.
OllyDbg plug-ins come as DLLs that you place in the root OllyDbg install directory. Once in that directory, the plug-ins should be recognized automatically and added to the Plugins menu.
.
.)
shows the OllyDump window. When dumping, you can manually set the entry point and the offsets of the sections, although we recommend that you let OllyDbg do this for you automatically.
shows the list of common commands. Additional commands can be found in the help file that comes with the Command Line plug-in., we have a piece of malware with strings obfuscated; however, it has an import of gethostbyname. As shown in the figure, we execute the command bp gethostbyname at the command line, which sets a breakpoint at the start of the gethostbyname function. After we set the breakpoint, we run the program, and it breaks at the start of gethostbyname. Looking at the parameters, we see the hostname it intends to resolve (malwareanalysisbook.com in this example).The Bookmarks plug-in is included by default in OllyDbg. It enables you to add bookmarks of memory locations, so that you can get to them easily in the future without needing to remember the addresses.
To add a bookmark, right-click in the disassembler window and select Bookmark ▶ Insert Bookmark. To view bookmarks, select Plugins ▶ Bookmarks ▶ Bookmarks, and then click any of your bookmarks to go to that location.
gethostbyname. As shown in the figure, we execute the command bp gethostbyname at the command line, which sets a breakpoint at the start of the gethostbyname function. After we set the breakpoint, we run the program, and it breaks at the start of gethostbyname. Looking at the parameters, we see the hostname it intends to resolve (malwareanalysisbook.com in this example).
The Bookmarks plug-in is included by default in OllyDbg. It enables you to add bookmarks of memory locations, so that you can get to them easily in the future without needing to remember the addresses.
To add a bookmark, right-click in the disassembler window and select Bookmark ▶ Insert Bookmark. To view bookmarks, select Plugins ▶ Bookmarks ▶ Bookmarks, and then click any of your bookmarks to go to that location.
Войти в систему
Войти с помощью соц. сетей:
