Author: David Zimmer
Size: ~900k
MD5: F8D603E836FEFF8771BE6B9BADEEDCBC

iDBG is a Debugger Library packaged as an ActiveX Control which can be easily used from any COM aware language. Designed for the quick development of testing applications that require built in debugging or tracing functionality. iDbg is Open source and released under GPL license.

Sample code provided for VB6, PHP5, and C#.

Download  |  License 

Author: Pedram Amini
Size: ~323k
MD5: 03ACBB54380246CABA057841E8268840
Update Summary: Fixed bug that was causing the plug-in to hang

You may have noticed the ghosted "Heap" option under the "View" menu in OllyDBG. The feature is available only under Windows 95 based OSes and is supposed to display a list of allocated memory blocks. The Olly Heap Vis plug-in was written to provide this functionality and more on all modern Windows OSes such as Windows 2000, XP and 2003. The OllyDbg Heap Vis plug-in exposes the following functionality:

• View Heaps
• Search Heaps
• Jump to Heap Chunk
• Create Heap Visualization

More information, screenshots and source code are available in the bundled archive:
Screenshots: List  |   Visualize

Download  |  License 

Author: Richard Johnson
Size: 209 KB
MD5: F2112F6ED4309AEEC1AE80F394B55325

idastruct - ida structure recognition plugin

idastruct is an ida plugin which aims to assist reverse engineers in identifying high-level objects and structures in binary code.

idastruct utilizes the excellent x86 emulator plugin 'ida-x86emu' by Chris Eagle and Jermey Cooper as a basis for evaluating operand values and determining references within tracked boundaries.

This results in automated creation of IDA structures, enumeration or member references, and renaming of disassembly offsets to symbolic names corresponding to the newly created structures and members in the IDA database.

Download  |  License 

Author: Pedram Amini
Size: ~960k
MD5: 0621cfa79dc899eabbe671b924844cb1
Update Summary: Couple of bug fixes, see CHANGELOG.txt for details.

Process Stalking is a term coined to describe the combined process of run-time profiling, state mapping and tracing. Consisting of a series of tools and scripts the goal of a successful stalk is to provide the reverse engineer with an intuitive visual interface to filtered, meaningful, run-time block-level trace data.

The Process Stalker suite is broken into three main components; an IDA Pro plug-in, a stand alone tracing tool and a series of Python scripts for instrumenting intermediary and GML graph files. The generated GML graph definitions were designed for usage with a freely available interactive graph visualization tool.

Data instrumentation is accomplished through a series of Python utilities built on top of a fully documented custom API. Binaries, source code and in-depth documentation are available in the bundled archive. Relevant slideshows from Process Stalker presentations are available on the speaking engagements page. Binaries, source code and in-depth documentation are available in the bundled archive. The usage manual and Python API docs are also available online.

Screenshots: Trace Graph Close-up

Download  |  License 

Author: Pedram Amini
Size: ~160k
MD5: 94cb360d064b6ca76f5e06c0a7149b20
Update Summary: Bug fix in automatic breakpoint list loading.

OllyDBG has excellent breakpoint manipulation capabilities and can store breakpoint information across debugging sessions for the main module being debugged. However, there are some limitations to the available functionality which this plug-in attempts to address. The OllyDbg Breakpoint (BP) Manager plug-in was written to provide three main functions- breakpoint exporting, breakpoint importing and automatic breakpoint loading. Offsets are used in place of absolute addresses to support setting and restoring breakpoints on modules that move around in memory. More information, examples and source code are available in the bundled archive.

We encourage users to submit useful breakpoint sets they have created with OllyDbg Breakpoint Manager to us for credit and inclusion in future releases and on the release web site.

Download  |  License 

Author: Richard Johnson
Size: ~200k
MD5: ceb8465b010a871ffe5685d003eabaaa
Update Summary: Fixed missing library path (/lib/tls).

dltrace is a dynamic library call tracer which attempts to remain portable to all x86 platforms that support ELF binaries and expose a debugging interface via procfs or the ptrace() system call. The shared library call tracing is done at a level which allows calls to all symbols exported by loaded libraries to be traced. In addition, dltrace does not rely on rtld symbols to retrieve library and symbol information and is capable of determing function arguments dynamically via run-time disassembly.

Download  |  License