NameChanger ver 1.0 – OllyDbg plugin

I recently returned to an idea of an OllyDbg plug-in which would provide functionality similar like in an IDA related with inter alia :changing name of functions or setting more readable form for global variables.
I think that the best way to present its adoption and functionality is to see it in an action:

[+]How to use it?
Let’s we say that we want to change a name of CALL from a default one represented by address to more readable for us. We choose a line in a disassembly window where interesting for us CALL is located:

next RMB and we choose Change value:

In visible below window we put proposed by us new name and then confirm it via an ENTER or a Set button:

Obtained effect looks as follows:

[+]Proposed uses
Below you can find probably all possible places in a disassembler where plug-in can be use:

==CALL==
004012D7   .  E8 EC110000      CALL Project2.004024C8
004012D7   .  E8 EC110000      CALL <Project2.some_call>

==JMP==
004012F5      E9 1E120000      JMP Project2.00402518
004012F5      E9 1E120000      JMP <Project2.some_jump>

==Global variable==
004012FC   .  A0 71304000      MOV AL,BYTE PTR DS:[403071]
004012FC   .  A0 71304000      MOV AL,BYTE PTR DS:[<g_variable>]

0040135F   .  FF35 7F304000    PUSH DWORD PTR DS:[40307F]
0040135F   .  FF35 7F304000    PUSH DWORD PTR DS:[<g_variable>]

(...)

Plug-in can be downloaded from here : NameChanger.zip
Of course all kind of constructive feedback is welcome 😉

This entry was posted in Aplikacja, RE and tagged , , . Bookmark the permalink.

Comments are closed.