#1
|
||||
|
||||
OllyDBG v2.xx plugin - OllyExt
OllyExt is a plugin for Olly 2.xx debugger.
The main intention of this plugin is to provide the biggest anti-anti debugging features and bugfixes for Olly 2.xx. Updates will come... VMProtect support! The currently available commands are the following: - Code Rip to Clipboard The currently supported protections are the following: - IsDebuggerPresent - NtGlobalFlag - HeapFlag - ForceFlag - CheckRemoteDebuggerPresent - OutputDebugString - CloseHandle - SeDebugPrivilege - BlockInput - ProcessDebugFlags - ProcessDebugObjectHandle - TerminateProcess - NtSetInformationThread - NtQueryObject - FindWindow - NtOpenProcess - Process32First - Process32Next - ParentProcess - GetTickCount - timeGetTime - QueryPerformanceCounter - ZwGetContextThread - NtSetContextThread - KdDebuggerNotPresent - KdDebuggerEnabled - NtSetDebugFilterState - ProtectDRX - HideDRX - DbgPrompt The currently supported bugfixes are the following: - Caption change - Kill Anti-Attach ( dll integrity check ) Requirements: - Microsoft Visual C++ 2010 Redistributable Package (x86) OS support: - WinXP x32 - WinXP WoW64 - Win7 x32 - Win7 WoW64 Limitations: - If you have any problem just notify me. About the author: Created by Ferrit Send your bugreports/comments to ferrit.rce@gmail.com Enjoy :P Additional download page |
The Following 10 Users Gave Reputation+1 to ferrit.rce For This Useful Post: | ||
ahmadmansoor (09-21-2013), alekine322 (09-21-2013), chessgod101 (09-28-2013), lordi (09-28-2013), niculaita (09-21-2013), quygia128 (09-23-2013), wilson bibe (09-21-2013), zeuscane (09-21-2013), Zipdecode (09-29-2013) |
#2
|
|||
|
|||
was it tested @Win8, 8.1?
thanks |
#3
|
||||
|
||||
Never tested with 8.
|
#4
|
||||
|
||||
v1.4 is out
New v1.4 is out. Changes:
Code:
- Disassembler changed - Configurable ripping syntax - Recursive code ripping |
The Following 7 Users Gave Reputation+1 to ferrit.rce For This Useful Post: | ||
Av0id (09-24-2013), chessgod101 (09-28-2013), nikre (09-24-2013), Wannabe (09-24-2013), wilson bibe (09-24-2013), XorRanger (09-24-2013), zeuscane (09-24-2013) |
#5
|
||||
|
||||
New v1.5 is out. Changes:
Code:
- Data ripping( because of missing PDK function ONLY 2.01 latest supported ) |
#6
|
||||
|
||||
New v1.5.1 is out. Changes:
Code:
- Code ripping newline fix - Data ripping VERSION 2.01 (27-Sep-2013) support - Data ripping relocation fix |
The Following 13 Users Gave Reputation+1 to ferrit.rce For This Useful Post: | ||
ahmadmansoor (09-30-2013), Av0id (09-30-2013), besoeso (09-30-2013), Mok (10-09-2013), Newbie_Cracker (10-03-2013), nikre (10-03-2013), quygia128 (09-30-2013), Shub-Nigurrath (09-30-2013), TQN (09-30-2013), user1 (10-12-2013), Wannabe (09-30-2013), wilson bibe (09-30-2013), zeuscane (09-30-2013) |
#7
|
||||
|
||||
Why you don't write this plugin for OllyDbg v1.10?
Phantom and OllyAdvanced are incompatible with x64 OS.
__________________
In memory of UnREal RCE... Last edited by Newbie_Cracker; 10-03-2013 at 03:43. |
#8
|
||||
|
||||
I've debugged thousands of hours with 1.1 and that was the reason why I've decided to use the new version
Even if it has also some bugs it has 2 advantages for me: 1. It's not crashing so much 2. Oleh will fix these problems |
The Following User Gave Reputation+1 to ferrit.rce For This Useful Post: | ||
Newbie_Cracker (10-03-2013) |
#9
|
||||
|
||||
Quote:
I think you need do some modification in you code for OD1.1 PDK, API patching is the same. Isn't it?
__________________
In memory of UnREal RCE... |
#10
|
||||
|
||||
API patching is exactly the same but the PDK interface and feature set is really different. A lot of used new features doesn't exist on 1.1. I can take a look at once again but can't promise anything...
BTW what is missing from 2.x? Quote:
|
The Following User Gave Reputation+1 to ferrit.rce For This Useful Post: | ||
Newbie_Cracker (10-04-2013) |
#11
|
||||
|
||||
Quote:
For the features, it's not the right topic to discuss about the features missing but small things that I use heavily: - Mem BP on Write on PE sections,memory regions (very handy for unpacking, reversing) - Handles window button (I hate extra clicks) - Patches window (not critical, but comes handy sometimes) I've found some bugs but now remember these: - Show Symbolic address is too stupid in OD2.x for CALL DWORD[adr]. If you press space on such codes OD shows CALL DWORD PTR DS:[<&KERNEL32.GetSystemTimeAsFileTime>] instead of CALL DWORD PTR DS:[4080AC]. I really hate it ! - Some unknown exception while loading packed files. - OD2.x fails to show pe sections seperately in Execryptor packed files, even in unpacked files (interesting bug) and all plugins which exist for OD 1.1 So I still use OD1.10
__________________
In memory of UnREal RCE... |
#12
|
||||
|
||||
Quote:
I forgot to say... there is no Copy to clipboard in Pane window. Why?
__________________
In memory of UnREal RCE... |
#13
|
|||
|
|||
Regarding hiding from VMProtect
whats is the set of options need to be used? here is a sample app protected nicely by vmp and I fail to get the correct set of options on OllyExt using 2.01 release of Olly it is either file corrupted or debugger detected http://www.sendspace.com/file/cdq1ga thanks |
The Following User Gave Reputation+1 to sendersu For This Useful Post: | ||
Conquest (10-12-2013) |
#14
|
||||
|
||||
I've just tried the binary and it's running without getting detected. You need the following protections:
- IsDebuggerPresent - CheckRemoteDebuggerPresent - CloseHandle - ProcessDebugFlags - NtSetContextThread - Caption Change Please check that no other debugger is installed, and the only plugin is OllyExt. Some plugins are interfering with my one. Quote:
|
#15
|
|||
|
|||
Hi, thanks for details
most strange thing is that ...... it works just 1 time! the second time and the rest the app under test is just crashing! do you see the same behaviour? 2) I've ida/etc SW installed, but not running - does it matter? 3) what OS are you working on P.S> here is my olly setings http://prntscr.com/1x0ldg are you using the same? |
Tags |
anti-anti-debug, anti-debug, ollydbg, ollyext, plugin |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
DEF plugin for OllyDbg 2.XX | wilson bibe | Community Tools | 2 | 07-22-2014 09:01 |