(One, what is OllyDbg? OllyDbg is a 32-bit assembly-analysis debugger with a visual interface. What's special about it is its ability to manage problems without source code, and to manage problems that other compilers can't. Version 1.10 is the final release version. This project is now discontinued and I no longer continue to support this software. But don't worry: the brand new OllyDbg 2.00 will be available soon! Operating environment: OllyDbg can work on any Windows 95, 98, ME, NT or XP (not fully tested) operating system that uses a leap manager, but we strongly recommend that you use a leap manager above 300-MHz to achieve best effect. In addition, OllyDbg is very memory-intensive, so if you need to use extended functions such as trace debugging [Trace], it is recommended that you use more than 128MB of memory. Supported Managers: OllyDbg supports everything 80x86, Leap, MMX, 3DNOW! , Athlon extended command set, SSE command set and related data formats, but SSE2 command set is not supported. Configuration: There are as many as a hundred (oh my god!) options for how OllyDbg looks and runs. Data format: All data formats that OllyDbg's data window can display: HEX, ASCII, UNICODE, 16/32-bit signed/unsigned/HEX integer, 32/64/80-bit floating point number, address, disassembly (MASM, IDEAL or is HLA), PE file header, or thread data block. Help: This file contains necessary information about understanding and using OllyDbg. If you have the WindowsAPI help file (win32.hlp is not included because of copyright issues), you can hook it in OllyDbg, so that you can quickly get help related to system functions. Startup: You can specify the executable file by means of the command line, select it from the menu, or drag and drop it directly into OllyDbg, perhaps restart the last debugged program, or attach [Attach] a running program . OllyDbg supports just-in-time debugging. The bottom layer of OllyDbg does not need to be installed and can be run directly from the floppy disk! Debugging DLLs: You can use OllyDbg to debug canonical dynamic link libraries (DLLs). OllyDbg will automatically run an executable program. This program loads the linked library and allows you to call the linked library's output functions. Source level debugging: OllyDbg can recognize all Borland and Microsoft format debugging information. This information includes source code, function names, labels, global variables, and static variables. There is limited support for dynamic (stack) variables and structures. Code highlighting: OllyDbg's disassembler can highlight different types of commands (such as: jump, conditional jump, push, pop, call, return, special or invalid commands) and different operations Number (general, FPU/SSE, segment/system registers, operands on stack or memory, constants). You can customize a personalized highlighting scheme. Threading: OllyDbg is able to debug multithreaded programs. So you can switch between multiple threads, suspend, resume, stop threads or change thread priorities. And the thread window will display the error for each thread (just like calling GETLASTERROR back). Analysis: One of the biggest features of OllyDbg is analysis. It analyzes function progress, looping sentences, selection sentences, tables [tables], constants, strings in code, tricky commands [trickyconstructs], API calls, number of parameters in functions, import tables, and more. . These analyses increase the readability of the binary code, reduce the possibility of making mistakes, and make our debugging easier. Object scan. OllyDbg can scan Object files/libraries (including OMF and COFF formats), decompress code segments [codesegments] and orient their locations. Implib scan. Because of the index numbers used by the export functions of some DLL files, these index numbers have no practical meaning to humans. If you have an import library [importlibrary] corresponding to the DLL, OllyDbg can convert serial numbers to symbolic names. Full Unicode support: Almost everything that supports ASCII also supports UNICODE, and vice versa. Names: OllyDbg can display input/output symbols and names based on Borland and Microsoft format debugging information. Object scanners recognize library functions. You can add any titles and comments in between. If some functions in the DLL are exported by index numbers, you can restore the original function names by hooking the import library [importlibrary]. Not only that, OllyDbg also recognizes many constant symbolic names (eg: window messages, error codes, bit fields [bitfields]...) and can decode them into known function calls. Known functions: OllyDbg is able to identify more than 2300 commonly used functions in C and Windows API and the parameters they use. You can add description information, predefined decoding. You can also set Log breakpoints on known functions and log parameters.)
收藏
