Dropped.Application.Keylogger.Ardamax.Gen_0bdd03e344

HEUR:Trojan.Win32.Generic (Kaspersky), Dropped:Application.Keylogger.Ardamax.Gen (AdAware), Trojan.Win32.Bumat.FD, TrojanDropperVtimrun.YR (Lavasoft MAS)Behaviour: Trojan-Dropper, Keylogger, Trojan

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

;2rj|B

;2rj|B

F\.ih0&D

F\.ih0&D

2y%z%se

2y%z%se

%C|lv

%C|lv

^Uy&ftpz

^Uy&ftpz

.XI82

.XI82

.pUG#

.pUG#

Ie.le

Ie.le

.ub6[&R

.ub6[&R

4.RBj

4.RBj

:%FtM

:%FtM

z"n.qQ

z"n.qQ

~i.QC

~i.QC

.AI.@

.AI.@

aC.QL

aC.QL

.Th j

.Th j

.BVF%

.BVF%

%~}3

%~}3

BZ.jW

BZ.jW

8.Isg

8.Isg

25517*25

25517*25

F.nVWEG.r^

F.nVWEG.r^

Rbb%%Xd

Rbb%%Xd

<.fdelx>

<.fdelx>

$tB.RD"

$tB.RD"

Sw^.RT

Sw^.RT

dV%U7

dV%U7

\dÇ

\dÇ

.eI3g

.eI3g

fU>8.sp

fU>8.sp

.XfCH

.XfCH

%dXi.

%dXi.

c`P%CV4Z

c`P%CV4Z

5CCY

5CCY

pY.cOr

pY.cOr

.Yt^Cd

.Yt^Cd

4z.jw

4z.jw

/7L%c

/7L%c

aa%xjU

aa%xjU

4,4,4,4,6,3

4,4,4,4,6,3

%Xo!2

%Xo!2

q.qf;

q.qf;

c1c%c

c1c%c

f%f-fcfKf{f

f%f-fcfKf{f

H|.JD

H|.JD

%dLrt

%dLrt

.tv1_>

.tv1_>

o.rV0S

o.rV0S

;.pvT]U

;.pvT]U

PX%0u

PX%0u

%Cw>K

%Cw>K

OE.hY

OE.hY

KvRh%CNR4

KvRh%CNR4

JWmn%d

JWmn%d

{;9];

{;9];

ff4C

ff4C

.jOb

.jOb

%sldzf

%sldzf

%u'aZ

%u'aZ

Õ#f

Õ#f

a.qG/

a.qG/

G:=.kE

G:=.kE

g.oo[

g.oo[

l.pd{

l.pd{

.dQ /`U

.dQ /`U

U %S}C?6

U %S}C?6

K.grr

K.grr

tB%c[$Y

tB%c[$Y

Nl%csO

Nl%csO

.Ti5i

.Ti5i

p2c%D

p2c%D

OV8.IO

OV8.IO

O%uJ44

O%uJ44

vrexE

vrexE

%x{Le2

%x{Le2

Ad.xn

Ad.xn

D.zb

D.zb

Z;.GQ

Z;.GQ

QA7.nV

QA7.nV

8.uQ1

8.uQ1

}UW.OF]

}UW.OF]

%s~ZT

%s~ZT

ô

ô

.DUt%

.DUt%

"OLLYDBG.EXE"

"OLLYDBG.EXE"

"Install.exe"

"Install.exe"

wextract.manifest

wextract.manifest

Manifest to support IExpress WExtract.exe.

Manifest to support IExpress WExtract.exe.

version="1.0.0.0"

version="1.0.0.0"

name="Microsoft.Windows.Common-Controls"

name="Microsoft.Windows.Common-Controls"

version="6.0.0.0"

version="6.0.0.0"

publicKeyToken="6595b64144ccf1df"

publicKeyToken="6595b64144ccf1df"

00F0x0

00F0x0

Kernel32.dll

Kernel32.dll

Please read the following license agreement. Press the PAGE DOWN key to see the rest of the agreement.

Please read the following license agreement. Press the PAGE DOWN key to see the rest of the agreement.

CFailed to get disk space information from: %s.

CFailed to get disk space information from: %s.

System Message: %s.&A required resource cannot be located. Are you sure you want to cancel?

System Message: %s.&A required resource cannot be located. Are you sure you want to cancel?

8Unable to retrieve operating system version information.!Memory allocation request failed.

8Unable to retrieve operating system version information.!Memory allocation request failed.

Filetable full.Ên not change to destination folder.

Filetable full.Ên not change to destination folder.

Setup could not find a drive with %s KB free disk space to install the program. Please free up some space first and press RETRY or press CANCEL to exit setup.KThat folder is invalid. Please make sure the folder exists and is writable.IYou must specify a folder with fully qualified pathname or choose Cancel.!Could not update folder edit box.5Could not load functions required for browser dialog.7Could not load Shell32.dll required for browser dialog.

Setup could not find a drive with %s KB free disk space to install the program. Please free up some space first and press RETRY or press CANCEL to exit setup.KThat folder is invalid. Please make sure the folder exists and is writable.IYou must specify a folder with fully qualified pathname or choose Cancel.!Could not update folder edit box.5Could not load functions required for browser dialog.7Could not load Shell32.dll required for browser dialog.

(Error creating process . Reason: %s1The cluster size in this system is not supported.,A required resource appears to be corrupted.QWindows 95 or Windows NT 4.0 Beta 2 or greater is required for this installation.

(Error creating process . Reason: %s1The cluster size in this system is not supported.,A required resource appears to be corrupted.QWindows 95 or Windows NT 4.0 Beta 2 or greater is required for this installation.

Error loading %shGetProcAddress() failed on function '%s'. Possible reason: incorrect version of advpack.dll being used./Windows 95 or Windows NT is required to install

Error loading %shGetProcAddress() failed on function '%s'. Possible reason: incorrect version of advpack.dll being used./Windows 95 or Windows NT is required to install

Could not create folder '%s'

Could not create folder '%s'

To install this program, you need %s KB disk space on drive %s. It is recommended that you free up the required disk space before you continue.

To install this program, you need %s KB disk space on drive %s. It is recommended that you free up the required disk space before you continue.

Error retrieving Windows folder

Error retrieving Windows folder

$NT Shutdown: OpenProcessToken error.)NT Shutdown: AdjustTokenPrivileges error.!NT Shutdown: ExitWindowsEx error.}Extracting file failed. It is most likely caused by low memory (low disk space for swapping file) or corrupted Cabinet file.aThe setup program could not retrieve the volume information for drive (%s) .

$NT Shutdown: OpenProcessToken error.)NT Shutdown: AdjustTokenPrivileges error.!NT Shutdown: ExitWindowsEx error.}Extracting file failed. It is most likely caused by low memory (low disk space for swapping file) or corrupted Cabinet file.aThe setup program could not retrieve the volume information for drive (%s) .

System message: %s.xSetup could not find a drive with %s KB free disk space to install the program. Please free up some space and try again.eThe installation program appears to be damaged or corrupted. Contact the vendor of this application.

System message: %s.xSetup could not find a drive with %s KB free disk space to install the program. Please free up some space and try again.eThe installation program appears to be damaged or corrupted. Contact the vendor of this application.

/C: -- Override Install Command defined by author.

/C: -- Override Install Command defined by author.

eAnother copy of the '%s' package is already running on your system. Do you want to run another copy?

eAnother copy of the '%s' package is already running on your system. Do you want to run another copy?

Could not find the file: %s.

Could not find the file: %s.

:The folder '%s' does not exist. Do you want to create it?hAnother copy of the '%s' package is already running on your system. You can only run one copy at a time.OThe '%s' package is not compatible with the version of Windows you are running.SThe '%s' package is not compatible with the version of the file: %s on your system.

:The folder '%s' does not exist. Do you want to create it?hAnother copy of the '%s' package is already running on your system. You can only run one copy at a time.OThe '%s' package is not compatible with the version of Windows you are running.SThe '%s' package is not compatible with the version of the file: %s on your system.

8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

WEXTRACT.EXE

WEXTRACT.EXE

Windows

Windows

8.00.6001.18702

8.00.6001.18702

OLLYDBG.EXE_608:

.text

.text

`.data

`.data

.rdata

.rdata

P.idata

P.idata

@.edata

@.edata

@.rsrc

@.rsrc

@.reloc

@.reloc

032010/.-, **)('&%$#"#"!

032010/.-, **)('&%$#"#"!

t.HtXH

t.HtXH

%u8F3

%u8F3

FPU registers have indexes 0 to 7

FPU registers have indexes 0 to 7

Unknown import name

Unknown import name

Too long import name

Too long import name

Unterminated import name

Unterminated import name

Sorry, 16-bit addressing is not supported

Sorry, 16-bit addressing is not supported

Unrecognized operand

Unrecognized operand

Unsupported size of floating constant

Unsupported size of floating constant

REP %s

REP %s

REPE %s

REPE %s

REPNE %s

REPNE %s

Extra input after operand

Extra input after operand

Too few operands

Too few operands

Too many operands

Too many operands

Command does not support given operands

Command does not support given operands

Wrong number of operands

Wrong number of operands

Please specify operand size

Please specify operand size

Bad operand size

Bad operand size

Different size of operands

Different size of operands

Constant does not fit into operand

Constant does not fit into operand

Relative jump out of range, use %s LONG form

Relative jump out of range, use %s LONG form

Unary operation not supported for this data type

Unary operation not supported for this data type

Unsupported size declaration

Unsupported size declaration

Left operand of IN must be integer

Left operand of IN must be integer

Operation is not supported for these data types

Operation is not supported for these data types

Port I/O

Port I/O

Loading function descriptions from '%.*s.arg'

Loading function descriptions from '%.*s.arg'

EXPORT

EXPORT

Too many keys

Too many keys

Unknown keyword

Unknown keyword

Line %i: %s in

Line %i: %s in

Writing compiled function descriptions to 'known.bin'

Writing compiled function descriptions to 'known.bin'

known.bin

known.bin

%s.%.*s

%s.%.*s

%.*s.X

%.*s.X

X,

X,

X ???

X ???

%s %s

%s %s

hw = %X

hw = %X

("%s")

("%s")

(class="%s")

(class="%s")

X {%i.,%i.,%i.,%i.}

X {%i.,%i.,%i.,%i.}

'%s',

'%s',

class='%s',

class='%s',

wndproc=X,

wndproc=X,

parent=X

parent=X

Processing string data from '%.*s.dat'

Processing string data from '%.*s.dat'

Line %i: %s

Line %i: %s

Unable to create output file 'loaddll.bin'

Unable to create output file 'loaddll.bin'

('%c')

('%c')

%s X

%s X

,X

,X

CHAR '%c'

CHAR '%c'

XX

XX

1/(2**1/3)

1/(2**1/3)

CONST %s

CONST %s

CONST -%s

CONST -%s

%s=lX (decimal %lu.)

%s=lX (decimal %lu.)

%s=lX (decimal %lu.)

%s=lX (decimal %lu.)

%s=X

%s=X

%s=lX

%s=lX

%s.%.*s

%s.%.*s

%s=lX

%s=lX

%s(%i)

%s(%i)

%s=

%s=

XMMWORD %s

XMMWORD %s

%s %s

%s %s

(%i-BYTE) %s

(%i-BYTE) %s

X:

X:

lX=%s

lX=%s

%s X:X

%s X:X

%s X:X

%s X:X

%s=X

%s=X

(%s-bit, base %lX, size %lX)

(%s-bit, base %lX, size %lX)

%s=X

%s=X

Return to X:X

Return to X:X

Return to X (%.*s)

Return to X (%.*s)

Return to X

Return to X

X (O%i D%i T%i S%i Z%i A%i P%i C%i)

X (O%i D%i T%i S%i Z%i A%i P%i C%i)

AH=X

AH=X

FL=X

FL=X

X:

X:

PREFIX %s:

PREFIX %s:

ATTENTION, %s!

ATTENTION, %s!

Unaligned stack operation

Unaligned stack operation

Unable to restore access to memory block %s

Unable to restore access to memory block %s

OllyDbg is unable to activate memory breakpoint on address range %s. Breakpoint is completely removed.

OllyDbg is unable to activate memory breakpoint on address range %s. Breakpoint is completely removed.

OllyDbg is unable to activate memory breakpoint on the whole specified address range (%s). Breakpoint is reduced to range lX..lX.

OllyDbg is unable to activate memory breakpoint on the whole specified address range (%s). Breakpoint is reduced to range lX..lX.

You are going to set memory breakpoint in system area. This breakpoint may freeze Windows or cause system crash. Do you really want to set this breakpoint?

You are going to set memory breakpoint in system area. This breakpoint may freeze Windows or cause system crash. Do you really want to set this breakpoint?

You are going to set memory breakpoint on resource. This breakpoint, when hit within system DLL, may freeze Windows or cause system crash. Do you really want to set this breakpoint?

You are going to set memory breakpoint on resource. This breakpoint, when hit within system DLL, may freeze Windows or cause system crash. Do you really want to set this breakpoint?

You are going to set memory breakpoint on stack. This doesn't work on Win95-based operating systems.

You are going to set memory breakpoint on stack. This doesn't work on Win95-based operating systems.

Corrupted breakpoint, in memory: X, old command: X

Corrupted breakpoint, in memory: X, old command: X

OllyDbg set byte at address X to X (code of command INT3, used as breakpoint). Now this byte contains its original value X. Probably you are debugging self-modified code or set breakpoint on data.

OllyDbg set byte at address X to X (code of command INT3, used as breakpoint). Now this byte contains its original value X. Probably you are debugging self-modified code or set breakpoint on data.

OllyDbg set byte at address X to X (code of command INT3, used as breakpoint). Now this byte contains X. Do you want to keep modified command? (If you answer 'No', old code X will be restored).

OllyDbg set byte at address X to X (code of command INT3, used as breakpoint). Now this byte contains X. Do you want to keep modified command? (If you answer 'No', old code X will be restored).

It looks like you are trying to set breakpoint in the middle of some command or data. If this is really the case, such breakpoint will not execute and may have disastrous influence on the debugged program. Do you really want to set breakpoint here?

It looks like you are trying to set breakpoint in the middle of some command or data. If this is really the case, such breakpoint will not execute and may have disastrous influence on the debugged program. Do you really want to set breakpoint here?

It looks like you are trying to set breakpoint on the data. If this is really the case, such breakpoint will not execute and may have disastrous influence on the debugged program. Do you really want to set breakpoint here?

It looks like you are trying to set breakpoint on the data. If this is really the case, such breakpoint will not execute and may have disastrous influence on the debugged program. Do you really want to set breakpoint here?

You want to place breakpoint outside the code section. INT3 breakpoint set on data will not execute and may have disastrous influence on the debugged program. Do you really want to set breakpoint here?

You want to place breakpoint outside the code section. INT3 breakpoint set on data will not execute and may have disastrous influence on the debugged program. Do you really want to set breakpoint here?

%s condition at

%s condition at

when %s

when %s

When %s

When %s

, inactive condition %s

, inactive condition %s

%sass count=%u.

%sass count=%u.

Change condition at X

Change condition at X

OllyDbg set byte at address X to X (code of command INT3, used as breakpoint). Now this byte contains X. (Original code contained X). Probably you are debugging self-modified code or set breakpoint on data.

OllyDbg set byte at address X to X (code of command INT3, used as breakpoint). Now this byte contains X. (Original code contained X). Probably you are debugging self-modified code or set breakpoint on data.

CPU subwindows

CPU subwindows

Run trace %i. step%s back

Run trace %i. step%s back

%smodule %.*s

%smodule %.*s

%s %s at X

%s %s at X

The byte you are pointing at lies outside the executable code of any known module. Invalid EIP may have disastrous effects on the debugged program. Do you still want to change origin?

The byte you are pointing at lies outside the executable code of any known module. Invalid EIP may have disastrous effects on the debugged program. Do you still want to change origin?

Edit code at X

Edit code at X

&Hardware, on execution

&Hardware, on execution

Case %s

Case %s

Call DLL export

Call DLL export

Copy to executable

Copy to executable

Modify %s at X

Modify %s at X

Modify float at X

Modify float at X

Modify MMX data at X

Modify MMX data at X

Modify 3DNow! data at X

Modify 3DNow! data at X

Modify SSE data at X

Modify SSE data at X

Unable to locate data in executable file

Unable to locate data in executable file

OS will adjust fixups, thus modifying your code. Were you not carefull enough, this may have disastrous effects on the debugged program. Do you still want to update executable file?

OS will adjust fixups, thus modifying your code. Were you not carefull enough, this may have disastrous effects on the debugged program. Do you still want to update executable file?

Copy selection to executable file?

Copy selection to executable file?

%s label at X

%s label at X

Modify stack at X

Modify stack at X

Edit stack at X

Edit stack at X

Modify %s

Modify %s

Modify %s as 3DNow!

Modify %s as 3DNow!

%.3s X

%.3s X

EIP X

EIP X

%.1s %c %.2s X

%.1s %c %.2s X

%s %lX(%lX)

%s %lX(%lX)

%.1s %c

%.1s %c

LastErr %s (lX)

LastErr %s (lX)

EFL X (

EFL X (

FST X Cond %i %i %i %i Err %i %i %i %i %i %i %i %i

FST X Cond %i %i %i %i Err %i %i %i %i %i %i %i %i

FCW X

FCW X

s, s

s, s

DR%i X

DR%i X

??? , ??? , ??? , ???

??? , ??? , ??? , ???

s,

s,

MXCSR X %i %4.4s %i %i %i %i %i %i %i %i %i %i %i %i %i

MXCSR X %i %4.4s %i %i %i %i %i %i %i %i %i %i %i %i %i

%s,%s

%s,%s

%s - %s

%s - %s

Open 32-bit executable

Open 32-bit executable

.exe|.dll

.exe|.dll

ollydbg.hlp

ollydbg.hlp

Open new executable (F3)

Open new executable (F3)

Pause execution (F12)

Pause execution (F12)

WINDOWS

WINDOWS

Show windows

Show windows

.exe;*.dll|.obj;*.lib

.exe;*.dll|.obj;*.lib

.c;*.cpp;*.h;*.hpp;*.asm;*.pas|.c;*.cpp|.h;*.hpp|.asm|.pas|.txt|.bak

.c;*.cpp;*.h;*.hpp;*.asm;*.pas|.c;*.cpp|.h;*.hpp|.asm|.pas|.txt|.bak

COND: %s

COND: %s

Entry point of %s

Entry point of %s

DebugBreak called from X

DebugBreak called from X

$use Shift F7/F8/F9 to pass exception to program

$use Shift F7/F8/F9 to pass exception to program

Memory breakpoint when executing [lX]

Memory breakpoint when executing [lX]

read=X

read=X

write=X

write=X

Access violation when %s [lX]%s

Access violation when %s [lX]%s

Access violation%s

Access violation%s

Break-on-access when %s [lX]

Break-on-access when %s [lX]

Array bounds exceeded%s

Array bounds exceeded%s

Denormalized floating-point operand%s

Denormalized floating-point operand%s

Floating-point division by zero%s

Floating-point division by zero%s

Inexact floating-point result%s

Inexact floating-point result%s

Invalid floating-point operation%s

Invalid floating-point operation%s

Floating-point overflow%s

Floating-point overflow%s

FPU stack error%s

FPU stack error%s

Floating-point underflow%s

Floating-point underflow%s

Integer division by zero%s

Integer division by zero%s

Integer overflow%s

Integer overflow%s

Privileged instruction%s

Privileged instruction%s

Illegal instruction%s

Illegal instruction%s

Exception is not continuable%s

Exception is not continuable%s

Stack overflow%s

Stack overflow%s

Exception X%s

Exception X%s

Exception X (%s)%s

Exception X (%s)%s

New thread with ID X created

New thread with ID X created

New process with ID X created

New process with ID X created

Main thread with ID X created

Main thread with ID X created

Thread X terminated, exit code %X

Thread X terminated, exit code %X

Thread X terminated, exit code %X (%i.)

Thread X terminated, exit code %X (%i.)

Break on thread X termination

Break on thread X termination

Thread X terminated, trace stopped

Thread X terminated, trace stopped

LOADDLL.EXE: %s

LOADDLL.EXE: %s

LOADDLL terminated: %s

LOADDLL terminated: %s

LOADDLL terminated, exit code %X

LOADDLL terminated, exit code %X

Process terminated, exit code %X

Process terminated, exit code %X

Process terminated, exit code %X (%i.)

Process terminated, exit code %X (%i.)

In order to perform action that is not supported by OS, OllyDbg has injected short piece of code into the debugged application, but received no response within 5 seconds. Do you want to wait for another 5 seconds? (If you answer No, the consistency and stability of program is not guaranteed and you should restart it as soon as possible).

In order to perform action that is not supported by OS, OllyDbg has injected short piece of code into the debugged application, but received no response within 5 seconds. Do you want to wait for another 5 seconds? (If you answer No, the consistency and stability of program is not guaranteed and you should restart it as soon as possible).

Unexpected event X in injected code. Debugged program may get unstable, please reload it as soon as possible.

Unexpected event X in injected code. Debugged program may get unstable, please reload it as soon as possible.

Unexpected exception X in injected code. Debugged program may get unstable, please reload it as soon as possible.

Unexpected exception X in injected code. Debugged program may get unstable, please reload it as soon as possible.

%s Do you REALLY want to execute this code at address X?

%s Do you REALLY want to execute this code at address X?

Don't know how to step because memory at address X is not readable. Try to change EIP or pass exception to program.

Don't know how to step because memory at address X is not readable. Try to change EIP or pass exception to program.

Don't know how to step over command at address X. Try to step in, run, change EIP or pass exception to program.

Don't know how to step over command at address X. Try to step in, run, change EIP or pass exception to program.

Don't know how to step over command at address X. Try to step in, run or change EIP.

Don't know how to step over command at address X. Try to step in, run or change EIP.

Don't know how to step command at address X. Try to run, change EIP or pass exception to program.

Don't know how to step command at address X. Try to run, change EIP or pass exception to program.

Don't know how to step command at address X. Try to change EIP or pass exception to program.

Don't know how to step command at address X. Try to change EIP or pass exception to program.

Debugged program set single step flag (bit T in EFL). I don't know how to step command at address X correctly. Try to %sset breakpoint on next command and run.

Debugged program set single step flag (bit T in EFL). I don't know how to step command at address X correctly. Try to %sset breakpoint on next command and run.

Don't know how to continue because memory at address X is not readable. Try to change EIP or pass exception to program.

Don't know how to continue because memory at address X is not readable. Try to change EIP or pass exception to program.

Don't know how to bypass breakpoint at address X. Try to delete breakpoint, change EIP or pass exception to program.

Don't know how to bypass breakpoint at address X. Try to delete breakpoint, change EIP or pass exception to program.

Don't know how to bypass command at address X. Try to change EIP or pass exception to program.

Don't know how to bypass command at address X. Try to change EIP or pass exception to program.

Dynamic link library '%s%s' that resides in OllyDbg directory is intended for use on NT-based operating systems only. Delete it?

Dynamic link library '%s%s' that resides in OllyDbg directory is intended for use on NT-based operating systems only. Delete it?

Dynamic link library '%s%s' that resides in OllyDbg directory has lower file version (%s) than corresponding DLL in system directory (%s). Delete old library from the OllyDbg directory? (If necessary, you can restore it later from the original .zip archive)

Dynamic link library '%s%s' that resides in OllyDbg directory has lower file version (%s) than corresponding DLL in system directory (%s). Delete old library from the OllyDbg directory? (If necessary, you can restore it later from the original .zip archive)

Sorry, unable to debug under Windows 3.1

Sorry, unable to debug under Windows 3.1

Dosapp.fon

Dosapp.fon

Operands[%i]

Operands[%i]

Import library

Import library

log.txt

log.txt

rtrace.txt

rtrace.txt

Restore windows

Restore windows

Letter key in Disassembler

Letter key in Disassembler

Accept unaligned stack operations

Accept unaligned stack operations

%X,%X

%X,%X

PSAPI.DLL

PSAPI.DLL

DBGHELP.DLL

DBGHELP.DLL

PSAPI.DLL is not found. This library contains important process- and module-oriented functions for Windows NT (version for NT 4.0 is shipped with OllyDbg). Normal debugging is hardly possible. Do you nevertheless want to continue?

PSAPI.DLL is not found. This library contains important process- and module-oriented functions for Windows NT (version for NT 4.0 is shipped with OllyDbg). Normal debugging is hardly possible. Do you nevertheless want to continue?

KERNEL32.DLL

KERNEL32.DLL

Strange as it seems to be, KERNEL32.DLL is not found. This library contains important process- and module-oriented functions. Normal debugging is hardly possible. Do you nevertheless want to continue?

Strange as it seems to be, KERNEL32.DLL is not found. This library contains important process- and module-oriented functions. Normal debugging is hardly possible. Do you nevertheless want to continue?

KERNEL32.DLL on your system does not contain functions VirtualQueryEx and/or VirtualProtectEx. Maybe you have old version of the operating system. Normal debugging is hardly possible. Do you nevertheless want to continue?

KERNEL32.DLL on your system does not contain functions VirtualQueryEx and/or VirtualProtectEx. Maybe you have old version of the operating system. Normal debugging is hardly possible. Do you nevertheless want to continue?

SHELL32.DLL

SHELL32.DLL

IMAGEHLP.DLL

IMAGEHLP.DLL

SHLWAPI.DLL

SHLWAPI.DLL

ADVAPI32.DLL

ADVAPI32.DLL

NTDLL.DLL

NTDLL.DLL

OllyDbg v%i.i%s%s

OllyDbg v%i.i%s%s

UDD directory '%s' doesn't exist. Please specify valid path in Options|Appearance|Directories, otherwise breakpoints, comments and analysis data will be lost after debugged program terminates.

UDD directory '%s' doesn't exist. Please specify valid path in Options|Appearance|Directories, otherwise breakpoints, comments and analysis data will be lost after debugged program terminates.

OllyDbg is unable to attach to process X as a "just-in-time" debugger.

OllyDbg is unable to attach to process X as a "just-in-time" debugger.

%u. commands traced

%u. commands traced

X,X

X,X

\xX

\xX

X lX lX

X lX lX

Assemble at X

Assemble at X

Undefined operands allowed only for search

Undefined operands allowed only for search

HEX X

HEX X

hXXp://home.t-online.de/home/Ollydbg

hXXp://home.t-online.de/home/Ollydbg

Virtual key code (VK_xxx)

Virtual key code (VK_xxx)

Pointer to MSG structure (ASCII)

Pointer to MSG structure (ASCII)

Pointer to MSG structure (UNICODE)

Pointer to MSG structure (UNICODE)

%s conditional log breakpoint at

%s conditional log breakpoint at

WinProc(hWnd,msg,wParam,lParam)

WinProc(hWnd,msg,wParam,lParam)

WinMain(hInst,hPrevInst,CmdLine,ShowState)

WinMain(hInst,hPrevInst,CmdLine,ShowState)

SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug

SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug

"%s" %s

"%s" %s

- JIT debugger is %s

- JIT debugger is %s

X (%s)

X (%s)

"%s" "%1"

"%s" "%1"

0..FFFFFFFF

0..FFFFFFFF

1,2,10..12,16,81,82,110

1,2,10..12,16,81,82,110

114,115,137

114,115,137

220..229,230

220..229,230

Keyboard

Keyboard

170..173,138

170..173,138

39,140..161

39,140..161

[ESP 8] IN (%s)

[ESP 8] IN (%s)

X %s

X %s

[ESP 8]==%s

[ESP 8]==%s

" && %s

" && %s

[ESP 4]==X && %s

[ESP 4]==X && %s

(Last error = %s)

(Last error = %s)

Unable to create file '%s'

Unable to create file '%s'

Disk full or I/O error when writing to '%s'

Disk full or I/O error when writing to '%s'

%.*s_X.mem

%.*s_X.mem

unknown_file.mem

unknown_file.mem

Unable to open file '%s'

Unable to open file '%s'

File '%s' (%li bytes) is longer than memory block (%li bytes). Load anyway and truncate?

File '%s' (%li bytes) is longer than memory block (%li bytes). Load anyway and truncate?

File '%s' (%li bytes) is shorter than memory block (%li bytes). Load anyway and fill rest of backup with actual data?

File '%s' (%li bytes) is shorter than memory block (%li bytes). Load anyway and fill rest of backup with actual data?

Error reading file '%s'. Backup copy may be corrupted.

Error reading file '%s'. Backup copy may be corrupted.

Error writing file '%s'

Error writing file '%s'

Dump of file '%s' differs from original. Do you want to save modified file to disk? If you answer 'Yes', you will be asked for the filename. If you answer 'No', you will lose any changes you have made.

Dump of file '%s' differs from original. Do you want to save modified file to disk? If you answer 'Yes', you will be asked for the filename. If you answer 'No', you will lose any changes you have made.

Dump of file '%s' is not modified. Do you really want to save unchanged dump to disk?

Dump of file '%s' is not modified. Do you really want to save unchanged dump to disk?

File '%s' already exists. Do you REALLY want to overwrite it?

File '%s' already exists. Do you REALLY want to overwrite it?

File '%s' is system or read-only. Please try another name.

File '%s' is system or read-only. Please try another name.

Unable to backup file '%s'. Please try another name

Unable to backup file '%s'. Please try another name

Unable to create file '%s'. Please try another name

Unable to create file '%s'. Please try another name

Error writing file '%s'. Please try another name

Error writing file '%s'. Please try another name

Edit data at X

Edit data at X

View &executable file

View &executable file

Copy to executable file

Copy to executable file

Modify data at X

Modify data at X

Unable to open file '%s' for dump.

Unable to open file '%s' for dump.

Sorry, OllyDbg is unable to allocate %lu. bytes of memory necessary to display dump of file '%s'.

Sorry, OllyDbg is unable to allocate %lu. bytes of memory necessary to display dump of file '%s'.

File %s

File %s

%s is full, some data will be lost!

%s is full, some data will be lost!

%-*.*s

%-*.*s

lX %s

lX %s

Unable to allocate %li bytes of memory for log data buffer. Log window is not available in this session. All other functions, including logging data to file, are not influenced.%s

Unable to allocate %li bytes of memory for log data buffer. Log window is not available in this session. All other functions, including logging data to file, are not influenced.%s

%s%s%s*.udd

%s%s%s*.udd

%s%s%s

%s%s%s

%s%s%s_%i.udd

%s%s%s_%i.udd

Error reading .udd file

Error reading .udd file

Different path, discarding .udd data

Different path, discarding .udd data

Size changed, discarding .udd data

Size changed, discarding .udd data

Date/time changed, discarding .udd data

Date/time changed, discarding .udd data

CRC changed, discarding .udd data

CRC changed, discarding .udd data

\StringFileInfo\xx\FileVersion

\StringFileInfo\xx\FileVersion

Module %s

Module %s

SectionAlignment in Optional Header is less than 0x1000 (0x%X bytes)

SectionAlignment in Optional Header is less than 0x1000 (0x%X bytes)

Code size in header is X, extending to size of section

Code size in header is X, extending to size of section

at X

at X

.data

.data

Invalid or compressed Image Export Directory

Invalid or compressed Image Export Directory

Import Lookup Table outside .idata

Import Lookup Table outside .idata

%s.#%i_%s

%s.#%i_%s

%s.%s

%s.%s

%s.#%i

%s.#%i

Unable to open or read executable file '%s'

Unable to open or read executable file '%s'

Bad or unknown format of 32-bit executable file '%s'

Bad or unknown format of 32-bit executable file '%s'

File '%s' contains too much data

File '%s' contains too much data

Unload %s

Unload %s

X (%i.)

X (%i.)

%-*.*s

%-*.*s

imports,

imports,

exports,

exports,

operator %s

operator %s

%-*.*s

%-*.*s

Export

Export

Import

Import

Follow import in Disassembler

Follow import in Disassembler

Find references to import

Find references to import

&Toggle breakpoint on import

&Toggle breakpoint on import

&Conditional breakpoint on import

&Conditional breakpoint on import

Conditional &log breakpoint on import

Conditional &log breakpoint on import

Find: %s

Find: %s

Unknown record type X

Unknown record type X

Source file %s

Source file %s

Found %i segment%s, %i IMPLIB ordinal%s

Found %i segment%s, %i IMPLIB ordinal%s

Found %i matching segment%s

Found %i matching segment%s

Scanning import library '%.*s'$press SPACE to interrupt

Scanning import library '%.*s'$press SPACE to interrupt

Scanning import library '%.*s'

Scanning import library '%.*s'

Unable to open import library

Unable to open import library

Unable to read import library

Unable to read import library

Resolved %i ordinal%s

Resolved %i ordinal%s

.obj;*.lib

.obj;*.lib

%i,%s

%i,%s

Import libraries

Import libraries

Select import libraries

Select import libraries

Save user data outside any module to main .udd file

Save user data outside any module to main .udd file

Ignore (pass to program) following exceptions:

Ignore (pass to program) following exceptions:

After Executing till RET, step over RET

After Executing till RET, step over RET

Pass exceptions to SFX extractor

Pass exceptions to SFX extractor

Specify size of 16-byte SSE operands as:

Specify size of 16-byte SSE operands as:

XMMWORD (eXtended MMX operand)

XMMWORD (eXtended MMX operand)

Always show size of memory operands

Always show size of memory operands

Letter key in Disassembler starts:

Letter key in Disassembler starts:

Unaligned stack operations

Unaligned stack operations

Note that default settings have no influence on existing windows, or on windows

Note that default settings have no influence on existing windows, or on windows

Select path where .udd files will be stored

Select path where .udd files will be stored

Backup old .udd files

Backup old .udd files

Highlight operands:

Highlight operands:

You have asked to allocate %i MB memory for %s. Currently, operating system has only %i MB free virtual memory. Do you want to reduce your request to %i MB?

You have asked to allocate %i MB memory for %s. Currently, operating system has only %i MB free virtual memory. Do you want to reduce your request to %i MB?

X (%.*s)

X (%.*s)

X .. X

X .. X

% i %s

% i %s

Processor doesn't support SSE instructions

Processor doesn't support SSE instructions

OS doesn't support hardware breakpoints

OS doesn't support hardware breakpoints

UDD directory '%s' doesn't exist. Create it?

UDD directory '%s' doesn't exist. Create it?

Unable to create directory '%s'. Please specify different name.

Unable to create directory '%s'. Please specify different name.

UDD path '%s' is not a directory. Do you want to use directory '%s' instead?

UDD path '%s' is not a directory. Do you want to use directory '%s' instead?

Plugin directory '%s' doesn't exist. Please select another direcory.

Plugin directory '%s' doesn't exist. Please select another direcory.

Plugin path '%s' is not a directory. Do you want to use directory '%s' instead?

Plugin path '%s' is not a directory. Do you want to use directory '%s' instead?

Portuguese

Portuguese

%s (Unknown sublanguage)

%s (Unknown sublanguage)

%s at X

%s at X

Resource at X

Resource at X

String %X

String %X

Table of windows

Table of windows

Process '%s' is active. If you terminate it now, process will be unable to clean up and write unsaved data to disk. Do you really want to terminate active process?

Process '%s' is active. If you terminate it now, process will be unable to clean up and write unsaved data to disk. Do you really want to terminate active process?

X (%li.)

X (%li.)

Unable to terminate process '%s'. Operating system reports error %s

Unable to terminate process '%s'. Operating system reports error %s

Any file (*.*)

Any file (*.*)

.exe;*.dll

.exe;*.dll

Executable file or DLL (*.exe,*.dll)

Executable file or DLL (*.exe,*.dll)

Executable file (*.exe)

Executable file (*.exe)

Dynamic-link library (*.dll)

Dynamic-link library (*.dll)

Object file or library (*.obj,*.lib)

Object file or library (*.obj,*.lib)

Object file (*.obj)

Object file (*.obj)

Import or object library (*.lib)

Import or object library (*.lib)

.c;*.cpp;*.h;*.hpp;*.asm;*.pas

.c;*.cpp;*.h;*.hpp;*.asm;*.pas

Source (*.c,*.cpp,*.h,*.hpp,*.asm,*.pas)

Source (*.c,*.cpp,*.h,*.hpp,*.asm,*.pas)

.c;*.cpp

.c;*.cpp

C/C source (*.c,*.cpp)

C/C source (*.c,*.cpp)

C source (*.cpp)

C source (*.cpp)

.h;*.hpp

.h;*.hpp

Header file (*.h,*.hpp)

Header file (*.h,*.hpp)

C Header file (*.hpp)

C Header file (*.hpp)

Assembler source (*.asm)

Assembler source (*.asm)

Delphi/Pascal source (*.pas)

Delphi/Pascal source (*.pas)

Text file (*.txt)

Text file (*.txt)

Backup file (*.bak)

Backup file (*.bak)

Argument descriptions (*.arg)

Argument descriptions (*.arg)

Help file (*.hlp)

Help file (*.hlp)

*%s file (*%s)

*%s file (*%s)

&%i %s

&%i %s

Unable to extract name of executable file from link '%s'

Unable to extract name of executable file from link '%s'

Unable to locate file '%s'

Unable to locate file '%s'

Unable to open or read file '%s'

Unable to open or read file '%s'

File '%s' is probably not a 32-bit Portable Executable. Try to load it anyway?

File '%s' is probably not a 32-bit Portable Executable. Try to load it anyway?

File '%s' probably will not run under Win95-based OS. Try to load it anyway?

File '%s' probably will not run under Win95-based OS. Try to load it anyway?

File '%s' is a Dynamic Link Library. Windows can't execute DLLs directly. Launch LOADDLL.EXE?

File '%s' is a Dynamic Link Library. Windows can't execute DLLs directly. Launch LOADDLL.EXE?

Unable to extract LOADDLL.EXE. If OllyDbg directory is write-protected, please enable writing or move OllyDbg to another directory.

Unable to extract LOADDLL.EXE. If OllyDbg directory is write-protected, please enable writing or move OllyDbg to another directory.

"%s\LOADDLL.EXE" %s

"%s\LOADDLL.EXE" %s

Unable to start file '%s'

Unable to start file '%s'

Console file '%s'

Console file '%s'

File '%s'

File '%s'

Arguments '%s'

Arguments '%s'

%s - %s%s

%s - %s%s

The process '%s' is one you are currently debugging. You are already attached to it.

The process '%s' is one you are currently debugging. You are already attached to it.

Unable to attach to process '%s'

Unable to attach to process '%s'

%chread lX

%chread lX

Êin

Êin

%s (lX)

%s (lX)

You are going to kill thread X. Note

You are going to kill thread X. Note

X (%i.)

X (%i.)

%%B = X

%%B = X

Inspect %s in

Inspect %s in

Win95/98 may crash when NEG ESP is executed

Win95/98 may crash when NEG ESP is executed

Win95/98 may crash when NOT ESP is executed

Win95/98 may crash when NOT ESP is executed

Win95/98 may crash when VxD call is executed in user mode

Win95/98 may crash when VxD call is executed in user mode

LOCK CMPXCHG8B may crash some processors when executed

LOCK CMPXCHG8B may crash some processors when executed

ASCII X,

ASCII X,

%cNAN X lX lX

%cNAN X lX lX

%c??? X lX lX

%c??? X lX lX

%cUNORM X lX lX

%cUNORM X lX lX

Quick statistical test of module '%.*s' reports that its code section is either compressed, encrypted, or contains large amount of embedded data. Results of code analysis can be very unreliable or simply wrong. Do you want to continue analysis?

Quick statistical test of module '%.*s' reports that its code section is either compressed, encrypted, or contains large amount of embedded data. Results of code analysis can be very unreliable or simply wrong. Do you want to continue analysis?

Struct 'IMAGE_IMPORT_DESCRIPTOR'

Struct 'IMAGE_IMPORT_DESCRIPTOR'

Import lookup table for '%.*s'

Import lookup table for '%.*s'

Struct 'IMAGE_EXPORT_DIRECTORY'

Struct 'IMAGE_EXPORT_DIRECTORY'

Export Address Table

Export Address Table

Export Name Pointer Table

Export Name Pointer Table

Export Ordinal Table

Export Ordinal Table

Call switch table used at X>

Call switch table used at X>

Index table to switch X>

Index table to switch X>

Switch table %sused at X>

Switch table %sused at X>

Switch table (reverse%s) used at X>

Switch table (reverse%s) used at X>

RET used as a jump to X>

RET used as a jump to X>

(WM_USER %X)

(WM_USER %X)

of switch X>

of switch X>

Default case of switch X>

Default case of switch X>

Switch (cases -%X..%X)

Switch (cases -%X..%X)

Switch (cases %X..%X)

Switch (cases %X..%X)

{ %X}

{ %X}

{[ %X]}

{[ %X]}

%i %s procedure%s

%i %s procedure%s

1 call to known%s

1 call to known%s

%i calls to known%s

%i calls to known%s

Analysing %.*s: %s

Analysing %.*s: %s

Analysing %.*s: %s, %s

Analysing %.*s: %s, %s

%i loops%s

%i loops%s

%i switches%s

%i switches%s

Unable to allocate %i bytes of memory%s

Unable to allocate %i bytes of memory%s

%s X

%s X

%s X

%s X

Warning, debug data subsection %i (type X) is too long

Warning, debug data subsection %i (type X) is too long

Unrecognized AlignSym 0xX (size %i)

Unrecognized AlignSym 0xX (size %i)

Unrecognized GlobalSym 0xX (size %i)

Unrecognized GlobalSym 0xX (size %i)

Unknown debug data subsection type X

Unknown debug data subsection type X

Debugging information (%s format) available

Debugging information (%s format) available

%.*s.%s

%.*s.%s

Size of source file exceeds 16 M: '%s'

Size of source file exceeds 16 M: '%s'

Error reading source file '%s'

Error reading source file '%s'

Source - %s%s (%s)

Source - %s%s (%s)

*.dll

*.dll

Plugin '%s' has invalid version (%i.i)

Plugin '%s' has invalid version (%i.i)

_ODBG_Plugincmd

_ODBG_Plugincmd

Plugin '%s' failed to initialize (code %i)

Plugin '%s' failed to initialize (code %i)

Plugin %s

Plugin %s

=Handle X

=Handle X

AWINDOWS

AWINDOWS

ICO_WINDOWS

ICO_WINDOWS

Windows

Windows

HKEY_CLASSES_ROOT

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_CURRENT_USER

HKEY_USERS

HKEY_USERS

.Default

.Default

HKEY_LOCAL_MACHINE

HKEY_LOCAL_MACHINE

HKEY_CURRENT_CONFIG

HKEY_CURRENT_CONFIG

File (pipe)

File (pipe)

WindowStation

WindowStation

ACCESS_MASK_PIPE

ACCESS_MASK_PIPE

ACCESS_MASK_KEY

ACCESS_MASK_KEY

Size %i. (X) bytes

Size %i. (X) bytes

Hide unimportant handles

Hide unimportant handles

Show unimportant handles

Show unimportant handles

Arg %i: %s

Arg %i: %s

%s: %s

%s: %s

%s: Integer expression expected

%s: Integer expression expected

X %s

X %s

Unable to access LOADDLL.EXE

Unable to access LOADDLL.EXE

Call export in %s%s

Call export in %s%s

Export:

Export:

Please wait till previous call is executed

Please wait till previous call is executed

xxtype.cpp

xxtype.cpp

derv->tpClass.tpcFlags & CF_HAS_BASES

derv->tpClass.tpcFlags & CF_HAS_BASES

Inappropriate I/O control operation

Inappropriate I/O control operation

Broken pipe

Broken pipe

Operation not permitted

Operation not permitted

%H:%M:%S

%H:%M:%S

%m/%d/%y

%m/%d/%y

%A, %B %d, %Y

%A, %B %d, %Y

d/d/d d:d:d.d

d/d/d d:d:d.d

kernel32.dll

kernel32.dll

xx.cpp

xx.cpp

varType->tpClass.tpcFlags & CF_HAS_DTOR

varType->tpClass.tpcFlags & CF_HAS_DTOR

varType->tpClass.tpcDtorAddr

varType->tpClass.tpcDtorAddr

(errPtr->ERRcInitDtc >= varType->tpClass.tpcDtorCount) || flags

(errPtr->ERRcInitDtc >= varType->tpClass.tpcDtorCount) || flags

memType->tpClass.tpcFlags & CF_HAS_DTOR

memType->tpClass.tpcFlags & CF_HAS_DTOR

varType->tpArr.tpaElemType->tpClass.tpcFlags & CF_HAS_DTOR

varType->tpArr.tpaElemType->tpClass.tpcFlags & CF_HAS_DTOR

dttPtr->dttType->tpPtr.tppBaseType->tpClass.tpcFlags & CF_HAS_DTOR

dttPtr->dttType->tpPtr.tppBaseType->tpClass.tpcFlags & CF_HAS_DTOR

IS_CLASS(dttPtr->dttType->tpMask) && (dttPtr->dttType->tpClass.tpcFlags & CF_HAS_DTOR)

IS_CLASS(dttPtr->dttType->tpMask) && (dttPtr->dttType->tpClass.tpcFlags & CF_HAS_DTOR)

elemType->tpClass.tpcFlags & CF_HAS_DTOR

elemType->tpClass.tpcFlags & CF_HAS_DTOR

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\IXP000.TMP\OLLYDBG.EXE

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\IXP000.TMP\OLLYDBG.EXE

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\IXP000.TMP

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\IXP000.TMP

C:\Users\NISAR\Desktop\Cracking toolz\odbg110\udd

C:\Users\NISAR\Desktop\Cracking toolz\odbg110\udd

C:\Users\NISAR\Desktop\Cracking toolz\odbg110\plugin

C:\Users\NISAR\Desktop\Cracking toolz\odbg110\plugin

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\IXP000.TMP\ollydbg.ini

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\IXP000.TMP\ollydbg.ini

%Documents and Settings%\Wij\Bureaublad\nag2.txt

%Documents and Settings%\Wij\Bureaublad\nag2.txt

%System%\

%System%\

C:\ReverseIt Programs\Win32API\win32.hlp

C:\ReverseIt Programs\Win32API\win32.hlp

%Documents and Settings%\Ik\Bureaublad\RVA.txt

%Documents and Settings%\Ik\Bureaublad\RVA.txt

c:\Program Files\OllyDbg

c:\Program Files\OllyDbg

VERSION.DLL

VERSION.DLL

COMCTL32.DLL

COMCTL32.DLL

COMDLG32.DLL

COMDLG32.DLL

GDI32.DLL

GDI32.DLL

USER32.DLL

USER32.DLL

OLE32.DLL

OLE32.DLL

RegCloseKey

RegCloseKey

RegCreateKeyA

RegCreateKeyA

RegDeleteKeyA

RegDeleteKeyA

RegOpenKeyA

RegOpenKeyA

GetCPInfo

GetCPInfo

GetProcessHeap

GetProcessHeap

GetWindowsDirectoryA

GetWindowsDirectoryA

ShellExecuteA

ShellExecuteA

EnumChildWindows

EnumChildWindows

EnumThreadWindows

EnumThreadWindows

EnumWindows

EnumWindows

GetKeyState

GetKeyState

MapVirtualKeyA

MapVirtualKeyA

ollydbg.exe

ollydbg.exe

_Findimportbyname

_Findimportbyname

_Getcputhreadid

_Getcputhreadid

_OpenEXEfile

_OpenEXEfile

_Setcpu

_Setcpu

xM{%u

xM{%u

Q%1UvxU

Q%1UvxU

.idK$

.idK$

CRS%S

CRS%S

.Tw'p

.Tw'p

$z =-q}

$z =-q}

ËvlD~

ËvlD~

.ZSK_

.ZSK_

`e.dz

`e.dz

'rQ%2U%w

'rQ%2U%w

.ZG}3

.ZG}3

Pu#%uFyr

Pu#%uFyr

V F%F

V F%F

.Juxq3

.Juxq3

.Hc|}*

.Hc|}*

=*=/=5=>=

=*=/=5=>=

6#6*60666>6

6#6*60666>6

2(2/252=2

2(2/252=2

5b6U6k6

5b6U6k6

252;2[2`2}2

252;2[2`2}2

6"6,656:6?6

6"6,656:6?6

7 7&7 7}7

7 7&7 7}7

=$=3=:=?=]=

=$=3=:=?=]=

;!2@2_2~2

;!2@2_2~2

5%5,545:5`5}5

5%5,545:5`5}5

84999@6`6

84999@6`6

1#2x2~2

1#2x2~2

6#6'6 6/63676;6

6#6'6 6/63676;6

1$1(1,1014181

1$1(1,1014181

6"6.686 7

6"6.686 7

5V5F5

5V5F5

4%4S4j4

4%4S4j4

Id X

Id X

&Executable modules

&Executable modules

&Windows

&Windows

Select import &libraries

Select import &libraries

Change arguments of executable file

Change arguments of executable file

Pass count (dec.)

Pass count (dec.)

If program pauses, pass following commands to plugins:

If program pauses, pass following commands to plugins:

Copy selection to executable file

Copy selection to executable file

Add to Windows Explorer

Add to Windows Explorer

Add OllyDbg to menu in Windows Explorer

Add OllyDbg to menu in Windows Explorer

Break on all windows with same title

Break on all windows with same title

1.0.10.0

1.0.10.0