OllyDbg/OllyBonE

From aldeid
Jump to: navigation, search
You are here
OllyBonE

Description

OllyBonE is a plugin that aims at helping unpacking X86 executables.

It takes advantage of the split TLB architecture of Intel processors to protect memory pages from execution but still allow read/write access

Installation

Download link: http://www.joestewart.org/ollybone/ollybone-0.1.zip

Unzip and copy ollybone.dll and i386/ollybone.sys to your OllyDbg directory

Your memory map right-click menu should now have the option "Set break-on-execute".

Info.png
Note
Ensure that the checkbox in
Options
>
Debugging options
>
Exceptions
for ignoring the Single-step break is unchecked, otherwise the INT1 handler will not return control to the debugger. Ollydbg-options-exceptions-single-step-break-unchecked.png

Usage

Incomplete.png
INCOMPLETE SECTION OR ARTICLE
This section/article is being written and is therefore not complete.
Thank you for your comprehension.