed help.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: CodeDoctor
Rating: 0.0 (0 votes)
Author: hnedka                        
Website: N/A
Current version: 0.90
Last updated: November 12, 2009
Direct D/L link: see details
License type: freeware
Description: <nowiki>CodeDoctor is a plugin for Olly and IDA.

History:
11.11.2009 - 0.90 - initial public release

________________________________________________________________________________
Functions:

1) Deobfuscate

Select instructions in disasm window and execute this command. It will try
to clear the code from junk instructions.

Example:

Original:
00874372 57 PUSH EDI
00874373 BF 352AAF6A MOV EDI,6AAF2A35
00874378 81E7 0D152A41 AND EDI,412A150D
0087437E 81F7 01002A40 XOR EDI,402A0001
00874384 01FB ADD EBX,EDI
00874386 5F POP EDI

Deobfuscated:
00874372 83C3 04 ADD EBX,4

________________________________________________________

2) Deobfuscate - Single Step

This works like previous command, but does one transformation at a time
_______________________________________________________

3) Move NOPs to bottom

Converts this:

00874396 50 PUSH EAX
00874397 90 NOP
00874398 90 NOP
00874399 52 PUSH EDX
0087439A BA 3F976B00 MOV EDX,somesoft.006B973F


to this:

00874396 50 PUSH EAX
00874397 52 PUSH EDX
00874398 BA 3F976B00 MOV EDX,somesoft.006B973F
0087439D 90 NOP
0087439E 90 NOP

Limitations: it breaks all jumps and calls pointing inwards
________________________________________________________

4) Undo / Redo

Undo or Redo last operation (from one of the above functions)

________________________________________________________

5) Retrieve Jumpy function

This will statically parse instructions and follow all jumps. This is useful
for situations, when program jumps here and there and here and there... When
it encounters some instruction, that can't be followed, it stop and copies
all parsed instruction to an allocated place in memory.

Use settings to set some parameters:
Step over calls - if set, it will step over calls, otherwise it will follow them
Step over jccs - dtto, but for Jccs
Deobfuscate - it will deobfuscate instruction, when it encounters Jcc, RET,
JMP reg/exp, CALL reg/exp; useful for multi-branch

Example:

Original:
00874389 /EB 05 JMP SHORT somesoft.00874390
0087438B
Also listed in: Deobfuscation Tools, IDA Extensions, Resource Editors, Unpacking Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Conditional Branch Logger
Rating: 0.0 (0 votes)
Author: Blabberer / dELTA / Kayaker                        
Website: N/A
Current version: 1.0
Last updated: June 13, 2007
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Conditional Branch Logger is a plugin which gives control and logging capabilities for conditional branch instructions over the full user address space of a process. Useful for execution path analysis and finding differences in code flow as a result of changing inputs or conditions. It is also possible to log conditional jumps in system dlls before the Entry Point of the target is reached. Numerous options are available for fine tuning the logging ranges and manipulating breakpoints.
Also listed in: Code Coverage Tools, Profiler Tools, Tracers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Data Ripper
Rating: 0.0 (0 votes)
Author: Ziggy                        
Website: N/A
Current version: 1.2
Last updated: January 28,.2006
Direct D/L link: Locally archived copy
License type: Free
Description: Rips any kind of data from an app being debugged with OllyDbg. The ripped data can be formatted and "declared" in the syntax of MASM, C/C++ and Delphi. Data Ripper is useful whenever you need to rip data, tables, etc. out of an app so the data can be used in another compiled program.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: DeJunk
Rating: 0.0 (0 votes)
Author: flyfancy                        
Website: N/A
Current version:
Last updated: October 16, 2003
Direct D/L link: Locally archived copy
License type: Free
Description: Find/remove junkcode from packers, customizable.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: DebugPlugin
Rating: 0.0 (0 votes)
Author: TBD                        
Website: N/A
Current version: 1.0
Last updated: November 28, 2002
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Loads OllyDbg and breakpoints on load plugin routine.
For OllyDbg 1.08b ONLY.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: DebugPluginO2
Rating: 0.0 (0 votes)
Author: VieuxCrapaud                        
Website: http://sourceforge.net/u/vieuxcrapaud/profile/
Current version: 201
Last updated:
Direct D/L link: http://sourceforge.net/projects/debugplugin/files/latest/download
License type: Free
Description: Loads OllyDbg, breakpoints on loading plugin and analyse the plugin
Each time you press the shortcut(Alt Shift F1) the following plugin is Annalyse
Also listed in: OllyDbg 2.x Extensions
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Exception Counter
Rating: 0.0 (0 votes)
Author: ZeetreX                        
Website: N/A
Current version: 0.1
Last updated: August 25, 2006
Direct D/L link: Locally archived copy
License type: Free
Description: A plugin to automate the process of unpacking with exceptions. (Count the number of exceptions before the app runs and then pass exceptions n-1 times in next restart)
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: ExtraCopy
Rating: 0.0 (0 votes)
Author: Regon                        
Website: N/A
Current version: 0.9
Last updated: July 1, 2003
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Copy portions of code inside OllyDbg and to clipboard.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: FastpadPlugin
Rating: 0.0 (0 votes)
Author: VieuxCrapaud                        
Website: http://sourceforge.net/u/vieuxcrapaud/profile/
Current version: 2.02
Last updated:
Direct D/L link: http://sourceforge.net/projects/fastpadplugin2/index.html
License type: free
Description: FastpadPlugin allows to take notes in ollydbg the faspad windows hides automatically when not in use. To open it just put the cursor on the left of the screen, the cuseuur turns red on contact.
One can save directly from olly the selected text using the shortcut CTRL+Q.
Faspad automatically saves the text in the plugin \ fastpad directory (each debuggee has a different .txt file)
Also listed in: OllyDbg 2.x Extensions
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: FullDisasm
Rating: 0.0 (0 votes)
Author: BeatriX                        
Website: http://www.beaengine.org
Current version: 3.0
Last updated: May 6, 2010
Direct D/L link: http://www.beaengine.org/downloads/FullDisasm_OllyDbg.zip
License type: Free
Description: This plugin replaces the default OllyDbg disassembly routine with an engine which supports MMX, FPU, SSE, SSE2, SSE3, SSSE3, SSE4.1 and SSE4.2, AES , CLMUL instructions and undocumented instructions called "aliases". Displays processor support for these technologies. Allows disassembling globally or only on selected lines in Masm, Nasm ,GoAsm syntax and AT&T Syntax. Available as a plugin for OllyDbg or Immunity Debugger.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Games Invader
Rating: 0.0 (0 votes)
Author: GamingMasteR                        
Website: http://www.tuts4you.com/download.php?view.2148
Current version: 2.1
Last updated: March 1, 2008
Direct D/L link: Locally archived copy
License type: Free
Description: I coded this plugin to help games hackers working on OllyDbg, it allows you to cheat games with OllyDbg.

+Ability to choose memory types to scan.
+Ability to determine the scanned memory scope.
+Can scan for [Exact values], [Values bigger than x], [Values smaller than x] or [values between x,y] .
+Scanning Algorithm optimized, now it's very fast than the old version.
+Auto update for found values.
+Known bugs fixed.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: GoDup
Rating: 0.0 (0 votes)
Author: godfather+                        
Website: N/A
Current version: 1.2
Last updated: August 9, 2004
Direct D/L link: Locally archived copy
License type: Free
Description: IDA signature loader/map loader/resource viewer/process info. View dialogs, version info and Delphi/BorlandC forms.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Hide Caption
Rating: 0.0 (0 votes)
Author: Gigapede                        
Website: N/A
Current version: 1.00
Last updated: November 21, 2002
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Hides MDI windows caption to get more space
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Hide Debugger
Rating: 0.0 (0 votes)
Author: Asterix                        
Website: N/A
Current version: 1.24
Last updated: April 19, 2006
Direct D/L link: Locally archived copy
License type: Free
Description: This plugin hides OllyDbg from many debugger detection tricks.

(source code was released on February 24, 2010, and is now included in the download above)
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Hyde
Rating: 0.0 (0 votes)
Author: BoB                        
Website: http://bob.droppages.com/
Current version: 1.01
Last updated: December 12, 2011
Direct D/L link: http://bob.droppages.com/Projects/OllyDbg2/Hyde
License type:
Description: Hyde is a plugin for OllyDbg v2.xx, it's purpose is to hide ollyDbg from detection by the debugee.
This is done by patching memory and apis, and the options (or patch sets) can be saved to file, for easy reloading.

For example, with an ASProtect target you can set the patches that you need for ASProtect and save to a file "ASProtect.SET". This patch-set file can then be loaded whenever you need to debug ASProtect.



Features:

o All patched apis should work "normally" - They should only hide OllyDbg, but work for other windows/processes etc.
o All patches/hooks are selectable from the menu for quick access, or from options dialog.
o Optional Jmp variations (Push/Ret or Jmp[xxxxxxxx] or fake SysCall) for hooks.
o If possible to hot-patch api then will do this, if syscall then uses fake syscall, else uses selected jmp style.
o Load/Save patch sets. Patch Sets are simply INI files, so can also be edited in notepad.
o Remote allocated memory is seperated into code and data with appropriate access so should be no problems with DEP.
o If you right-click a patch in Options dialog, the code window view will jump to that Api.



Patches:

o PEB.IsDebugged
o PEB.NtGlobalFlag
o PEB.HeapFlag
o NtQueryInformationProcess
o NtSetInformationThread
o FindWindowA
o FindWindowW
o FindWindowExA
o FindWindowExW
o EnumWindows
o Process32NextW
o OutputDebugString
o NtQueryObject
o GetTickCount
o NtOpenProcess
o BlockInput
o NtClose
o GetStartupInfo
o NtQuerySystemInformation
o NtYieldExecution
o GetForegroundWindow
o EnumDesktopWindows
o GetWindowThreadProcessId



Future:

o Custom patches/hooks.
o Repair hooks if app unhooks the Apis.
o Possibly change exception options for OllyDbg in patch-sets?
o Maybe detection of packer targets?



Past:

-> Release [v1.01]
o Fixed hang if OllyDbg closed while Options window was still open
o Check/repair Api bytes more before patch
o Copies bytes without breakpoint byte, if set on Api
o Detects LCF-AT's OllySND 2.1 and disables NtQueryInformationProcess patch
o Added NtYieldExecution check code (by Peter Ferrie) to CheckDebug.exe test program
o Patching is now done at EP, or if target is DLL then DLL EP
o Added NtYieldExecution hook
o Added GetForegroundWindow hook
o Added EnumDesktopWindows hook
o Added GetWindowThreadProcessId hook
o Patching is done at first TLS in EXE that has callbacks
o If SysCall api detected, uses fake SysCall Jmp
o If can hot-patch an Api then will do that instead of selected patch-style
o Fixed weird bug where patches were applied twice sometimes

-> Initial Release [v1.00]
Also listed in: OllyDbg 2.x Extensions
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: ida_sigs
Rating: 0.0 (0 votes)
Author: diablo2oo2                        
Website: http://diablo2oo2.cjb.net
Current version: v1.0 beta 3
Last updated: March 19, 2007
Direct D/L link: http://diablo2oo2.di.funpic.de/downloads/ida_sigs.rar
License type: freeware / open source
Description: ida_sigs is a plugin for ollydbg 1.10

features:

- import of signatures from IDA (*.sig)
- import multiple signatures
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: IsDebuggerPresent
Rating: 0.0 (0 votes)
Author: SV                        
Website: N/A
Current version: 1.4
Last updated: June 30, 2003
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Hide debugger from IsDebuggerPresent Windows API.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: LCB Plugin
Rating: 0.0 (0 votes)
Author: scherzo                        
Website: N/A
Current version: 0.10
Last updated: December 30, 2006
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Plugin to export and import labels, comments and breakpoints. Functionally a combination of Labelmaster with improved abilities, and Olly Breakpoint Manager.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Labeler
Rating: 0.0 (0 votes)
Author: Gigapede                        
Website: N/A
Current version: 1.33
Last updated: October 31, 2004
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Creates label/structs. Plugin & udd dir support.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Labelmaster
Rating: 0.0 (0 votes)
Author: Joe Stewart                        
Website: http://www.joestewart.org
Current version:
Last updated: January 13, 2004
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Import/export user-defined labels and comments.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: LoadSome
Rating: 0.0 (0 votes)
Author: n1kto                        
Website: N/A
Current version: 0.1b
Last updated: August 13, 2006
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Plugin manager of sorts. Allows you to create separate folders for plugins and load/unload them to the Plugins menu.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: MapConv
Rating: 0.0 (0 votes)
Author: godfather+ / TBD / SHaG                        
Website: N/A
Current version: 1.4
Last updated: June 10, 2003
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Imports .map files from SoftICE or IDA.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Memory Watch
Rating: 0.0 (0 votes)
Author: Ziggy                        
Website: N/A
Current version: 1.0
Last updated: May 29, 2007
Direct D/L link: Locally archived copy
License type: Free
Description: Memory Watch(MW) provides functions which allow a debugged app to be automatically stepped while watching for a particular memory value(s), register value(s) and/or string value(s). MW can pause when a watch value is found or log watch events to the Ollydbg log file.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: MemoryDump
Rating: 0.0 (0 votes)
Author: aeon                        
Website: N/A
Current version: 0.9a
Last updated: August 10, 2009
Direct D/L link: Locally archived copy
License type: Free
Description: Plugin is intended to save/load bytes from momory dump window of the process in
various forms. In the dump window right click and select 'Memory Dump' in the popup menu
pick your choice.

Possible choices are:

- Load Dump
Allows to fill process' memory with data from a file. (Be sure what you are
doing, overwriting the process memory may cause you a lot of trouble.)

- Save Dump
Copies selected bytes from dump into a file.

- Clipboard(Text)
Copies selected bytes from dump into a clipboard (text only).

- Delphi/Pascal Table
Generates table of selected bytes which can be easily used in Delphi/Pascal

- C/C++ Table
Generates table of selected bytes which can be easily used in C/C++

- ASM Table
Generates table of selected bytes which can be easily used in Assembler
(MASM Tested)

- Visual Basic Table
Generates table of selected bytes which can be easily used in Visual Basic

- Range Dump (ALT+R)
Dumps Range of defined bytes by:

- Lenght : Tick End Address/Lenght
- End Address : Untick End Address/Lenght

Xor Dump With: Self-explanatory

Button with [<] symbol enters address of last byte clicked(not selected) in the dump,
it's more convenient than entering addresses manually.


- Xor Selection
Xors Selection and shows dumped data in Olly's window. This window cannot be used
for another byte manipulation with plugin because dump is created in your Win's
temporary folder and not in memory.


- Quick Dump (ALT+Q)
Allows quickly select and dump data, mark the start(SHIFT+1) and the end(SHIFT+2) of
the block in dump window, then just press (ALT+Q).
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: MemoryManage
Rating: 0.0 (0 votes)
Author: playar                        
Website: N/A
Current version:
Last updated: October 19, 2004
Direct D/L link: Locally archived copy
License type: Free
Description: Basic utility for adding Execute/Read/Write memory blocks to a process. Code injection anyone?
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Modified Command Line Plugin
Rating: 0.0 (0 votes)
Author: anonymouse                        
Website: N/A
Current version:
Last updated: April 23, 2007
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Useful new features added to default Cmdline.dll plugin:
LOADDLL - load a dll into the context of the debugee.
LOADPDB - load PDB symbol files into Olly directly from Microsoft server.
LOADPLUGIN - load a plugin dynamically without restarting Olly. Bypasses 32 plugin limit.
PRINT - allows multiple expressions to be output to log window per conditional breakpoint.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: NameChanger
Rating: 0.0 (0 votes)
Author: Icewall                        
Website: http://www.icewall.pl/namechanger-ollydbg-plugin/?lang=en
Current version: 1.1
Last updated: December 18, 2010
Direct D/L link: http://www.icewall.pl/download/NameChanger.zip
License type:
Description: The NameChanger provides similar functionality to this one provided in IDA under ‘N’(Rename) key what means functionality related with changing name of functions or setting more readable form for global variables.

[+]Hot Key
‘ (single-quote)

[+]Examples
==CALL==
004012D7 . E8 EC110000 CALL Project2.004024C8
004012D7 . E8 EC110000 CALL <Project2.some_call>

==JMP==
004012F5 E9 1E120000 JMP Project2.00402518
004012F5 E9 1E120000 JMP <Project2.some_jump>

==Global variable==
004012FC . A0 71304000 MOV AL,BYTE PTR DS:[403071]
004012FC . A0 71304000 MOV AL,BYTE PTR DS:[<g_variable>]

0040135F . FF35 7F304000 PUSH DWORD PTR DS:[40307F]
0040135F . FF35 7F304000 PUSH DWORD PTR DS:[<g_variable>]

(...)
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: NonaWrite
Rating: 0.0 (0 votes)
Author: Nonameo                        
Website: N/A
Current version: 1.2
Last updated: June 4, 2006
Direct D/L link: Locally archived copy
License type: Free
Description: Multiline assembler for code snippet injection, with string declarations and comment support. Includes Help file.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: NtGlobalFlag
Rating: 0.0 (0 votes)
Author: Stingduk                        
Website: N/A
Current version: 1.1
Last updated: June 5, 2005
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Activates the NtGlobalFlag setting SET_LDR_SHOW_SNAPS in order to output the LDR emitted debug strings used during process initialization.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: ODbgScript
Rating: 0.0 (0 votes)
Author: VieuxCrapaud                        
Website: http://sourceforge.net/projects/odbgsrcriptv202/index.htm
Current version: v2.02
Last updated: June 26, 2015
Direct D/L link: http://sourceforge.net/projects/odbgsrcriptv202/files/latest/download
License type: Public Domain
Description: ODbgScript is a plugin for OllyDbg, which is, in our opinion, the best application-mode debugger out there. One of the best features of this debugger is the plugin architecture which allows users to extend its functionality. ODbgScript is a plugin meant to let you automate OllyDbg by writing scripts in an assembly-like language. Many tasks involve a lot of repetitive work just to get to some point in the debugged application. By using my plugin you can write a script once and for all.



For OllyDbg v2.01




with some bugs less

I wish I had feedback for faster corrected bugs thank you!
Also listed in: OllyDbg 2.x Extensions
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Olly Advanced
Rating: 0.0 (0 votes)
Author: MaRKuS TH_DJM                        
Website: N/A
Current version: 1.26 Beta 12
Last updated: March 13, 2007
Direct D/L link: Locally archived copy
License type: Free
Description: A very complete selection of anti-debug settings, bugfixes and additional options for OllyDbg. Includes Help file for v1.26 Beta 5.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Olly Breakpoint Manager
Rating: 0.0 (0 votes)
Author: Pedram Amini                        
Website: http://pedram.redhive.com
Current version:
Last updated: July 13, 2005
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Breakpoint exporting, importing and automatic loading. Allows for exchange of useful breakpoint "sets" between researchers.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Olly Heap Vis
Rating: 0.0 (0 votes)
Author: Pedram Amini                        
Website: http://pedram.redhive.com
Current version:
Last updated: June 10, 2005
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Display, search and visualize allocated memory blocks in debugee process. Restores and extends OllyDbg's disabled "Heap" option for Win2K and above.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Olly HitTrace
Rating: 0.0 (0 votes)
Author: David Zimmer                        
Website: http://sandsprite.com/openSource.html
Current version:
Last updated: September 15, 2006
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Extension of the ModuleBpx code, allows you to set breakpoints and will automatically trace over them logging hitcounts so you can see how often different functions get called. Also supports the use of a logging expression so it can dump runtime data to logwindow on each hit.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Olly ModuleBpx
Rating: 0.0 (0 votes)
Author: David Zimmer                        
Website: http://sandsprite.com/openSource.html
Current version:
Last updated: September 21, 2006
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Olly Plugin that allows you to set break points by module name and rva. Once the module is loaded it will calculate the VA and set the breakpoints for you. Great for dlls which load and unload and are rebased everytime.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Olly ToolBar Manager
Rating: 0.0 (0 votes)
Author: arjuns                        
Website: N/A
Current version:
Last updated: May 25, 2006
Direct D/L link: Locally archived copy
License type: Free
Description: Plugin which allows you to add up to 50 custom buttons to a docking tool bar. Drag and Drop, Easy Button Management.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: OllyBkmrX
Rating: 0.0 (0 votes)
Author: 3070                        
Website: http://www.at4re.com/f/showthread.php?p=47083#post47083
Current version: 1.0.0.3
Last updated: March 28, 2009
Direct D/L link: Locally archived copy
License type: Free
Description: Ollydbg bookmarking plugin
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: OllyBonE
Rating: 0.0 (0 votes)
Author: Joe Stewart                        
Website: http://www.joestewart.org
Current version: 0.1
Last updated: June 17, 2006
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Break-on-Execute for OllyDbg. Unique kernel driver plugin implements PaX-like page protection in order to break on execution of unpacked code at OEP. From the RECON 2006 presentation Semi-Automatic Unpacking on IA-32 Using OllyBonE.
PDF of presentation obtained from RECON 2006 - Conference Proceedings at CodeBreakersJournal (http://www.codebreakers-journal.com/index.php)
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: OllyCallTrace
Rating: 0.0 (0 votes)
Author: Harmony Security                        
Website: http://www.harmonysecurity.com/OllyCallTrace.html
Current version: 1.0
Last updated: October 23, 2007
Direct D/L link: Locally archived copy
License type: Free
Description: OllyCallTrace is a plugin for OllyDbg (version 1.10) to trace the call chain of a thread allowing you to monitor it for irregularities to aid in the debugging of stack based buffer overflows as well as to quickly plot the execution flow of a program you are reversing.

Simply install the plugin and set a breakpoint on a location you want to trace from, e.g. ReadFile() or WSARecv(). When this breakpoint is hit, activate OllyCallTrace and press F7 to begin the automated single stepping and recording of the call chain. When you are finished tracing the code, pause execution or disable OllyCallTrace and view the OllyCallTrace Log to see the recorded call chain.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: OllyDbg (OllyICE Modification)
Rating: 0.0 (0 votes)
Author: Hacnho                        
Website: N/A
Current version: 1.10.0
Last updated: August 27, 2006
Direct D/L link: Locally archived copy
License type: Free
Description: This is the final OllyDbg release from Hacnho, his further enhanced OllyDbg Hacnho modification. It includes all the bug fixes from his original Hacnho. It is also compressed using the Themida 1.xx Ring-0 engine to help hide the debugger from detection. Be warned it runs quite slowly because of this and it is not very compatible with certain operating systems (WinXP SP2) and applications like anti-virus tools. Blue Screens of Death (BOD) are quite common with this Olly.
Also listed in: OllyDbg Custom Versions
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: OllyDbg (Shadow Modification)
Rating: 0.0 (0 votes)
Author: Shadow                        
Website: N/A
Current version: 1.10.0
Last updated: August 27, 2006
Direct D/L link: Locally archived copy
License type: Free
Description: Apart from a couple of aesthetic modifications Shadow's Olly modification has quite a few bug fixes and changes. Not much is known about exactly what changes have been made but it is regarded as being one of the better modified OllyDbg versions available. Known to be well-hidden.
Also listed in: OllyDbg Custom Versions
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: OllyDumpEx
Rating: 0.0 (0 votes)
Author: low_priority                        
Website: http://low-priority.appspot.com/ollydumpex/
Current version: 0.90
Last updated: August 24, 2011
Direct D/L link: http://low-priority.appspot.com/ollydumpex/OllyDumpEx.zip
License type: Free
Description: This plugin is process memory dumper for OllyDbg and Immunity Debugger.
Very simple overview is
OllyDumpEx = OllyDump + PE Dumper - obsoluted + useful features
Features :
- OllyDbg version 2 plugin interface supported (EXPERIMENTAL)
- Select to dump debugee exe or loaded dll
- Dump any address space as section even if not in original section header
- Add dummy section to keep PE format consistency
- Fix RVA in DataDirectory to follow ImageBase change
- Auto calculate many parameters (RawSize, RawOffset, VirtualOffset, ...)
Also listed in: Process Dumpers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: OllyFlow (+ OllyGraph)
Rating: 0.0 (0 votes)
Author: henryouly / Joe Stewart                        
Website: N/A
Current version: 0.71
Last updated: August 20, 2005
Direct D/L link: Locally archived copy
License type: Free / Open Source (partial)
Description: OllyFlow (henryouly) is an extended version of OllyGraph (Joe Stewart). OllyFlow creates VCG-compatible function and xref graphs similar to IDA. Requires Wingraph32.exe (GPL license). OllyFlow does not include source, but OllyGraph does, so the two plugins are included as a package.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: OllyGuard
Rating: 0.0 (0 votes)
Author: MOID                        
Website: N/A
Current version: 0.1.2
Last updated: April 19, 2007
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Small plugin to fixes OllyDBG's buggy handling of EXCEPTION_PAGE_GUARD (Olly has fatal problems with guarded pages, it uses them itself internally to set memory breakpoints on access, however, every guard page violation caused by any other reason than its own guarded pages is also treated as a memory breakpoint by Olly, which can e.g. thus be used as an anti-debugging trick by protectors etc, but this plugin fixes this weakness in Olly)

Like any useful plugin, it uses undocumented stuff. ;) It patches Olly 1.10 so that it can hook exception handling and breakpoint setting correctly. Probably won't work on any other version.

Includes source and also a version for Invisible SnD Ollydbg.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: OllyPad
Rating: 0.0 (0 votes)
Author: SHaG                        
Website: N/A
Current version: 1.1
Last updated: June 12, 2004
Direct D/L link: Locally archived copy
License type: Free
Description: Handy yellow resident "notepad" for taking project notes.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: OllyResourceRefs
Rating: 0.0 (0 votes)
Author: Austyn Krutsinger                        
Website: https://github.com/akrutsinger/OllyResourceRefs
Current version: 0.1.0
Last updated: November 22, 2014
Direct D/L link: https://github.com/akrutsinger/OllyResourceRefs/raw/master/bin/release/OllyResourceRefs.dll
License type:
Description: OllyResourceRefs is a plugin for OllyDbg 2.01 that will find possible references to the resource's within the current module being debuged by OllyDbg. This is accomplished find all "push imm" commands where 'imm' is the value of a resource ID. Because some functions may have a constant as a parameter, OllyResourceRefs can only guarantee possible references to the modules resources.

To use, copy the plugin to OllyDbg's plugin directory and once you load, or attach, OllyDbg to the module you want to debug, use the plugins menu to find possible references to resources within that module.

Double clicking on any row in the OllyResourceRefs Log window will bring you to the callers location in the OllyDbg disassembly window.
Also listed in: OllyDbg 2.x Extensions
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: OllyScript
Rating: 0.0 (0 votes)
Author: SHaG / Epsylon3                        
Website: http://e3.lescigales.org/olly
Current version: 1.82
Last updated: February 8, 2011
Direct D/L link: Version/ODbgScript.1.82.rar http://sourceforge.net/projects/odbgscript/files/English Version/ODbgScript.1.82.rar
License type: Free / Open Source
Description: Automate OllyDbg by writing scripts in an assembly-like language. Very useful. Check link for latest updates.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: OllySpelunk
Rating: 0.0 (0 votes)
Author: Austyn Krutsinger                        
Website: https://github.com/akrutsinger/OllySpelunk
Current version: 0.3.0
Last updated: November 23, 2014
Direct D/L link: https://github.com/akrutsinger/OllySpelunk/raw/release/bin/release/OllySpelunk.dll
License type:
Description: OllySpelunk is a code cave finder for OllyDbg v2.01.

You can search code caves that are null-byte, NOP, INT3, or a user-defined byte value.
Also listed in: OllyDbg 2.x Extensions
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: OllyStepNSearch
Rating: 0.0 (0 votes)
Author: Didier Stevens                        
Website: http://didierstevens.wordpress.com
Current version: 0.6.1
Last updated: November 13, 2006
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: This plugin allows you to search for a given text string being referenced by the running code of a program, by automatically stepping through the debugged program and performing this analysis for each executed instruction.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: ollytlscatch
Rating: 0.0 (0 votes)
Author: waliedassar                        
Website: http://code.google.com/p/ollytlscatch/
Current version:
Last updated: November 1, 2010
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: This plugin simply intercepts any new module loaded into the current process address space ,searchs it for tlscallbacks and sets a one-shot breakpoint on every callback found. It lets the malware analyst catch any tls callback in ollydbg. Just copy the plugin dll into olly plugin directory then fire ollydbg. Tested on ollydbg v1 on windows xp and windows Vista.

Still working on it to make it catch dynamically added tlscallbacks.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: PE Dumper
Rating: 0.0 (0 votes)
Author: FKMA                        
Website: N/A
Current version: 3.03
Last updated: January 14, 2008
Direct D/L link: Locally archived copy
License type: Free
Description: This is new PE Dumper plugin for best user mode debugger OllyDbg.
The PE Dumper is similar to OllyDump by Gigapede but fully rewritten and have
some features:

- You can dump any *.exe and *.dll from debugged process address space.
- You can add/remove sections to/from resulting dump. If you are add new section,
you specify VA and size of memory region to add as section, attributes, File Offset, RAW size and section name. So, now you can add to dump any memory regions created by protectors during debug session.
- Antidump antiprotection and most correct save dump technics: during dumping,
against other dumpers, PE Dumper save only present memory pages (basing on VA & Virtual size). So, if between memory regions present non-allocated space, most other dumpers (and OllyDump too) will not save dump correctly, but PE Dumper will save all correctly.
- Fix raw sizes correct only RAW size of image according to Virtual Sizes.
- Paste header from disk - use header from disk, it's clear.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Plugins Manager
Rating: 0.0 (0 votes)
Author: Prodigy                        
Website: www.at4re.com
Current version: 1.2.0.0
Last updated: September 20, 2009
Direct D/L link: Locally archived copy
License type: Free
Description: A simple plugin for OllyDBG 1.10 to manage its other loaded plugins.

Features:
+ Ease of use:
Takes a simple double click to toggle the state of a plugin from Enabled to Disabled. The action can be also achieved
through a drop down menu.

+ Directly compatible with major OllyDBG customized editions:
Directly supported by OllyICE, OllySnD, OllyDRX, DeFixed ...
No need for any patching work (as long as OllyDBG.exe exists)

--------------------------------------------------------------
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: RL!APIFinder
Rating: 0.0 (0 votes)
Author: ap0x                        
Website: http://ap0x.jezgra.net
Current version: 0.2
Last updated: July 4, 2006
Direct D/L link: Locally archived copy
License type: Free
Description: Useful API finder, allows for adding new modules, setting breakpoints, browsing exports, autocompletion, goto feature.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: SEHSpy
Rating: 0.0 (0 votes)
Author: pnluck                        
Website: http://pnluck.altervista.org
Current version:
Last updated: September 4, 2006
Direct D/L link: Locally archived copy
License type: Free
Description: This plugin shows the context of the debugged process (before an exception) in an Seh Handler. It may be useful for packer analyzing, or generally during an exception.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: SnD Crypto Scanner (Olly/Immunity Plugin)
Rating: 0.0 (0 votes)
Author: Loki                        
Website: http://tuts4you.com/forum/index.php?showtopic=15447
Current version: 0.5 (beta)
Last updated: March 30, 2008
Direct D/L link: http://www.tuts4you.com/download.php?view.2222
License type: Freeware
Description: A scanner for crypto signatures as an Olly/Immunity Plugin:

(Following text from the forum thread)
Been coding this for a while and now kinda got bored with it so releasing it as a beta. Sure I'll go back to it again later... just need to do something else now.

Hopefully you will find this useful - the advantage of having it as a plugin means that breakpoints can easily be set where required, and signatures can be located quickly.


Setting Breakpoints:
The buttons try and use a little bit (not much :P) intelligence when setting breakpoints. In the data section, "hardware on access" or "memory access" breakpoints are set on the specific VA referenced. In the code section, a 'hardware on execution' breakpoint is set at the beginning of the disassembled line the referenced dword is on. Hope that makes a little sense :)


Limitations:
Signatures are either made up of dwords or byte sequences. This gives 2 main weaknesses:
- some algorithms use similar dwords, distinguishing between them is not always simple.
- the algorithm finds the first instance of a given dword in a signature. If you have code which has multiple algorithms which use some of the same dwords, the referenced VA will always point to the first instance in the file.

Without doing some in depth analysis, its impossible to determine which algorithm uses a specific instance of a dword. This tool is therefore only going to make analysis a little easier, not do it for you.


Future Development:
Currently the plugin uses the plugin API to get the current file name and then reads it into allocated memory. It does not read memory inside Olly. This means packed files will need to be unpacked and the unpacked instance debugged. In future I plan to give an option to either scan the file or memory (perhaps even a specified memory range).

If you have an idea for development, want to add signatures or just want to tell me how crap this is, please go for it :)
Also listed in: Crypto Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: StayOnTop
Rating: 0.0 (0 votes)
Author: matthijsln                        
Website: N/A
Current version: 1.0
Last updated: December 2, 2002
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Makes individual MDI client windows to stay on top
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: StollyStructs
Rating: 0.0 (0 votes)
Author: jstorme                        
Website: N/A
Current version: 1.0
Last updated: January 19, 2007
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: A plugin to help visualise and label data structures from within OllyDbg. Approximately 1200 common Windows data structures are defined.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: virtualized Olly for Win7
Rating: 0.0 (0 votes)
Author: Darkelf                        
Website: N/A
Current version:
Last updated: May 23, 2010
Direct D/L link: Locally archived copy
License type: Free
Description: Some beloved plugins for Olly stopped working when used with Windows7.
Among these are OllyAdvanced and Conditional Branch Logger just to name two of them.
To overcome this issue, I virtualized Olly and now the plugins are working again :).
You can customize this Olly as usual. Note, that you have to set the Plugins- and UDD-directory when starting it for the first time. Unfortunately there is a small shortcoming - Every part of a plugin that is driver-based is NOT working. This is due to the fact, that drivers cannot be virtualized.
For instance, while everything else in OllyAdvanced is working, it's driver-based Anti-RTDSC is not. But that does not hinder the plugin to work great. The same goes for other plugins that have drivers involved. Sorry for that, virtualization nowadays is pretty good but not perfect.
Also, there may be an issue with non-latin charactersets which I'm unable to confirm because I haven't got a non-latin Windows.
Also listed in: OllyDbg Custom Versions
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)


...

There were too many (recursive) child objects of this category to display them all, please use the sub categories below to increase the detail of your search criteria!


RSS feed Feed containing all updates and additions for this category.

RSS feed Feed containing all updates and additions for this category, including sub-categories.


Subcategories

There are 3 subcategories to this category.





Views
Category Navigation Tree
   Code Coverage Tools  (13)
   Code Ripping Tools  (2)
   Helper Tools  (3)
   Hex Editors  (13)
   Memory Patchers  (7)
   Packers  (19)
   Profiler Tools  (11)
   String Finders  (10)
   Tool Hiding Tools  (7)
   Tracers  (20)
   Needs New Category  (3)