OllyDbg is a 32-bit assembler level analysing debugger for Microsoft® Windows®. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable. OllyDbg is a shareware, but you can download and use it for free.
Special highlights are:
<span style="color:blue"> Intuitive user interface, no cryptical commands
Code analysis - traces registers, recognizes procedures, loops, API calls, switches, tables, constants and strings
Directly loads and debugs DLLs
Object file scanning - locates routines from object files and libraries
Allows for user-defined labels, comments and function descriptions
Understands debugging information in Borland® format
Saves patches between sessions, writes them back to executable file and updates fixups
Open architecture - many third-party plugins are available
No installation - no trash in registry or system directories</span>
Debugs multithread applications
Attaches to running programs
Configurable disassembler, supports both MASM and IDEAL formats
MMX, 3DNow! and SSE data types and instructions, including Athlon extensions
Full UNICODE support
Dynamically recognizes ASCII and UNICODE strings - also in Delphi format!
Recognizes complex code constructs, like call to jump to procedure
Decodes calls to more than 1900 standard API and 400 C functions
Gives context-sensitive help on API functions from external help file
Sets conditional, logging, memory and hardware breakpoints
Traces program execution, logs arguments of known functions
Dynamically traces stack frames
Searches for imprecise commands and masked binary sequences
Searches whole allocated memory
Finds references to constant or address range
Examines and modifies memory, sets breakpoints and pauses program on-the-fly
Assembles commands into the shortest binary form
Starts from the floppy disk
and much, much more!
August 30, 2012 - major update for plugin authors. OllyDbg, Bookmark plugin, preliminary plugin API, test application
I have signifiicantly changed the way OllyDbg and plugins interact with each other. For example, all functions with fixed number of arguments are declared as __cdecl instead of __stdcall. This removes problem with Visual C that always wants to emit something like _Disasm@32 instead of plain _Disasm or Disasm. Otherwise there are only minor changes. Among them, several of OllyBugs are no longer.
Bookmark plugin now works with 4 different compilers: Borland C++ Builder 5.0 (ancient but still my favorite), command-line Borland C++ 5.5 (produces exactly the same DLL), Visual C++ 2005 (Express Edition) and Code::Blocks (in fact, MinGW which is GNU for Windows). There are separate import libraries for each. Plugin source is identical in all cases. I hope that VC library will also work with all otrher Visual versions. Detailed description will be available later - as always...
Help on API is extended but not as far as I expected. Again: If you need some API function or family that is not yet documented, drop me a mail and I\'ll try to describe it ASAP.
That\'s all, enjoy!