默认

  1. [Settings]
  2. Check DLL versions=0
  3. Show toolbar=1
  4. Status in toolbar=1
  5. Use hardware breakpoints to step=1
  6. Restore windows=236991
  7. Scroll MDI=0
  8. Horizontal scroll=0
  9. Topmost window=0
  10. Index of default font=2
  11. Index of default colours=6
  12. Index of default syntax highlighting=2
  13. Log buffer size index=0
  14. Run trace buffer size index=7
  15. Group adjacent commands in profile=1
  16. Highlighted trace register=0
  17. IDEAL disassembling mode=0
  18. Disassemble in lowercase=0
  19. Separate arguments with TAB=0
  20. Extra space between arguments=0
  21. Show default segments=1
  22. NEAR jump modifiers=1
  23. Use short form of string commands=0
  24. Use RET instead of RETN=0
  25. Size sensitive mnemonics=1
  26. SSE size decoding mode=0
  27. Top of FPU stack=1
  28. Always show memory size=1
  29. Decode registers for any IP=0
  30. Show symbolic addresses=1
  31. Show local module names=1
  32. Gray data used as filling=1
  33. Show jump direction=1
  34. Show jump path=1
  35. Show jumpfrom path=1
  36. Show path if jump is not taken=1
  37. Underline fixups=1
  38. Center FOLLOWed command=1
  39. Show stack frames=1
  40. Show local names in stack=1
  41. Extended stack trace=1
  42. Synchronize source with CPU=1
  43. Include SFX extractor in code=0
  44. SFX trace mode=0
  45. Use real SFX entry from previous run=1
  46. Ignore SFX exceptions=1
  47. First pause=1
  48. Stop on new DLL=0
  49. Stop on DLL unload=0
  50. Stop on new thread=0
  51. Stop on thread end=0
  52. Stop on debug string=0
  53. Decode SSE registers=0
  54. Enable last error=1
  55. Ignore access violations in KERNEL32=1
  56. Ignore INT3=1
  57. Ignore TRAP=1
  58. Ignore access violations=1
  59. Step in unknown commands=1
  60. Ignore division by 0=1
  61. Ignore illegal instructions=1
  62. Ignore all FPU exceptions=1
  63. Warn when frequent breaks=0
  64. Warn when break not in code=0
  65. Autoreturn=0
  66. Save original command in trace=1
  67. Show traced ESP=1
  68. Show traced flags=1
  69. Animate over system DLLs=1
  70. Trace over string commands=0
  71. Synchronize CPU and Run trace=1
  72. Ignore custom exceptions=1
  73. Smart update=1
  74. Set high priority=1
  75. Append arguments=1
  76. Use ExitProcess=1
  77. Allow injection to get WinProc=1
  78. Sort WM_XXX by name=0
  79. Type of last WinProc breakpoint=0
  80. Snow-free drawing=0
  81. Demangle symbolic names=0
  82. Keep ordinal in name=1
  83. Only ASCII printable in dump=0
  84. Allow diacritical symbols=0
  85. String decoding=3
  86. Warn if not administrator=0
  87. Warn when terminating process=0
  88. Align dialogs=1
  89. Use font of calling window=0
  90. Specified dialog font=0
  91. Number of lines that follow EIP=0
  92. Restore window positions=1
  93. Restore width of columns=0
  94. Highlight sorted column=0
  95. Compress analysis data=1
  96. Backup UDD files=1
  97. Fill rest of command with NOPs=1
  98. Reference search mode=0
  99. Global search=1
  100. Aligned search=1
  101. Allow error margin=0
  102. Keep size of hex edit selection=0
  103. Modify tag of FPU register=1
  104. Hex inspector limits=1
  105. MMX display mode=0
  106. Last selected options card=2
  107. Last selected appearance card=6
  108. Ignore case in text search=1
  109. Letter key in Disassembler=1
  110. Looseness of code analysis=1
  111. Decode pascal strings=1
  112. Guess number of arguments=1
  113. Accept far calls and returns=1
  114. Accept direct segment modifications=1
  115. Decode VxD calls=1
  116. Accept privileged commands=1
  117. Accept I/O commands=1
  118. Accept NOPs=1
  119. Accept shifts out of range=1
  120. Accept superfluous prefixes=1
  121. Accept LOCK prefixes=1
  122. Accept unaligned stack operations=1
  123. Accept non-standard command forms=1
  124. Show ARG and LOCAL in procedures=1
  125. Save analysis to file=1
  126. Analyse main module automatically=0
  127. Analyse code structure=1
  128. Decode ifs as switches=1
  129. Save trace to file=0
  130. Trace contents of registers=1
  131. Functions preserve registers=0
  132. Decode tricks=1
  133. Automatically select register type=1
  134. Show decoded arguments=1
  135. Show decoded arguments in stack=1
  136. Show arguments in call stack=1
  137. Show induced calls=0
  138. Label display mode=0
  139. Label includes module name=1
  140. Highlight symbolic labels=1
  141. Highlight RETURNs in stack=1
  142. Ignore path in user data file=1
  143. Ignore timestamp in user data file=1
  144. Ignore CRC in user data file=1
  145. Default sort mode in Names=1
  146. Save out-of-module user data=0
  147. Tabulate columns in log file=0
  148. Append data to existing log file=0
  149. Flush gathered data to log file=0
  150. Skip spaces in source comments=1
  151. Hide non-existing source files=1
  152. Tab stops=8
  153. File graph mode=2
  154. Show internal handle names=1
  155. Hide irrelevant handles=0
  156. [Colours]
  157. Scheme[0]=0,12,8,18,7,8,7,13
  158. Scheme name[0]=白底黑字
  159. Scheme[1]=14,12,7,1,3,7,3,13
  160. Scheme name[1]=蓝底黄字
  161. Scheme[2]=1,12,3,11,14,2,7,13
  162. Scheme name[2]=海军蓝
  163. Scheme[3]=15,12,7,0,8,11,7,13
  164. Scheme name[3]=普通黑
  165. Scheme[4]=0,12,8,18,7,8,7,13
  166. Scheme name[4]=方案 4
  167. Scheme[5]=14,12,7,1,3,7,3,13
  168. Scheme name[5]=方案 5
  169. Scheme[6]=1,12,3,15,14,9,9,12
  170. Scheme name[6]=Black Hawk
  171. Scheme[7]=1,12,3,15,11,9,9,12
  172. Scheme name[7]=数据
  173. [Fonts]
  174. Font[0]=16,8,400,0,0,0,134,2,49,0
  175. Face name[0]=Terminal
  176. Font name[0]=OEM 等宽字体
  177. Font[1]=-16,0,400,0,0,0,134,1,49,0
  178. Face name[1]=新宋体
  179. Font name[1]=Terminal 6
  180. Font[2]=16,8,400,0,0,0,134,2,49,0
  181. Face name[2]=Fixedsys
  182. Font name[2]=系统等宽字体
  183. Font[3]=14,0,400,0,0,0,1,2,5,0
  184. Face name[3]=Courier New
  185. Font name[3]=Courier (UNICODE)
  186. Font[4]=10,6,400,0,0,0,1,2,5,0
  187. Face name[4]=Lucida Console
  188. Font name[4]=Lucida (UNICODE)
  189. Font[5]=9,6,700,0,0,0,255,0,48,0
  190. Face name[5]=Terminal
  191. Font name[5]=字体 5
  192. Font[6]=16,8,400,0,0,0,134,2,49,0
  193. Face name[6]=Fixedsys
  194. Font name[6]=字体 6
  195. Font[7]=14,0,400,0,0,0,1,2,5,0
  196. Face name[7]=Courier New
  197. Font name[7]=字体 7
  198. [Syntax]
  199. Commands[0]=0,0,0,0,0,0,0,0,0,0,0,0,0,0
  200. Operands[0]=0,0,0,0,0,0,0,0,0,0,0,0,0,0
  201. Scheme name[0]=不高亮
  202. Commands[1]=0,4,124,112,9,64,64,13,111,8,12,0,0,0
  203. Operands[1]=1,0,4,13,65,1,112,6,0,0,0,0,0,0
  204. Scheme name[1]=圣诞树
  205. Commands[2]=0,0,124,124,0,64,92,0,96,0,12,0,0,0
  206. Operands[2]=1,0,0,0,0,0,0,0,0,0,0,0,0,0
  207. Scheme name[2]=跳转及调用
  208. Commands[3]=0,0,0,0,0,0,0,0,0,0,0,0,0,0
  209. Operands[3]=0,0,0,0,0,0,0,0,0,0,0,0,0,0
  210. Scheme name[3]=高亮 3
  211. Commands[4]=0,0,0,0,0,0,0,0,0,0,0,0,0,0
  212. Operands[4]=0,0,0,0,0,0,0,0,0,0,0,0,0,0
  213. Scheme name[4]=高亮 4
  214. [History]
  215. View file=
  216. View text file=
  217. Object file=
  218. Import library=
  219. Log file=log.txt
  220. Run trace file=C:\Users\pgs\Desktop\TEMP.txt
  221. API help file=
  222. Text save file=
  223. Symbolic data path=.\LIB
  224. UDD path=G:\15pb\汇\15PBOD\UDD
  225. Plugin path=G:\15pb\汇\15PBOD\plugin
  226. 查看文件=
  227. API 帮助文件=
  228. Executable[0]=H:\Music\MFCPj000.exe
  229. Executable[1]=D:\EVPlayer\bin\EVPlayer.exe
  230. Executable[2]=H:\Documents\Visual Studio 2017\Projects\FileCleaner2.0\123_aaa.exe
  231. Executable[3]=H:\Documents\Visual Studio 2017\Projects\FileCleaner2.0\FileCleaner2.0 - 副本_aaa.exe
  232. Executable[4]=H:\Documents\Visual Studio 2017\Projects\FileCleaner2.0\123.exe
  233. Executable[5]=H:\Documents\Visual Studio 2017\Projects\FileCleaner2.0\FileCleaner2.0_aaa.exe
  234. [Plugin ODbgScript]
  235. 恢复脚本窗口=0
  236. 恢复脚本记录=0
  237. Restore Script window=0
  238. Restore Script Log=0
  239. MRU1=C:\Users\Andy\Desktop\脱壳脚本2.txt
  240. MRU2=
  241. MRU3=
  242. MRU4=
  243. MRU5=
  244. ScriptDir=D:\我的文档\1131578752\FileRecv\壳5\
  245. BP_FILE=D:\我的文档\1131578752\FileRecv\壳5\脱壳脚本6.txt
  246. BP_0001=
  247. NRU1=D:\我的文档\1131578752\FileRecv\壳5\脱壳脚本6.txt
  248. 还原脚本窗口=1
  249. 还原脚本日志=0
  250. NRU2=D:\Work\课\软件安全课程\软件保护壳课程\脱壳练习1-10\06脱壳脚本.txt
  251. NRU3=C:\Users\Andy\Desktop\脱壳脚本.txt
  252. [System]
  253. Options position=691,270
  254. [Arguments]
  255. Executable[1]=
  256. Executable[2]=
  257. Executable[3]=
  258. Executable[4]=
  259. Executable[5]=
  260. Executable[0]=
  261. [Plugin StrongOD]
  262. CreateProcessMode=0
  263. HidePEB=1
  264. IsPatchFloat=0
  265. IsAdvGoto=1
  266. KernelMode=0
  267. KillPEBug=1
  268. SuperEnumMod=1
  269. AdvAttach=1
  270. SkipExpection=1
  271. HideWindow=1
  272. HideProcess=1
  273. ProtectProcess=1
  274. DriverKey=-82693034
  275. DriverName=Black Ha
  276. OrdFirst=0
  277. BreakOnLdr=0
  278. BreakOnTls=0
  279. RemoveEpOneShot=0
  280. ShowBar=17
  281. LoadSym=1
  282. AutoUpdate=0
  283. UpdateURL=
  284. Create
  285. [Plugin IDAFicator]
  286. Custom Scheme=0,8388608,32768,8421376,128,8388736,32896,12632256,8421504,16711680,65280,16776960,255,16711935,65535,16777215,12639424,15780004,15793151,10789024
  287. DIA MAC x=0
  288. DIA MAC y=0
  289. DIA HWBP x=1115
  290. DIA HWBP y=610
  291. DIA_HWBP_POS=765,166
  292. SETTINGS_COMPILER=0
  293. DIA_ROTE_POS=0,983,160,39
  294. PATH_RADASM=C:\Tools\15PBOD\Plugin\minimalist-radasm
  295. PATH_HELP=C:\Tools\15PBOD\Plugin\minimalist-radasm
  296. DIA_CUSTOMIZE_SCHEME=0,8388608,32768,8421376,128,8388736,32896,12632256,8421504,16711680,65280,16776960,255,16711935,65535,16777215,12639424,15780004,15793151,10789024
  297. SETTINGS_MAIN=1,1,1,1,1
  298. SETTINGS_DUMP=
  299. SETTINGS_DISASM=0,0,0
  300. SETTINGS_STACK=
  301. SETTINGS_HWBP=0,0,0
  302. SETTINGS_ROTE=
  303. MNU_PATHS_DIRS_N=5
  304. MNU_PATHS_FILES_N=45
  305. SETTINGS_MSEC=500
  306. DIA_CUSTOMIZE_POS=0,0
  307. DIA_CUSTOMIZE_FUNC=1,2,3,4,5,
  308. LAYOUT_ID=0
  309. LAYOUT_SWAP_DUMP_STACK=0
  310. [Plugin 中文搜索引擎]
  311. Restore UStrRef Window=0
  312. [Placement]
  313. OllyTest=299,51,1594,1042,0
  314. CPU=32,36,1036,547,3
  315. CPU subwindows=706,1293,700,1293,528,987,462,876
  316. 中文搜索引擎=55,19,786,805,1
  317. References=230,0,618,170,1
  318. Breakpoints=88,116,498,230,1
  319. Executable modules=66,87,632,230,1
  320. Threads=110,145,492,170,1
  321. Memory map=132,174,390,230,1
  322. Log data=154,203,378,290,1
  323. 脚本运行窗口=261,51,304,80,1
  324. Jiack=192,32,640,480,1
  325. 参考=115,32,304,61,1
  326. 断点=0,0,136,39,1
  327. 线程=0,0,136,39,1
  328. 内存映射=0,0,304,61,1
  329. 可执行模块=0,0,136,39,1
  330. 记录数据=31,4,598,307,1
  331. 脚本执行=0,0,587,223,1
  332. 窗口=0,0,136,39,1
  333. 句柄=0,0,136,39,1
  334. 补丁=0,0,136,39,1
  335. Call stack=96,32,304,61,1
  336. RUN 跟踪=0,0,136,39,1
  337. 源码=44,50,558,220,1
  338. 监视表达式=88,100,711,290,1
  339. 中间文件列表=22,25,1159,290,1
  340. Script Log Window=22,25,1135,290,1
  341. Run跟踪=154,175,567,290,1
  342. Windows=23,44,815,290,1
  343.     块=44,50,726,281,1
  344. 内存映射=66,75,647,337,1
  345. 调用堆栈=20,30,653,240,1
  346. SEH 链=0,0,304,61,1
  347. 统计=534,38,799,622,1
  348. CPU subwindows 1=374,767,336,658,450,960,388,853
  349. CPU subwindows 2=374,767,336,658,450,960,388,853
  350. CPU subwindows 3=374,767,336,658,450,960,388,853
  351. CPU subwindows 4=374,767,336,658,450,960,388,853
  352. [Columns]
  353. CPU Disassembler=72,136,320,2048
  354. CPU Dump=72,136,320,2048,
  355. CPU Stack=72,80,2048,
  356. 中文搜索引擎=72,320,2048
  357. References=54,240,1536
  358. Breakpoints=54,54,150,216,1536
  359. Executable modules=54,54,54,54,96,1536
  360. Threads=54,54,66,108,60,54,72,72
  361. Memory map=54,54,54,54,72,30,48,48,1536
  362. Log data=54,1536
  363. 脚本运行窗口=40,320,120,72,800
  364. 参考=72,320,2048
  365. 断点=72,72,200,288,2048
  366. 线程=72,72,88,144,80,72,96,96
  367. 内存映射=72,72,72,72,96,40,64,64,2048
  368. 可执行模块=72,72,72,72,128,2048
  369. 记录数据=72,2048
  370. 脚本执行=30,240,240,54
  371. 窗口=104,256,72,72,72,72,72,72,72,2048
  372. 句柄=72,120,48,72,24,96,2048
  373. 补丁=72,40,64,256,256,2048
  374. Call stack=72,72,288,224,72
  375. RUN 跟踪=72,72,72,72,256,2048
  376. 源码=64,2048
  377. 监视表达式=288,2048
  378. 中间文件列表=240,640,256
  379. Script Log Window=72,1040
  380. Run跟踪=72,72,72,72,256,2048
  381. Windows=104,256,72,72,72,72,72,72,72,2048
  382.     块=72,72,72,72,128,2048
  383. 内存映射=72,72,72,72,128,2048
  384. 调用堆栈=72,72,288,224,72
  385. SEH 链=72,256
  386. 统计=72,72,256,2048
  387. [Appearance]
  388. CPU scheme=6
  389. CPU Disassembler=2,6,1,0,2
  390. CPU Dump=2,7,1,0,36881,2
  391. CPU Stack=2,6,0,0
  392. CPU Info=2,7,0,0
  393. CPU Registers=2,6,1,0
  394. 中文搜索引擎=2,6,1,0,0
  395. References=1,0,1,0,0
  396. Breakpoints=1,0,1,0,0
  397. Executable modules=1,0,1,0,0
  398. Threads=1,0,1,0,0
  399. Memory map=1,0,1,0,0
  400. Log data=1,0,1,0,0
  401. 脚本运行窗口=2,6,1,0,0
  402. 参考=2,6,1,0,0
  403. 断点=2,6,1,0,0
  404. 线程=2,6,1,0,0
  405. 内存映射=2,6,1,0,0
  406. 可执行模块=2,6,1,0,0
  407. 记录数据=2,6,1,0,0
  408. 脚本执行=1,0,1,0,0
  409. 窗口=2,6,1,0,0
  410. 句柄=2,6,1,0,0
  411. 补丁=2,6,1,0,0
  412. Call stack=2,6,1,0,0
  413. RUN 跟踪=2,6,1,0,0
  414. 源码=2,6,0,0,0
  415. 监视表达式=2,6,1,0,0
  416. 中间文件列表=2,6,1,0,0
  417. Script Log Window=2,6,1,0,0
  418. Run跟踪=2,6,1,0,0
  419. Windows=2,6,1,0,0
  420. [界面选项]
  421. 记录数据=2,6,1,0,0
  422.     块=2,6,1,0,0
  423. 内存映射=2,6,1,0,0
  424. 线程=2,6,1,0,0
  425. 句柄=2,6,1,0,0
  426. 调用堆栈=2,6,1,0,0
  427. 补丁=2,6,1,0,0
  428. 源码=2,6,0,0,0
  429. Run跟踪=2,6,1,0,0
  430. 参考=2,6,1,0,0
  431. 断点=2,6,1,0,0
  432. 中文搜索引擎=2,6,1,0,0
  433. Call stack=2,6,1,0,0
  434. 可执行模块=0,6,1,0,0
  435. 内存映射=2,6,1,0,0
  436. SEH 链=2,6,1,0,0
  437. RUN 跟踪=2,6,1,0,2
  438. 窗口=2,6,1,0,0
  439. 脚本运行窗口=2,6,1,0,0
  440. 统计=2,6,1,0,0
  441. [Plugin Olly Advanced]
  442. varbps=0
  443. copytoexecutable=1
  444. usetoolhelp=0
  445. pausedex=0
  446. pluginexpand=1
  447. keepalteredcrc=0
  448. ignorechangedbp=0
  449. advancedctrlg=1
  450. numofrva=1
  451. followindisassembler=1
  452. analysisbug=1
  453. Entrypointwarning=1
  454. antiattachkill=1
  455. winupack=1
  456. antiattachkill2=1
  457. killps=1
  458. toomanypatches=0
  459. compressedcode=1
  460. dllloading=1
  461. compressedcodehandling=2
  462. dllloadmethod=1
  463. ctrlgstate=1
  464. showalljumpsfix=1
  465. TerminateProcess=0
  466. HideDebugBit=0
  467. NtGlobalFlag=0
  468. Antihwbp=0
  469. HeapFlags=0
  470. ForceFlags=0
  471. maxolly=0
  472. Writememory=0
  473. Readmemory=0
  474. Process32Next=0
  475. UnhandledExceptionFilter=0
  476. Module32Next=0
  477. CheckRemoteDebuggerPresent=0
  478. ZwSetInformationThread=0
  479. GetTickCount=0
  480. GetTickCountCounter=1
  481. ZwQuerySystemInformation=0
  482. ZwOpenProcess=0
  483. FindWindow=0
  484. Anti-RDTSCenabled=0
  485. Anti-RDTSC=0
  486. Anti-RDTSC2=0
  487. ZwQueryInformationProcess=0
  488. codebasefix=1
  489. ignoreexporttable=0
  490. ZwQueryObject=0
  491. scrambleexporttable=0
  492. maxallollywindows=0
  493. x64compat=0
  494. SuspendThread=0
  495. BlockInput=0
  496. viewfilefix=1
  497. BreakOnTls=0
  498. alwaysenableshowalljumpsandcalls=0
  499. fixc08bug=0
  500. fixtermination=1
  501. modulepointer=12
  502. lasttab=4
  503. [Plugin 书签管理 +]
  504. Restore bookmarks window=0
  505. [Plugin SkyPatch]
  506. NPATCH1=
  507. [Plugin PhantOm]
  508. PEB=1
  509. GETCOUNT=0
  510. DRX=0
  511. SETCONTEXT=1
  512. DEBSTRING=1
  513. WINVER=0
  514. GETTIMES=0
  515. REMOVEEP=1
  516. HANDLE=1
  517. WINDOWS=0
  518. DRIVER=1
  519. CAPTION=1
  520. RDTSC=1
  521. VERSION=126
  522. DELTARDTSC=34816
  523. BLOCK=0
  524. HIDENAME=extrem
  525. RDTSCNAME=rdtsc
  526. [AeDebug]
  527. Debugger="C:\Windows\system32\vsjitdebugger.exe" -p %ld -e %ld
  528. [Plugin Oreans UnVirtualizer]
  529. Plugin Version=18
  530. Window Pos X=257
  531. Window Pos Y=192
  532. [Plugin OllyDisasm201]
  533. DisasmMode=0
  534. [Exceptions]
  535. Custom[0]=00000000,FFFFFFFF