Results 1 to 8 of 8

Thread: Shell Extension for olly

  1. #1

    Shell Extension for olly

    Hi! I'm a 'real' newbie...

    Question 1
    RightClick on 'debuggee.exe' -> 'debug with ollydbg' or likes appears... -> when click it, load 'debuggee.exe' with ollydbg... Is this possible??

    Question 2
    RightClick on 'debuggee.exe' -> 'debug with w32dasm' or likes appears... -> when click it, load 'debuggee.exe' with w32dasm... Is this possible??

    Regards.
    Last edited by p0lly; January 17th, 2009 at 03:10.

  2. #2
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,079
    Blog Entries
    5
    Sure. Open Regedit.exe and insert the following entries. Or just copy/paste (with the correct path) to a *.reg file and double click on it.

    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_CLASSES_ROOT\exefile\shell\Open with OllyDbg]
    
    [HKEY_CLASSES_ROOT\exefile\shell\Open with OllyDbg\Command]
    @="C:\\RCE\\OllyDbg\\OllyDbg.exe %1"

  3. #3
    Also, get IDA Pro instead of W32dasm if you can. It's a much better disassembler.

  4. #4
    <script>alert(0)</script> disavowed's Avatar
    Join Date
    Apr 2002
    Posts
    1,281
    I recommend the following instead (based on Kayaker's post, with fixed quotes) --

    Code:
    Windows Registry Editor Version 5.00
     
    [HKEY_CLASSES_ROOT\exefile\shell\Open with OllyDbg]
     
    [HKEY_CLASSES_ROOT\exefile\shell\Open with OllyDbg\Command]
     
    @="C:\\RCE\\OllyDbg\\OllyDbg.exe" "%1"

  5. #5
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,079
    Blog Entries
    5
    Hi disavowed,

    That doesn't seem to work as written. If I double click on that regfile, the command string doesn't get entered.

    To get the fixed quotes you seem to need to do this instead:

    @="C:\\RCE\\OllyDbg\\OllyDbg.exe \"%1\""


    Either way, both of these produce the same shellext result, i.e. they both work, so I'm not sure if it makes much difference

    C:\RCE\OllyDbg\OllyDbg.exe "%1"
    C:\RCE\OllyDbg\OllyDbg.exe %1

  6. #6
    %1 represents the path that's being passed to the application (depending on which file you're right-clicking). Assume you got a file with a path like the following: C:\My File\My Program.exe.
    The difference should be quite obvious, the variant without quotes around %1 gets resolved to C:\RCE\OllyDbg\OllyDbg.exe C:\My File\My Program.exe, passing three arguments, not one.

    Anyway, thanks for the registry key, have been searching something similar some time ago.

  7. #7
    Musician member evaluator's Avatar
    Join Date
    Sep 2001
    Posts
    1,479
    Blog Entries
    1
    without "" will be managed as DOS-path

  8. #8
    here my final "Olly_Shell_Extension.reg"

    Thank you all...



    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\exefile\shell\Debug with odbg110]

    [HKEY_CLASSES_ROOT\exefile\shell\Debug with odbg110\Command]
    @="\"C:\\Documents and Settings\\기본\\바탕 화면\\odbg110\\OLLYDBG.EXE\" \"%1\""

Similar Threads

  1. WSO 2.5.1 [Ethical Shell ]
    By R30dr3Nr in forum Linux RCE
    Replies: 0
    Last Post: March 28th, 2013, 06:10
  2. Fun facts: Windows kernel and Device Extension Size
    By j00ru vx tech blog in forum Blogs Forum
    Replies: 0
    Last Post: October 21st, 2012, 11:18
  3. [ARTeam] QuickUnpack CFF Explorer Extension v.10, by Shub-Nigurrath
    By Shub-nigurrath in forum Tools of Our Trade (TOT) Messageboard
    Replies: 1
    Last Post: January 24th, 2008, 06:48
  4. Sentinel Shell encription
    By ComanderKeen in forum Malware Analysis and Unpacking Forum
    Replies: 7
    Last Post: July 5th, 2002, 12:12
  5. Trail Sentinel LM Shell
    By Unregistered in forum Tools of Our Trade (TOT) Messageboard
    Replies: 1
    Last Post: November 16th, 2001, 02:40

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •