This page is still under development…
Tools
| OllyDBG – the original (ver. 1.10) fast payday loans |
Debugger |
| OllyDBG – R4ndom’s version (with scripts and plugins) fast payday loans |
Debugger |
| CmpDisasm fast payday loans |
Compare binary disassemblies, as well as hex and PE headers. |
| Detect It Easy (DIE) fast payday loans |
PE Packer identifier |
| PeID fast payday loans |
PE Packer identifier |
| RDG fast payday loans |
PE Packer identifier |
| exeinfoPE fast payday loans |
PE Packer identifier |
| ImpREC fast payday loans |
Import Re-constructor |
| LordPE fast payday loans |
PE verifier, dumper, editor etc. |
| PEBrowse fast payday loans |
PE viewer/editor/disassembler |
| Peditor fast payday loans |
PE viewer/editor |
| PEView fast payday loans |
PE viewer/editor |
| ShowString fast payday loans |
Shows all ASCII strings in a binary |
| Resource Hacker fast payday loans |
Allows modifying resources in binaries |
| Armadillo KeyTool fast payday loans |
A great tool by eXoDia for analyzing Armadillo packed binaries. |
| CFF Explorer Suite fast payday loans |
Great PE and hex editor. |
| dUP2 fast payday loans |
Universal patcher by diablo2002. |
| ShellOp Converter fast payday loans |
Convert shellcode to opcodes and disassembly by Levis. |
Olly Plugins
| TLSCatch fast payday loans |
New version 0.3 by waliedassar. |
| MUltimate Assembler fast payday loans |
Multi line assembler by RaMMicHaeL. |
| Olly Callstack fast payday loans |
Call stack plugin by Zer0Flag (2.0 only). |
| +BP-Olly fast payday loans |
Open up a new ‘floating’ toolbar at the top of Olly. |
| AnalyzeThis+ fast payday loans |
Allow OllyDbg’s analysis function to operate outside of the marked code segment |
| Anti-Anti Hardware BP fast payday loans |
Hooks ntdll to restore the Drx registers after a Structured Exception Handler. |
| API Break fast payday loans |
This plugin allows you to set a breakpoint on many popular Windows API’s |
| Ascii Table fast payday loans |
quickly displays the ASCII chart in hex, decimal, octal and ascii. |
| Attach Anyway fast payday loans fast payday loans |
A PoC OllyDbg plugin designed to remove a process’ hook on NtContinue. |
| Bookmark fast payday loans |
This handy plugin allows the user to set bookmarks |
| Code Ripper fast payday loans |
Allows you to copy code from the binary in a nicely formatted way. |
| Command Bar fast payday loans |
Allows quickly applying breakpoints, finding API’s etc. |
| Hide Debugger fast payday loans |
Hides OllyDbg from many debugger detection tricks. |
| HideOD fast payday loans |
Allows Olly to be hiden from the debugged application. |
| IDAFicator fast payday loans |
. |
| IsDebugPresent fast payday loans |
Hides debugger from IsDebuggerPresent Windows API. |
| Mnemonic Help fast payday loans |
Displays information about the currently selected opcode mnemonic. |
| NanoWrite fast payday loans |
Helps you write code injection. |
| Olly Advanced fast payday loans |
A ‘must have’. Fixes bugs and adds functionality |
| Olly Breakpoint Manager fast payday loans |
Provides breakpoint exporting, importing and automatic breakpoint loading. |
| Olly Toolbar Manager fast payday loans |
Allows you to create your own toolbar. |
| OllyDump fast payday loans |
Allows you to dump the debugged process after you have modified it. |
| OllyPad fast payday loans |
Lets you create notes for the currently debugged application and stores them for later use. |
| OllybonE fast payday loans |
Break-on-Execute for OllyDbg. |
| OllyDBG Script fast payday loans |
Allows Olly to run of the thousands of scripts written for Olly. |
| StrongOD fast payday loans |
A ‘Swiss army knife’ of functionality. |
| Ultra String Reference fast payday loans |
A supped-up version of the built in “search for String References“. |
…or download fast payday loans them all as one package (Note: These only include the DLL plugins. There is no source code, text files, or any additional elements.) You can also view my page fast payday loans describing all of these plugins if you’re unsure as to what they do.
Texts
| The Art Of Assembly fast payday loans |
Best ASM instructional book out there. |
| PC Assembly Language fast payday loans |
Another classic. |
| Win32asm Tutorial fast payday loans |
A very good beginning tutorial by Thomas Bleeker |
| Windows Messages fast payday loans |
All Windows messages with their hex values |
| Anti-Debugging- A Developer’s View fast payday loans |
Very complete text on anti-debugging |
| Anti Reverse Engineering Guide fast payday loans |
Down and dirty guide |
| Methods of Code Obfuscation fast payday loans |
Very detailed guide to obfuscation |
| OllyDBG Detection Techniques fast payday loans |
Ways of specifically detecting Olly |
| Ultimate Anti-Debugging Reference fast payday loans |
Most complete guide I’ve seen |
May 24th, 2012 on 4:03 am
Post The Best Tools ~~ , i cant get a IDA debugger
IDA 5.0 is not working for me
May 24th, 2012 on 5:22 am
Email me and I’d be happy to email it to you. And if you are looking for tutorials, you have come to the right place. I am coming out with part 3 in a couple days.
May 24th, 2012 on 6:54 am
whats ur email?
May 24th, 2012 on 5:27 pm
TheLegendOfRandom@yahoo.com
May 24th, 2012 on 5:27 pm
Also, please tell me if there is anything specific you would like a tutorial/help on. I have a lot of ideas but I would rather create tuts that people really want.
May 24th, 2012 on 6:06 pm
ludKiller, I looked at your site. It’s pretty sweet! I registered as well, so I can leave some feedback. It’s funny, we have similar tastes in color schemes
May 29th, 2012 on 8:35 pm
A quick question : are those plugins for OllyDbg 1.1 or 2.0 ?
Thanks a lot for all those resources! Thanks to you, I learn a lot, and I am eager to start experimenting.
May 30th, 2012 on 5:47 am
These are for v1.10, though there are versions of some of these for 2.0
June 4th, 2012 on 11:27 am
would it be possible to run a ollyscript or similar from the command line to basically memory dump a certain process. The idea is to automate the process of dumping memory associated to a malware binary. Most of the malware out there is packed, having said that how we normally do it is to load the malware into ollydbg and set a breakpoint to offset which calls the ExitProcess and run it. When the breakpoint is reached, open a memory dumper such as LordPE or PEtools to dump the memory associated to the process of the malware.
The result is an unpacked memory dump of the process. Although it is not properly dumped due to PE header and IAT issue. it is somehow work for us as it can now be loaded to the IDA pro for static analysis.
Hope this make sense.
Thank you very much in advance.
Regards, Roger
June 5th, 2012 on 2:29 pm
I sounds to me like you’re looking for something more like Moonsols (www.moonsols.com) or Volatility (www.volatilesystems.com). Both are more “memory forensic” tools and allow fine tuning of dumping memory.
June 6th, 2012 on 7:37 am
Thank you for your feedback.
Indeed, volatility can perform memory dump associated to a particular process but in most cases, malware terminates immediately before you freeze the memory and capture it. when the process is terminated volatility plugin “procmemdump” and “procexedump” are no longer useful.
The success rate of doing it manually using OllyDbg and setting a breakpoint at “ExitProcess” and using other tool such as LordPE or PEtools is not bad. So I was thinking if there is an automated why of doing it using OllyDbg alone (through scripts perhaps) instead of using another tool just to dump the memory associated to that particular binary or process.
OllyDump plugin was close to it but it is more focus on unpacking it by locating correct OEP and fixing IAT issues.
Appreciate your thoughts.
Thank you very much in advance
June 6th, 2012 on 4:07 pm
Ahhh, I now see what you mean. Yes, you could write a script in Olly that breaks at exitProcess and then immediately dumps the memory, though this wouldn’t be truly ‘automated’ as you would have to run the script on every binary, as opposed to, say, running a command line script on a whole directory of them. Also, since you use IDA, you could write a python script that did the same thing (using IDA’s debugger) that would basically break after the loader/packer has unpacked the binary and then dump a static analysis of it.
All that being said, there is also a more advanced method that I used a long time ago: You can hook the exitProcess API to keep the process from terminating, and then use something like Volatility (or WinDbg for that matter) to dump it. This could be put into a python script that injects the exitProcess with your code and performs the dump automatically. If you are interested in this, I believe the book “Malware Analysis Cookbook” discusses this message (if memory serves anyway). If you wanted, I could scan those pages and send them to you.
Hope this helps, and please feel free to keep up the dialog if you have more issues.
June 7th, 2012 on 6:21 am
i would really appreciate if you could share with me what pages from the book you are referring into. i believe one of my friends has the book and I would just ask him.
If it is not too much I would also appreciate if you could guide me through the logic of your idea, as I am pretty new in python as well. Though I can slowly read and understand the code.
I really like the way you want to extend your help.
More power to you. Thanks!
June 7th, 2012 on 5:02 pm
Let me look thru my stuff and see what I have to give you. In the mean time, please contact me through the “Contact” option at the top of the page as this conversation could potentially get long and it may be better to do it through email…
June 8th, 2012 on 4:10 am
Hello, sent you already an email.
Thanks again!
June 9th, 2012 on 3:35 pm
great tutorials, waiting for more tutorials
June 9th, 2012 on 4:23 pm
PEview link is not working. everything else is good
June 9th, 2012 on 8:08 pm
Thanks for the notice. I will put it up Monday.
June 10th, 2012 on 3:33 am
I guess you wanted to put maven smith’s the art of assembly language which is the ultimate reference guide for asm and NOT in HLA,
instead of randall hyde’s art of assembly which is in HLA
maven smith’s ‘aoa’ http://www.planetpdf.com/codecuts/pdfs/aoa.pdf
June 10th, 2012 on 4:40 am
Yes, that was the one I thought I uploaded. I really should have opened the pdf before uploading…I will upload this one to the tools page, and thanks again for you help.
June 26th, 2012 on 8:37 pm
Resource Hacker link is invalid, but it’s on the server
June 26th, 2012 on 9:34 pm
Well, it’s nice to know that at least one person has read my tutorial
The link is fixed.
September 15th, 2012 on 12:45 am
Please R4ndom why dont you jst pack ur file with zip archive not rar,i cant download rar files……..plz its a request,,nd thanks 4 the tutorials its awesome
September 16th, 2012 on 7:33 pm
All I can say it that I keep finding myself saying *wow*.
September 25th, 2012 on 7:31 am
HI, I have a serial/license file. The file contains some values/char which iam not able to understand.Which tool i have to use to decode the lic files.
Thanks.
December 27th, 2012 on 4:36 am
Wow, Great website! Great info! thanks admin for these tutorials… I’m sorry for my bad english
January 27th, 2013 on 8:52 pm
OI have been running Olly with no problems. Now from last night to this morning when I run it, it opens the program then closes. Gives no errors or anything. Tried rebooting, reloading, reinstalling and anything else I can think of! I was on number 23 of your great TUTS! Any ideas?
January 27th, 2013 on 8:53 pm
I have been running Olly with no problems. Now from last night to this morning when I run it, it opens the program then closes. Gives no errors or anything. Tried rebooting, reloading, reinstalling and anything else I can think of! I was on number 23 of your great TUTS! Any ideas?
January 27th, 2013 on 9:06 pm
Also nothing has changed, no programs added. it ran last night ans this morning it opens then closes.
February 3rd, 2013 on 6:56 pm
im curious, is anyone else having issues downloading R4ndoms olldbg ?? i dont have any issues downloading the tut zips but i keep getting a error when downloading OllyDBG – R4ndom’s version (with scripts and plugins)
February 14th, 2013 on 2:52 pm
how can i use ollydbg to crack applications that first require login and password to connect to the internet before they can work e.g dc unlocker
March 7th, 2013 on 5:42 pm
Please add some tutorial for cracking Anti Debuging protection… thanks
March 23rd, 2013 on 9:10 pm
great site. many thanks. looking forward to know how to configure idapro to do debugging specifically windbg. thanks very much.
April 23rd, 2013 on 1:07 pm
Check out there repayment schedule. Paper documentation is not at all entertained by the lenders.
Continued.
April 28th, 2013 on 3:01 am
Carl Edwards is the points leader and believe it or not he has NEVER won
a race in Kansas. Of note, Jimmie Johnson has won the race twice,
in 2003 and 2006, as has Mark Martin (1998, 2005). Well the date of the event
is Sunday, February 26th, while the start time
is scheduled for 12 p.
April 29th, 2013 on 10:17 am
Hello fantastic blog! Does running a blog like this take a
large amount of work? I’ve absolutely no expertise in programming but I was hoping to start my own blog in the near future. Anyway, should you have any ideas or tips for new blog owners please share. I know this is off topic nevertheless I simply had to ask. Many thanks!
May 1st, 2013 on 2:53 am
Thanks designed for sharing such a pleasant idea, post is pleasant, thats why
i have read it completely
May 1st, 2013 on 2:58 am
Link exchange is nothing else but it is only placing the other person’s web site link on your page at appropriate place and other person will also do similar for you.
May 6th, 2013 on 6:46 pm
Quality articles is the important to be a focus for the people to visit the
web page, that’s what this site is providing.
May 11th, 2013 on 12:50 am
When someone writes an post he/she retains the plan of a
user in his/her brain that how a user can know it.
Thus that’s why this piece of writing is amazing. Thanks!
May 12th, 2013 on 11:05 am
Even though they might do this one time for the wedding, I think
there can be addictive qualities to these diets, and
I think that someone might continue to do something
like this. If you are not in the pink of health, then weight loss surgery is obviously
not for you as you may not only fail in losing weight but ended up losing your life as well.
t take it thinly because it is actually costly surgery
and not getting the right outcome may let down you.
May 12th, 2013 on 2:12 pm
Hi there, this weekend is fastidious in support of me, for the
reason that this time i am reading this enormous educational post here at my home.
May 12th, 2013 on 8:30 pm
I like the helpful info you provide in your articles. I’ll bookmark your weblog and check again here regularly. I am quite sure I will learn plenty of new stuff right here! Good luck for the next!
May 13th, 2013 on 1:22 am
I am regular reader, how are you everybody?
This paragraph posted at this website is genuinely good.
May 13th, 2013 on 6:01 am
I just couldn’t go away your site before suggesting that I extremely loved the standard information a person supply to your guests? Is going to be back continuously to investigate cross-check new posts
May 13th, 2013 on 9:14 am
It’s actually a great and helpful piece of info. I’m glad that
you just shared this helpful info with us. Please
stay us up to date like this. Thanks for sharing.
May 17th, 2013 on 12:03 am
Hi there! I know this is sort of off-topic however I had to ask.
Does running a well-established blog such as yours take a large amount of work?
I’m completely new to blogging however I do write in my diary on a daily basis. I’d like to start a blog so I can
share my personal experience and thoughts online.
Please let me know if you have any ideas or tips for new aspiring bloggers.
Thankyou!
May 22nd, 2013 on 10:36 am
Hola! I’ve been following your blog for a long time now and finally got the bravery to go ahead and give you a shout out from Humble Tx! Just wanted to tell you keep up the fantastic work!