OllyStepNSearch v0.5.0 plugin
2006 Didier Stevens http://DidierStevens.com
This plugin allows you to search for a given text when automatically
stepping through the debugged program.
When the plugin is enabled, it will step automatically through the debugged
program once a step command (like step into) is issued.
Enabling the plugin is done with the “Toggle StepNSearch” menu command.
After enabling, press F7 to start.
After each step, the plugin will check which registers have changed.
If a changed register points to an ASCII string, it is logged.
If a search string has been defined and it is contained in the ASCII string
pointed to by the register, the stepping is paused. Comparison is case
sensitive.
A search string is defined by entering it with the “Break on string” menu
command. It is remembered in the OllyDbg INI file.
Entering an empty string disables the break on string command.
If the search string is not found, debugging is resumed. If the current address
is lower than the limit address (by default 0×10000000) a step into command is
issued. A step over command is issued if the current address is higher than the
limit address, or if the current command is a call/jump to an address higher
than the limit address.
The limit address can be changed in the OllyDbg INI file by setting the
StepIntoLimit entry.
Example: StepIntoLimit=0×70000000
Restarting the debugged program disables the plugin.
Debugging example:
- Load the program to be debugged.
- Start the “Break on string” menu command and enter P@ssw0rd
- Start the “Toggle StepNSearch” menu command
- Press F7 to start debugging
- The StepNSearch plugin will stop debugging when a registers points to
a string containing P@ssw0rd, like “The password is P@ssw0rd”
Download:
OllyStepNSearch.zip is hosted on OpenRCE.
MD5: bbb2f3ffb8c5b9427af77179b850fc56