http://www.openrce.org/rss/feeds/blog OpenRCE: The Open Reverse Code Engineering Community Thu, 21 Aug 2008 08:04:16 -0500 https://www.openrce.org/blog/view/1251/OllySocketTrace stevefewer <email-suppressed@example.com> OllySocketTrace is a plugin for OllyDbg (version 1.10) to trace the socket operations being performed by a process. It will record all buffers being sent and received. All parameters as well as return values are recorded and the trace is highlighted with a unique color for each socket being traced.<br /> <br /> The socket operations currently supported are: WSASocket, WSAAccept, WSAConnect, WSARecv, WSARecvFrom, WSASend, WSASendTo, WSAAsyncSelect, WSAEventSelect, WSACloseEvent, listen, ioctlsocket, connect, bind, accept, socket, closesocket, shutdown, recv, recvfrom, send and sendto. <br /> <br /> <img src="http://github.com/stephenfewer/OllySocketTrace/raw/master/screenshot1.gif" border=0 align=""><br /> <br /> <img src="http://github.com/stephenfewer/OllySocketTrace/raw/master/screenshot2.gif" border=0 align=""><br /> <br /> You can download OllySocketTrace from here:<br /> <br /> <a href="https://github.com/stephenfewer/OllySocketTrace">https://github.com/stephenfewer/OllySocketTrace</a><br /> Thu, 13 Dec 2007 16:27:08 -0600 https://www.openrce.org/blog/view/992/OllyHeapTrace stevefewer <email-suppressed@example.com> OllyHeapTrace is a plugin for OllyDbg (version 1.10) to trace the heap operations being performed by a process. It will monitor heap allocations and frees for multiple heaps, as well as operations such as creating or destroying heaps and reallocations. All parameters as well as return values are recorded and the trace is highlighted with a unique colour for each heap being traced.<br /> <br /> The primary purpose of this plugin is to aid in the debugging of heap overflows where you wish to be able to control the heap layout to overwrite a specific structure such as a chunk header, critical section structure or some application specific data. By tracing the heap operations performed during actions you can control (for example opening a connection, sending a packet, closing a connection) you can begin to predict the heap operations and thus control the heap layout. <br /> <br /> <img src="http://github.com/stephenfewer/OllyHeapTrace/raw/master/screenshot1.gif" border=0 align=""><br /> <br /> You can download OllyHeapTrace from here:<br /> <br /> <a href="https://github.com/stephenfewer/OllyHeapTrace">https://github.com/stephenfewer/OllyHeapTrace</a><br /> Tue, 23 Oct 2007 20:40:10 -0500 https://www.openrce.org/blog/view/920/OllyCallTrace stevefewer <email-suppressed@example.com> OllyCallTrace is a plugin for OllyDbg (version 1.10) to trace the call chain of a thread allowing you to monitor it for irregularities to aid in the debugging of stack based buffer overflows as well as to quickly plot the execution flow of a program you are reversing (I find this handy for quickly mapping c++ style virtual function calls when I am dead listing with IDA later on and sometimes to trace crypted/obfusticated code).<br /> <br /> <img src="http://github.com/stephenfewer/OllyCallTrace/raw/master/screenshot1.gif" border=0 align=""><br /> <br /> Double clicking on any Call/Return instruction in the OllyCallTrace Log window will bring you to that location in the OllyDbg disassembly window. The recorded call chain is highlighted with blue being for the main module, yellow for system modules and green for all other modules. The call chain is also displayed in a nested format to make it easier to read. All irregularities are marked in red. <br /> <br /> You can download OllyCallTrace from here:<br /> <br /> <a href="https://github.com/stephenfewer/OllyCallTrace">https://github.com/stephenfewer/OllyCallTrace</a><br />