NoLoVeR——OllyDBG.V1.10修改版.By.微笑一刀
NoLoVeR——OllyDBG.V1.10修改版.By.微笑一刀插件先加载,附加窗口支持鼠标滚轮,过Execryptor检测.库函数序号后置.复制粘贴BUG.关闭OD快捷键ALT+Q,设置环境变量可自动下载并加载PDB等等.部分修改方法来自互联网.有一些修改已经不记得是取自哪里了...
修改了窗口标题.未修改类名,可以自行修改.或配合STRONGOD使用.
附件中包含部分自己提取的LIB文件.可以识别一些仅有序号而没有函数名的CALL或JMP
加载符号需设置环境变量.
设置环境变量名:_NT_SYMBOL_PATH
内容
SRV*F:\Ollydbg\Symbols*http://msdl.microsoft.com/download/symbols;;F:\Ollydbg\Symbols根据需要自行修改.
当然也可以不设置环境变量加载PDB.不过需要用批处理或者在CMD窗口运行如下命令.
set _NT_SYMBOL_PATH=SRV*F:\Tools\Ollydbg\Symbols*http://msdl.microsoft.com/download/symbols ;;F:\Ollydbg\Symbols根据需要自行修改.
NoLoVeR.exe (根据需要自己修改OD的名字)
附件中的symchk.exe 是下载符号(PDB)用的,使用方法可以用symchk c:\windows\system32\*.dll 这种方式下载,未设置环境变量且为使用/s参数设置符号路径的时候将会自动使用默认路径SRV*%SYSTEMROOT%\SYMBOLS*http://msdl.microsoft.com/download/symbols 即系统目录下的SYMBOLS目录.
SYMCHK.EXE使用说明
symchk <Filename>
<Filename> Name of the file or directory that contains the executables
to perform symbol checking on.
/s <SymbolPath> Semi-colon separated list of symbol paths.Symbol server
paths are allowed.To retrieve symbols to a downstream
store, use "SRV*<downstream store>*<symbol server>" for
the symbol path.See the debugger documentation for more
details.
/r Perform recursive operations on the <Filename> specified.The
wildcard * can be used in filenames.
/q Turn off all output options by default. Only output turned on
with a output flag (see below) will be printed
--------------------------------------------------------------------------------
* Input options (choose only one):
/if <Filename> Input is a file name.Wildcards can be used to specify
the file name. Default if nothing is specified.
/id <DumpFile> Input is a dump file.
/ih <HotFix> Input is a self-extracting Hotfix cab.
/ie <ExeName> Input is an application name that is currently running.
If the provided ExeName is '*', all currently running
processes will be checked.
/im <ManifestList> Input is a manifest previously created using the /om <file>
option.
/ip <;ProcessId> Input is a process id. If the provided ProcessID is '*',
all currently running processes will be checked.
/it <TextFileList> Input is a list of files, one per line, inside of a text
file.
--------------------------------------------------------------------------------
* Action options (choose only one):
/avFor each binary, Verify symbols exist and match.Default.
--------------------------------------------------------------------------------
* Symbol checking options:
/ccwhen symbol checking a hotfix cab, don't look for symbols inside the cab.
By default, symchk will look for symbols in the cab as well as in the
provided symbol path.
/cnWhen symbol checking a running process, don't suspend that process.User
must ensure the process doesn't exit before symbol checking finishes.
/csSkip verifying that there is CodeView data. Symchk will verify that there
IS codeview data by default.
- Symbol checking options for DBG information (choose one):
/dsIf image was built so that there is information that belongs in a DBG
file, then this option verifies that the DBG information is stripped
from the image and that the image points to a DBG file. Default.
/deIf image was built so that there is information that belongs in a DBG
file, then this option verifies that the DBG information is STILL in the
image and that the image does not point to a DBG file.
/dnVerify that the image does not point to a DBG file and that DBG
information is not in the image.
- Symbol checking options for PDB files:
/paAllow both public and private PDBs.Default.
/pfVerify that PDB files contain full source information.
/psVerify that PDB files are stripped and do not contain full source
(private) information.
/ptVerify that PDB files are stripped, but do have type information.Some
PDB files may be stripped but have type information added back in.
--------------------------------------------------------------------------------
* Symbol checking exclude options:
/ea <Filename>Don't perform symbol checking for the binaries listed in the
file specified.<Filename> is a text file that contains the
name of each binary, one per line.
/ee <Filename>Perform symbol checking and report files that pass or are
ignored, but don't report errors for binaries listed in the
file specified.<Filename> is a text file that contains the
name of each binary, one per line.
--------------------------------------------------------------------------------
* Symbol path options:
/s<SymbolPath>Use <SymbolPath> as the search path.
NOTE: If the '/s' option is not used, SymChk defaults to using the value
in %_NT_SYMBOL_PATH%. If %_NT_SYMBOL_PATH% is not defined, then SymChk
will default to:
SRV*%SYSTEMROOT%\SYMBOLS*http://msdl.microsoft.com/download/symbols
* Modifiers (choose all that apply):
e - check each path individually instead of checking all paths at once.
p - force checking for private symbols.Public symbols will be treated as
not matching. (Implies the 'e' and 'u' modifiers.)
s - force checking for public (split) symbols. Private symbols will be
treated as not matching. (Implies the 'e' and 'u' modifiers.)
u - force updating of downstream stores. If the symbol path includes a
downstream store, always re-check the server for the symbol. Only
stores that are checked against will be updated.
NOTE: The 's' and 'p' options are mutually exclusive. Only the last one
present will be used.
--------------------------------------------------------------------------------
* Output options (choose all that apply):
/ob Give the full path for binaries in the output messages for symbol
checking.
/oc] <Directory> Create a flat symbols tree in <Directory> which
contains all matching symbols. If 'x' is also used, copy the matching
binaries into <Directory> as well. If 'a' is also present, the binary
will always be copied to the flat symbol tree even if symbol checking
failed.
/od List all details.Same as /oe /op /oi
/oe List individual errors.Errors will be sent to the output by default.
This option is only needed when using /q
/oi List each file that is ignored.
/op List each file that passes.
/os Give the full path for symbols in the output messages for symbol
checking.
/ot Send totals to the output.Totals are sent to the output by default.
This option is only needed when using /q
/ov Print version information for checked binaries as well.
- Extended output options:
/ol <File> In addition to the messages sent to standard out, write a
file that contains a comma separated list of all the
binaries and their symbols that pass symbol checking.
/om <Manifest> Print out a manifest file for later use with the '/im' option.
/v Turn on verbose output mode.
--------------------------------------------------------------------------------
* Module filtering options when checking processes or dump files (choose one):
/fm <Module>Filter results to only include the named module.
--------------------------------------------------------------------------------
* Misc options
/port Old usage to new usage quick porting table
--------------------------------------------------------------------------------
推荐配合海风的STRONGOD插件运行
点击进入下载-OLLYDBG1230431758593.rar
好东西哈先留个脚印 已经在upack下过了 顶下 谢谢楼主分享,收藏了。 谢谢分享~~~~~ 收藏了。 谢谢了哈... 加上StrongOD基本全过了~:) 好工具,收藏一个 好东东忘了下赶紧给下来:lol
页:
[1]
2