命令历史[Command history]
OllyDbg keeps track of up to 1000 last commands displayed in Disassembler window. Each time the debugged program stops on breakpoint or exception, or you step next command, or follow address of jump or call, or simply press Return, OllyDbg adds current address together with thread identifier to the command history. If run trace is inactive, you can navigate through the history by pressing buttons '+' and '-'.
There is also similar data history in CPU Dump.
$#K备份功能[Backup functions]
Disassembler, CPU Dump and all Dump windows can create backup copy of displayed memory block.
Disassembler and CPU Dump create global shared backups. They do it automatically if you modify code or data. Each memory block can have only one global backup. Once created, global backups persist as long as original memory block. Patch manager uses global backups to create list of patches.
Standalone Dump windows create local private backups on your request. When you close Dump window or switch to another memory block, this backup is destroyed. If you have several Dump windows displaying same memory area, their backups are independent.
If backup is available, OllyDbg highlights differences between backup copy and original data. To copy piece of data from backup to original (?undo"), select this piece and choose Undo selection from the pop-up menu, or press Alt+BkSpc.
One can also write backup to file and load it again. This allows to spy differences between the different runs of debugged program. By choosing Search for|Modified command or Search for|Modified data you can quickly find all differences between backup and original.
Following backup functions are available:
View backup - view backup instead of original data. If window displays backup, all its functionality is disabled. If bar is visible, you can press button ?Address" instead.
View actual data - view original data instead of backup. If bar is visible, you can press button ?Backup" instead.
Create backup,
Update backup - creates new or updates existing backup.
Delete backup - destroys backup.
Load backup from file - loads backup from file. OllyDbg warns you if size of backup differs from the size of the dump.
Save backup to file - saves backup to file. Default name for memory backup has form MODULE_XXXXXXXX.mem, where MODULE is the short name of the module (or empty if memory block belongs to no module) and XXXXXXXX is the hexadecimal memory base. For file backup, default name is the name of the original file.
Save data to file - saves original data to file.
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法
