OllyDbg
is a debugger application to analyze. For
each module (executable or DLL file) it attempts to separate code from data,
identify the procedure,
look for strings that are embedded and switch tables,
determining the loop and the switch,
find the function call and decode
their arguments,
and even predict the value of the register during the execution.
To try it you can download here or this one.
Additional arrangements
that may be useful:
1. Allow
fast command emulation - OllyDbg allows emulates some frequently used commands CPU internal, and
that means speed up debug.
2. Size of run trace
buffer - Allocate memory for the buffer circle by running the trace data as a
rule of thumb, one megabyte continues to command 30000-60000.
3. Do not
enter the system DLLs - Request
for OllyDbg to
implement calls to Windows API functions as well as trace-over mode.
4. Always
trace over string commands - Request for OllyDbg to trace more than a string of commands, such as
MOVSB REP.
If this option is disabled,
each iteration will MOVSB
protocolled separately.
5. Remember commands - Save a copy of the order be traced to the trace buffer. Only required if
debugged applications using self-modified
code.
7.
Remember memory - Stores the actual contents of
the memory operand addressed to the trace buffer.
8.
Remember FPU registers - Save the floating-point register
for the trace buffer.
7.
Synchronize CPU and run trace - Move the
selection of CPU and CPU
registers update each time you change options in term protocol traces.
No comments:
Post a Comment