|
Banned
Регистрация: 30.03.2007
Сообщений: 344
Провел на форуме:
5149122
Репутация:
2438
|
|
Plugins anf script's for OllyDbg
IDAFicator v1.2.12
BP-OLLY v0.1
Cкачать!
StrongOD v0.15 (bug fixed)
1, enhanced Find function modules (correctly handled peb find the modules, such as ring3 hidden module)
2, OD enhance the document Pe head of analysis (such as Upack shell, etc.)
3, anti anti attach (an extreme form attach)
4, the goal is no longer out of debugging (DebugActiveProcessStop) function, xp system over
5, dll to be injected into the process of debugging
a) Remote Thread (using CreateRemoteThread injection)
b) Current Thread (shellcode, not to increase threads way into the current thread to be suspended)
////////////////////////////////////////////////// /////////////////////
Tell us about simple function:
1, View module features: Find module is the general search peb, have to deal with the peb, OD support properly, so StrongOD find ways to use the module ZwQueryVirtualMemroy
The following plans: This is the hidden module, ProcessExplorer find less than module, and correctly found in the OD
2, the first non-normal PE, OD will not be able to identify, in the data window pe header structure will be an error, StrongOD OD enhanced ability to identify PE head, but also to other plug-in for the information provided to facilitate pe
The chart is the main program UPack
3, many procedures to prevent additional OD, hook or a NtContinue DbgUiRemoteBreakin function, StrongOD use of a means to attach extreme attach. (Note: some unconventional means to check the thread StrongOD no special treatment, such as opening a thread TTProtect regularly check, can not be here or attach)
4, DebugActiveProcessStop functions to be debugging process from the debugger
5, dll to be injected into the process of debugging, two kinds of ways, the first thread is the long-range model, the second did not open an additional thread, the current moratorium on the use of the thread to inject. The former can be run in the state, can also suspend the state, while the latter must first suspend a thread can be injected
Скачать!
Olly SocketTrace 1.0
Скачать!
VEH Walker
This plugin shows all installed vectored exception hadlers in the program.
Copy VEH_Walker_Plugin.dll into OllyDbg plugin directory.
Load VEHDemo.exe into OllyDbg. Set breakpoint on ExitProcess.
Run program. When you stop on ExitProcess, choose menu item View VEH.
Скачать!
poison(ollydbg plugin) +src
ere is the source for a plugin, I have decided to write a new one from scratch with completely custom code.. Its has fixes for stuff like IsDebuggerPresent, HeapFlags, and shows hooks for stuff like ZwQueryProcessInformation. Show how to apply fixes to ollydbg itself, remove ep breakpoint and break on tls. Hope this helps someone. Originally I used a thread on restart of plugin but it was kinda annoying, so I hooked ollydbg later on where all the fixes would work right, took forever to find a good spot.
Скачать!
Stealth64 1.0
Anti Anti and compatibility plugin for Olly 1.10 running on Vista x64.
I made this little plugin to make unpacking on Vista x64 a bit more bearable
It has most of the know anti anti and makes an effort to make Olly behave like it should on regular x86 machines.
Next to this I implemented my own version of the OllyBone ‘Break On Execute’ making unpacking some simple packers a lot easier.
Скачать!
OllyMoreMenu 1.1
This plugin added in ollydbg in the menubar more menu´s with your favorite tools for quickstart.
- for add new menu entry go in add menu and add you favorite tools if ok add this plugin new menu´s in ollydbg menubar for quickstart
Скачать!
OllyCallTrace
OllyCallTrace is a plugin for OllyDbg (version 1.10) to trace the call chain of a thread allowing you to monitor it for irregularities to aid in the debugging of stack based buffer overflows as well as to quickly plot the execution flow of a program you are reversing.
Скачать!
Hidedbg For themida1.9.5
Functions:
Код:
1.Hide IsDebuggerPresent
2.Hide NtGlobalFlag
3.Hide ProcessHeapFlag
4.Patch ZwQueryInformationProcess (==patch UnhandledExceptionFilter)
5.Patch ZwSetInformationThread
6.Patch CheckRemoteDebuggerPresent
7.Patch OutputDebugStringA
8.Anti heap-checking (For themida1.9.5.0)
Скачать!
FullDisasm 1.63
“I propose to you small a plugin for OllyDebugger 1.10 and Immunity Debugger 1.00 which makes it possible to replace the old routine of dismantling of OllyDbg by BeaEngine. With this new plugin, OllyDbg and ImmDbg are capable of débugguer last instructions FPU, MMX, SSE, SSE2, SSE3 and SSSE3, SSE4.1, SSE4.2, VMX. It also makes it possible to choose a syntax parmis 3 (GoAsm, Nasm, Masm).
Скачать!
Olly Script Editor v2.0
Скачать!
Ollydbg 867 scripts or update 149 scripts
Скачать!
|