Introduction to Cracking (2) —– OllyDBG tutorial

Category: Tag:

1. Installation and configuration of OllyDBG

The release version of OllyDBG 1.10 is a ZIP compressed package. Just unzip it to a directory and run OllyDBG.exe:

The functions of each window in OllyDBG. Briefly explain the functions of each window:

Disassembly window: Display the disassembly code of the debugged program. The address, HEX data, disassembly, comment on the title bar can be switched by right-clicking the menu interface option -> Hide Title or Show Title that appears in the window. . Click the annotation label with the left mouse button to switch the way of annotation display.

Register window: Displays the CPU register content of the currently selected thread. Also click on the label register (FPU) to switch the way of displaying the register.

Information window: Display the parameters of the first command selected in the disassembly window and some jump destination addresses, character strings, etc.

Data window: Display the contents of memory or files. The right-click menu can be used to switch the display mode.

Stack window: displays the stack of the current thread.

To adjust the size of each window above, just left-click, hold down the border and drag, and when the adjustment is done, restart OllyDBG to take effect.

After starting, we need to configure the directory of the plug-in and UDD as an absolute path, click Options -> Interface on the menu, and a dialog box of interface options will come out, we click on the directory label:

Because I decompressed OllyDBG in the F:\OllyDBG directory, the corresponding UDD directory and plug-in directory are configured as shown in the figure. Another commonly used label is the font at the back of the figure above, where you can change the font displayed in OllyDBG. The other options in the above figure can be left as default, and you can modify them if necessary. After the modification, click OK and a dialog box pops up, saying that we have changed the plug-in path and need to restart OllyDBG. Click OK on this dialog box, restart OllyDBG, and take a look at the interface options, and you will find that the paths we have previously set have been saved. Someone may know the role of the plug-in, but is not clear about the UDD directory. Let me briefly explain: The UDD directory is used to save your debugging work. For example, if you debug a software, set breakpoints, add comments, and not finish it once, OllyDBG will save your work to this UDD directory so that you can continue your previous work when you debug it next time. If you don’t set this UDD directory, OllyDBG saves these files with the suffix udd in its installation directory by default. It will be messy after a long time, so it is recommended to set up a directory to save these files.

Another important option is the debugging option, which can be configured through the menu Options->Debug Settings:

Novices generally do not need to change the options here, they are configured by default and can be used directly. It is recommended to configure it when you are familiar with OllyDBG. The options in the above exception tab are often used in shelling. It is recommended to configure it when you have a certain debugging foundation and learn to shell.

In addition to directly launching OllyDBG to debug, we can also add OllyDBG to the Explorer right-click menu, so that we can right-click on the .exe and .dll files and select the “Open with Ollydbg” menu to debug. To add OllyDBG to the resource manager right-click menu, just click the menu option -> Add to browser, a dialog box will appear, first click “Add Ollydbg to the system resource manager menu”, and then click the “Finish” button. can. It is also very simple to delete from the right-click menu. This is the dialog box. Click “Delete Ollydbg from System Explorer Menu” and then click “Finish”.

OllyDBG supports the plug-in function, and the installation of the plug-in is also very simple. Just copy the downloaded plug-in (usually a DLL file) to the PLUGIN directory under the OllyDBG installation directory. OllyDBG will automatically recognize it when it starts. It should be noted that OllyDBG 1.10 has a limit on the number of plug-ins, the maximum cannot exceed 32, otherwise an error will occur. It is recommended not to add too many plugins.
The basic configuration is now complete. OllyDBG puts all the configurations in the ollydbg.ini file in the installation directory.

 

Reviews

There are no reviews yet.

Be the first to review “Introduction to Cracking (2) —– OllyDBG tutorial”

Your email address will not be published. Required fields are marked *