Home of Gamehacking - Archiv

Zitat:November 20, 2010 - OllyDbg 2.01 intermediate alpha . Here it is.

Although declared alpha, this is a debugged and fully functional version. It implements about 40% of my plans for 2.01, among them:

- Ported to UNICODE. Multilanguage support for ASCII apps in modern Windows is practically non-existing, and I got tired bypassing all such incompatibilities. This step means that version 2 will not work on Windows 95 and 98. Anybody cares?..
- Source debugging is here again, a bit incomplete. It supports only Microsoft compilers via dbghelp.dll. New is support for symbol server, stack walking using dbghelp and names of procedure parameters.
- Debugging of standalone DLLs, in my opinion significantly better than before. It even measures call duration with sub-microsecond resolution (good for profiling) and saves contents of dumps between sessions!
- Many small improvements, like pause only on selected module(s), breakpoints on all intermodular calls, automatical closing of dump windows on different process, bugfixes, and more.

AND IT IS STILL NOT FIT FOR WINDOWS 64!!!

Oh, and yes, soon I will start OllyDbg 64!..

http://www.ollydbg.de

grEEtZ sILeNt heLLsCrEAm

Zitat:Oh, and yes, soon I will start OllyDbg 64!..

(26.11.2010, 23:55)sILeNt heLLsCrEAm schrieb: [ -> ]Den wirst Du momentan eh noch nicht brauchen denn welches Spiel ist schon explizit für 64 Bit geschrieben? Selbst bei Crysis gab es eine [/align] indem man 2 EXEn mitlieferte. Aber denoch... Geiles Teil. Für meinen Teil ist es jedoch super das man endlich auch DLL Dateien reversen kann.

Übrigens hab ich das mal mit dem Stealth Plugin probiert... Der rennt nun wie sau.

grEEtZ sILeNt heLLsCrEAm

Zitat:February 20, 2011 - OllyDbg 2.01 alpha 2. Here it is!

Version 2.01 alpha 2 is an intermediate functional release with many new useful features.

The most important novelty is that this version is compatible with Windows 7. I have tested it under Win7 Home Premium 32-bit. If you find any problems, please inform me immediately. Don't forget to add the screenshot of the Log window.

Other improvements:
- Aware of avast! antivirus and modifications it makes to the PE header;
- .NET analysis, very rough yet. .NET debugging is not supported, but at least I can disassemble CIL and parse .NET streams;
- Speech API support. You need SAPI 5.0 or higher installed on your computer. Open Options, select Text-to-speech and check "Activate text-to-speech";
- List of found switches;
- List of referenced GUIDs. Internal database keeps ca. 8000 known GUIDs. Additionally, OllyDbg scans registry and extracts GUIDS registered on your computer;
- Search for modifications;
- Creation of backups from the executable file. If you suspect that virus has modified the code in the memory, just extract the backup from .exe or .dll and search for highlighted modifications. Note that OllyDbg does not restore imports;
- In Open dialog you can specify the current directory for the Debuggee;
- Chinese and other UNICODE file names are correctly preserved in the ollydbg.ini;
- Multiple less important features and bugfixes.

http://www.ollydbg.de

Changelog OllyDBG schrieb:April 11, 2011 - OllyDbg 2.01 alpha 3.

A major update with many new features. Here are the most important:

- Support for multi-monitor configurations
- Hardware breakpoints and fast command emulation now co-operate. That is, run trace rund at full speed (up to and exceeding 500000 commands per second) even if there are hardware breakpoints set
- Purely conditional breakpoints during run trace are strongly accelerated
- Stepping, tracing and execution till selection with hardware breakpoints instead of INT3. Controlled by option Debugging | Use HW breakpoints for stepping
- INT3 and hardware breakpoints allow to declare their location as an entry point and specify call parameters for protocolling
- Scan for hidden modules. .NET environment frequently loads modules but does not report them to Debugger
- Search window keeps up to 8 last searches in a separate tabs
- Option to load .udd information even when path, file name or file checksum is different
- Option to save .udd file on request
- Expressions allow for DWORD=="text". Doubleword is interpreted as a pointer to string, comparison is done both in ASCII and UNICODE modes
- Updated decoding of several rare commands
- List of windows. I get address of window function directly from the Window tables. This is tricky but works perfectly
- ASCII dumps and ASCII strings in Binary edit are displayed according to the seleced code page (option Appearance | ASCII code page)
- Memory allocated at address 0 will be correctly recognized and displayed. (Yes, it's possible - I was also astonished by this fact! In this way one can address data using NULL pointer!)
- Improved post-mortem dump. I was unable to find the reason for several reported crashes because they occured in the system DLLs. Now when creating the dump I attempt to backtrace the stack
- Several not-so-inportand changes, like accelerated analysis of tricky code sequences, option to decode registers for selected command, new origin on non-command (safeguard: no shortcut), correct truncation of very long file names in the main menu, restarting of the last loaded executable even when several OllyDbg instances are running in parallel, etc, etc
- And, of course, multiple bugfixes.

Changelog schrieb:As you see, this version already supports plugins. New plugin interface is similar to the old (v1.10) but is not backwards compatible. It includes more than 350 API functions, 60 or so variables and many enumerations and structures that all need to be documented. This will take a while, therefore I decided to make a preliminary release. It includes plugin header file (plugin.h) and commented bookmarks source code (bookmark.c). Writing your own plugins without the documentation is a pure masochism, but at least you will be able to analyse the structure of the interface and send me your comments, wishes and suggestions.

This is the last alpha release. After plugin documentation is ready, I will call it 2.01 beta 1. Then I will start to write OllyDbg help and finally make the full 2.01 release. Till then, I plan no major changes.

Other new features in this version:

- Patch manager, similar to 1.10
- Shortcut editor, supports weird things like Ctrl+Win+$ etc. Now you can customize and share your shortcuts. I haven't tested it on Win7, please report any found bugs and incompatibilities!
- Instant .udd file loading. In the previous versions I've postponed analysis, respectivcely reading of the .udd file till the moment when all external links are resolved. But sometimes it took plenty of time, module started execution and was unable to break on the breakpoints placed in the DLL initialization routine
- Automatic search for the SFX entry point, very raw and works only with several packers. Should be significantly more reliable than 1.10. If you tried it on some SFX and OllyDbg was unable to find real entry, please send me, if possible, the link or executable for analysis!
- "Go to" dialog lists of matching names in all modules
- Logging breakpoints can protocol multiple expressions. Here is an example: I ask OllyDbg to protocol the contents of EAX, EBX and 4 memory doublewords starting at address ESP. Expressions must be separated by commas, repeat count has form SIZE*N, N=1..32:

Many not-so-important new features:

- Thread names (MS_VC_EXCEPTION)
- UNICODE box characters clipboard mode
- Multiline debugging strings (of large size)
- On debug string, OllyDbg attempts to find call to OutputDebugString()
- INT3 breakpoints set on the first byte of edited memory area are retained
- Decoding of User Shared Data block
- Addressing relative to module base
- If plugin crashes, OllyDbg will report its name
- etc, etc.

I have received many bug reports. Some of them are solved, some are not. There is a very nasty bug that I was unable to reproduce: OllyDbg crashes with memory access violation inside the GlobalAlloc()?!! Either OllyDbg unintentionally taints internal data structures used by memory manager, or some virus scanner overreacts, or this is a bug of Windows itself? If you have any clue, please let me know.

That's all for now. I will make a short vacations, a week or so, and in order to keep my sanity will not check for new emails. Please have some patience!