Crack Program Using Ollydbg 2 Download

September 27, 2013 - version 2.01. OllyDbg, empty language file, chicken language file, Disassembler 2.01 (GPL v3, preliminary version without documentation)

How to crack a progam easy and safe, take and download the crack from the link 1 or 2, ist working 100% no virus. How to crack program using ollydbg. OllyDbg is a 32-bit disassembler/debugger for Microsoft Windows binary files. It is shareware and it is available here. The goal today is to provide a tour of OllyDbg and how the tool can be used in reverse engineering software or malware.

New version with many new features, among them:
  • Help on 77 pages. Please read it first - most of new features are described there
  • Multilanguage GUI (experimental, as yet no translation files - please do it by yourself)
  • Support for AVS instuctions (as yet no AVS2 and high 16 bytes of YMM registers are not displayed)
  • Call stack window (similar to the version 1.10)
  • Handles window (similar to the version 1.10)
  • SEH and VEH chains. To decode addresses of VEH handlers, OllyDbg hacks NTDLL.RtlAddVectoredExceptionHandler(), therefore process must be started from the OllyDbg
  • Multibyte character dumps
  • .udl image libraries, replace scan of object files from v1.10
  • Search for integers and floats in dump
  • Search for procedures (entry points)
  • Limited support for NTFS streams
  • Drive dump
  • Software breakpoints that use INT1, HLT, CLI, STI or INSB instead of INT3
  • Multiple watches in one line, support for repeat count
  • Dump of arrays of structures
  • Micro-analysers
  • Accelerated search
  • Assembling of immediate data statements (DB xx etc.)
  • Highlighting in run trace
  • Up to 2 ordinals per address
  • Limited support for Win95 via Microsoft Layer for UNICODE
  • More tricky code sequences
  • Show free memory, or was it the previous version?
  • Multiple bugfixes
Yes, you understand it correctly. OllyDbg graphic interface supports multiple languages. All you need is the corresponding language file. Currently there are none, but I expect that the volunteers will be able to make more or less complete translations.
Plugins compiled for OllyDbg 2.01 beta are 100% compatible with v2.01. PDK will be updated.. soon..
Preliminary version of Disassembler 2.01 is almost ready. That is, the sources are more or less final but documentation and ready-to-use DLLs are still missing. I release Disasm 2.01 under GPL v3. Commercial licenses are also possible.

November 19, 2012 - update. OllyDbg, sample plugins, preliminary plugin API, test application
This is a major update of the plugin interface. Now plugins can actively influence the debugging process. They may set temporary breakpoints (Plugintempbreakpoint()) and receive notifications if breakpoint is hit (ODBG2_Plugintempbreakpoint()). If they receive exception notification, ODBG2_Pluginexception() may request to pause application or step over this exception. ODBG2_Pluginnotify() is extended and can force different mode of execution than requested by user.
If necessary, plugin may create one or several options pages in a new Plugins options dialog, which is very similar to the Options. Pluginshowoptions() directly opens plugin-related options page.
There is a new sample plugin, traceapi.dll, that demonstrates new features. It uses one-time memory breakpoints to detect all calls from the user code to the Windows API and protocols the arguments and values returned by APIs. Sample code does not include the Visual Studio project for traceapi. This is despairing - to compile a plugin, I must change several options, like unsigned characters, byte alignment, DLL, UNICODE, import libraries (btw it looks like my VS accepts only absolute paths for implibs!) etc. - TWICE! - once for debug and second time for release configuration. As .vcproj includes GUIDs, I can't simply rename it. Instead, I must recreate new project FROM THE SCRATCH! (yes, all capitals text is a net equivalent of shouting). There is something called 'property sheets', but I have found no possibility to save existing options to the property sheet. So if you have a solution to this problem MS feature, please let me know.
Plugin documentation is still far away from finished but is strongly updated.
OllyDbg itself got several bugfixes and minor improvements.
As always, your comments and questions are welcome.

October 04, 2012 - update. OllyDbg, Bookmark plugin
Many bugfixes and several improvements. Plugin interface is still under development.
I've got rid of a very nasty crash. Maybe half of such crashes happened within the GlobalAlloc(), the remaining were almost unpredictable. Of course, it was buffer overflow, what else?
Debugging engine is now more stable, especilally if one steps into the exception handlers. There is a new debugging option, 'Set permanent breakpoints on system calls'. When active, it requests OllyDbg to set breakpoints on KERNEL32.UnhandledExceptionFilter(), NTDLL.KiUserExceptionDispatcher(), NTDLL.ZwContinue() and NTDLL.NtQueryInformationProcess(). For example, if CPU is in the exception handler and you set hardware breakpoint, it won't hit! NTDLL.ZwContinue() restores original contents of registers and modifications get lost. Therefore OllyDbg sets temporary INT3 break on ZwContinue() and applies changes to the copy of the context in memory. But sometimes it simply doesn't know that temporary breakpoint is necessary. If process is being debugged, Windows don't call the unhandled exception filter. Instead, it notifies debugger. To pass exception to the filter, OllyDbg intercepts NtQueryInformationProcess(). If handler asks OS whether process is debugged, OllyDbg reports 'no'. And so on. Well, if this new option is so advantageous, why not to make it default? Because some viruses check for INT3 breakpoints on these APIs.
Sometimes it's necessary to rename the OllyDbg, for example if you investigate a brainless virus that scans process names and hopes to avoid debugger. You rename OllyDbg to, say, notadebugger.exe and.. and.. and all plugins are missing?! They are statically linked to the DLL named ollydbg.exe. Of course, GetProcAddress() would help, but this makes programming to the nightmare. Therefore when OllyDbg loads plugins, it applies a dirty trick which lets Windows think that the main module is named ollydbg.exe and not notadebugger.exe. This trick works under Windows XP, but I am not sure whether Vista/Win7 use the same internal data structures. Please check.
Hit trace can be saved between the sessions. If code is self-modifiable, use this option with care. When OllyDbg restores hit trace, it sets INT3 breakpoint on every marked command. This may lead to crash of the debugged application.
Due to the invalid handling of prefixes 66, F2 and F3, command search was unable to find SSE commands. This bug is corrected.
Currently I am working on the plugin interface. Plugins will be allowed to set temporary breakpoints and process exceptions. This requires significant changes in the debugging engine and may take another couple of weeks.

August 30, 2012 - major update for plugin authors. OllyDbg, Bookmark plugin,
preliminary plugin API, test application
I have signifiicantly changed the way OllyDbg and plugins interact with each other. For example, all functions with fixed number of arguments are declared as __cdecl instead of __stdcall. This removes problem with Visual C that always wants to emit something like _Disasm@32 instead of plain _Disasm or Disasm. Otherwise there are only minor changes. Among them, several of OllyBugs are no longer.
Bookmark plugin now works with 4 different compilers: Borland C++ Builder 5.0 (ancient but still my favorite), command-line Borland C++ 5.5 (produces exactly the same DLL), Visual C++ 2005 (Express Edition) and Code::Blocks (in fact, MinGW which is GNU for Windows). There are separate import libraries for each. Plugin source is identical in all cases. I hope that VC library will also work with all otrher Visual versions. Detailed description will be available later - as always..
Help on API is extended but not as far as I expected. Again: If you need some API function or family that is not yet documented, drop me a mail and I'll try to describe it ASAP.

That's all, enjoy!

August 18, 2012 - OllyDbg 2.01 beta 2. OllyDbg (already updated), Bookmarks plugin, preliminary plugin API, test application

I vas very busy the whole year, so my work was veeery slow. I am very sorry for this. Anyway, now I hav a bit more free time and will continue the development (and documentation, don't forget the documentation!)
OK, so what's new here? OllyDbg itself is hardly changed, only minor improvements (like correct reaction on MOV SS,anything; PUSHF or disassembling of JE vs. JZ etc. depending on the preceding comparison). More important, I have (hopefully) removed the nasty crashes that happened on some computers while invoking menu, or pressing ALT, or on similar harmless actions.
Update: No, I haven't removed all bugs at the first try. I have kept some information about menu items directly in the menu, using dwItemData in MENUITEMINFO. It seems that Windows also uses this item! Now I have moved pointers to data to another location.
Plugin interface is slightly extended. Plugin API includes more than 500 functions, structures and variables. Of these, I have described less than 100, so you will frequently encounter 404 while browsing the help data. But all APIs used by Bookmarks plugin are fully documented. I plan that I'll describe another hundred within the next two weeks.
You may already start writing your plugins. If you need some API function or family that is not yet documented, drop me a mail and I'll try to describe it ASAP.
There is a small test application, Test.exe, that I've written to simulate errors. I think that it may be helpful to learn OllyDbg. Feel free to use it as you want. The source code is enclosed:

The buttons do the following:
  • Start thread - start new thread that increases counter each 100 milliseconds;
  • Suspend last - suspends last created thread. There is no corresponding 'Resume' button, use OllyDbg;
  • New process - starts new instance of itself;
  • New suspended - starts new instance of itself in suspended state;
  • FatalExit() - calls FatalExit(), what else?
  • Current Dir - displays current directory;
  • Load ws2_32 - loads ws2_32.dll (must be present on all systems);
  • Unload ws2_32 - unloads ws2_32.dll;
  • Set filter - calls SetUnhandledExceptionFilter(). The handler only displays the error. Note: it won't work on stack overflow;
  • Sedt VEH - calls AddVectoredExceptionHandler(), same note as above;
  • Read [00000000] - attempts to read memory at zero address;
  • 0 : 0 - integer division by zero;
  • INT3 - executes INT3;
  • INT ff - executes INT FF;
  • JMP 123456 - jumps to (most probably) non-existing memory;
  • Stack overflow - calls function that recursively calls itself;
  • 1.0 : 0.0 - floating-point division by zero. Note where this exception is reported!
  • Set Trap - sets bit T (single-step trap);
  • POP SS/PUSHF - executes POP SS, PUSHF, POP EAX and displays the contents of EAX (and especially bit T);
  • MOV SS/PUSHF - executes MOV AX,SS; MOV SS,AX, PUSHF, POP EAX and displays the contents of EAX (and especially bit T);
  • INT 2D - executes INT 2D, has special meaning under Windows;
  • String A - executes OutputDebugStringA() (ASCII version);
  • String W - executes OutputDebugStringW() (UNICODE version);
  • ZwAlloc(0) - allocates memory block at address 00000000. Try Read [00000000] afterwards and be astonished!

August 03, 2011 - OllyDbg 2.01 alpha 4. Here is Alpha 4, here is Bookmarks plugin

As you see, this version already supports plugins. New plugin interface is similar to the old (v1.10) but is not backwards compatible. It includes more than 350 API functions, 60 or so variables and many enumerations and structures that all need to be documented. This will take a while, therefore I decided to make a preliminary release. It includes plugin header file (plugin.h) and commented bookmarks source code (bookmark.c). Writing your own plugins without the documentation is a pure masochism, but at least you will be able to analyse the structure of the interface and send me your comments, wishes and suggestions.
This is the last alpha release. After plugin documentation is ready, I will call it 2.01 beta 1. Then I will start to write OllyDbg help and finally make the full 2.01 release. Till then, I plan no major changes.
Other new features in this version:
- Patch manager, similar to 1.10
- Shortcut editor, supports weird things like Ctrl+Win+$ etc. Now you can customize and share your shortcuts. I haven't tested it on Win7, please report any found bugs and incompatibilities!
- Instant .udd file loading. In the previous versions I've postponed analysis, respectivcely reading of the .udd file till the moment when all external links are resolved. But sometimes it took plenty of time, module started execution and was unable to break on the breakpoints placed in the DLL initialization routine
- Automatic search for the SFX entry point, very raw and works only with several packers. Should be significantly more reliable than 1.10. If you tried it on some SFX and OllyDbg was unable to find real entry, please send me, if possible, the link or executable for analysis!
- 'Go to' dialog lists of matching names in all modules
- Logging breakpoints can protocol multiple expressions. Here is an example: I ask OllyDbg to protocol the contents of EAX, EBX and 4 memory doublewords starting at address ESP. Expressions must be separated by commas, repeat count has form SIZE*N, N=1.32:
This is what you will see in the log when breakpoint is hit:

Many not-so-important new features:
- Thread names (MS_VC_EXCEPTION)
- UNICODE box characters clipboard mode
- Multiline debugging strings (of large size)
- On debug string, OllyDbg attempts to find call to OutputDebugString()
- INT3 breakpoints set on the first byte of edited memory area are retained
- Decoding of User Shared Data block
- Addressing relative to module base
- If plugin crashes, OllyDbg will report its name
- etc, etc.
I have received many bug reports. Some of them are solved, some are not. There is a very nasty bug that I was unable to reproduce: OllyDbg crashes with memory access violation inside the GlobalAlloc()?!! Either OllyDbg unintentionally taints internal data structures used by memory manager, or some virus scanner overreacts, or this is a bug of Windows itself? If you have any clue, please let me know.
That's all for now. I will make a short vacations, a week or so, and in order to keep my sanity will not check for new emails. Please have some patience!

April 11, 2011 - OllyDbg 2.01 alpha 3. Here it is!
A major update with many new features. Here are the most important:
- Support for multi-monitor configurations
- Hardware breakpoints and fast command emulation now co-operate. That is, run trace rund at full speed (up to and exceeding 500000 commands per second) even if there are hardware breakpoints set
- Purely conditional breakpoints during run trace are strongly accelerated
- Stepping, tracing and execution till selection with hardware breakpoints instead of INT3. Controlled by option Debugging | Use HW breakpoints for stepping
- INT3 and hardware breakpoints allow to declare their location as an entry point and specify call parameters for protocolling
- Scan for hidden modules. .NET environment frequently loads modules but does not report them to Debugger
- Search window keeps up to 8 last searches in a separate tabs
- Option to load .udd information even when path, file name or file checksum is different
- Option to save .udd file on request
- Expressions allow for DWORD'text'. Doubleword is interpreted as a pointer to string, comparison is done both in ASCII and UNICODE modes
- Updated decoding of several rare commands
- List of windows. I get address of window function directly from the Window tables. This is tricky but works perfectly
- ASCII dumps and ASCII strings in Binary edit are displayed according to the seleced code page (option Appearance | ASCII code page)
- Memory allocated at address 0 will be correctly recognized and displayed. (Yes, it's possible - I was also astonished by this fact! In this way one can address data using NULL pointer!)
- Improved post-mortem dump. I was unable to find the reason for several reported crashes because they occured in the system DLLs. Now when creating the dump I attempt to backtrace the stack
- Several not-so-inportand changes, like accelerated analysis of tricky code sequences, option to decode registers for selected command, new origin on non-command (safeguard: no shortcut), correct truncation of very long file names in the main menu, restarting of the last loaded executable even when several OllyDbg instances are running in parallel, etc, etc
- And, of course, multiple bugfixes.

Ollydbg Download With All Plugins

November 12, 2006 - Analyser.

Almost two years are gone since the last update of this page. But you don't forget me. The counter has crossed the magic limit of 1,000,000 impressions. So I feel me a bit ashamed and now will try to make up for your patience. Starting from now, every two or three weeks I will inform you here about the actual state of my work.
I'm frequently asked: 'What happened to OllyDbg 2.0? Why is it not here?' Well, it is mostly my immanent laziness and, to lower extent, lots of other tasks and projects that have stopped the development of the second version. Nevertheless, it is not dead. In the last month I wrote more than 100 K of code, and now want to show you some highlights of the future version, mainly its new powerful analyser.
Despite highly complex features, like full code prediction, new version is significantly faster than its predecessor. But speed does not influence the quality of recognition. See, for example, how many calls were decoded by old OllyDbg in a large 3-MB application:
and by new:

Impressive, isn't it? Note that list of known functions in v2.0 currently includes only three system DLLs.
New version has strongly improved prediction of registers (especially ESP) and stack contents:
is able to recognize and decode register variables:

functions with variable number of arguments, like formats:
and cases when parameters are copied, rather than pushed, to the stack:

It determines loop variables, i.e. registers or memory items that change by the same amount on each loop iteration:
To help user, it even can rename and change decoding of arguments in some argument-depending cases:

New Analyser features also more reliable distinguishing between code and data. All in one, when OllyDbg will be ready, it will make debugging easier and understandable.. I hope.
Part two will come in a couple of weeks. Bye!

