July 08, 2007 - UDD files

Now OllyDbg 2 can save analysis data to the .udd files. Comparing to the previous version, they are very big - two to three times larger, mainly due to the register predictions. For almost every command I keep ESP and EBP relative to the entry point. Many modern compilers don't use standard stack frames; instead, they address all arguments and local data over ESP. Predictions allow to decode the meanings of ESP-related offsets. They are also very helpful when tracing the call stack.

It takes significant time to load such a huge amounts of data. First version took between 0.1 and 0.7 seconds per module. With full analysis of all modules requested (and this will be the default option), startup took several seconds on my Athlon 4000+. Now, after several days of deep optimizations, this time got three times shorter.

[培训]内核驱动高级班，冲击BAT一流互联网大厂工作，每周日13:00-18:00直播授课