New Tool for Visualizing Binaries With Ollydbg and Graphvis released
Sometimes crackme’s or something you might be reversing will constantly bug you due to the excessive usage of f7 & f8. It will be quiet neat if you can see how the application is executing visually and set your break points accordingly.
Requirements:
o Ollyscript plugin
o Bunch of your favorite anti-‐debug plugins (phantom , ollyadvanced, …etc) o Pygraphviz
o Graphviz
o Python 2.7
Approach:
- Create an ollyscript that will do the following
o Log all EIP for main application
o Disregard to log calls to kernel32 , ntdll & addresses which are above7C000000 using step over not step into include more addresses to
exclude if needed later for other system dll’s 77000000 … etc. o Save EIP Logs to file
- Parse the log file
- Feed it into pygraphviz
- Export to png
- Visualize & note needed breakpoints.
- Re-‐run the app setting above breakpoints.
[button size=medium style=round color=gray align=none url=https://github.com/ehabhussein/ollydbg-binary-execution-visualizer]Download[/button]
Submitted by Ehab Hussein (ehab@egyptsgovernment.com)