OllyDumpEx Plugin
OverviewThis plugin is process memory dumper for OllyDbg and Immunity Debugger.Very simple overview:OllyDumpEx = OllyDump + PE Dumper - obsoleted + useful features
Features
[*]OllyDbg version 2 plugin interface supported
[*]Select to dump debugee exe, loaded dll or non-listed module
[*]Search MZ/PE Signature from memory
[*]Multiple Dump mode. Rebuild for typical PE dump, Binary for PE Carving
[*]PE32+ supported (Search and Binary Dump mode only)
[*]Dump any address space as section even if not in original section header
[*]Add dummy section to keep PE format consistency
[*]Fix RVA in DataDirectory to follow ImageBase change
[*]Auto calculate many parameters (RawSize, RawOffset, VirtualOffset, ...)
Screenshot
https://low-priority.appspot.com/ollydumpex/ollydumpex_ss0.png
Supported Debugger
[*]OllyDbg version 1.10 (tested 1.10)
[*]OllyDbg version 2.01 (tested 2.01h)
[*]Immunity Debugger version 1.7x or lower (tested 1.73)
[*]Immunity Debugger version 1.8x or higher (tested 1.85)
DownloadThis archive file contains plugin DLLs for each debuggers.
OllyDumpEx.zip
Version: v1.12
MD5 : fcb9f920fb28e845e4944cbfc1ae31f1
SHA1: 993f8aea17b4e4cf87a2dd266e275e0ad7e5dbdc
Recent Changes- v1.12 / 2013-04-02
[*]Improve: Update to OllyDbg 2 latest version PDK (2.01h)
[*]Improve: Tested with latest version of debuggers
[*]Bugfix: Search greater than 0x7FFFFFFF memory address failed
- v1.10 / 2013-03-24
[*]Add: Search type All Memory
[*]Add: Binary dump mode (no rebuild PE header, for before load image)
[*]Add: PE32+ support (Binary dump mode only)
[*]Add: Memory Address/Size parameters editable (dump source address)
[*]Improve: Add info message for Relocation Flag and EXE/DLL type
[*]Improve: Large PE Header handling (larger than 0x1000)
[*]Improve: Check SectionAlignment and FileAlignment consistency
[*]Improve: Reduce search memory usage (not depend on target memory size)
[*]Improve: Detect PE Header across different type pages (parse and search)
[*]Bugfix: Improper owner window handle
[*]Bugfix: Section not listed when belong memory range not exists
[*]Bugfix: Almost features broken when memory window sort order changed
- v1.00 / 2013-03-12
[*]Add: Selectable Base PE Header (Module/Memory/Address)
[*]Add: Search PE Header from memory
[*]Improve: PE Source default change Disk to Memory
[*]Improve: ASLR aware (except PE Source from Disk mode)
[*]Improve: Clear DynamicBase DllCharacteristics flag with Disable Relocation option
[*]Improve: PE Header parse and modify more carefully (corrupt PE handling)
[*]Improve: Inherit selected address from memory window
[*]Bugfix: Fix Virtual Offset feature cause crash (divide by zero)
[*]Bugfix: Parse invalid sections cause crash
- v0.92 / 2012-10-09
[*]Improve: Support OllyDbg version 2 plugin new interface
- v0.90 / 2011-08-24
[*]Add: Support OllyDbg version 2 plugin interface (EXPERIMENTAL)
[*]Improve: Rewrite Wide/Multibyte-Character support code
[*]Improve: Decode CopyOnWrite page attribute
[*]Bugfix: Detect working directory
- v0.80 / 2011-07-15
[*]Add: Support Immunity Debugger version 1.8x or higher
[*]Improve: Data Directory rebuild option (check rewrite range)
[*]Improve: Always round up PE header size to 0x1000 (ImportRec not extend itself)
[*]Bugfix: TLS Data Directory ignored
不懂,学习一下 更新下,要不脚本跑不了了 这东西不错 可以加载他破解码? IDAFicator插件到底怎么用啊。。。
页:
[1]