OllyDbg/OllyBonE

From aldeid
Jump to: navigation, search
You are here
OllyBonE

Description

OllyBonE is a plugin that aims at helping unpacking X86 executables.

It takes advantage of the split TLB architecture of Intel processors to protect memory pages from execution but still allow read/write access

Installation

Download link: http://www.joestewart.org/ollybone/ollybone-0.1.zip

Unzip and copy ollybone.dll and i386/ollybone.sys to your OllyDbg directory

Your memory map right-click menu should now have the option "Set break-on-execute".

Info.png
Note

Ensure that the checkbox in Options > Debugging options > Exceptions for ignoring the Single-step break is unchecked, otherwise the INT1 handler will not return control to the debugger.

Ollydbg-options-exceptions-single-step-break-unchecked.png

Usage

Incomplete.png
INCOMPLETE SECTION OR ARTICLE
This section/article is being written and is therefore not complete.
Thank you for your comprehension.