August 4th, 2011· New plugin interface is similar to the old (v1.10) but is not backwards compatible. It includes more than 350 API functions, 60 or so variables and many enumerations and structures that all need to be documented. This will take a while, therefore I decided to make a preliminary release. It includes plugin header file (plugin.h) and commented bookmarks source code (bookmark.c). Writing your own plugins without the documentation is a pure masochism, but at least you will be able to analyse the structure of the interface and send me your comments, wishes and suggestions.
· Patch manager, similar to 1.10
· Shortcut editor, supports weird things like Ctrl+Win+$ etc. Now you can customize and share your shortcuts. I haven't tested it on Win7, please report any found bugs and incompatibilities!
· Instant .udd file loading. In the previous versions I've postponed analysis, respectivcely reading of the .udd file till the moment when all external links are resolved. But sometimes it took plenty of time, module started execution and was unable to break on the breakpoints placed in the DLL initialization routine
· Automatic search for the SFX entry point, very raw and works only with several packers. Should be significantly more reliable than 1.10. If you tried it on some SFX and OllyDbg was unable to find real entry, please send me, if possible, the link or executable for analysis!
· "Go to" dialog lists of matching names in all modules
· Logging breakpoints can protocol multiple expressions. Here is an example: I ask OllyDbg to protocol the contents of EAX, EBX and 4 memory doublewords starting at address ESP. Expressions must be separated by commas, repeat count has form SIZE*N, N=1..32.
· Thread names (MS_VC_EXCEPTION)
· UNICODE box characters clipboard mode
· Multiline debugging strings (of large size)
· On debug string, OllyDbg attempts to find call to OutputDebugString()
· INT3 breakpoints set on the first byte of edited memory area are retained
· Decoding of User Shared Data block
· Addressing relative to module base
· If plugin crashes, OllyDbg will report its name
November 26th, 2010· Ported to UNICODE. Multilanguage support for ASCII apps in modern Windows is practically non-existing, and I got tired bypassing all such incompatibilities. This step means that version 2 will not work on Windows 95 and 98.
· Source debugging is here again, a bit incomplete. It supports only Microsoft compilers via dbghelp.dll. New is support for symbol server, stack walking using dbghelp and names of procedure parameters.
· Debugging of standalone DLLs, in my opinion significantly better than before. It even measures call duration with sub-microsecond resolution (good for profiling) and saves contents of dumps between sessions!
· Many small improvements, like pause only on selected module(s), breakpoints on all intermodular calls, automatical closing of dump windows on different process, bugfixes, and more.
June 18th, 2010· Full support for SSE instructions, including SSE3 and SSE4. SSE registers are accessed directly,
· without code injection;
· Execution of commands in the context of debugger, allowing run trace speed - with conditions and
· protocolling! - of up to 1,000,000 commands per second;
· Unlimited number of memory breakpoints;
· Conditional memory and hardware breakpoints;
· Reliable, analysis-independent hit trace;
· Analyser that recognizes the number (and sometimes the meaning) of the arguments of unknown
· functions;
· Detaching from debugged process;
· Debugging of child processes;
· Built-in help for integer and FPU commands;
· Option to pause on TLS callback;
· Option to pass unprocessed exceptions to the unhandled exception filter.
Find us on Google+
