Skip to content
/ ollydbg-address-shortcuts Public

This plugin adds highly needed shortcuts to OllyDbg including Follow DWORD in Disassembler (Ctrl+Enter), Follow DWORD in Dump (Alt+Enter), and Copy RVA (Alt+"+").

3 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

daddesio/ollydbg-address-shortcuts

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
Readme.md
Readme.md
 
 
address_shortcuts.c
address_shortcuts.c
 
 
screenshot.png
screenshot.png
 
 

Repository files navigation

Overview

OllyDbg Address Shortcuts

This plugin adds the following menu options / shortcuts to OllyDbg v2.01:

  • Follow DWORD in Disassember (Ctrl+Enter)
  • Follow DWORD in Dump (Alt+Enter)
  • Follow DWORD in Stack
  • Copy RVA — Similar to Alt+Ins in Olly, except that the address will be relative to the start of the module.
  • Copy RVA (pretty) (Alt+"+") — The string will be formatted as helloworld+0x36a4.
  • Copy file offset — Similar to Alt+Ins in Olly, except that the address will be relative to the start of the file.
  • Copy file offset (pretty) (Ctrl+"+") — The string will be formatted as helloworld.dll+0x36a4.

Note: The "+" key is at the top row of the keyboard, not the number pad.

The above keyboard shortcuts (Alt vs. Ctrl, etc.) were chosen rather arbitrarily, so feel free to change them.

Usage

Simply drop address_shortcuts.dll next to your OllyDbg.exe, then restart OllyDbg, and Address Shortcuts should appear under your right-click menu.

Now, look at a C++ object (with virtual functions) in the Memory Dump pane. The first dword should be a vtable address. Press Alt+Enter to follow it. Now press Ctrl+Enter to quickly pull up any function in the Disassembly Pane, and Alt+"+" to copy its RVA in a pretty format (helloworld+0x36a4). And, as usual, use the familiar Numpad-Plus/Minus to navigate forwards/backwards and Alt+Ins to copy raw addresses. Copy/paste hex bytes with Ctrl+Ins/Shift+Ins, and generate pretty hexdumps with Ctrl+C.

Compiling

You will need the OllyDbg Plugin SDK (ollydbg.lib).

Using GCC:

Copy CodeBlocks/plugin.h and CodeBlocks/ollydbg.lib from plug201h.zip into the current directory, then run:

gcc -std=c99 -Wall -m32 -Os -g0 -funsigned-char -shared -nostartfiles -s -static-libgcc -o address_shortcuts.dll address_shortcuts.c ollydbg.lib

Using MSVC:

TODO...

To do

  • I'd prefer having Enter instead of Alt+Enter to follow in dump. This nearly works, except that OllyDbg also pops open an "Edit data at address" dialog in response to the enter key. We could patch Ollydbg to prevent this dialog (in response to enter only), but it would complicate this otherwise very simple script.
  • Get pretty RVA's in other debuggers as well (x64dbg, windbg, gdb, ...).

About

This plugin adds highly needed shortcuts to OllyDbg including Follow DWORD in Disassembler (Ctrl+Enter), Follow DWORD in Dump (Alt+Enter), and Copy RVA (Alt+"+").

Resources

Readme
Activity

Stars

3 stars

Watchers

2 watching

Forks

3 forks
Report repository

Releases 1

2018-03-23 Latest
Mar 23, 2018

Packages

No packages published

Contributors 2

  •  
  •  

Languages