Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.

To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.

The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.

All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.

OllyCallTrace V1.0 Plugin

Plugin related discussions.

For plugins, tools and tutorials see <a href="/collaborative/tools/index.php/Category:OllyDbg_Extensions">OllyStuph</a>
Senior Member
Posts: 5329
Joined: Wed Apr 25, 2001 2:00 pm

OllyCallTrace V1.0 Plugin

Post by JMI »

OllyCallTrace v1.0 (23 October 2007)

By Stephen Fewer of Harmony Security (www.harmonysecurity.com)

OllyCallTrace is a plugin for OllyDbg (version 1.10) to trace the call
chain of a thread allowing you to monitor it for irregularities to aid
in the debugging of stack based buffer overflows as well as to quickly
plot the execution flow of a program you are reversing.

Simply install the plugin and set a breakpoint on a location you want to
trace from, e.g. ReadFile() or WSARecv(). When this breakpoint is hit,
activate OllyCallTrace and press F7 to begin the automated single
stepping and recording of the call chain. When you are finished tracing
the code, pause execution or disable OllyCallTrace and view the
OllyCallTrace Log to see the recorded call chain.

Double clicking on any Call/Return instruction in the OllyCallTrace Log
window will bring you to that location in the OllyDbg disassembly
window. The recorded call chain is highlighted with blue being for the
main module, yellow for system modules and green for all other modules.
The call chain is also displayed in a nested format to make it easier to
read. All irregularities are marked in red.

(Posted on Exetools by tzl)

(58.69 KiB) Downloaded 276 times