Question

Explain the capabilities of the Ollgdbg and its interfaces. What is rebasing?

Answer 1

Capabilities of OllyDbg:

OllyDbg is an x86 debugger that emphasizes binary code analysis, which is useful when source code is not available.

• Debugs multithread applications
• Attaches to running programs
• Configurable disassembler, supports both MASM and IDEAL formats
• MMX, 3DNow! and SSE data types and instructions, including Athlon extensions
• Full UNICODE support
• Dynamically recognizes ASCII and UNICODE strings - also in Delphi format!
• Recognizes complex code constructs, like call to jump to procedure
• Decodes calls to more than 1900 standard API and 400 C functions
• Gives context-sensitive help on API functions from external help file
• Sets conditional, logging, memory and hardware breakpoints
• Traces program execution, logs arguments of known functions
• Shows fixups
• Dynamically traces stack frames
• Searches for imprecise commands and masked binary sequences
• Searches whole allocated memory
• Finds references to constant or address range
• Examines and modifies memory, sets breakpoints and pauses program on-the-fly
• Assembles commands into the shortest binary form
• Starts from the floppy disk

Interface:

• Intuitive user interface, no cryptical commands
• Code analysis - traces registers, recognizes procedures, loops, API calls, switches, tables, constants and strings
• Directly loads and debugs DLLs
• Object file scanning - locates routines from object files and libraries
• Allows for user-defined labels, comments and function descriptions
• Understands debugging information in Borland^® format
• Saves patches between sessions, writes them back to executable file and updates fixups
• Open architecture - many third-party plugins are available
• No installation - no trash in registry or system directories

Rebasing:

Rebasing is the process of creating a shared library image in such a way that it is guaranteed to use virtual memory without conflicting with any other shared libraries loadable in the system.