Symbols on Demand (an OllyDbg plugin)

OllyDbg is able to use dbghelp.dll and symsrv.dll to show extended debug information, such as the module source code (if referenced by the debug information) or module symbols from a PDB file (which can be fetched from the Microsoft Symbol Server for system modules). The problem is that if you turn on this option, module loading becomes much slower. On the other hand, this information is very handy, so there’s a dilemma as of whether to turn it on.

The Symbols on Demand plugin provides the best of both worlds: it disables loading of this extended debug information by default, but allows to load it explicitly for any module, at any time. Using this approach, loading is still fast, but if you need to load extended debug information for a module, you can easily do that.

OllyDbg v1.10 and v2.01 are supported. For, OllyDbg v1.10, there’s additional functionality: you can set the symbols search path, which is set by default to SRV*.\Symbols*http://msdl.microsoft.com/download/symbols. You can also choose to retrieve undecorated symbol names. These options can be set in the INI file of OllyDbg, in the plugin’s section.

zip symbols_on_demand.zip (4.96 kB)

For your convenience, here are the dbghelp.dll and symsrv.dll files:

zip dbghelp_symsrv.zip (579.8 kB)

Posted in Releases, Software by RaMMicHaeL at August 8th, 2015.
Tags: ,

9 Responses to “Symbols on Demand (an OllyDbg plugin)”

  1. Name (required) says:

    dbghelp_symsrv.zip
    First combo of dll I found that actually works. And I do have Visual Studio and Win debug tools and like 20 symsrv dlls around.
    Big thanks, man! As for the OnDemand plug!
    Great stuff. Also, huge thanks for the Multiline Asm! The pain I’d be in if I had to inline stuff by hand.
    You rock.

  2. NicePlugin says:

    I put the plugin dll into my olly v1.10 folder and the dbghelp/symsrv dlls in the plugin folder too. But when i try to load symbols for an executable that uses ntdll calls, it doesn’t resolve symbols and says “No symbols were loaded for Exe.exe…”

    Am i doing something wrong ?

    • RaMMicHaeL says:

      and the dbghelp/symsrv dlls in the plugin folder too

      These should go to the main folder, together with ollydbg.exe.

      • NicePlugin says:

        I’ve copied the dbghelp/syssrv dlls to the same folder as ollydbg’s and still get the message “No symbols were loaded for ntdll” for example

        • RaMMicHaeL says:

          Upload your ollydbg folder as a zip file, and I’ll look at it.

          • NicePlugin says:

            Sorry for not replying, i forgot to check for an answer.

            Anyway i happened to use a custom version of ollydbg previously(Legend of rand0m’s version) and had a few problems with it. So decided to get a fresh ollydbg 1.10 version. And to day i tried your plugin on it and now it says loaded symbols successfully.

            Just a question though : I’ve tried using x64dbg and it recognizes function names (for instance DirectX function) whereas in ollydbg it says apphelp.XXXXXX (XXXXXX being the address within apphelp module) for the same instruction, is this a symbol issue ?

  3. Neo85 says:

    Nice plugin thx 🙂

Leave a Reply