├── README_first.md ├── Visualizing Binaries With Ollydbg.pdf ├── Visualizing Binaries With Ollydbg.zip ├── eip-trace.py ├── ollyvisscript.rtf └── parse_eip_trace.py /README_first.md: -------------------------------------------------------------------------------- 1 | ollydbg-binary-execution-visualizer 2 | =================================== 3 | 4 | Check the Visualizing Binaries With Ollydbg.pdf file for the full usage. 5 | 6 | find me : @\_\_obzy\_\_ 7 | -------------------------------------------------------------------------------- /Visualizing Binaries With Ollydbg.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ehabhussein/ollydbg-binary-execution-visualizer/c57fff7110701be05c2a9bb56ab4dc1e54771f77/Visualizing Binaries With Ollydbg.pdf -------------------------------------------------------------------------------- /Visualizing Binaries With Ollydbg.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ehabhussein/ollydbg-binary-execution-visualizer/c57fff7110701be05c2a9bb56ab4dc1e54771f77/Visualizing Binaries With Ollydbg.zip -------------------------------------------------------------------------------- /eip-trace.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | import pygraphviz as pgv 4 | from sys import argv,exit 5 | 6 | if len(argv) < 2: 7 | print """ 8 | usage: 9 | python eip-tracer.py nodes.txt graph-layout output.ext length-of-nodes-apart 10 | 11 | graph layout: 12 | dot 13 | "hierarchical" or layered drawings of directed graphs. This is the default tool to use if edges have directionality. 14 | 15 | neato 16 | "spring model'' layouts. This is the default tool to use if the graph is not too large (about 100 nodes) and you don't know anything else about it. Neato attempts to minimize a global energy function, which is equivalent to statistical multi-dimensional scaling. 17 | 18 | fdp 19 | "spring model'' layouts similar to those of neato, but does this by reducing forces rather than working with energy. 20 | 21 | sfdp 22 | multiscale version of fdp for the layout of large graphs. 23 | 24 | twopi 25 | radial layouts, after Graham Wills 97. Nodes are placed on concentric circles depending their distance from a given root node. 26 | 27 | circo 28 | circular layout, after Six and Tollis 99, Kauffman and Wiese 02. This is suitable for certain diagrams of multiple cyclic structures, such as certain telecommunications networks. 29 | 30 | 31 | Extensions 32 | 33 | canon cmap cmapx cmapx_np dot eps fig gd gd2 gif gv imap imap_np ismap jpe jpeg jpg pdf plain plain-ext png ps ps2 svg svgz tk vml vmlz vrml wbmp x11 xdot xlib 34 | 35 | length of nodes apart 36 | 0 to 10 (prefered 3) 37 | 38 | """ 39 | exit() 40 | 41 | arr = [] 42 | arr.append("START") 43 | G = pgv.AGraph(strict=False,directed=True) 44 | for i,j in enumerate(open(argv[1],'r').xreadlines()): 45 | 46 | arr.append(j.strip()) 47 | #G.add_edge() 48 | #G.add_edge("START",arr[0]) 49 | for i,j in enumerate(arr): 50 | try: 51 | G.add_edge(arr[i],arr[i+1],taillabel=i) 52 | except IndexError: 53 | G.add_edge(arr[i],"END") 54 | G.graph_attr['label']='Ollydbg Binary visualizer' 55 | G.node_attr['shape']='square' 56 | G.node_attr['color']='orange' 57 | #G.graph_attr['concentrate']='true' 58 | G.edge_attr['len']=argv[4] 59 | #G.graph_attr['nojustify']='true' 60 | #G.layout() 61 | G.layout(prog=argv[2]) 62 | #G.draw('done2.png') 63 | G.draw(argv[3]) 64 | 65 | -------------------------------------------------------------------------------- /ollyvisscript.rtf: -------------------------------------------------------------------------------- 1 | {\rtf1\ansi\ansicpg1252\cocoartf1187\cocoasubrtf370 2 | {\fonttbl\f0\fswiss\fcharset0 Helvetica;} 3 | {\colortbl;\red255\green255\blue255;} 4 | \margl1440\margr1440\vieww10800\viewh8400\viewkind0 5 | \pard\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\pardirnatural 6 | 7 | \f0\fs24 \cf0 var x\ 8 | start:\ 9 | mov x, eip\ 10 | cmp 7c000000, x\ 11 | ja bypass\ 12 | Log eip\ 13 | sti\ 14 | jmp start\ 15 | \ 16 | bypass:\ 17 | sto\ 18 | jmp start} -------------------------------------------------------------------------------- /parse_eip_trace.py: -------------------------------------------------------------------------------- 1 | x = open("crack_vis.txt","r") 2 | y = open("crack_vis_parsed.txt","w") 3 | for i in x.xreadlines(): 4 | if "eip" not in i: 5 | pass 6 | else: 7 | print>>y, i.strip().replace("eip: ","").split()[0] 8 | y.close() 9 | --------------------------------------------------------------------------------