DumpAddressColor (an OllyDbg 2 plugin)

Colorizes the double-words in the CPU dump of OllyDbg 2 by the following rules:
Red: an address to a code block of a module.
Magenta: an address to a non-code block of a module.
Yellow: an address to a non-module memory block.
Black: a handle of a window which belongs to the debuggee process.

The colors can be changed in the .ini file.

Limitations: double-words across rows are not processed.

zip dump_address_color.zip (5.38 kB)

Posted in Releases, Software at August 28th, 2015. No Comments.

DumpHistoryNavFixer (an OllyDbg 2 plugin)

This plugin fixes a minor, but annoying issue with the CPU dump history navigation on OllyDbg 2.

Without the plugin (clickable):

With the plugin (clickable):

zip dump_history_nav_fixer.zip (112.31 kB)

Posted in Releases, Software at August 28th, 2015. No Comments.

FollowImmediateConstant (an OllyDbg 2 plugin)

Adds the missing option to follow immediate constant in OllyDbg 2, just like in OllyDbg 1.10.

Screenshot (clickable):

zip follow_immediate_constant.zip (21.58 kB)

Posted in Software, Updates at August 28th, 2015. No Comments.

7+ Taskbar Tweaker v5.0, with Windows 10 support

After extensive alpha and beta testing, 7+ Taskbar Tweaker v5.0, the first stable version to support Windows 10, is available!

I want to thank everybody who supported the porting effort: Mike T, Fraser Ntukula, and other contributors.

Posted in Software, Updates at August 22nd, 2015. 23 Comments.

Getting brighter colors in Windows 10


(Top = before, bottom = after)

Windows 10 allows you to customize the taskbar and start menu colors, but it provides only a limited set of predefined colors. In addition, no matter which color you’ll pick, the taskbar will end up being dark. I searched, but haven’t found a straightforward way to have a bright taskbar on Windows 10. Fortunately, I have discovered that there’s an undocumented registry key which makes explorer use an alternative color calculation algorithm, which in turn produces brighter colors. You can see the difference in the example image above.

I wrote a quick application, Windows 10 Color Control, which allows you to modify the Windows 10 colors, and to get this alternative color calculation algorithm. The original Windows 10 calculation algorithm is referred to as the “New auto-color accent algorithm”, according to the undocumented registry value name.

Download

zip Windows 10 color control.zip (111.94 kB)
Read More…

Posted in Reverse Engineering at August 19th, 2015. 35 Comments.

Symbols on Demand (an OllyDbg plugin)

OllyDbg is able to use dbghelp.dll and symsrv.dll to show extended debug information, such as the module source code (if referenced by the debug information) or module symbols from a PDB file (which can be fetched from the Microsoft Symbol Server for system modules). The problem is that if you turn on this option, module loading becomes much slower. On the other hand, this information is very handy, so there’s a dilemma as of whether to turn it on.

The Symbols on Demand plugin provides the best of both worlds: it disables loading of this extended debug information by default, but allows to load it explicitly for any module, at any time. Using this approach, loading is still fast, but if you need to load extended debug information for a module, you can easily do that.

OllyDbg v1.10 and v2.01 are supported. For, OllyDbg v1.10, there’s additional functionality: you can set the symbols search path, which is set by default to SRV*.\Symbols*http://msdl.microsoft.com/download/symbols. You can also choose to retrieve undecorated symbol names. These options can be set in the INI file of OllyDbg, in the plugin’s section.

zip symbols_on_demand.zip (4.96 kB)

For your convenience, here are the dbghelp.dll and symsrv.dll files:

zip dbghelp_symsrv.zip (579.8 kB)

Posted in Releases, Software at August 8th, 2015. No Comments.

7+ Taskbar Tweaker for Windows 10: beta version

About a week ago, Windows 10 became generally available for updating. Today, I’m happy to present the beta version of 7+ Taskbar Tweaker, which is compatible with Windows 10. All the existing options should work, except the following advanced options: list_reverse_order and tray_icons_padding. These two options cannot be tweaked in Windows 10 using the same tricks that the tweaker used in earlier Windows versions, so they don’t work in Windows 10. I might look at reimplementing them for Windows 10 in the future.

Please try the beta version, and if you encounter any issues, please let me know.

Posted in Software, Updates at August 7th, 2015. 70 Comments.

Virtuoz virtual desktop utility

I’m happy to present Virtuoz, the virtual desktop utility.

Virtuoz was designed to be a minimal and robust program that allows to have more than one desktop on Windows. It was inspired by Sysinternals Desktops, but uses a different approach, which doesn’t impose the limitations which Desktops is bound to.

Download

zip Virtuoz.zip (348.41 kB)

Posted in Releases, Software at June 28th, 2015. 13 Comments.

Unchecky has been acquired by Reason Software Company

I’m happy to announce that Unchecky has been acquired by Reason Software Company Inc., the company behind Should I remove it? and herdProtect, and has been integrated into the new Reason security product, Reason Core Security.

The Reason Company has a vision similar to Unchecky, which aims to protect users from potentially unwanted programs and offers. Reason Core Security is a comprehensive anti-malware security suite, designed to keep the users safe from malware, as well as to prevent accidental installations of unwanted programs.

For existing Unchecky users, nothing will change: if you don’t need the power of Reason Core Security, you can continue to use Unchecky, which is not abandoned – it will continue to be developed as a standalone program as well as a Reason Core Security component.

I would like to thank everybody who supported Unchecky during its development, and I’m sure that it will become a part of a great product, which will provide a comprehensive solution to the problem of malware and potentially unwanted programs.

Posted in Software, Updates at April 14th, 2015. 19 Comments.

QuickAddressCopy (an OllyDbg v1.10 plugin)

This tiny plugin allows you to copy the address of the selected item/command/byte with the Ctrl+X keyboard shortcut.

Note that the plugin works only for OllyDbg v1.10. For OllyDbg v2, you can achieve the same with:
Options -> Edit shortcuts… (“Copy address” in “Dump: Edit”)

zip quick_address_copy.zip (1.6 kB)

Posted in Releases, Software at March 17th, 2015. No Comments.