WhatisOllyDbgOllyDbgisadebuggerthatemphasizesbinarycodeanal
ysis,whichisusefulwhensourcecodeisnotavailable.Ittrace
sregisters,recognizesprocedures,APIcalls,switches,tables,
constantsandstrings,aswellaslocatesroutinesfromobjectfi
lesandlibrariesVersionsVersion1.10isthefinal1.xrelease.
Version2.0isindevelopmentandisbeingwrittenfromthegro
undup.Note:ThecurrentversionofOllyDbgcannotdisassembleb
inariescompiledfor64bitprocessors.FeaturesExecutesprogra
minacontrolledenvironment.Allowstheflowoftheprogramto
becontrolled.Usesaconvenientlayoutshowinghexadecimal,as
sembly,CPUregistersandstack.Allowstheprogramtobedumped
fromthememoryontothehard-disk.Highlightsrecentlychanged
valuesinmemory/stack/CPUregisters.WindowLayoutsWindowl
ayoutsarethevariouspartsoftheUIthatcontainpertinentinf
ormationCodewindow–DisplaystheexecutablemachinecodeRegis
terwindow–Allowstheusertowatchthecontentsofeachregist
erduringexecutionMemorywindow–Allowstheusertoviewthec
ontentsofvariousmemorylocationsStackwindow–Displaysthes
tack,includingmemoryaddressesandvaluesWorkinginOllyDbgNa
vigationMovingSearchingCommentingCanbeenteredinthecodew
indowwiththe;or:keysListingNamesThenameswindowdisplay
sallfunctionsorimportedfunctionsusedintheprogramListing
themiseasyviatheshortcutCtrl+NShowingMemoryDisplaying
memorycanbeusefulwhenlookingforstringsorotherimportant
dataDisplayingthememorymapwindowcanbeachievedviaAlt+
MWorkinginOllyDbgCont…BreakpointsBreakpointsallowthedebu
ggertostopataspecifiedaddressorinstructionTherearetwo
typesofbreakpointsingeneralSoftwarebreakpointsHandledbyt
heoperatingsystemSetbynavigatingtothespecifiedaddressan
dhittingF2HardwarebreakpointsHandledbytheprocessorSetby
findingaplaceinmemoryyouwanttobreakonaccessandright
clickingselectingtheproperoptionOllyalsoprovidesawayto
viewandturnonandoffbreakpointsviathebreakpointswindoww
ithAlt+BWorkinginOllyDbgCont…ControllingExecutionStarti
ngtheprocessOncethetargetprogramiseitherloadedorattach
edinOllyyoucanstartexecution.Thiswillactuallysetupan
initialbreakpointattheapplicationentrypointThereareseve
ralwaysyoucanproceedfromtheentrypointSinglesteppingExe
cutesoneinstructionatatimeandcanbeachievedbyhittingF7
StepsintoeveryfunctionTediousasfuckExecuteuntilreturnE
xecutesuntiltheretinstuctionisencouteredwhichcanbeachie
vedbyhittingCtrl+F9Executesallinstructionsinthecurrent
functionFasterthansinglesteppingbutnotascomprehensiveW
orkinginOllyDbgCont…WatchingexecutionRegistersHandledint
heregisterwindowRedhighlightingindicatesaregisterhaschan
gedStackHandledinthestackwindowDisplaycanbeaddressorr
elativeaddressfromebpCallstackDisplaysthefunctionsthecu
rrentfunctionhasbeencalledfromCanbedisplayedwiththesho
rtcutAlt+KDemoCrackingaprogramusingbufferoverflowRfile
()functionaddress: 0x004013B0Registeraddress: 0x0013FB78
Returnaddress: 0x0040132CBufferaddress: 0x0013FB6CBufferlength: 10BytesAddresslength: 2BytesTotaTotaStoryEnd…TheEndOllyDbgDebugerhttp://en.wikipedia.org/wiki/OllyDbg |
|
