Archive for August, 2015

Symbols on Demand (an OllyDbg plugin)

Posted: August 26, 2015 in Uncategorized
Tags:
0

OllyDbg is able to use dbghelp.dll and symsrv.dll to show extended debug information, such as the module source code (if referenced by the debug information) or module symbols from a PDB file (which can be fetched from the Microsoft Symbol Server for system modules). The problem is that if you turn on this option, module loading becomes much slower. On the other hand, this information is very handy, so there’s a dilemma as of whether to turn it on.

The Symbols on Demand plugin provides the best of both worlds: it disables loading of this extended debug information by default, but allows to load it explicitly for any module, at any time. Using this approach, loading is still fast, but if you need to load extended debug information for a module, you can easily do that.

OllyDbg v1.10 and v2.01 are supported. For, OllyDbg v1.10, there’s additional functionality: you can set the symbols search path, which is set by default to SRV.\Symbolshttp://msdl.microsoft.com/download/symbols. You can also choose to retrieve undecorated symbol names. These options can be set in the INI file of OllyDbg, in the plugin’s section.

Link: http://rammichael.com/symbols-on-demand

OllyDBG v2: Colour & Highlighting schemes

Posted: August 2, 2015 in Uncategorized
Tags: , ,
0

Note này tổng hợp một số Colour và Highlighting schemes dành cho bản OllyDBG v2.

  1. Tác giả có nick Xylitol, chia sẻ trên diễn đàn kernelmode.info:
    [Colour schemes]
    Scheme name[]=Instructions-Status-Dump Xyl
    Foreground_1[    ]=,,0,F0FBFF,,,,,,,,,,,,
    Foreground_2[]=,,,,,,,,,,,,,,,*
    Background_1[]=C0C0C0,C0C0C0,C0C0C0,,,,,,,808080,,,,,,*
    Background_2[]=,,,,,,,,,,,,,,,*
    Operands[]=0
    Modified commands[    ]=0
    Scheme name[]=Registers-Stack Xyl
    Foreground_1[    ]=C0C0C0,FFFF,,,,,,,,,,,,,,
    Foreground_2[]=,,,,,,,,,,,,,,,*
    Background_1[]=,,,,,,,,,,,,,,,*
    Background_2[]=,,,,,,,,,,,,,,,*
    Operands[]=0
    Modified commands[    ]=0
    [Highlighting schemes]
    Scheme name[]=Code Highlight Xyl
    Foreground_1[    ]=,,,,,,,,,,,,800000,0,,
    Foreground_2[]=0,0,0,,800000,FF,,,,,,800000,800000,,8080,*
    Background_1[]=,,,,,,,,,,,,,,,*
    Background_2[]=FFFF00,FF00,,FF,,FFFFFF,,,,,,C0C0C0,C0C0C0,,C0C0C0,
    Operands[]=0
    Modified commands[    ]=1

Preview:
Xylitol colour and highlighting scheme for olly v2

  1. Của một thành viên chia sẻ trên http://habrahabr.ru:
    [Colour schemes]
    Scheme name[6]=Blackboard
    Foreground_1[6]=F0F0F0,F0FBFF,AFAFAF,404FF,F0FBFF,F0FBFF,F0FBFF,F0FBFF,FFFFFF,F0FBFF,,,,,,
    Foreground_2[6]=,,,,,,,,,,,,,,,
    Background_1[6]=21100C,21100C,21100C,21100C,3939FF,C57941,EB9CAE,C57941,21100C,43322D,,,,,,
    Background_2[6]=,,,,,,,,,,,,,,,
    Operands[6]=0
    Modified commands[6]=0
    [Highlighting schemes]
    Scheme name[6]=Blackboard
    Foreground_1[6]=,,,,,,,,,,,,FFF,3939FF,3939FF,FFFF
    Foreground_2[6]=3939FF,3939FF,,,,,,,C57941,C57941,,8BE0AB,30B261,8BE0AB,30B261,
    Background_1[6]=,,,,,,,,,,,,,,,
    Background_2[6]=,,,3939FF,,,,,,,,,,,,*
    Operands[6]=1
    Modified commands[6]=1

Preview:

  1. Của tôi thiết lập theo Alex’s scheme dành cho bản OllyDBG v1:
    [Colour schemes]
    Scheme name[6]=m4n0w4r
    Foreground_1[6]=FF00,FFFF,FF00,0,F0FBFF,FF00FF,F0FBFF,F0FBFF,FFFFFF,FF00,,,,,,
    Foreground_2[6]=,,,,,,,,,,,,,,,
    Background_1[6]=0,0,0,FF,3939FF,C57941,EB9CAE,C57941,0,800080,,,,,,
    Background_2[6]=,,,,,,,,,,,,,,,
    Operands[6]=0
    Modified commands[6]=0
    [Highlighting schemes]
    Scheme name[6]=m4n0w4r
    Foreground_1[6]=,,,,,,,,,,,,FF00,FFFF,FF,FF00
    Foreground_2[6]=FF00FF,FF,FFFF00,0,8000,FFFF,,,C0DCC0,0,0,FF00,FFFF,FF,FFFF,*
    Background_1[6]=,,,,,,,,,,,,,,,
    Background_2[6]=,,,FFFFFF,,FF,,,,,,,,,,
    Operands[6]=0
    Modified commands[6]=1

Preview:
m4n0w4r_schemes

  1. Thiết lập của Vic4key:

vic4key light scheme
[Colour schemes]
Scheme name[7]=vic4key light
Foreground_1[7]=0,FF0000,808080,,0,,C0C0C0,FFFF,FFFFFF,0,,,,,,
Foreground_2[7]=,,,,,,,,,,,,,,,
Background_1[7]=FFFFFF,FFFFFF,FFFFFF,C0C0C0,,FF,808080,,FFFFFF,C0C0C0,,,,,,
Background_2[7]=,,,,,,,,,,,,,,,
Operands[7]=0
Modified commands[7]=0
[Highlighting schemes]
Scheme name[7]=vic4key light
Foreground_1[7]=,,,,,,,,,,,,,FF,FF,FF00FF
Foreground_2[7]=FFFF,FF,800000,FF,0,,,,0,800000,808080,0,FF0000,8000,FF,*
Background_1[7]=,,,,,,,,,,,,,FFFF,FFFF,
Background_2[7]=FF,,,,,FF,,,,,,,,,FF00,*
Operands[7]=1
Modified commands[7]=1

Preview
VicLight

vic4key dark scheme
[Colour schemes]
Scheme name[6]=vic4key dark
Foreground_1[6]=FF00,FF00,FFFF00,0,,8000,,,FF00,,,,,,,
Foreground_2[6]=,,,,,,,,,,,,,,,
Background_1[6]=0,0,0,FF00,,0,808080,,FF,800000,,,,,,
Background_2[6]=,,,,,,,,,,,,,,,
Operands[6]=0
Modified commands[6]=0
[Highlighting schemes]
Scheme name[6]=vic4key dark
Foreground_1[6]=,,,,,,,,,,,,FFFF00,FFFF,FFFF,FF00FF
Foreground_2[6]=FFFF,FF,FFFF00,FF,FF,FF,,,FFFFFF,800000,808080,FFFF00,FFFFFF,FFFF,FF,*
Background_1[6]=,,,,,,,,,,,,,,,
Background_2[6]=,,,,,FFFF,,,,,,,,,,*
Operands[6]=1
Modified commands[6]=1

Preview:
VicDark

  1. Của KuNgBiM share trên các diễn đàn UnPackcN, PediY…

    [Colour schemes]
    Scheme name[4]=KuNgBiM's Scheme
    Foreground_1[4]=,,808000,0,FFFF,80,,FF00,,FF0000,,,,,,
    Foreground_2[4]=,,,,,,,,,,,,,,,
    Background_1[4]=C0DCC0,C0DCC0,C0DCC0,FF00,,FFFF00,,,C0DCC0,FFFF,,,,,,*
    Background_2[4]=,,,,,,,,,,,,,,,
    Operands[4]=0
    Modified commands[4]=0
    [Highlighting schemes]
    Scheme name[4]=KuNgBiM's Code
    Foreground_1[4]=,,,,,,,,,,,,FF0000,FF,FF,FF0000
    Foreground_2[4]=0,0,0,FF00,FF,FF,,,800000,0,0,800080,FF00FF,80,FF00FF,*
    Background_1[4]=,,,,,,,,,,,,,FFFF,FFFF,
    Background_2[4]=FFFF00,FF00,,FF,,,,,,,,,,,,*
    Operands[4]=1
    Modified commands[4]=0

Preview:
KungBIM

Best Regards,
m4n0w4r