2007.9.21
1. revises Themida v1.9.x.x to examine OllyICE Anti, coordinates HideToolz then debugged the Themida v 1.9.3.0 before version’s Canadian shell procedure. Revision process:
　1) following character CPU, alters to the random character, like ICE.
　　000B2760 7273 0043 5055 202D 2000 5255 4E20 B8FA rs.CPU – .RUN.
　　000B2770 D7D9 2025 692E 20B2 BDBD F825 7320 B7B5. %i. ….%s.
　2) following character OllyICE, alters to the random character.
　　000C0890 004F 6C6C 7949 4345 0041 7267 756D 656E .OllyICE.Argumen
　　000C08A0 745B 2569 5D00 4172 6775 6D65 6E74 73 t[%i]. Arguments

2. revision quick key’s bug
Instruction:
push 401000
When revision according to Shift+ carriage return key, cannot jump to the code window in 401000 bug
================================================================================
2007.2.16
1. changed a OllyDBG kind of marking, some softwares will examine OD through this (under will be the OllyDBG master routines, 1212121 will be a kind of name).
000B6000 6E69 0049 434F 5F41 4141 4D41 494E 004D ni.ICO_AAAMAIN.M
000B6010 4149 4E4D 454E 5500 3132 3132 3132 3100 AINMENU.1212121.
2. optimized the quick key function related code, has removed small bug.
================================================================================
2006.11.30
cao_cong revised the sinicizing version thread demonstration mistake
(for details sees http://bbs.pediy.com/showthread.php?s=&threadid=35679)
================================================================================
2006.11.16
1. thanks dreaman to repair bug which the Findlabel, Findname, Findnextname three function processing string of character will overflow.
(for details sees: http://bbs.pediy.com/showthread.php?s=&threadid=33102)
2. improves the sprintf function to demonstrate certain floating numbers can collapse bug (above the Themida 1.8.2.0 edition uses this bug Anti-OD), here repair code directly quote heXer code.
(for details sees: http://bbs.pediy.com/showthread.php?s=&threadid=33621)
================================================================================
2006.10.15
Thanks DarkBul to inform SHIFT+F2 condition window demonstration bug and the repair.
when the OD counter-assembly window (or chooses according to SHIFT+F2 right key menu – > break point – > condition) changes the original condition break point, before the establishment condition break point’s dialog box the original condition, will add on a 0×14 byte.
================================================================================
2006.6.21
OllyICE.exe and OLLYDBG.EXE increase the practical quick key function
================================================================================
2006.2.8
1. cao_cong revised some sinicizing mistake.
2. Increases the binary duplication/binary system glue function for Ollydbg, the corresponding quick key is:
Ctrl+Shift+C binary system duplication
The Ctrl+Shift+V binary system sticks
================================================================================
2006.2.11
cao_cong revised some sinicizing mistake:
Originally several translators to not be able to guarantee that bug, used the blank space to fill guarantees the string position. Today, because detected demonstrated when the menu adds the blank space to be quite ugly, original sinicizing partial content restoration
For English, Chinese menu does transfers sinicizing, causes in the menu Chinese to demonstrate that looks like the comfortable spot.

Quick key order
In these quick key order first edition OllyDBG does not have, is OllyICE add-on comes up, believed that can enhance the operation greatly the conveniences.
1). Binary duplication/glue quick key
Counter-assembly window: Shift+C/Shift+V
Data window: Shift+C/Shift+V
Attention: When data window, Shift+V, does not need to choose the block size, will cut the plywood the data to glue completely.
2). Examines the data
push A480033 //, if presses the carriage return key, then in the data window demonstrates a480033 data, this line according to the Shift+ carriage return key, then jumps to a480033 address;
mov eax,401000 // this line presses the carriage return, then in the data window demonstrates 401000 data
mov eax,[401000] // this line presses the carriage return, then in the data window demonstrates 401000 data
mov [ebp-4], esp // this line presses the carriage return, then in the data window demonstrated that ebp-4 the value (pays attention to EIP to aim at current line)
mov eax, [esp+10]//this line presses the carriage return, then in the data window demonstrated that esp+10 the value (pays attention to EIP to aim at current line)
3). The data window examined that the data (originates from heXer)
Data window:
00406000 00 10 40 00 00 00 00 00 00 00 00 00 CA 2E 40 00. @ ………? @.
^
The cursor transfers to “00 10 40 00” first byte 00, according to the carriage return, the counter-assembly window demonstrates 401000; The Shift+ carriage return, the data window demonstrates 401000
4). The storehouse window (originates from heXer)
0012FF44 the 00401D8A // presses the carriage return, the counter-assembly window demonstrates 0401D8A; The Shift+ carriage return, the data window demonstrates 0401D8A
0012FF48 00000000
5). Data window selecting data demonstration
When cursor when data window migration, will demonstrate the cursor start address, the end address, as well as selected block size.
6). The data window cuts the code window
00406000 00 12 40 00 00 00 00 00 00 00 00 00 CA 2E 40 00. @ ………? @.
^
The cursor transfers to “00 12 40 00” first byte 00, according to Ctrl+ double click mouse, then the counter-assembly window demonstrated 00401200 start code
7). The counter-assembly window or the data window take the current address
Quick key: ctrl+X
For example:
004091C0 push ebp
004091C1 mov ebp, esp
004091C3 push -1 // this line presses quick key ctrl+X, duplicates address 004091C3 cuts in the plywood
Data window similar operation.
0040DD40 55 8B EC 83 EC 08 53 56 57 55 FC 8B 5D 0C 8B 45 U
The quick key order increases: kanxue
Thanks help which and prompt heXer, CoDe_Inject gives!

IntroductionOllyICE.EXE and OLLYDBG.EXE have simultaneously made the following revision:
1. window, kind of name and so on common revision;
2. formatted string of character crack [OutPutDebugString] patch;
3. refers to dyk158 ODbyDYK v1.10, disposes UDD, PLUGIN is the absolute way automatically;
4. refers to nbw ” OD to duplicate the BUG analysis and the revision ” an article, when revises from the memory area duplication data, sometimes will be unable all data to duplicate clipboard’s bug.
5. refers to ohuangkeo “not one of by OD analysis reasons and the patching method”, improved OD to distinguish the PE form ability slightly (possibly still to report the right and wrong PE document, but oneself might debug).
6. revises question which OllyScript.dll the plug-in unit bpwm order memory read-write interrupts.
7.jingulong Loaddll.exe, may facilitate lets OllDbg interrupt in the dll entrance.
8. thanks DarkBul to inform SHIFT+F2 condition window demonstration bug and the repair.
9. thanks dreaman to repair bug which the Findlabel, Findname, Findnextname three function processing string of character will overflow.
10. improves the sprintf function to demonstrate certain floating numbers can collapse bug, here repair code directly quote heXer code.
11. should repair the edition correction, coordinates the HideOD plug-in unit, may hide OD well.
12. additional practical quick key function
13.LOCKLOSE increased part API and the syntagma information

Attention: Hides OD tool HideToolz, compresses Bao Liji to provide, table of contents: \ tools \ HideToolz \ HideToolz.exe
The HideToolz use matters needing attention see OllyICE.chm.

Looks at the snow institute
Watches the snow software security forum

http://www.pediy.com

http; //bbs.pediy.com