PDA

View Full Version : خبر: بالاخره OllyDbg 2.0 منتشر شد



Mehdi Asgari
جمعه 14 خرداد 1389, 23:27 عصر
بالاخره این محصول long awaited رلیز شد. مطمئنا این خبر برای شما هم یک سورپرایزه (پس از شش سال کار و کلی نسخۀ آلفا و بتا دادن)
خداوند روح برادر Oleh را قرین رحمت ابدی خود فرماید
http://www.ollydbg.de/version2.html?

Mehdi Asgari
یک شنبه 30 آبان 1389, 10:36 صبح
نسخۀ آلفای 2.01 منتشر شد


Although declared alpha, this is a debugged and fully functional version. It implements about 40% of my plans for 2.01, among them:

- Ported to UNICODE. Multilanguage support for ASCII apps in modern Windows is practically non-existing, and I got tired bypassing all such incompatibilities. This step means that version 2 will not work on Windows 95 and 98. Anybody cares?..
- Source debugging is here again, a bit incomplete. It supports only Microsoft compilers via dbghelp.dll. New is support for symbol server, stack walking using dbghelp and names of procedure parameters.
- Debugging of standalone DLLs, in my opinion significantly better than before. It even measures call duration with sub-microsecond resolution (good for profiling) and saves contents of dumps between sessions!
- Many small improvements, like pause only on selected module(s), breakpoints on all intermodular calls, automatical closing of dump windows on different process, bugfixes, and more.



Oh, and yes, soon I will start OllyDbg 64!..
http://ollydbg.de/version2.html?v=2.01

Mehdi Asgari
سه شنبه 03 اسفند 1389, 14:50 عصر
نسخۀ آلفا دوم 2.01 منتشر شد:



Version 2.01 alpha 2 is an intermediate functional release with many new useful features.

The most important novelty is that this version is compatible with Windows 7. I have tested it under Win7 Home Premium 32-bit. If you find any problems, please inform me immediately. Don't forget to add the screenshot of the Log window.

Other improvements:
- Aware of avast! antivirus and modifications it makes to the PE header;
- .NET analysis, very rough yet. .NET debugging is not supported, but at least I can disassemble CIL and parse .NET streams;
- Speech API support. You need SAPI 5.0 or higher installed on your computer. Open Options, select Text-to-speech and check "Activate text-to-speech";
- List of found switches;
- List of referenced GUIDs. Internal database keeps ca. 8000 known GUIDs. Additionally, OllyDbg scans registry and extracts GUIDS registered on your computer;
- Search for modifications;
- Creation of backups from the executable file. If you suspect that virus has modified the code in the memory, just extract the backup from .exe or .dll and search for highlighted modifications. Note that OllyDbg does not restore imports;
- In Open dialog you can specify the current directory for the Debuggee;
- Chinese and other UNICODE file names are correctly preserved in the ollydbg.ini;
- Multiple less important features and bugfixes.

alimanam
یک شنبه 01 آبان 1390, 21:28 عصر
با سلام

نسخه آلفا 4 نیز منتشر شد :

http://ollydbg.de/version2.html?v=2.01

As you see, this version already supports plugins. New plugin interface is similar to the old (v1.10) but is not backwards compatible. It includes more than 350 API functions, 60 or so variables and many enumerations and structures that all need to be documented. This will take a while, therefore I decided to make a preliminary release. It includes plugin header file (plugin.h) and commented bookmarks source code (bookmark.c). Writing your own plugins without the documentation is a pure masochism, but at least you will be able to analyse the structure of the interface and send me your comments, wishes and suggestions.

This is the last alpha release. After plugin documentation is ready, I will call it 2.01 beta 1. Then I will start to write OllyDbg help and finally make the full 2.01 release. Till then, I plan no major changes.

Other new features in this version:

- Patch manager, similar to 1.10
- Shortcut editor, supports weird things like Ctrl+Win+$ etc. Now you can customize and share your shortcuts. I haven't tested it on Win7, please report any found bugs and incompatibilities!
- Instant .udd file loading. In the previous versions I've postponed analysis, respectivcely reading of the .udd file till the moment when all external links are resolved. But sometimes it took plenty of time, module started execution and was unable to break on the breakpoints placed in the DLL initialization routine
- Automatic search for the SFX entry point, very raw and works only with several packers. Should be significantly more reliable than 1.10. If you tried it on some SFX and OllyDbg was unable to find real entry, please send me, if possible, the link or executable for analysis!
- "Go to" dialog lists of matching names in all modules
- Logging breakpoints can protocol multiple expressions. Here is an example: I ask OllyDbg to protocol the contents of EAX, EBX and 4 memory doublewords starting at address ESP. Expressions must be separated by commas, repeat count has form SIZE*N, N=1..32:

http://ollydbg.de/Pics/multibreak.gif

Many not-so-important new features:

- Thread names (MS_VC_EXCEPTION)
- UNICODE box characters clipboard mode
- Multiline debugging strings (of large size)
- On debug string, OllyDbg attempts to find call to OutputDebugString()
- INT3 breakpoints set on the first byte of edited memory area are retained
- Decoding of User Shared Data block
- Addressing relative to module base
- If plugin crashes, OllyDbg will report its name
- etc, etc.
...

http://ollydbg.de/Pics/multilog.gif


موفق باشید ./

aminghaderi
دوشنبه 26 دی 1390, 01:52 صبح
دوستان اگر یه توضیح کوتاه درباره هدف این نرم افزار و اهداف کاری اون توضیح می دادند خیلی خوب بود ، که مثلا کار اصلی این دیباگر چیست ؟؟ و زمینه کاربردش در کجاست؟؟
با تشکر فروان.

Securebit
دوشنبه 26 دی 1390, 11:29 صبح
برای رسیدن به جوابتون بهتره یک نگاهی به سایتش بندازید. http://ollydbg.de

Hossenbor
یک شنبه 21 خرداد 1391, 18:56 عصر
دوست عزیز کارایی این برنامه از نگاه خوب اشکال زدایی برنامه است و از نگاه بد برای کرک و شایدم هک استفاده بشه تا اونجایی که من دیدم در کل برای مشاهده و ویرایش کد اسمبلی برنامه است

Delphi Coder
جمعه 19 آبان 1391, 19:04 عصر
مثل اینکه حالا حالاها خبری از نسخه 64 بیتی نخواهیم شنید.