OllyDBG v2.xx plugin - OllyExt

Newbie_Cracker · #1 10-03-2013, 15:43

Quote:

Originally Posted by ferrit.rce

I've debugged thousands of hours with 1.1 and that was the reason why I've decided to use the new version

Even if it has also some bugs it has 2 advantages for me:
1. It's not crashing so much
2. Oleh will fix these problems

I agree with you, but lack of some features pushes me to use v1.10, specially for unpacking. But because of lack of comprehensive workable anti-anti plugin, I'm in trouble

I think you need do some modification in you code for OD1.1 PDK, API patching is the same. Isn't it?

ferrit.rce · #2 10-03-2013, 18:38

API patching is exactly the same but the PDK interface and feature set is really different. A lot of used new features doesn't exist on 1.1. I can take a look at once again but can't promise anything...
BTW what is missing from 2.x?

Quote:

Originally Posted by Newbie_Cracker

I agree with you, but lack of some features pushes me to use v1.10, specially for unpacking. But because of lack of comprehensive workable anti-anti plugin, I'm in trouble

I think you need do some modification in you code for OD1.1 PDK, API patching is the same. Isn't it?

Newbie_Cracker · #3 10-04-2013, 01:27

Quote:

Originally Posted by ferrit.rce

API patching is exactly the same but the PDK interface and feature set is really different. A lot of used new features doesn't exist on 1.1. I can take a look at once again but can't promise anything...
BTW what is missing from 2.x?

Thanks for checking the possibility.

For the features, it's not the right topic to discuss about the features missing but small things that I use heavily:

- Mem BP on Write on PE sections,memory regions (very handy for unpacking, reversing)
- Handles window button (I hate extra clicks)
- Patches window (not critical, but comes handy sometimes)

I've found some bugs but now remember these:

- Show Symbolic address is too stupid in OD2.x for CALL DWORD[adr]. If you press space on such codes OD shows

CALL DWORD PTR DS:[<&KERNEL32.GetSystemTimeAsFileTime>] instead of CALL DWORD PTR DS:[4080AC].

I really hate it !

- Some unknown exception while loading packed files.
- OD2.x fails to show pe sections seperately in Execryptor packed files, even in unpacked files (interesting bug)

and all plugins which exist for OD 1.1

So I still use OD1.10

quygia128 · #4 10-22-2013, 13:55

Quote:

Originally Posted by Newbie_Cracker

I've found some bugs but now remember these:

- Show Symbolic address is too stupid in OD2.x for CALL DWORD[adr]. If you press space on such codes OD shows

CALL DWORD PTR DS:[<&KERNEL32.GetSystemTimeAsFileTime>] instead of CALL DWORD PTR DS:[4080AC].

I really hate it !

I will code a plugin to Fix this problem automatic way when you run OllyDbg, please wait.

BR,
quygia128

ferrit.rce · #5 10-23-2013, 14:25

New v1.6 is out. Changes:

Code:

- CreateThread
- Version information resource added

Thread Tools
Show Printable Version Email this Page
Display Modes
Switch to Linear Mode Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
DEF plugin for OllyDbg 2.XX	wilson bibe	Community Tools	2	07-22-2014 09:01

The Following User Gave Reputation+1 to ferrit.rce For This Useful Post:
Newbie_Cracker (10-04-2013)

The Following 7 Users Gave Reputation+1 to ferrit.rce For This Useful Post:
ahmadmansoor (10-23-2013), evlncrn8 (10-24-2013), nikre (10-23-2013), quygia128 (10-23-2013), sendersu (10-23-2013), TQN (10-24-2013), wilson bibe (10-23-2013)