Ollydbg is an application for analyzing debugger for Microsoft Windows or debugger that emphasizes binary code analysis, which is useful when source code is not available. It traces registers, recognizes procedures, API calls, switches, tables, constants and strings, as well as locates routines from object files and libraries
Additional arrangements that may be useful:
1. Allow fast command emulation - OllyDbg possible to emulate some of the frequently used command CPU
2. Don't enter system DLLs - OllyDbg request to implement calls to Windows API functions as well as trace-overmode.
3. Size of run trace buffer - Allocate memory for the buffer circle by running the tracedata as a rule of thumb, one megabyte continues to command 30000-60000.
4. Remember commands - Save a copy of the order be traced to the trace buffer. Only required if the debugged application using self-modified code.
5. Always trace over string commands - Request for OllyDbg to trace more than a string of commands, such as MOVSB REP. If this option is disabled, each iteration willMOVSB protocolled separately.
6. Remember memory - Stores the actual contents of the memory operand addressed to the trace buffer
7. Synchronize CPU and run trace - Move the selection of CPU and CPU registersupdate each time you change options in term protocol traces.
8. Remember FPU registers - Save the floating-point register for the trace buffer.
- I joined what was OllyDbg and how to install OllyDbg
This is how to install ollydbg on windows XP
irst we open windows Xp on VM VirtualBox
Tidak ada komentar:
Posting Komentar