[ollydbg-binary-execution-visualizer] New Tool for Visualizing Binaries With Ollydbg and Graphvis

2013-09-20T23:49:41
ID KITPLOIT:5064411150802048293
Type kitploit
Reporter KitPloit
Modified 2013-09-20T23:49:41

Description

Sometimes crackme’s or something you might be reversing will constantly bug you due to the excessive usage of f7 & f8. It will be quiet neat if you can see how the application is executing visually and set your break points accordingly.

Requirements:

o Ollyscript plugin

o Bunch of your favorite anti-­‐debug plugins (phantom , ollyadvanced, …etc) o Pygraphviz

o Graphviz

o Python 2.7

Approach:

  • Create an ollyscript that will do the following

o Log all EIP for main application

o Disregard to log calls to kernel32 , ntdll & addresses which are above

7C000000 using step over not step into include more addresses to

exclude if needed later for other system dll’s 77000000 … etc. o Save EIP Logs to file

  • Parse the log file
  • Feed it into pygraphviz
  • Export to png
  • Visualize & note needed breakpoints.
  • Re-­‐run the app setting above breakpoints.

Full documentation here

Download ollydbg-binary-execution-visualizer