And this is my contribution: http://www.didierstevens.com/files/software/OllyStepNSearch_V0_6_1.zip
This plugin allows you to search for a given text when automatically stepping through the debugged program.
When the plugin is enabled, it will step automatically through the debugged program once a step command (like Step Into) is issued. Enabling the plugin is done with the “Options” menu command.
After enabling, press F7 to start.
After each step, the plugin will check which registers have changed. If a changed register points to an ASCII string, it is logged. If a search string has been defined and it is contained in the ASCII string pointed to by the register or the Information pane, the stepping is paused. Comparison is case sensitive.
A search string is defined by entering it with the “Options” menu command. It is remembered in the OllyDbg INI file. Entering an empty string disables the break on string command. OllyStepNSearch can search in strings pointed to by registers (search in registers toggle) and it can search in the Information pane of the CPU window (search in information toggle). Read the “Information window” help section of the OllyDbg v1.10 help file if you’re not familiar with the Information pane.
If the search string is not found, debugging is resumed. If the current address is lower than the limit address (by default 0×10000000) a step into command is issued. A step over command is issued if the current address is higher than the limit address, or if the current command is a call/jump to an address higher than the limit address. The limit address can be changed in the Options dialog.
The plugin can be disabled automatically when the search string is found (Disable after break toggle). I added this option because I usually want to single step after finding the search string, but often forgot to disable the plugin before single stepping.
Restarting the debugged program disables the plugin.
Debugging example:
Start OllyDbg and load the ftp.exe program (in system32 directory) Start the OllyStepNSearch plugin “Options” menu command Enter “google” as Search string (without the double quotes, of course) Enable StepNSearch Click OK Press F7 to start debugging Go to the FTP window and type “open google.com” and press enter The StepNSearch plugin will stop debugging when a register points to a string containing google. On my Windows XP SP2, this happens when EAX points to “open google.com”. You can continue with F7 and see how ftp.exe parses the “open google.com” command
