

		OllyDBG v1.10 plugin  - StrongOD v0.4.8
			by Ӱ[CUG]
====================================================================
[2012.11.08 v0.4.8.892]
1޸WIN8ʧܵBUG
2޸sprintfӡĹ


[2012.10.29 v0.4.7.871]
1޸1anti-debug߼
2֧win8 32λ
3ڷǹԱȨУODRUNASADMIN
4UAC£֧DropFiles
5cmdbar֧neg, not, xor, or, and5޸ڴ

[2012.02.13 v0.4.6.816]
1޸anti-debug߼
2ССĸ

[2011.08.10 v0.4.5.810]
1ŻCheckVMP
2ŻHookApi
3ͣntdll.LdrInitializeThunkĹܣring3ִеĵһд룩


[2011.04.21 v0.4.3.770]
1ǿ

[2011.03.28 v0.4.2.734]
1һVMPĹܣ֣

[2011.02.09 v0.4.1.716]
1ǿ(bypass anti-debug)


[2011.01.10 v0.4.0.712]
1޸PEһBUG

[2010.12.29 v0.3.9.706]
1ǿ
2޸BUG
3Żˢ


[2010.10.10 v0.3.7.666]
1ǿ
2޸BUG
3ִнűʱODС


[2010.08.17 v0.3.6.650]
1޸һܵBUG
2ֹODpostmessageر
3޸PEһBUG
4תƵݶ


[2010.06.24 v0.3.5.639]
1Add AutoUpdate


[2010.06.13 v0.3.4.633]
1ŻODԿBUG
2ͷŵĿ¼
3PatchODܣodдⱻ
4cmdbarĴDrawķʽⱻ
5޸һBUG
6cmdbarOllyskinݵ


[2010.04.28 v0.3.3.625]
1ODڵϷʱǳ׿BUG


[2010.03.26 v0.3.2.616]
1ŻMemݵı棬mem2 - mem5ͻᱻ
2޸ȡcodesizeһBUG
3΢Żtoolbar


[2010.03.05 v0.3.1.610]
1޸һanti-antiBUGԼһЩСBUG
2SplashԶ壬ollydbg.iniм
[Plugin StrongOD]
logo = c:\ollydbg\Splash1.bmp
ĬǼollydbg.exeĿ¼µSplash.bmp

3cmdbartabѡ

磬aͷ asm at ac attach
aȻtabͿлaͷat a asm ac attach
atȻtabͿлatͷat attach


4alt+QݼĿڴ棬ĬϴС
[Plugin StrongOD]
AllocSize = 10
ȡֵ16ƵģڴĴС AllocSize * 0x1000ĬAllocSize = 1

5ALLOC [AllocSize]Ŀڴ棬ڴС AllocSize * 0x1000

ûָ AllocSizeȡļеֵ
ļûָĬΪ1


[2010.01.08 v0.2.9.561]
1Attach <pid>Detachܣpid10Ƶ
2ȥalt + 1 ~ 9nopĹ
3ش㷨Ż
4ӼԣȥfileĹ
5޸СBUG


[2010.01.08 v0.2.9.561]
1Attach <pid>Detachܣpid10Ƶ
2ȥalt + 1 ~ 9nopĹ
3ش㷨Ż
4ӼԣȥfileĹ
5޸СBUG

[2009.11.26 v0.2.8.478]
1صODҪľ(Щdllod)
2Żcpu dumpڹ
3memݱ棨M2-M5
4dumpڿݼCTRL+Bdumpڣÿݼлcpu dumpڣ
5Żٶ

[2009.10.28 v0.2.7.433]
1win72003޸anti_anti attach
2win7Ȩָ
3ͨż
4ӿݼctrl+dõcmdbar
5޸СBUG
6cmdbarССĶ

[2009.09.01 v0.2.6.413]
1Ӽ΢ſѡ
2CmdbarMSGʾϢ

[2009.08.26 v0.2.6.410]
1Command Bar(ݼĳALT+F1)cmdbar
2CmdbarTBAR

[2009.08.24 v0.2.6.405]
1ȫ֧win7(7600°汾֧)
2ǿPEȶ
3޸tmdĳЩʱattachȥ޷¶ϵ©

[2009.06.16 v0.2.5.388]
1ring0ȶ
2ɱNP߳

[2009.06.13 v0.2.5.384]
1޸bugȥַ
2ȶӣҪkey

[2009.04.24 v0.2.4.364]
1кܴĶһЩܣǰStrongODݣºҪ
2ʱollydbgеĿ߳
3޸attach
4޸ӿǺ޷ʹԶעĹ


[2009.04.03 v0.2.4.350]
1޸ĳЩ2000BUG
2޸ļBUG
3key֤ҪStrongOD.key

[2009.03.30 v0.2.4.347]
1޸vistaattach쳣
2ǿattachȶԣAttachҪF9Ȼresume all thread
3advenummodֶ֧̬ӳ
4vista sp1޷ļbug
5vista¸޸

[2009.03.17 v0.2.4.341]
1˳ODȥZwOpenThreadhook
2޸ODcodebaseBUG
3ӰODԳ

[2009.03.09 v0.2.3.328]
1ǿ̱(߳)ʡë鷳
2޸һĴ
3޸ضλBUG
4޸attach notepad.exeBUG
5޸bug
6޸tlsBUG

[2009.02.14 v0.2.3.314]
1޸2003 sp1bug(лcxh852456)
2ǿݼԣּ֧޸İOD

[2009.02.10 v0.2.3.305]
1޸СBUG
2ǿattach
3޸ĳBUG

[2009.02.04 v0.2.3.301]
1ײԶ¼Ƿ
2ײ״̬ʾMemory״̬
3޸صbug

[2009.02.01 v0.2.3.299]
1Ӷڴ洰ڵĿлݼ alt+1 ~ alt+5
2лջڹebpĴ߲κμĴݼ alt+1 ~ alt+3
3һײĿплİťOptionȡ
	Alt+Rʾؿ
4ײĿǷ񴴽ӰлĹܣûаťÿݼл

[2009.01.14 v0.2.2.292]
1޸һЩPEСbug
2޸ڴϵжϵһСbug

[2009.01.14 v0.2.2.283]
1޸һЩСbug
2޸һbug

[2009.01.11 v0.2.2.275]
1ѡɾڵϵ
2ѡжTlsڣеĻѡKill Pe Bug
3ѡжڽring3ĵһд루Ƿʵ֣
4ļOrdFirstmfc42еĵȻ
5޸ضλbug
6AttachڵָĳWM_VSCROLLϢ

[2009.01.08 v0.2.1.273]
1͵bug
2ضλbug
3޸Skip Some ExpectionѡϵʱڴF2ϵ޷µbug
4޸Skip Some Expectionѡϵʱڴϵ޷µBUG
5޸IATҲBUG

[2009.01.06 v0.2.1.262]
1Attachڵ֧
2дodģĴ

[2008.12.30 v0.2.1.252]
1޸BUG

[2008.12.25 v0.2.1.235]
1޸һPAGE_GUARDanti
2޸Skip Some Expectionѡϵʱ޷ڴF2ϵ
3PAGE_GUARDԣ޷odPAGE_GUARD¶ϵBUG龡ҪڴF2ϵ
4ǿ̱ܣֹring3¸ƾod
5޸ദСbug
6°汾

[2008.11.06 v0.20]
1쳣OD̫BUG

[2008.11.03 v0.19]
1һݼcpudump  alt+˫
2޸ODں뷨п޷ʹõBUG
3޸һǱڵBUG


[2008.09.15 v0.18]
1޸Ctrl+Grva,offsetʱһСBUG
2е״̬ʱDetachǰг
3޸ԭODBUG
4޸odкCPUռʺܸߵBUG
5ǷһЩ쳣

[2008.09.02 v0.17]
1ODInt 3жϣSTATUS_GUARD_PAGESTATUS_INVALID_LOCK_SEQUENCE쳣
2ȷint 2dָ

[2008.08.31 v0.16]
1̣شڣ󲿷ַ
2֧Զ豸ollydbg.iniеDeviceName豸8ַ
		ollydbg.iniе[StrongOD]УԼ趨
		HideWindow=1 					ش
		HideProcess=1					ؽ
		ProtectProcess=1			
		DriverKey=-82693034		ͨŵkey
		DriverName=fengyue0		豸(8ַ)

3OD̵ĸ̸ĳexplorer.exe (shooooĴ)

[2008.08.10 v0.15]
1ǿģ鹦ܣȷҴpebģ飬ring3ģ飩
2ǿODļPeͷķUpackǵȣ
3anti anti attach һּ˵attachʽ
4ĿٵԣDebugActiveProcessStopܣxpϵͳ
5עdllԵĽ
	a) Remote ThreadʹCreateRemoteThreadע룩
	b) Current Threadshellcode̷߳ʽע룬ǰ̱߳ͣ


[2008.07.04 v0.14]
1VMP 1.64аanti
صַhttp://www.unpack.cn/viewthread.php?tid=26870

[2008.01.20 v0.13]
1Advanced Ctrl + G ܿAPI(ѾODԴĹһһ)
2޸˵ûжϵʱɾжϵѡBUG
3޸ɾжϵ㣬пɾBUG
4߳Сڻ1ʱ򣬲Resume all thread  Suspend all threadѡ
5ݿѩ9.21汾(Ϊ汾޸ACPUASMԼ޸ĵİ汾벻Ҫ޸ACPU)
6ͼӿǰODһļԣʱдPEͷӦλãǲ֧TheODBG


[2008.01.15 v0.12]
1Advanced Ctrl + G 
2bugΪѡ(patchģҪܱѡ)
3ԭpatchĴ붼ȡȫĳhookʽӼ(Ĺܽpatchʽ)


[2007.11.15 v0.11]
ȥ2BUG
1ʱĿ¼пոиϢ
2CPU DUMP ڣѡһڴĵһֽڣInfolineʾ쳣

ӣ
ϵ㴰ûκζϵ㣬ʾ˵


[2007.11.14 v0.10]
Ӵģʽ

ṩ3ַʽ:

1,Normal
	ԭʽͬSTARTINFO治ɾ

2,CreateAsUser
	һUserȨ޵ụ̂ʹUserȨ£޷AdminĽ̽в
	ҪڱذȫԣûȨָ潫û2Ȩޣ
		1滻̼Ǻ(SeAssignPrimaryTokenPrivilege)
		2Բϵͳʽ(SeTcbPrivilege)
	homewindows޷ãôʹSuperModeODȨޣǿҲʹѡ

3,CreateAsRestrict
	ڶѡUserȨ޵ûƵĵطȽ϶࣬ԣӵܣһƼAdminû
	ĳAdminûȨֻʣĬUserûеȨޣһЩΣȨȫɾSeDebugPrivilegeSeLoadDriverPrivilegeȣеĳ򲻻ODɺܴ˺ʽ


ע⣺
1ӵ2ʽһеĳ򣨱OllyDbgڵľʱвЧ
2 Olly Advanced ͻOlly Advanced ˹ʧЧ



ص
HidePEBȥPEBеĵԱǣҴӸϽHeapMagic(οPhant0m.dll)

˹ܵѡѡѡԶ


ݼ


1. CPU ASMCPU DUMPCPU STACKEnterصһϵпݼ

CPU ASM
 
1000481A  |.  A3 F48E0010   mov     dword ptr ds:[10008EF4], eax


ѡʱEnter       ʾ CPU DUMPʾ10008EF4λ
	    Shift+Enter ʾ CPU ASM ʾ10008EF4λ
	    Ctrl+Enter  ʾCPU DUMPʾеĵַ1000481Aλ

2

1000481A mov dword ptr ds:[10001000],40304C 

䣬ҪлһͼAltл

ѡʱEnter           ʾ CPU DUMPʾ40304Cλ
	    Shift+Enter     ʾ CPU ASM ʾ40304Cλ
	    Ctrl+Enter      ʾ CPU DUMPʾеĵַ1000481Aλ
	    Alt+Enter       ʾ CPU DUMPʾ10001000λ
	    Alt+Shift+Enter ʾ CPU ASM ʾ10001000λ

CPU DUMP

EnterʾCPU ASMʾѡеĵһֽڿʼ
Shift+EnterʾCPU DUMPʾѡеĵһֽڿʼ
Ctrl+EnterʾCPU ASMʾѡеĵһֽڵĵַ

CPU STACK

EnterʾCPU ASMʾѡе
Shift+EnterʾCPU DUMPʾѡе
Ctrl+EnterʾCPU ASMʾѡеĵַ
Alt+EnterʾCPU DUMPʾѡеĵַ


2. CPU ASM , CPU DUMP , CPU STACKڿݼESC`(ע:ESC),˰ͬCPUڰ-()+(Ӻ).ʼǱΪʼǱûС̣
3. CPU REGڿݼESC`(ע:ESC)ʵView FPU,View MMX,View 3D Now!,View DebugĿٷҳ.
4. CPU STACKڿݼESC`(ע:ESC),ESCʾCPU STACKʾESPֵ`ʾʾEBPֵ
5. CPU REGڿݼCTRL+ּ18(ֱӦEAX,ECX,EDX,EBX,ESP,EBP,ESI,EDI)ʾCPUASM
   CPU REGڿݼSHIFT+ּ18(ֱӦEAX,ECX,EDX,EBX,ESP,EBP,ESI,EDI)ʾCPUDUMP
		

6. CPU ASM,CPU DUMPڿݼShift+C,Shift+V,Shift+X,Ctrl+X.ֱӦƸ,ճ,޿ոƸ(дODűֵ)ѡеĵһֽڵĵַ
   ע:Shift+V ֻҪѡʼַ.
   Shift+CShift+X:
   55 8B EC 8B 45 0C 48 74 42 48 74 37 83 E8 0D 74 
   558BEC8B450C48744248743783E80D74

   Ctrl+XǸѡеĵһֽڵĵַѡеĵһ

1000481A mov dword ptr ds:[10001000],40304C 

Ctrl+Xַ01000481A Ƶ

7. CPU ASM CPU DUMPӿݼInsert ,Delete

	Insert ѡе0x90
	Delete ѡе0x00

ѡһȻ󰴼ODĻָָܻ(Alt + Backspace)



8. ״̬ʾCPU DUMPѡʼַ,ַ,ѡС,ǰֵ.

ע:CPU DUMPΪ00401000  00 10 40 00 69 6E 67 20 ѡеַ0040100000ʱ,״̬ʾValueΪ401000,Ctrl+˫Valueа.


9. Ӷϵ㴰(ALT+B)Delete All BreakPoints.ʵɾȫϵ.
10. ̴߳Suspend All Threads,Resume All Threads.ʵֹͻָȫ߳.


رлfly,sucsor,lifeengines,shoooo,foxabu,hellsp@wn,okdodo,kanxue,a__p,΢Цһ,goldsun




