mozhucy's blog.

Reversing-engineering

字数统计: 175阅读时长: 1 min
2018/03/07 Share

The frequently-used Shortcut key of Ollydbg














































Shortcut effect
Ctrl + F2 restart debugging
F7 execute next code,If meet the CALL instruction,step in the function
F8 execute next code,If meet the CALL instruction,Only Call the function without step in(step over)
F4 execute until cursor
F2 set BreakPoint
F9 run to BreakPoint,if without BP ,run until end
* show the position of EIP
- show the previous position of cursor
Alt + M show the be loaded *.dll
space edit data

the method of find function:

  • Search String
  • set API BP
    • in the *.dll
    • in the main function

if you want to change the string ,you can write something in the Extra memory space(Null padding),and patch the string point where push the address of the first byte.

when the Executable file be loaded in memory ,it can be distribution 1000byte memory space,although the file only use 100byte ,but when the file be loaded in memory,it can be distribution 1000byte memory space, so the other free space,be fill with NULL.

CATALOG