Preparing OllyDbg for battle

About Ole

The OllyDbg debugger is a ring 3 debugger, i.e. custom At the time of this writing, there is a release version of old version 1.10 and a new, completely rewritten from scratch, version 2.00k. What are the advantages of this debugger? Low weight, flexible change in functionality of plug-ins, ease of management. Limitations imposed by ring 3 - we can hardly debug the driver, but they can be loaded as usual dll and debug in parts. It is possible to load debug information from IdaPro. It is also quite convenient to change the code and data directly in the debugger, with the ability to save.

Essential plugins

When you start the debugger, out of the box, so to speak, there is some difficulty in managing it, but installing several basic plug-ins, it almost turns into an ideal system, where everything is at hand.
So in order:

1. CommandBar - adds a small panel with a console, which will often be used to quickly set breakpoints, move through memory, and other amenities.
   
2. ODbgScript is an equally important extension: it allows you to write your own scripts to automate some operations (for example, there is a script extractor of Asprotect of all versions, written by a friend of Volx)
3. Phantom, StrongOD, HideOD, HideDebugger - plug-ins partially or completely hide the debugger from the system, debugged processes and so on. With proper configuration, you can even debug monsters of various defenses that are full of anti-debugging processes.

After such a minimum, the debugger is more than ready for battle. It became convenient to use them, and there are no problems with unnecessary searches for anti-debugging.

Registration

When you first start ollydbg, we are greeted by a rather dull monochromatic design in a milky white color, without syntax highlighting. This is all solved by selecting the theme in the context menu, but the choice is not large there - either cold, tedious themes, or vice versa dazzling like a parrot. And as you understand both that and another complicates the perception of information, which in debugging greatly reduces the efficiency. But we must pay tribute to the developers, almost everything in the debugger is customizable.

I want to offer my working version, in which I worked for two years. The colors are chosen as soft as possible, the brightness of the backlight of some blocks of code is riveted first to more important things, additional parameters in a more gray scale.
')


To do this, the following lines need to be changed in the ollydbg.ini file:
[Colours]
... ...
Scheme name[7]=Veliant Sheme
Scheme[7]=15,12,7,0,4,10,7,13

[Syntax]
... ...
Commands[4]=15,15,12,12,11,14,12,15,15,7,12,0,0,0
Operands[4]=1,3,15,15,8,8,10,6,0,0,0,0,0,0
Scheme name[4]=Veliant Sheme


You can download the debugger itself from the official site ollydbg.de
Plugins and additional information can be found for example on the resource cracklab.ru

The author of the article does not recommend debugging third-party programs, and removes all responsibility from themselves.