OllyDbg

Last updated

OllyDbg
Original author(s) Oleh Yuschuk
Developer(s) Oleh Yuschuk
Stable release
2.01 / 27 September 2013;9 years ago (2013-09-27)
Written in C
Operating system Microsoft Windows
Size 6.6 MiB
Type Debugger
License GPL (version 2.01) [1] [2]

Freeware (version 2.0)

Shareware (version 1.x)
Website https://www.ollydbg.de/

OllyDbg (named after its author, Oleh Yuschuk) was an x86 debugger that emphasizes binary code analysis, which is useful when source code is not available. It traces registers, recognizes procedures, API calls, switches, tables, constants and strings, as well as locates routines from object files and libraries. It has a user friendly interface, and its functionality can be extended by third-party plugins. Version 1.10 is the final 1.x release. Version 2.0 was released in June 2010, and OllyDbg has been rewritten from the ground up in this release. Although the current version of OllyDbg cannot disassemble binaries compiled for 64-bit processors, a 64-bit version of the debugger has been promised. [3]

Contents

License

The software is free of cost, but the shareware license of version 1.x requires users to register with the author. [4] In version 2.x, the registration requirement was dropped. [5] The source code can be purchased from the author. [6]

The disassembler part of OllyDbg is free software, released under the GNU General Public License. [7]

Reverse engineering

OllyDbg is often used for reverse engineering of programs. [8] It is often used by crackers to crack software made by other developers. For cracking and reverse engineering, it is often the primary tool because of its ease of use and availability; any 32-bit executable can be used by the debugger and edited in bitcode/assembly in realtime. [9] It is also useful for programmers to ensure that their program is running as intended, and for malware analysis purposes.

Related Research Articles

<span class="mw-page-title-main">Assembly language</span> Low-level programming language

In computer programming, assembly language, often referred to simply as Assembly and commonly abbreviated as ASM or asm, is any low-level programming language with a very strong correspondence between the instructions in the language and the architecture's machine code instructions. Assembly language usually has one statement per machine instruction (1:1), but constants, comments, assembler directives, symbolic labels of, e.g., memory locations, registers, and macros are generally also supported.

Software cracking is the modification of software to remove or disable features which are considered undesirable by the person cracking the software, especially copy protection features or software annoyances like nag screens and adware.

<span class="mw-page-title-main">Debugger</span> Computer program used to test and debug other programs

A debugger or debugging tool is a computer program used to test and debug other programs. The main use of a debugger is to run the target program under controlled conditions that permit the programmer to track its execution and monitor changes in computer resources that may indicate malfunctioning code. Typical debugging facilities include the ability to run or halt the target program at specific points, display the contents of memory, CPU registers or storage devices, and modify memory or register contents in order to enter selected test data that might be a cause of faulty program execution.

SoftICE is a kernel mode debugger for DOS and Windows up to Windows XP. It is designed to run underneath Windows, so that the operating system is unaware of its presence. Unlike an application debugger, SoftICE is capable of suspending all operations in Windows when instructed. Because of its low-level capabilities, SoftICE is also popular as a software cracking tool.

A disassembler is a computer program that translates machine language into assembly language—the inverse operation to that of an assembler. A disassembler differs from a decompiler, which targets a high-level language rather than an assembly language. Disassembly, the output of a disassembler, is often formatted for human-readability rather than suitability for input to an assembler, making it principally a reverse-engineering tool.

<span class="mw-page-title-main">Netwide Assembler</span> Assembler for the Intel x86 architecture

The Netwide Assembler (NASM) is an assembler and disassembler for the Intel x86 architecture. It can be used to write 16-bit, 32-bit (IA-32) and 64-bit (x86-64) programs. It is considered one of the most popular assemblers for Linux.

A programming tool or software development tool is a computer program that software developers use to create, debug, maintain, or otherwise support other programs and applications. The term usually refers to relatively simple programs, that can be combined to accomplish a task, much as one might use multiple hands to fix a physical object. The most basic tools are a source code editor and a compiler or interpreter, which are used ubiquitously and continuously. Other tools are used more or less depending on the language, development methodology, and individual engineer, often used for a discrete task, like a debugger or profiler. Tools may be discrete programs, executed separately – often from the command line – or may be parts of a single large program, called an integrated development environment (IDE). In many cases, particularly for simpler use, simple ad hoc techniques are used instead of a tool, such as print debugging instead of using a debugger, manual timing instead of a profiler, or tracking bugs in a text file or spreadsheet instead of a bug tracking system.

<span class="mw-page-title-main">Interactive Disassembler</span> Software reverse engineering tool

The Interactive Disassembler (IDA) is a disassembler for computer software which generates assembly language source code from machine-executable code. It supports a variety of executable formats for different processors and operating systems. It also can be used as a debugger for Windows PE, Mac OS X Mach-O, and Linux ELF executables. A decompiler plug-in for programs compiled with a C/C++ compiler is available at extra cost. The latest full version of IDA Pro is commercial, while a less capable version is available for download free of charge.

WinDbg is a multipurpose debugger for the Microsoft Windows computer operating system, distributed by Microsoft. Debugging is the process of finding and resolving errors in a system; in computing it also includes exploring the internal operation of software as a help to development. It can be used to debug user mode applications, device drivers, and the operating system itself in kernel mode.

<span class="mw-page-title-main">Debug (command)</span> Line-oriented debug utility in DOS

The line-oriented debugger DEBUG.EXE is an external command in operating systems such as DOS, OS/2 and Windows.

<span class="mw-page-title-main">SlickEdit</span>

SlickEdit, previously known as Visual SlickEdit, is a cross-platform commercial source code editor, text editor, code editor and Integrated Development Environment developed by SlickEdit, Inc. SlickEdit supports Integrated Debuggers for GNU C/C++, Java, WinDbg, Clang C/C++ LLDB, Groovy, Google Go, Python, Perl, Ruby, PHP, Xcode, and Android JVM/NDK. SlickEdit includes such features as built in beautifiers that can beautify code as you type, code navigation, context tagging, symbol references, third party tool integration, DiffZilla, syntax highlighting, and over 13 keyboard emulations.

<span class="mw-page-title-main">REAPER</span> Digital audio workstation by Cockos

REAPER is a digital audio workstation and MIDI sequencer software created by Cockos. The current version is available for Microsoft Windows and macOS, as well as for Linux. REAPER acts as a host to most industry-standard plug-in formats and can import all commonly used media formats, including video. REAPER and its included plug-ins are available in 32-bit and 64-bit format.

<span class="mw-page-title-main">Ghidra</span> Free reverse engineering tool developed by the National Security Agency

Ghidra is a free and open source reverse engineering tool developed by the National Security Agency (NSA) of the United States. The binaries were released at RSA Conference in March 2019; the sources were published one month later on GitHub. Ghidra is seen by many security researchers as a competitor to IDA Pro. The software is written in Java using the Swing framework for the GUI. The decompiler component is written in C++, and is therefore usable in a stand-alone form. Ghidra plugins can be developed in Java or in Python.

<i>Reversing: Secrets of Reverse Engineering</i>

Reversing: Secrets of Reverse Engineering is a textbook written by Eldad Eilam on the subject of reverse engineering software, mainly within a Microsoft Windows environment. It covers the use of debuggers and other low-level tools for working with binaries. Of particular interest is that it uses OllyDbg in examples, and is therefore one of the few practical, modern books on the subject that uses popular, real-world tools to facilitate learning. The book is designed for independent study and does not contain problem sets, but it is also used as a course book in some university classes.

Open Watcom Assembler or WASM is an x86 assembler produced by Watcom, based on the Watcom Assembler found in Watcom C/C++ compiler and Watcom FORTRAN 77. Further development is being done on the 32- and 64-bit JWASM project,. which more closely matches the syntax of Microsoft's assembler.

<span class="mw-page-title-main">JEB decompiler</span>

JEB is a disassembler and decompiler software for Android applications and native machine code. It decompiles Dalvik bytecode to Java source code, and x86, ARM, MIPS, RISC-V machine code to C source code. The assembly and source outputs are interactive and can be refactored. Users can also write their own scripts and plugins to extend JEB functionality.

Malware analysis is the study or process of determining the functionality, origin and potential impact of a given malware sample such as a virus, worm, trojan horse, rootkit, or backdoor. Malware or malicious software is any computer software intended to harm the host operating system or to steal sensitive data from users, organizations or companies. Malware may include software that gathers user information without permission.

<span class="mw-page-title-main">Radare2</span>

Radare2 is a complete framework for reverse-engineering and analyzing binaries; composed of a set of small utilities that can be used together or independently from the command line. Built around a disassembler for computer software which generates assembly language source code from machine-executable code, it supports a variety of executable formats for different processor architectures and operating systems.

Microsoft Detours is an open source library for intercepting, monitoring and instrumenting binary functions on Microsoft Windows. It is developed by Microsoft and is most commonly used to intercept Win32 API calls within Windows applications. Detours makes it possible to add debugging instrumentation and to attach arbitrary DLLs to any existing Win32 binary. Detours does not require other software frameworks as a dependency and works on ARM, x86, x64, and IA-64 systems. The interception code is applied dynamically at execution time.

Binary Ninja is a reverse-engineering platform developed by Vector 35 Inc. It can disassemble a binary and display the disassembly in linear or graph views. It performs automated in-depth analysis of the code, generating information that helps to analyze a binary. It lifts the instructions into intermediate languages, and eventually generates the decompiled code.

References

  1. "OllyDbg 2.0". www.ollydbg.de. Archived from the original on 28 July 2022. Retrieved 19 October 2022.
  2. "80x86 Assembler and Disasssembler". www.ollydbg.de. Archived from the original on 31 July 2022. Retrieved 19 October 2022.
  3. Yuschuk, Oleh. "OllyDbg 64".
  4. Yuschuk, Oleh. "Download". Archived from the original on 27 May 2012.
  5. Yuschuk, Oleh (27 September 2013), "(No) registration" (zip), OllyDbg 2.01 Brief Help
  6. Yuschuk, Oleh (27 September 2013), "Support" (zip), OllyDbg 2.01 Brief Help
  7. Yuschuk, Oleh. "80x86 Assembler and Disasssembler".
  8. Eilam, Eldad (2005). Reversing: secrets of reverse engineering. Wiley. p. 118. ISBN   978-0-7645-7481-8.
  9. Ferguson, Justin; Kaminsky, Dan (2008). Reverse engineering code with IDA Pro. Syngress. p. 130. ISBN   978-1-59749-237-9.