52ky 发表于 2022-9-11 11:31:17

OllyDbg完全教程.chm

一,什么是OllyDbg?OllyDbg是一种具有可视化界面的32位汇编-分析调试器。它的特别之处在于能够在没有源代码时管理问题,而且能够管理其它编译器无法管理的难题。Version1.10是终究的发布版本。这个工程现已中止,我不再持续支持这个软件了。但不用担心:全新创造的OllyDbg2.00不久就会面世!运行环境:OllyDbg能够以在任何选用飞跃管理器的Windows95、98、ME、NT或是XP(未经完全测试)操作系统中工作,但我们激烈建议您选用300-MHz以上的飞跃管理器以到达最佳作用。还有,OllyDbg是极占内存的,因而假如您需求使用比如追寻调试[Trace]之类的扩展功能话,建议您最佳使用128MB以上的内存。支持的管理器:OllyDbg支持一切80x86、飞跃、MMX、3DNOW!、Athlon扩展命令集、SSE命令集以及相关的数据格式,可是不支持SSE2命令集。配置:有多达百余个(天呀!)选项用来设置OllyDbg的外观和运行。数据格式:OllyDbg的数据窗口能够显示的一切数据格式:HEX、ASCII、UNICODE、16/32位有/无符号/HEX整数、32/64/80位浮点数、地址、反汇编(MASM、IDEAL或是HLA)、PE文件头或线程数据块。帮助:此文件中包括了关于理解和使用OllyDbg的必要的信息。假如您还有WindowsAPI帮助文件的话(因为版权的问题win32.hlp没有包括在内),您能够将它挂在OllyDbg中,这样就能够快速获得系统函数的相关帮助。启动:您能够选用命令行的方式指定可执行文件、也能够从菜单中选择,或直接拖放到OllyDbg中,或许重新启动上一个被调试程序,或是挂接[Attach]一个正在运行的程序。OllyDbg支持即时调试。OllyDbg底层不需求安装,可直接在软盘中运行!调试DLLs:您能够使用OllyDbg调试规范动态链接库(DLLs)。OllyDbg会自动运行一个可执行程序。这个程序会加载链接库,并许可您调用链接库的输出函数。源码级调试:OllyDbg能够识别一切Borland和Microsoft格式的调试信息。这些信息包括源代码、函数名、标签、全局变量、静态变量。有极限的支持动态(栈)变量和结构。代码高亮:OllyDbg的反汇编器能够高亮不相同类型的命令(如:跳转、条件跳转、入栈、出栈、调用、回来、特殊的或是无效的命令)和不相同的操作数(常规[general]、FPU/SSE、段/系统寄存器、在栈或内存中的操作数,常量)。您能够定制个性化高亮方案。线程:OllyDbg能够调试多线程程序。因而您能够在多个线程之间转换,挂起、恢复、停止线程或是改动线程优先级。而且线程窗口将会显示每个线程的错误(就像调用GETLASTERROR回来相同)。分析:OllyDbg的最大特色之一即是分析。它会分析函数进程、循环句子、选择句子、表[tables]、常量、代码中的字符串、欺骗性命令[trickyconstructs]、API调用、函数中参数的数目,import表等等。.这些分析增加了二进制代码的可读性,减少了犯错的可能性,使得我们的调试工作愈加简单。Object扫描。OllyDbg能够扫描Object文件/库(包括OMF和COFF格式),解压代码段[codesegments]而且对其位置进行定向。Implib扫描。因为一些DLL文件的输出函数使用的索引号,关于人来说,这些索引号没有实践含义。假如您有与DLL相应的输入库[importlibrary],OllyDbg就能够将序号转换成符号称号。完全支持Unicode:几乎一切支持ASCII的操作一起也支持UNICODE,反之亦然。称号:OllyDbg能够依据Borland和Microsoft格式的调试信息,显示输入/输出符号及称号。Object扫描器能够识别库函数。其间的称号和注释您可恣意增加。假如DLL中的某些函数是通过索引号输出的,则您可通过挂接输入库[importlibrary]来恢复本来的函数称号。不仅如此,OllyDbg还能识别很多的常量符号名(如:窗口消息、错误代码、位域[bitfields]…)并能够解码为已知的函数调用。已知函数:OllyDbg能够识别2300多个C和WindowsAPI中的常用函数及其使用的参数。您能够增加描述信息、预定义解码。您还能够在已知函数设定Log断点并能够对参数进行记录。

(One, what is OllyDbg? OllyDbg is a 32-bit assembly-analysis debugger with a visual interface. What's special about it is its ability to manage problems without source code, and to manage problems that other compilers can't. Version 1.10 is the final release version. This project is now discontinued and I no longer continue to support this software. But don't worry: the brand new OllyDbg 2.00 will be available soon! Operating environment: OllyDbg can work on any Windows 95, 98, ME, NT or XP (not fully tested) operating system that uses a leap manager, but we strongly recommend that you use a leap manager above 300-MHz to achieve best effect. In addition, OllyDbg is very memory-intensive, so if you need to use extended functions such as trace debugging , it is recommended that you use more than 128MB of memory. Supported Managers: OllyDbg supports everything 80x86, Leap, MMX, 3DNOW! , Athlon extended command set, SSE command set and related data formats, but SSE2 command set is not supported. Configuration: There are as many as a hundred (oh my god!) options for how OllyDbg looks and runs. Data format: All data formats that OllyDbg's data window can display: HEX, ASCII, UNICODE, 16/32-bit signed/unsigned/HEX integer, 32/64/80-bit floating point number, address, disassembly (MASM, IDEAL or is HLA), PE file header, or thread data block. Help: This file contains necessary information about understanding and using OllyDbg. If you have the WindowsAPI help file (win32.hlp is not included because of copyright issues), you can hook it in OllyDbg, so that you can quickly get help related to system functions. Startup: You can specify the executable file by means of the command line, select it from the menu, or drag and drop it directly into OllyDbg, perhaps restart the last debugged program, or attach a running program . OllyDbg supports just-in-time debugging. The bottom layer of OllyDbg does not need to be installed and can be run directly from the floppy disk! Debugging DLLs: You can use OllyDbg to debug canonical dynamic link libraries (DLLs). OllyDbg will automatically run an executable program. This program loads the linked library and allows you to call the linked library's output functions. Source level debugging: OllyDbg can recognize all Borland and Microsoft format debugging information. This information includes source code, function names, labels, global variables, and static variables. There is limited support for dynamic (stack) variables and structures. Code highlighting: OllyDbg's disassembler can highlight different types of commands (such as: jump, conditional jump, push, pop, call, return, special or invalid commands) and different operations Number (general, FPU/SSE, segment/system registers, operands on stack or memory, constants). You can customize a personalized highlighting scheme. Threading: OllyDbg is able to debug multithreaded programs. So you can switch between multiple threads, suspend, resume, stop threads or change thread priorities. And the thread window will display the error for each thread (just like calling GETLASTERROR back). Analysis: One of the biggest features of OllyDbg is analysis. It analyzes function progress, looping sentences, selection sentences, tables , constants, strings in code, tricky commands , API calls, number of parameters in functions, import tables, and more. . These analyses increase the readability of the binary code, reduce the possibility of making mistakes, and make our debugging easier. Object scan. OllyDbg can scan Object files/libraries (including OMF and COFF formats), decompress code segments and orient their locations. Implib scan. Because of the index numbers used by the export functions of some DLL files, these index numbers have no practical meaning to humans. If you have an import library corresponding to the DLL, OllyDbg can convert serial numbers to symbolic names. Full Unicode support: Almost everything that supports ASCII also supports UNICODE, and vice versa. Names: OllyDbg can display input/output symbols and names based on Borland and Microsoft format debugging information. Object scanners recognize library functions. You can add any titles and comments in between. If some functions in the DLL are exported by index numbers, you can restore the original function names by hooking the import library . Not only that, OllyDbg also recognizes many constant symbolic names (eg: window messages, error codes, bit fields ...) and can decode them into known function calls. Known functions: OllyDbg is able to identify more than 2300 commonly used functions in C and Windows API and the parameters they use. You can add description information, predefined decoding. You can also set Log breakpoints on known functions and log parameters.)




页: [1]
查看完整版本: OllyDbg完全教程.chm