forked from epsylon3/odbgscript
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathollydbg201.txt
483 lines (475 loc) · 18.2 KB
/
ollydbg201.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
Dump of file ollydbg.exe
File Type: EXECUTABLE IMAGE
Section contains the following exports for ollydbg.exe
00000000 characteristics
0 time date stamp Thu Jan 01 01:00:00 1970
0.00 version
1 ordinal base
456 number of functions
456 number of names
ordinal hint RVA name
34 0 00005630 Absolutizepath
100 1 00022DB4 Activatetablewindow
203 2 0006F4E0 Addjump
260 3 0008677C Addnesteddata
326 4 000C3074 Addprotocolrange
219 5 000705E0 Addrange
160 6 00039378 Addsimpledata
69 7 000168E4 Addsorteddata
104 8 00029140 Addstringtocombolist
236 9 00076AD8 Addtohistory
356 A 00018880 Addtolist
12 B 000026C8 Addtosettings
317 C 000B69EC Alignselection
208 D 0006FC34 Arelocaljumpscallstorange
19 E 0000334C Asciitounicode
121 F 0002DB1C Asmindump
280 10 0008FDDC Assemble
279 11 0008BECC Assembleallforms
321 12 000BB838 Backupusercode
124 13 000303C4 Binaryedit
388 14 0000F9A1 Bitcount
30 15 00003AAC Broadcast
32 16 000054A8 Browsedirectory
31 17 0000478C Browsefilename
166 18 0003F180 Byteregtodwordreg
292 19 0009C698 Cexpression
282 1A 00093838 Checkcondition
184 1B 00050C3C Checkfordebugevent
238 1C 00076D64 Checkhistory
181 1D 0004F6F4 Closeprocess
308 1E 000A8820 Closetaggedfile
176 1F 00046E28 Cmdinfo
278 20 00089C40 Commentaddress
169 21 0003FE10 Commentcharacter
297 22 000A3E10 Comparecommand
298 23 000A3FDC Comparesequence
299 24 000A7B7C Compress
127 25 00031228 Condbreakpoint
347 26 00001E8C Conderror
128 27 00031578 Condlogbreakpoint
348 28 000022DC Condyesno
289 29 00096EBC Confirmhardwarebreakpoint
288 2A 00096E78 Confirmint3breakpoint
290 2B 00096F00 Confirmint3breakpointlist
35 2C 0000571C Confirmoverwrite
72 2D 000177F8 Confirmsorteddata
322 2E 000BC160 Copydumpselection
192 2F 00057E18 Copymemoryhex
97 30 000210FC Copytableselection
98 31 000215A0 Copywholetable
324 32 000BE99C Createdumpwindow
221 33 00072584 Createframewindow
259 34 000866EC Createnesteddata
96 35 00020B38 Createottablewindow
159 36 000392F4 Createsimpledata
66 37 000161C0 Createsorteddata
101 38 00022E30 Createtablechild
99 39 00022680 Createtablewindow
227 3A 000738C0 Createtabwindow
304 3B 000A81F4 Createtaggedfile
272 3C 00088304 Decodeaddress
273 3D 00088AAC Decodearglocal
248 3E 00084000 Decodeargument
246 3F 000838F4 Decodeknownbyaddr
245 40 0008383C Decodeknownbyname
62 41 00011814 Decoderange
271 42 00088124 Decoderelativeoffset
253 43 00084838 Decodestructure
198 44 00059BB0 Decodethreadname
249 45 00084550 Decodetype
301 46 000A7E80 Decompress
103 47 00028E8C Defaultactions
85 48 00019E40 Defaultbar
93 49 0001DD50 Delayedtableredraw
145 4A 00037574 Deletedatarange
146 4B 0003768C Deletedatarangelist
10 4C 00002650 Deleteinisection
261 4D 00086B7C Deletenestedrange
73 4E 00017880 Deletenonconfirmedsorteddata
165 4F 00039730 Deletesimpledatarange
67 50 00016438 Deletesorteddata
68 51 000165F0 Deletesorteddatarange
149 52 00037E58 DemanglenameW
258 53 00086648 Destroynesteddata
158 54 000392B4 Destroysimpledata
65 55 0001606C Destroysorteddata
182 56 0004FB30 Detachprocess
41 57 00006100 Devicenametodosname
175 58 00040E10 Disasm
168 59 0003F3A4 Disassembleback
167 5A 0003F1AC Disassembleforward
314 5B 000B5DBC Dumpback
315 5C 000B5ED4 Dumpforward
194 5D 000582A8 Editmemory
294 5E 0009CCEC Eexpression
325 5F 000BEEEC Embeddumpwindow
213 60 000703F4 Emptyrange
334 61 000C6C68 Enablehardbreakpoint
287 62 00096DB4 Enableint3breakpoint
331 63 000C5D7C Enablemembreakpoint
320 64 000BB628 Ensurememorybackup
346 65 00001AB0 Error
281 66 0009004C Executecommand
293 67 0009CCC4 Exprcount
295 68 0009ED58 Expression
296 69 0009EE5C Fastexpression
6 6A 00002438 Filefromini
42 6B 000061EC Filenamefromhandle
9 6C 000025DC Filetoini
135 6D 00036548 Fillcombowithcodepages
242 6E 00082CB8 Fillcombowithgroup
250 6F 000845EC Fillcombowithstruct
305 70 000A831C Finalizetaggedfile
157 71 00038AD4 FindaddressW
102 72 00028E14 Findcontrol
137 73 00036EE0 Finddata
138 74 00036FB8 Finddataptr
190 75 000571EC Finddecode
323 76 000BE930 Findfiledump
61 77 0001172C Findfileoffset
60 78 00011658 Findfixup
335 79 000C6D58 Findfreehardbreakslot
209 7A 0006FD74 Findglobalcallsto
210 7B 0006FEF0 Findglobaljumpscallsto
205 7C 0006F874 Findjumpfrom
156 7D 000387C4 Findlabel
207 7E 0006FAD0 Findlocaljumpscallsto
206 7F 0006F968 Findlocaljumpsto
58 80 000115D4 Findmainmodule
189 81 00057160 Findmemory
56 82 000114FC Findmodule
57 83 0001157C Findmodulebyname
152 84 000384F4 FindnameW
264 85 00086F48 Findnesteddata
140 86 000370A8 Findnextdata
142 87 00037254 Findnextdatalist
153 88 000385CC FindnextnameW
155 89 000386B0 FindnextnamelistW
312 8A 000AC83C Findretaddrdata
328 8B 000C3404 Findruntracerecord
162 8C 00039634 Findsimpledata
75 8D 00017B50 Findsorteddata
76 8E 00017C18 Findsorteddatarange
77 8F 00017CD0 Findsortedindexrange
336 90 000C9418 Findsource
55 91 00011010 Findstockobject
252 92 00084794 Findstructureitembyoffset
195 93 00059AAC Findthread
196 94 00059B18 Findthreadbyordinal
354 95 00008E04 Flash
185 96 000568E0 Flushmemorycache
202 97 0006F17C Followcall
212 98 000703BC Fullrange
114 99 0002BFE4 Get3dnow
223 9A 000729C0 Getactiveframe
228 9B 00073D54 Getactivetab
110 9C 0002B6EC Getaddressrange
274 9D 00088CC8 Getanalysercomment
122 9E 0002DDD4 Getasmsearchmodel
84 9F 00019DD8 Getcharacterwidth
240 A0 00082B1C Getconstantbyname
241 A1 00082B5C Getconstantbyvalue
233 A2 000765FC Getcpudisasmdump
234 A3 00076608 Getcpudisasmselection
235 A4 00076614 Getcpudisasmtable
232 A5 000765F0 Getcpuruntracebackstep
231 A6 000765E4 Getcputhreadid
108 A7 0002B10C Getdword
119 A8 0002D10C Getdwordexpression
111 A9 0002B994 Getexceptionrange
63 AA 00011C30 Getexeversion
64 AB 00012604 Getexportfrommemory
319 AC 000B6C84 Getextproclimits
115 AD 0002C0A8 Getfloat
113 AE 0002BECC Getfpureg
349 AF 00002470 Getfromini
11 B0 000026A0 Getfromsettings
120 B1 0002D400 Getgotoexpression
340 B2 000D2B24 Getguidname
126 B3 000307DC Getindexbypredefinedtype
107 B4 0002AFD8 Getinteger
179 B5 0004EEA4 Getlasterror
109 B6 0002B214 Getlasterrorcode
276 B7 00089520 Getloopcomment
116 B8 0002C424 Getmmx
310 B9 000AC6AC Getmodulestring
53 BA 00010C78 Getmonitorrect
263 BB 00086EF0 Getnestingdepth
262 BC 00086D14 Getnestingpattern
300 BD 000A7E54 Getoriginaldatasize
200 BE 0006D524 Getpackednetint
125 BF 00030798 Getpredefinedtypebyindex
277 C0 00089930 Getproccomment
318 C1 000B6B5C Getproclimits
218 C2 00070574 Getrangebyindex
217 C3 000704EC Getrangebymember
215 C4 0007046C Getrangecount
243 C5 00082FA0 Getrawdata
106 C6 0002AEB4 Getregister
327 C7 000C3128 Getruntrace
123 C8 0002E308 Getseqsearchmodel
214 C9 00070418 Getsetcount
164 CA 000396E0 Getsimpledatabyindex
163 CB 000396A8 Getsimpledataindexbyaddr
78 CC 00017D88 Getsortedbyindex
80 CD 00018098 Getsortedbyselection
337 CE 000C9790 Getsourceline
117 CF 0002C7F0 Getsse
118 D0 0002D02C Getstring
251 D1 00084714 Getstructureitemcount
254 D2 00084D4C Getstructureitemvalue
112 D3 0002BBB0 Getstructuretype
275 D4 00088FDC Getswitchcomment
224 D5 000729F0 Gettabcount
88 D6 0001D608 Gettableselectionxy
87 D7 0001D120 Gettabletext
307 D8 000A8770 Gettaggedfiledata
306 D9 000A8688 Gettaggedrecordsize
23 DA 000036E0 Guidtotext
131 DB 000334B8 Hardbreakpoint
132 DC 000337EC Hardlogbreakpoint
38 DD 00005CB8 Heapsort
39 DE 00005E2C Heapsortex
384 DF 0000F8CC HexdumpA
386 E0 0000F90F HexdumpW
370 E1 0000F6F2 Hexprint4A
372 E2 0000F73D Hexprint4W
374 E3 0000F793 Hexprint8A
376 E4 0000F7C2 Hexprint8W
366 E5 0000F63A HexprintA
368 E6 0000F690 HexprintW
351 E7 00008B6C Info
211 E8 00070390 Initset
136 E9 00036A40 Insertdata
150 EA 00038454 InsertnameW
143 EB 0003737C Isdataavailable
144 EC 000374C4 Isdatainrange
341 ED 000D2C04 Isguid
216 EE 0007048C Isinset
247 EF 00083DD8 Isnoreturn
15 F0 00002814 IsrareA
311 F1 000AC758 Isretaddr
81 F2 00018144 Issortedinit
268 F3 0008762C Isstring
59 F4 0001161C Issystem
13 F5 000027B0 IstextA
14 F6 000027EC IstextW
22 F7 000036AC Iszero
36 F8 000057B8 Labeladdress
86 F9 00019FBC Linecount
191 FA 000572F8 Listmemory
89 FB 0001D874 Maketableareavisible
201 FC 0006EDB4 Maybecommand
24 FD 000037EC Memalloc
129 FE 000323F4 Membreakpoint
27 FF 000038C8 Memdouble
25 100 00003844 Memfree
130 101 00032634 Memlogbreakpoint
26 102 0000385C Mempurge
147 103 000377B0 Mergequickdata
352 104 00008C2C Message
51 105 00008F10 Moveprogress
90 106 0001DA70 Movetableselection
174 107 000404C8 Nameoffloat
339 108 000D044C Ndisasm
265 109 0008702C Nesteddatatoudd
309 10A 000A8848 Opentaggedfile
257 10B 00086524 Optostring
193 10C 00058020 Pastememoryhex
180 10D 0004F498 Pauseprocess
344 10E 000D6FE8 Pluginmodulechanged
343 10F 000D6FB0 Pluginpackedrecord
342 110 000D6F78 Pluginsaverecord
105 111 00029330 Preparedialog
172 112 0004019C Printfloat10
170 113 0003FF88 Printfloat4
171 114 00040084 Printfloat8
173 115 00040490 Printmmx
95 116 000209D0 Processwmmousewheel
355 117 00008E7C Progress
148 118 00037BFC Quickinsertdata
151 119 000384A4 QuickinsertnameW
45 11A 000063C8 Quicktimerflush
43 11B 000062BC Quicktimerstart
44 11C 00006324 Quicktimerstop
40 11D 00005FB4 Readfile
186 11E 00056954 Readmemory
187 11F 00056A68 Readmemoryex
229 120 000765A8 Redrawcpudisasm
230 121 000765C8 Redrawcpureg
82 122 00018858 Redrawlist
284 123 00095290 Registermodifiedbyuser
33 124 000055BC Relativizepath
199 125 0006D1D8 Removeanalysis
332 126 000C6838 Removehardbreakpoint
285 127 00096AA8 Removeint3breakpoint
329 128 000C5AE0 Removemembreakpoint
220 129 00070834 Removerange
71 12A 00017770 Renumeratesorteddata
16 12B 00002864 Replacegraphs
70 12C 00017040 Replacesorteddatarange
178 12D 0004EE08 Resumeallthreads
183 12E 0004FF5C Run
303 12F 000A8164 Savepackedrecord
302 130 000A80E0 Savetaggedrecord
256 131 00084F08 Scan
316 132 000B5FEC Scrolldumpwindow
225 133 00072A7C Setactivetab
94 134 0001DDEC Setautoupdate
283 135 00093964 Setcondition
239 136 00076ED0 Setcpu
313 137 000B53C8 Setdumptype
333 138 000C6910 Sethardbreakpoint
286 139 00096B98 Setint3breakpoint
330 13A 000C5B6C Setmembreakpoint
133 13B 00034B00 Setrtcond
134 13C 000354EC Setrtprot
52 13D 00008F3C Setstatus
91 13E 0001DBCC Settableselection
338 13F 000CA108 Showsourcecode
378 140 0000F7F4 SignedhexA
380 141 0000F858 SignedhexW
37 142 00005C0C Simpleaddress
255 143 00084EA0 Skipspaces
204 144 0006F754 Sortjumpdata
161 145 0003949C Sortsimpledata
79 146 00017DE4 Sortsorteddata
269 147 00088024 Squeezename
139 148 00037044 Startnextdata
141 149 000371B8 Startnextdatalist
154 14A 00038698 Startnextnamelist
358 14B 0000F42F StrcopyA
360 14C 0000F45C StrcopyW
5 14D 000023FC Stringfromini
267 14E 000871E8 Stringtotext
362 14F 0000F5D3 StrlenA
364 150 0000F5F5 StrlenW
244 151 0008318C Substitutehkeyprefix
54 152 00010D6C Sunkenframe
177 153 0004ED74 Suspendallthreads
382 154 0000F958 Swapmem
353 155 00008D50 Tempinfo
197 156 00059B64 Threadregisters
266 157 0008710C Uddtonesteddata
270 158 000880CC Uncapitalize
17 159 000031F4 Unicodebuffertoascii
18 15A 000032CC Unicodetoascii
20 15B 000033D0 Unicodetoutf
74 15C 00017AB0 Unmarknewsorteddata
222 15D 0007297C Updateframe
92 15E 0001DCFC Updatetable
226 15F 000735F8 Updatetabs
21 160 00003508 Utftounicode
28 161 000039D0 Virtalloc
29 162 00003A20 Virtfree
237 163 00076C18 Walkhistory
291 164 0009708C Wipebreakpointrange
188 165 00056D5C Writememory
350 166 00002504 Writetoini
83 167 00018880 _Addtolist
387 168 0000F9A1 _Bitcount
3 169 00001E8C _Conderror
4 16A 000022DC _Condyesno
2 16B 00001AB0 _Error
49 16C 00008E04 _Flash
7 16D 00002470 _Getfromini
383 16E 0000F8CC _HexdumpA
385 16F 0000F90F _HexdumpW
369 170 0000F6F2 _Hexprint4A
371 171 0000F73D _Hexprint4W
373 172 0000F793 _Hexprint8A
375 173 0000F7C2 _Hexprint8W
365 174 0000F63A _HexprintA
367 175 0000F690 _HexprintW
46 176 00008B6C _Info
47 177 00008C2C _Message
50 178 00008E7C _Progress
377 179 0000F7F4 _SignedhexA
379 17A 0000F858 _SignedhexW
357 17B 0000F42F _StrcopyA
359 17C 0000F45C _StrcopyW
361 17D 0000F5D3 _StrlenA
363 17E 0000F5F5 _StrlenW
381 17F 0000F958 _Swapmem
48 180 00008D50 _Tempinfo
8 181 00002504 _Writetoini
1 182 00001059 __GetExceptDLLinfo
345 183 000EE1F4 ___CPPdebugHook
443 184 001BB464 _aqueue
420 185 001BA0F4 _arguments
410 186 001A4018 _asciicodepage
389 187 000EF230 _bincmd
450 188 001BC108 _bphard
448 189 001BBE58 _bpmem
447 18A 001BBBEC _bpoint
449 18B 001BC0C4 _bppage
416 18C 00168C88 _color
434 18D 001BAE7C _corexemain
408 18E 001647FC _cpufeatures
395 18F 0011D3B0 _crname
429 190 001BAE60 _dbgbreakpoint
428 191 001BAE5C _debugbreak
396 192 0011D3D0 _drname
419 193 001B9EEC _executable
415 194 00168A04 _fixfont
412 195 00165D4C _font
392 196 0011D330 _fpuname
418 197 0016C058 _hilite
404 198 00165CC8 _hollyinst
406 199 00165CD4 _hwclient
405 19A 00165CCC _hwollymain
409 19B 001BAE94 _ischild
430 19C 001BAE64 _kiuserexcept
436 19D 001BAE84 _kusershareddata
440 19E 001BAF48 _list
425 19F 001BAE54 _mainthreadid
445 1A0 001BB714 _memory
393 1A1 0011D370 _mmxname
442 1A2 001BB1F8 _module
421 1A3 001B99D4 _netdbg
433 1A4 001BAE70 _ntqueryinfo
401 1A5 00164C8C _ollydir
400 1A6 00164A84 _ollyfile
407 1A7 001BAD44 _ottable
452 1A8 001BC5E0 _patch
435 1A9 001BAE80 _peblock
403 1AA 001B9A1C _plugindir
441 1AB 001BB1B4 _premod
453 1AC 001BC84C _procdata
423 1AD 001BAE4C _process
424 1AE 001BAE50 _processid
390 1AF 0011D2B0 _regname
456 1B0 00165D30 _restorewinpos
438 1B1 001B151C _rtcond
439 1B2 001B915C _rtprot
426 1B3 001BAE98 _run
422 1B4 001B9380 _rundll
417 1B5 00168D18 _scheme
391 1B6 0011D310 _segname
399 1B7 0011D478 _sizeatt
398 1B8 0011D434 _sizekey
397 1B9 0011D3F0 _sizename
427 1BA 001BAF3C _skipsystembp
454 1BB 001BC890 _source
455 1BC 001BCAFC _srccode
394 1BD 0011D390 _ssename
413 1BE 0016850C _sysfont
402 1BF 001652A4 _systemdir
444 1C0 001BB4A8 _thread
414 1C1 00168788 _titlefont
411 1C2 001AE290 _tracefile
432 1C3 001BAE6C _uefilter
437 1C4 001BAE88 _userspacelimit
451 1C5 001BC374 _watch
446 1C6 001BB980 _win
431 1C7 001BAE68 _zwcontinue
Summary
10F000 .data
3000 .edata
3000 .idata
1000 .rdata
12000 .reloc
13D000 .rsrc
ED000 .text
1000 .tls