Read this for quick start. Consult help file for details and more features.
Installation is not necessary. Create new directory and unpack odbg110.zip - now you can start!
Pop-up menus display only items that apply. Frequently used menu
functions:
Function | Window | Menu command | Shortcut |
Edit memory as binary, ASCII or UNICODE string | Disassembler, Stack Dump |
Binary|Edit | Ctrl+E |
Undo changes | Disassembler, Dump Registers |
Undo selection Undo |
Alt+BkSp |
Run application | Main | Debug|Run | F9 |
Run to selection | Disassembler | Breakpoint|Run to selection | F4 |
Execute till return | Main | Debug|Execute till return | Ctrl+F9 |
Execute till user code | Main | Debug|Execute till user code | Alt+F9 |
Set/reset INT3 breakpoint | Disassembler Names, Source |
Breakpoint|Toggle Toggle breakpoint |
F2 |
Set/edit conditional INT3 breakpoint | Disassembler Names, Source |
Breakpoint|Conditional Conditional breakpoint |
Shift+F2 |
Set/edit conditional logging breakpoint (logs into the Log window) | Disassembler Names, Source |
Breakpoint|Conditional log Conditional log breakpoint |
Shift+F4 |
Temporarily disable/restore INT3 breakpoint | Breakpoints | Disable Enable |
Space |
Set memory breakpoint (only one is allowed) | Disassembler, Dump | Breakpoint|Memory, on access Breakpoint|Memory, on write |
|
Remove memory breakpoint | Disassembler, Dump | Breakpoint|Remove memory breakpoint | |
Set hardware breakpoint (ME/NT/2000 only) | Disassembler, Dump | Breakpoint|Hardware (select type and size!) | |
Remove hardware breakpoint | Main | Debug|Hardware breakpoints | |
Set single-short break on access to memory block (NT/2000 only) | Memory | Set break-on-access | F2 |
Set break on module, thread, debug string | Options | Events | |
Set new origin | Disassembler | New origin here | |
Display list of all symbolic names | Disassembler, Dump Modules |
Search for|Name (label) View names |
Ctrl+N |
Context-sensitive help (requires external help file!) | Disassembler, Names | Help on symbolic name | Ctrl+F1 |
Find all references in code to selected address range | Disassembler Dump |
Find references to|Command Find references |
Ctrl+R |
Find all references in code to the constant | Disassembler | Find references to|Constant Search for|All constants |
|
Search whole allocated memory | Memory | Search Search next |
Ctrl+L |
Go to address or value of expression | Disassembler Dump |
Go to|Expression Go to expression |
Ctrl+G |
Go to previous address/run trace item | Disassembler | Go to|Previous | Minus |
Go to next address/run trace item | Disassembler | Go to|Next | Plus |
Go to previous procedure | Disassembler | Go to|Previous procedure | Ctrl+Minus |
Go to next procedure | Disassembler | Go to|Next procedure | Ctrl+Plus |
View executable file | Disassembler, Dump, Modules | View|Executable file | |
Copy changes to executable file | Disassembler | Copy to executable file | |
Analyse executable code | Disassembler | Analysis|Analyse code | Ctrl+A |
Scan object files and libraries | Disassembler | Scan object files | Ctrl+O |
View resources | Modules, Memory | View all resources View resource strings |
|
Suspend/resume thread | Threads | Suspend Resume |
|
Display relative addresses | Disassembler, Dump, Stack | Doubleclick address | |
Copy | Most of windows | Copy to clipboard | Ctrl+C |
Frequently used global shortcuts:
Ctrl+F2 | Restart program |
Alt+F2 | Close program |
F3 | Open new program |
F5 | Maximize/restore active window |
Alt+F5 | Make OllyDbg topmost |
F7 | Step into (entering functions) |
Ctrl+F7 | Animate into (entering functions) |
F8 | Step over (executing function calls at once) |
Ctrl+F8 | Animate over (executing function calls at once) |
F9 | Run |
Shift+F9 | Pass exception to standard handler and run |
Ctrl+F9 | Execute till return |
Alt+F9 | Execute till user code |
Ctrl+F11 | Trace into |
F12 | Pause |
Ctrl+F12 | Trace over |
Alt+B | Open Breakpoints window |
Alt+C | Open CPU window |
Alt+E | Open Modules window |
Alt+L | Open Log window |
Alt+M | Open Memory window |
Alt+O | Open Options dialog |
Ctrl+T | Set condition to pause Run trace |
Alt+X | Close OllyDbg |
Frequently used Disasembler shortcuts:
F2 | Toggle breakpoint |
Shift+F2 | Set conditional breakpoint |
F4 | Run to selection |
Alt+F7 | Go to previous reference |
Alt+F8 | Go to next reference |
Ctrl+A | Analyse code |
Ctrl+B | Start binary search |
Ctrl+C | Copy selection to clipboard |
Ctrl+E | Edit selection in binary format |
Ctrl+F | Search for a command |
Ctrl+G | Follow expression |
Ctrl+J | Show list of jumps to selected line |
Ctrl+K | View call tree |
Ctrl+L | Repeat last search |
Ctrl+N | Open list of labels (names) |
Ctrl+O | Scan object files |
Ctrl+R | Find references to selected command |
Ctrl+S | Search for a sequence of commands |
Asterisk (*) | Origin |
Enter | Follow jump or call |
Plus (+) | Go to next location/next run trace item |
Minus (-) | Go to previous location/previous run trace item |
Space ( ) | Assemble |
Colon (:) | Add label |
Semicolon (;) | Add comment |