As you see, this version already supports plugins. New plugin interface is similar to the old (v1.10) but is not backwards compatible. It includes more than 350 API functions, 60 or so variables and many enumerations and structures that all need to be documented. This will take a while, therefore I decided to make a preliminary release. It includes plugin header file (plugin.h) and commented bookmarks source code (bookmark.c). Writing your own plugins without the documentation is a pure masochism, but at least you will be able to analyse the structure of the interface and send me your comments, wishes and suggestions.
This is the last alpha release. After plugin documentation is ready, I will call it 2.01 beta 1. Then I will start to write OllyDbg help and finally make the full 2.01 release. Till then, I plan no major changes.
Other new features in this version:
– Patch manager, similar to 1.10
– Shortcut editor, supports weird things like Ctrl+Win+$ etc. Now you can customize and share your shortcuts. I haven’t tested it on Win7, please report any found bugs and incompatibilities!
– Instant .udd file loading. In the previous versions I’ve postponed analysis, respectivcely reading of the .udd file till the moment when all external links are resolved. But sometimes it took plenty of time, module started execution and was unable to break on the breakpoints placed in the DLL initialization routine
– Automatic search for the SFX entry point, very raw and works only with several packers. Should be significantly more reliable than 1.10. If you tried it on some SFX and OllyDbg was unable to find real entry, please send me, if possible, the link or executable for analysis!
– “Go to” dialog lists of matching names in all modules
– Logging breakpoints can protocol multiple expressions. Here is an example: I ask OllyDbg to protocol the contents of EAX, EBX and 4 memory doublewords starting at address ESP. Expressions must be separated by commas, repeat count has form SIZE*N, N=1..32:
This is what you will see in the log when breakpoint is hit:
Many not-so-important new features:
– Thread names (MS_VC_EXCEPTION)
– UNICODE box characters clipboard mode
– Multiline debugging strings (of large size)
– On debug string, OllyDbg attempts to find call to OutputDebugString()
– INT3 breakpoints set on the first byte of edited memory area are retained
– Decoding of User Shared Data block
– Addressing relative to module base
– If plugin crashes, OllyDbg will report its name
– etc, etc.
I have received many bug reports. Some of them are solved, some are not. There is a very nasty bug that I was unable to reproduce: OllyDbg crashes with memory access violation inside the GlobalAlloc()?!! Either OllyDbg unintentionally taints internal data structures used by memory manager, or some virus scanner overreacts, or this is a bug of Windows itself? If you have any clue, please let me know.
That’s all for now. I will make a short vacations, a week or so, and in order to keep my sanity will not check for new emails. Please have some patience!
Download here: http://ollydbg.de/odbg201d.zip
Bookmark Plugin : http://ollydbg.de/plug201d.zip
Regards
0day in {REA_TEAM} 