This page is still under development…
Tools
| OllyDBG – the original (ver. 1.10) | Debugger |
| OllyDBG – R4ndom’s version (with scripts and plugins) | Debugger |
| CmpDisasm | Compare binary disassemblies, as well as hex and PE headers. |
| Detect It Easy (DIE) | PE Packer identifier |
| PeID | PE Packer identifier |
| RDG | PE Packer identifier |
| exeinfoPE | PE Packer identifier |
| ImpREC | Import Re-constructor |
| LordPE | PE verifier, dumper, editor etc. |
| PEBrowse | PE viewer/editor/disassembler |
| Peditor | PE viewer/editor |
| PEView | PE viewer/editor |
| ShowString | Shows all ASCII strings in a binary |
| Resource Hacker | Allows modifying resources in binaries |
| Armadillo KeyTool | A great tool by eXoDia for analyzing Armadillo packed binaries. |
| CFF Explorer Suite | Great PE and hex editor. |
| dUP2 | Universal patcher by diablo2002. |
| ShellOp Converter | Convert shellcode to opcodes and disassembly by Levis. |
Olly Plugins
| TLSCatch | New version 0.3 by waliedassar. |
| MUltimate Assembler | Multi line assembler by RaMMicHaeL. |
| Olly Callstack | Call stack plugin by Zer0Flag (2.0 only). |
| +BP-Olly | Open up a new ‘floating’ toolbar at the top of Olly. |
| AnalyzeThis+ | Allow OllyDbg’s analysis function to operate outside of the marked code segment |
| Anti-Anti Hardware BP |
Hooks ntdll to restore the Drx registers after a Structured Exception Handler. |
| API Break |
This plugin allows you to set a breakpoint on many popular Windows API’s |
| Ascii Table | quickly displays the ASCII chart in hex, decimal, octal and ascii. |
| Attach Anyway |
A PoC OllyDbg plugin designed to remove a process’ hook on NtContinue. |
| Bookmark | This handy plugin allows the user to set bookmarks |
| Code Ripper | Allows you to copy code from the binary in a nicely formatted way. |
| Command Bar |
Allows quickly applying breakpoints, finding API’s etc. |
| Hide Debugger |
Hides OllyDbg from many debugger detection tricks. |
| HideOD | Allows Olly to be hiden from the debugged application. |
| IDAFicator | . |
| IsDebugPresent | Hides debugger from IsDebuggerPresent Windows API. |
| Mnemonic Help | Displays information about the currently selected opcode mnemonic. |
| NanoWrite | Helps you write code injection. |
| Olly Advanced |
A ‘must have’. Fixes bugs and adds functionality |
| Olly Breakpoint Manager |
Provides breakpoint exporting, importing and automatic breakpoint loading. |
| Olly Toolbar Manager | Allows you to create your own toolbar. |
| OllyDump | Allows you to dump the debugged process after you have modified it. |
| OllyPad | Lets you create notes for the currently debugged application and stores them for later use. |
| OllybonE | Break-on-Execute for OllyDbg. |
| OllyDBG Script | Allows Olly to run of the thousands of scripts written for Olly. |
| StrongOD | A ‘Swiss army knife’ of functionality. |
| Ultra String Reference | A supped-up version of the built in “search for String References“. |
…or download them all as one package (Note: These only include the DLL plugins. There is no source code, text files, or any additional elements.) You can also view my page describing all of these plugins if you’re unsure as to what they do.
Texts
| The Art Of Assembly | Best ASM instructional book out there. |
| PC Assembly Language | Another classic. |
| Win32asm Tutorial | A very good beginning tutorial by Thomas Bleeker |
| Windows Messages | All Windows messages with their hex values |
| Anti-Debugging- A Developer’s View | Very complete text on anti-debugging |
| Anti Reverse Engineering Guide | Down and dirty guide |
| Methods of Code Obfuscation | Very detailed guide to obfuscation |
| OllyDBG Detection Techniques | Ways of specifically detecting Olly |
| Ultimate Anti-Debugging Reference | Most complete guide I’ve seen |
May 24th, 2012 on 4:03 am
Post The Best Tools ~~ , i cant get a IDA debugger
IDA 5.0 is not working for me
May 24th, 2012 on 5:22 am
Email me and I’d be happy to email it to you. And if you are looking for tutorials, you have come to the right place. I am coming out with part 3 in a couple days.
May 24th, 2012 on 6:54 am
whats ur email?
May 24th, 2012 on 5:27 pm
TheLegendOfRandom@yahoo.com
May 24th, 2012 on 5:27 pm
Also, please tell me if there is anything specific you would like a tutorial/help on. I have a lot of ideas but I would rather create tuts that people really want.
May 24th, 2012 on 6:06 pm
ludKiller, I looked at your site. It’s pretty sweet! I registered as well, so I can leave some feedback. It’s funny, we have similar tastes in color schemes
May 29th, 2012 on 8:35 pm
A quick question : are those plugins for OllyDbg 1.1 or 2.0 ?
Thanks a lot for all those resources! Thanks to you, I learn a lot, and I am eager to start experimenting.
May 30th, 2012 on 5:47 am
These are for v1.10, though there are versions of some of these for 2.0
June 4th, 2012 on 11:27 am
would it be possible to run a ollyscript or similar from the command line to basically memory dump a certain process. The idea is to automate the process of dumping memory associated to a malware binary. Most of the malware out there is packed, having said that how we normally do it is to load the malware into ollydbg and set a breakpoint to offset which calls the ExitProcess and run it. When the breakpoint is reached, open a memory dumper such as LordPE or PEtools to dump the memory associated to the process of the malware.
The result is an unpacked memory dump of the process. Although it is not properly dumped due to PE header and IAT issue. it is somehow work for us as it can now be loaded to the IDA pro for static analysis.
Hope this make sense.
Thank you very much in advance.
Regards, Roger
June 5th, 2012 on 2:29 pm
I sounds to me like you’re looking for something more like Moonsols (www.moonsols.com) or Volatility (www.volatilesystems.com). Both are more “memory forensic” tools and allow fine tuning of dumping memory.
June 6th, 2012 on 7:37 am
Thank you for your feedback.
Indeed, volatility can perform memory dump associated to a particular process but in most cases, malware terminates immediately before you freeze the memory and capture it. when the process is terminated volatility plugin “procmemdump” and “procexedump” are no longer useful.
The success rate of doing it manually using OllyDbg and setting a breakpoint at “ExitProcess” and using other tool such as LordPE or PEtools is not bad. So I was thinking if there is an automated why of doing it using OllyDbg alone (through scripts perhaps) instead of using another tool just to dump the memory associated to that particular binary or process.
OllyDump plugin was close to it but it is more focus on unpacking it by locating correct OEP and fixing IAT issues.
Appreciate your thoughts.
Thank you very much in advance
June 6th, 2012 on 4:07 pm
Ahhh, I now see what you mean. Yes, you could write a script in Olly that breaks at exitProcess and then immediately dumps the memory, though this wouldn’t be truly ‘automated’ as you would have to run the script on every binary, as opposed to, say, running a command line script on a whole directory of them. Also, since you use IDA, you could write a python script that did the same thing (using IDA’s debugger) that would basically break after the loader/packer has unpacked the binary and then dump a static analysis of it.
All that being said, there is also a more advanced method that I used a long time ago: You can hook the exitProcess API to keep the process from terminating, and then use something like Volatility (or WinDbg for that matter) to dump it. This could be put into a python script that injects the exitProcess with your code and performs the dump automatically. If you are interested in this, I believe the book “Malware Analysis Cookbook” discusses this message (if memory serves anyway). If you wanted, I could scan those pages and send them to you.
Hope this helps, and please feel free to keep up the dialog if you have more issues.
June 7th, 2012 on 6:21 am
i would really appreciate if you could share with me what pages from the book you are referring into. i believe one of my friends has the book and I would just ask him.
If it is not too much I would also appreciate if you could guide me through the logic of your idea, as I am pretty new in python as well. Though I can slowly read and understand the code.
I really like the way you want to extend your help.
More power to you. Thanks!
June 7th, 2012 on 5:02 pm
Let me look thru my stuff and see what I have to give you. In the mean time, please contact me through the “Contact” option at the top of the page as this conversation could potentially get long and it may be better to do it through email…
June 8th, 2012 on 4:10 am
Hello, sent you already an email.
Thanks again!
June 9th, 2012 on 3:35 pm
great tutorials, waiting for more tutorials
June 9th, 2012 on 4:23 pm
PEview link is not working. everything else is good
June 9th, 2012 on 8:08 pm
Thanks for the notice. I will put it up Monday.
June 10th, 2012 on 3:33 am
I guess you wanted to put maven smith’s the art of assembly language which is the ultimate reference guide for asm and NOT in HLA,
instead of randall hyde’s art of assembly which is in HLA
maven smith’s ‘aoa’ http://www.planetpdf.com/codecuts/pdfs/aoa.pdf
June 10th, 2012 on 4:40 am
Yes, that was the one I thought I uploaded. I really should have opened the pdf before uploading…I will upload this one to the tools page, and thanks again for you help.
June 26th, 2012 on 8:37 pm
Resource Hacker link is invalid, but it’s on the server
June 26th, 2012 on 9:34 pm
Well, it’s nice to know that at least one person has read my tutorial
The link is fixed.
September 15th, 2012 on 12:45 am
Please R4ndom why dont you jst pack ur file with zip archive not rar,i cant download rar files……..plz its a request,,nd thanks 4 the tutorials its awesome
September 16th, 2012 on 7:33 pm
All I can say it that I keep finding myself saying *wow*.
September 25th, 2012 on 7:31 am
HI, I have a serial/license file. The file contains some values/char which iam not able to understand.Which tool i have to use to decode the lic files.
Thanks.
December 27th, 2012 on 4:36 am
Wow, Great website! Great info! thanks admin for these tutorials… I’m sorry for my bad english
January 27th, 2013 on 8:52 pm
OI have been running Olly with no problems. Now from last night to this morning when I run it, it opens the program then closes. Gives no errors or anything. Tried rebooting, reloading, reinstalling and anything else I can think of! I was on number 23 of your great TUTS! Any ideas?
January 27th, 2013 on 8:53 pm
I have been running Olly with no problems. Now from last night to this morning when I run it, it opens the program then closes. Gives no errors or anything. Tried rebooting, reloading, reinstalling and anything else I can think of! I was on number 23 of your great TUTS! Any ideas?
January 27th, 2013 on 9:06 pm
Also nothing has changed, no programs added. it ran last night ans this morning it opens then closes.
February 3rd, 2013 on 6:56 pm
im curious, is anyone else having issues downloading R4ndoms olldbg ?? i dont have any issues downloading the tut zips but i keep getting a error when downloading OllyDBG – R4ndom’s version (with scripts and plugins)
February 14th, 2013 on 2:52 pm
how can i use ollydbg to crack applications that first require login and password to connect to the internet before they can work e.g dc unlocker
March 7th, 2013 on 5:42 pm
Please add some tutorial for cracking Anti Debuging protection… thanks
March 23rd, 2013 on 9:10 pm
great site. many thanks. looking forward to know how to configure idapro to do debugging specifically windbg. thanks very much.
April 23rd, 2013 on 1:07 pm
Check out there repayment schedule. Paper documentation is not at all entertained by the lenders.
Continued.
April 28th, 2013 on 3:01 am
Carl Edwards is the points leader and believe it or not he has NEVER won
a race in Kansas. Of note, Jimmie Johnson has won the race twice,
in 2003 and 2006, as has Mark Martin (1998, 2005). Well the date of the event
is Sunday, February 26th, while the start time
is scheduled for 12 p.
April 29th, 2013 on 10:17 am
Hello fantastic blog! Does running a blog like this take a
large amount of work? I’ve absolutely no expertise in programming but I was hoping to start my own blog in the near future. Anyway, should you have any ideas or tips for new blog owners please share. I know this is off topic nevertheless I simply had to ask. Many thanks!
May 1st, 2013 on 2:53 am
Thanks designed for sharing such a pleasant idea, post is pleasant, thats why
i have read it completely
May 1st, 2013 on 2:58 am
Link exchange is nothing else but it is only placing the other person’s web site link on your page at appropriate place and other person will also do similar for you.
May 6th, 2013 on 6:46 pm
Quality articles is the important to be a focus for the people to visit the
web page, that’s what this site is providing.
May 11th, 2013 on 12:50 am
When someone writes an post he/she retains the plan of a
user in his/her brain that how a user can know it.
Thus that’s why this piece of writing is amazing. Thanks!
May 12th, 2013 on 11:05 am
Even though they might do this one time for the wedding, I think
there can be addictive qualities to these diets, and
I think that someone might continue to do something
like this. If you are not in the pink of health, then weight loss surgery is obviously
not for you as you may not only fail in losing weight but ended up losing your life as well.
t take it thinly because it is actually costly surgery
and not getting the right outcome may let down you.
May 12th, 2013 on 2:12 pm
Hi there, this weekend is fastidious in support of me, for the
reason that this time i am reading this enormous educational post here at my home.
May 12th, 2013 on 8:30 pm
I like the helpful info you provide in your articles. I’ll bookmark your weblog and check again here regularly. I am quite sure I will learn plenty of new stuff right here! Good luck for the next!
May 13th, 2013 on 1:22 am
I am regular reader, how are you everybody?
This paragraph posted at this website is genuinely good.
May 13th, 2013 on 6:01 am
I just couldn’t go away your site before suggesting that I extremely loved the standard information a person supply to your guests? Is going to be back continuously to investigate cross-check new posts
May 13th, 2013 on 9:14 am
It’s actually a great and helpful piece of info. I’m glad that
you just shared this helpful info with us. Please
stay us up to date like this. Thanks for sharing.
May 17th, 2013 on 12:03 am
Hi there! I know this is sort of off-topic however I had to ask.
Does running a well-established blog such as yours take a large amount of work?
I’m completely new to blogging however I do write in my diary on a daily basis. I’d like to start a blog so I can
share my personal experience and thoughts online.
Please let me know if you have any ideas or tips for new aspiring bloggers.
Thankyou!
May 22nd, 2013 on 10:36 am
Hola! I’ve been following your blog for a long time now and finally got the bravery to go ahead and give you a shout out from Humble Tx! Just wanted to tell you keep up the fantastic work!
May 24th, 2013 on 8:13 pm
t figure our way out of our consumerist addictions we
will eventually have to go cold turkey. Hopefully, this represents some sort of indication that, even here in
God’s country, Cache Valley, Utah, we’ve had enough of the ultra
extreme far right for awhile. While the release of greenhouse gases may not cause immediate illness, the sum total of what has been released into
the atmosphere is starting to cause problems around the globe.
June 4th, 2013 on 5:46 pm
Valuable info. Lucky me I discovered your website
accidentally, and I’m shocked why this twist of fate did not happened in advance! I bookmarked it.
June 5th, 2013 on 6:44 am
I like the valuable information you provide on your articles.
I will bookmark your blog and check once more right here frequently.
I’m relatively sure I will be told plenty of new stuff right here! Good luck for the following!
June 7th, 2013 on 7:30 am
It’s really a nice and helpful piece of info. I am satisfied that you simply shared this helpful information with us. Please stay us up to date like this. Thank you for sharing.
June 13th, 2013 on 10:01 pm
Heya i am for the first time here. I found this board
and I find It really useful & it helped me out a lot.
I hope to give something back and aid others like you
helped me.
June 18th, 2013 on 1:38 am
Your style is so unique compared to other folks I’ve read stuff from. Thank you for posting when you’ve got the opportunity,
Guess I will just bookmark this site.
June 18th, 2013 on 2:14 pm
It’s appropriate time to make some plans for the longer term and it is time to be happy. I’ve learn this publish and if I
may I desire to recommend you few attention-grabbing
issues or tips. Perhaps you could write subsequent articles relating to this article.
I want to learn more issues approximately it!
June 18th, 2013 on 11:00 pm
Pure Procedures For Taking Away Moles At House
June 24th, 2013 on 7:03 pm
” The president also mentions that he was in charge of two wars when he received the peace prize in the first place. It just seems difficult for men, especially, to settle down and not work. Earlier today, the Norwegian Nobel Committee declared Liu Xiaobo the winner of the 2010 Nobel Peace Prize.
June 24th, 2013 on 10:06 pm
I’m not that much of a online reader to be honest but your blogs really nice, keep
it up! I’ll go ahead and bookmark your site to come back down the road. Many thanks
June 26th, 2013 on 9:53 am
I have run some PEID tool and it can’t detect any PE. But when I use the ollydbg. I have stuck at one line. The ollydbg says: “Access violation when writing to …”. And nothing appear on the screen.
June 27th, 2013 on 12:44 pm
Attention All…
[b]OllyDBG – R4ndom’s version (with scripts and plugins)[/b]
If you are receiving an error while starting olly.
Change the following 3 locations and username…
[quote]
[b]Symbolic data path=C:\Users\Random\Desktop\Olly[/b]
[b]UDD path=C:\Users\Random\Desktop\Olly[/b]
[b]Plugin path=C:\Users\Random\Desktop\Olly[/b][/quote]
Wherever you have placed the [b]R4ndoms_OllyDBG[/b] folder
[quote]
[b]Symbolic data path=C:\Users\YOU\Location\R4ndoms_OllyDBG[/b]
[b]UDD path=C:\Users\YOU\Desktop\Olly[/b]
[b]Plugin path=C:\Users\YOU\Location\R4ndoms_OllyDBG[/b][/quote]
You will find this information in the [b]ollydbg.ini[/b] file.
Hope this helps you all.
June 27th, 2013 on 12:46 pm
This is a test
Please delete this…
June 27th, 2013 on 12:49 pm
Attention All…
OllyDBG – R4ndom’s version (with scripts and plugins)
If you are receiving an error while starting olly.
Change the following 3 locations and username…
Symbolic data path=C:\Users\Random\Desktop\Olly
UDD path=C:\Users\Random\Desktop\Olly
Plugin path=C:\Users\Random\Desktop\Olly
Wherever you have placed the R4ndoms_OllyDBG folder
Symbolic data path=C:\Users\YOU\Location\R4ndoms_OllyDBG
UDD path=C:\Users\YOU\Desktop\Olly
Plugin path=C:\Users\YOU\Location\R4ndoms_OllyDBG
You will find this information in the ollydbg.ini file.
Hope this helps you all.
June 27th, 2013 on 12:53 pm
Attention All…
OllyDBG – R4ndom’s version (with scripts and plugins)
If you are receiving an error while starting olly.
Change the following 3 locations and username…
Symbolic data path=C:\Users\Random\Desktop\Olly
UDD path=C:\Users\Random\Desktop\Olly
Plugin path=C:\Users\Random\Desktop\Olly
Wherever you have placed the R4ndoms_OllyDBG folder
Symbolic data path=C:\Users\YOU\Location\R4ndoms_OllyDBG
UDD path=C:\Users\YOU\Desktop\R4ndoms_OllyDBG
Plugin path=C:\Users\YOU\Location\R4ndoms_OllyDBG
You will find this information in the ollydbg.ini file.
Hope this helps you all.
June 27th, 2013 on 1:15 pm
Attention All…
OllyDBG – R4ndom’s version (with scripts and plugins)
If you are receiving an error while starting olly.
#
Change the following 3 locations and username…
Symbolic data path=C:\Users\Random\Desktop\Olly
UDD path=C:\Users\Random\Desktop\Olly
Plugin path=C:\Users\Random\Desktop\Olly
Wherever you have placed the R4ndoms_OllyDBG folder
Symbolic data path=C:\Users\YOU\Location\R4ndoms_OllyDBG
UDD path=C:\Users\YOU\Desktop\R4ndoms_OllyDBG
Plugin path=C:\Users\YOU\Location\R4ndoms_OllyDBG
You will find this information in the ollydbg.ini file.
##
There is a second option, Just delete the ollydbg.ini file.
A new file will be generated on Ollys next startup.
Hope this helps you all.
PS…
R4ndom Please delete posts 74551, 74552, 74555 and 74556.
Thank you… (“,
July 4th, 2013 on 8:07 am
Today, while I was at work, my sister stole my iphone and tested to
see if it can survive a twenty five foot drop, just so she can be a youtube sensation.
My iPad is now broken and she has 83 views. I know this is entirely
off topic but I had to share it with someone!
July 10th, 2013 on 11:46 pm
Attractive element of content. I simply stumbled upon your site
and in accession capital to claim that I acquire in fact loved account
your blog posts. Any way I’ll be subscribing to your feeds and even I success you get right of entry to constantly fast.
July 13th, 2013 on 9:18 am
Howdy this is kinda of off topic but I was wanting
to know if blogs use WYSIWYG editors or if you have to
manually code with HTML. I’m starting a blog soon but have no coding knowledge so I wanted to get advice from someone with experience. Any help would be enormously appreciated!
July 14th, 2013 on 2:31 pm
What i don’t understood is if truth be told how you are now not really a lot more smartly-liked than you might be right now. You’re so intelligent.
You already know therefore considerably when it comes to this topic, produced me personally imagine it from
numerous numerous angles. Its like women and men aren’t fascinated until it is something to do with Lady gaga! Your personal stuffs outstanding. At all times care for it up!
July 17th, 2013 on 6:26 pm
Hello, just wanted to say, I liked this post. It was
funny. Keep on posting!
July 19th, 2013 on 12:00 am
Thank you for the auspicious writeup. It if truth be told was a amusement account it.
Glance complicated to more introduced agreeable from you!
However, how can we communicate?
July 20th, 2013 on 11:13 am
You can definitely see your expertise in the article you write.
The arena hopes for even more passionate writers such as you who aren’t afraid to say how they believe. Always go after your heart.
July 20th, 2013 on 2:37 pm
Sir i am just a beginner in reverse engineering. All i know is to
program in java a little bit and also c. but i can learn things
fastly. I have a game- gta vice city. I want to establish a connection
to my game while game is running so that i can set player health or
weather or things like that. what i want is not just using these stuff
to play game. I want to know how things work.
I think about a multiplayer for my game. i am crazy in these type of things.
So i want to create a java program.
1. i open the game
2. minimize it and open java program
3. click on button.
4. my player in game’s health increase or decrease.
I am not asking for the codes. but it would be good if you show me
with another example so that i can apply it here. All i want to know
is how to establish a connection to a program by another program and
this second program should be able to use the original program’s
functions and codes…
Hope that you will help me. I know it is possible .
(Vice city Ultimate trainer is such a program i think).. whatever. I
am eagerly waiting for your reply.
August 1st, 2013 on 2:29 am
I am regular visitor, how are you everybody? This paragraph posted at this site is actually nice.
August 11th, 2013 on 12:57 pm
Bonjour,
je cherche un debugger 16 bits sous windows.
merci
August 21st, 2013 on 2:53 pm
The most of tutorials can not open after download.Please