From Collaborative RCE Tool Library

Jump to: navigation, search

OllyDbg Extensions


Tool name: CPU Initialization Patch
Rating: 5.0 (1 vote)
Author: blurcode                        
Website: http://www.woodmann.com/forum/showthread.php?t=11302
Current version: 1.0.0.1
Last updated: April 12, 2008
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: This is a plugin for OllyDbg 1.10, which hot-patches Olly's code to resolve the issue of OllyDbg taking 100% CPU time as soon as the debugged process is running (i.e. after having pressed F9 inside OllyDbg).

If nothing else, this problem causes any laptop that you might be reversing on to lose much more battery life than necessary, and also to sound like a jet plane due to constant maximum fan rotation, so this plugin will come in hand for any laptop reversers at least.

For more info, please see the following thread:
http://www.woodmann.com/forum/showthread.php?t=11302

Changelog:
Version 1.0.0.1
April 12, 2008
- keeps the last selected option after restart
Version
February 11, 2008
Version 1.0.0.0
- initial release
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: CommandBar
Rating: 5.0 (1 vote)
Author: Gigapede                        
Website: N/A
Current version: 3.20.110
Last updated: April 18, 2006
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: SoftICE commands in a small bar on the bottom. Macro function support.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: IDAFicator
Rating: 5.0 (2 votes)
Author: AT4RE                        
Website: http://www.at4re.com
Current version: 1.2.12
Last updated: May 6, 2008
Direct D/L link: http://www.at4re.com/tools/Releases/Zool@nder/IDAFicator/IDAFicator_1.2.12.zip
License type: Free
Description: This plugin tries to make the life of OllyDBG© users easier by bringing to him some fast and frequently used function. And here is the list of features brought by the plugin:
Versio, : 1.2.8
What's new:
- optimized assembling abilities (ONE.SHOT.ASSEMBLER)
- new breakpoints menu
- 3 new custom functions
- new mouse actions and shortcuts in disasm and dump windows

Version : 1.2.0
* 11 buttons added to the native toolbar:
1. The go back/forward button.
2. and finally The Reach beginning/End of procedures button
3. The search for all text string button.
4. Hardware Breakpoints Dialog box opener (In a non modal non child DB).
5. Multi-Commands assembler.
6. Target directory opener.
7. Customizable buttons.


* IDA-like mouse features:
1. The DISASSEMBLY WINDOW:
2. The DEFAULT DUMP WINDOW:
3. The STACK WINDOW:

* Dump and set a HWBP on [ESP].

* 'Universal' stolen code restoring

* Address Informer

* Direct Address Copier

And more.

What's new:
1. Adding support for asm like command in 'multicommand assembler'.
Added commands til now are:
1.1) PUSHSTR -> There'are 2 versions of this cmd:
1.1.1) First one, without argument
(ex: pushstr 'kernel32.dll' -> PUSH 3D0000 ; ASCII "kernel32.dll" )
1.1.2) Second one, accept one argument (The address where to assemble)
ex: pushstr 'kernel32.dll', 401000 -> PUSH 00401000

1.2) PUSHALL -> push several commands
(ex: pushall 0402000, @GWL_EXSTYLE
call GetWindowLongA

assembled to: ->
PUSH 00402000
CALL user32.GetWindowLongA)

+/- all constants in windows.inc (thanks hutch and iczelion for this
file) can be used just with the prefix '@'

1.3) INVOKE -> Works like its homologous asm command with an extra
Note that:
1.3.1 - The strings will be assembled in a 'rundom' address
allocated in debugee memory
1.3.2 - you can integrate string directly in the invoke macro
( ex1: invoke MessageBoxA, 'Text1 from invoke macro', 'Text2 from invoke macro', @MB_OK
-> PUSH 0 ; /Style = MB_OK|MB_APPLMODAL
PUSH 1D0030 ; |Title = "Text2 from invoke macro"
PUSH 1D0048 ; |Text = "Text1 from invoke macro"
PUSH 00402000 ; |hOwner = 00402000
CALL DWORD PTR DS:[<&user32.MessageBoxA>> ; \MessageBoxA

ex1: And invoke GetPrivateProfileIntA, 'Section Name', 'Key', 0, 'B:\bla\bla\bla\bla.ini'
-> PUSH 1D0060 ; /IniFileName = "B:\bla\bla\bla\bla.ini"
PUSH 0 ; |Default = 0
PUSH 1D0077 ; |Key = "Key"
PUSH 1D007B ; |Section = "Section Name"
CALL DWORD PTR DS:[<&kernel32.GetPrivate> ; \GetPrivateProfileIntA
)

1.4) Note that the constants are located in 'BYTES.OEP' file provided
with this version (version of 06/05/ 2008) and you've to re^lace the old
one. Otherwise, all constants will return 0 and will assembled : push 0.


2- Position saving for most important and most used dialog boxes.
Please, consider to use the pushstr macro instead of invoke one if the
lenght of pushed text is > 40 chars Privacy note: The last entered piece
of text to assemble in MCasm is stored in registry
("HKEY_CURRENT_USER\Software\IDAFicator Plugin"), just in case.

3- MuCAsm now remembers last entered text even between debugging 2 sessions.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: PhantOm
Rating: 5.0 (2 votes)
Author: Hellsp@wn & Archer & Olenevod                        
Website: N/A
Current version: 1.54
Last updated: January 7, 2009
Direct D/L link: http://securityblog.ws/work/phantom.plugin.1.54.zip
License type: Free
Description: Plugin (with driver) for hiding OllyDbg from following methods of detection:

// driver - extremehide.sys

[+] NtQueryInformationProcess.
[+] SetUnhandledExceptionFilter.
[+] OpenProcess.
[+] Invalid Handle.
[+] NtSetInformationThread.
[+] RDTSC.
[+] NtYieldExecution.
[+] NtQueryObject.
[+] NtQuerySystemInformation.
[+] Windows hide.
[+] GetProcessTimes.
[+] NtSetContextThread.

// plugin - PhantOm.dll

[+] PEB BeingDebugged.
[+] PEB NtGlobalFlag.
[+] GetStartupInfo.
[+] Process Heaps.
[+] GetTickCount.
[!] Protect DRx.
[!] Hide DRx.
[!] Fake Windows version.
[!] Custom Handler.
[+] BlockInput


What's new - 1.30
[*] Captions of main and CPU windows can be manually set (CAPTEXT and PRETEXT in OllyDbg's ini-file). By default, they are named "PhantOm" and "o_O".
[*] Fixed some bugs in "custom handler exceptions" feature
[*] Other minor fixes

What's new - 1.26
[*] Fixed bug with loading driver
[*] Fixed bug with memory breakpoints
(Now, when "custom handler exceptions" option is
checked - memory breapoints on access/write will work,
but break-on-access won't work)
[*] Fixed bug with updating plugin (after previous version)

What's new - 1.25
[*] Now you can manually set names of services (HIDENAME and RDTSCNAME)
[*] Fixed some minor bugs
[*] Fixed bug with memory breakpoints

What's new - 1.20
[*] Added own exception handler (C0000005)
[*] Added option to change caption of main OllyDbg window
[*] Added own exception handler (OUTPUT_DEBUG_STRING_EVENT)
[*] Impoved removing of int 3 breakpoint at EP, when pause is set to "system breakpoint"
[*] Added hook for BlockInput (only for Windows XP)
[*] Added own exception handler (C0000094)
[*] Added hide from GetStartupInfo
[*] Fixed bug with plugin options
[*] Added protection from detecting driver
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: OllyHeapTrace
Rating: 3.0 (2 votes)
Author: Stephen Fewer                        
Website: http://www.harmonysecurity.com/OllyHeapTrace.html
Current version: 1.0
Last updated: February 23, 2008
Direct D/L link: Locally archived copy
License type:
Description: OllyHeapTrace is a plugin for OllyDbg (version 1.10) to trace the heap operations being performed by a process. It will monitor heap allocations and frees for multiple heaps, as well as operations such as creating or destroying heaps and reallocations. All parameters as well as return values are recorded and the trace is highlighted with a unique colour for each heap being traced.

The primary purpose of this plugin is to aid in the debugging of heap overflows where you wish to be able to control the heap layout to overwrite a specific structure such as a chunk header, critical section structure or some application specific data. By tracing the heap operations performed during actions you can control (for example opening a connection, sending a packet, closing a connection) you can begin to predict the heap operations and thus control the heap layout.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: ACProtect 2.0 OEP Finder + IAT Repair OllyScript
Rating: 0.0 (0 votes)
Author: ColdFever                        
Website: N/A
Current version:
Last updated: February 10, 2007
Direct D/L link: Locally archived copy
License type: Free
Description: ACProtect 2.0 OEP Finder + IAT Repair
Also listed in: OEP Finders, OllyScript Scripts, IAT Restore Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: API Help
Rating: 0.0 (0 votes)
Author: Phoenix                        
Website: N/A
Current version:
Last updated: June 26, 2006
Direct D/L link: Locally archived copy
License type: Free
Description: Assists in finding API addresses and setting breakpoints, includes auto-completion feature. Supports ~120 DLL and ~14000 API.
For XPsp2 only! (place aphlp.ahd in main OllyDbg directory)
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: ASProtect 1.3x - 2.xx OEP Finder OllyScript
Rating: 0.0 (0 votes)
Author:                         
Website: N/A
Current version: 0.1
Last updated: September 26, 2006
Direct D/L link: Locally archived copy
License type: Free
Description: ASProtect 1.3x - 2.xx OEP Finder
Also listed in: OEP Finders, OllyScript Scripts
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: AnalyzeThis!
Rating: 0.0 (0 votes)
Author: Joe Stewart                        
Website: http://www.joestewart.org
Current version:
Last updated: October 26, 2004
Direct D/L link: Locally archived copy
License type: Free
Description: This plugin allows the OllyDbg analysis function to operate outside of the standard code segment as defined by the PE header. Particularly useful for packed files.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Armadillo 4.30a Dumping Script
Rating: 0.0 (0 votes)
Author: Nieylana                        
Website: N/A
Current version: 1.0
Last updated: December 27, 2007
Direct D/L link: Locally archived copy
License type: Free
Description: Run this script using the OllyScript plugin, will automatically patch the OutputDebugStringA exploit, the IsDebugger API, Prevents PE header destruction, Prevents IAT from being messed with, And dumps the file to 'C:\D_File_Unpacked.exe'

Note: I am not the original author, I simply took the Armadillo 4.30a script I had and added some features to it allowing it to produce a working dump by itself. Thanks to the original author.

Enjoy!
Also listed in: OllyScript Scripts, Memory Dumpers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Armadillo 5.xx OEP Finder OllyScript
Rating: 0.0 (0 votes)
Author: Fly                        
Website: N/A
Current version:
Last updated: September 20, 2007
Direct D/L link: Locally archived copy
License type: Free
Description: Armadillo 5.xx OEP Finder (Standard Protection + Debug Blocker)
Also listed in: OEP Finders, OllyScript Scripts
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Asm2Clipboard
Rating: 0.0 (0 votes)
Author: fatmike                        
Website: N/A
Current version:
Last updated: April 8, 2005
Direct D/L link: Locally archived copy
License type: Free
Description: Copy asm code to clipboard.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: AttachAnyway
Rating: 0.0 (0 votes)
Author: Joe Stewart                        
Website: N/A
Current version: 0.3
Last updated: September 7, 2005
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: AttachAnyway is a PoC OllyDbg plugin designed to show how to remove a process' hook on NtContinue by the anti-debugger-attach method devised by Piotr Bania here:

http://pb.specialised.info/all/anti-dattach.asm

This is not intended to be a universal plugin for all anti-attach methods, just one example of how you can do it. It works by enumerating all processes, searching their virtual memory space for a JMP hook on the NtContinue method, then replacing the jump with the original bytes from a non-hooked process, then calling the OllyDbg Attachtoactiveprocess API.

attach-test.exe is an assembled version of Piotr's anti-dattach.asm you can use to test the plugin with.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: AttachExtended
Rating: 0.0 (0 votes)
Author: Hero                        
Website: http://www.woodmann.com/forum/showthread.php?t=12499
Current version:
Last updated: March 4, 2009
Direct D/L link: Locally archived copy
License type: Free
Description: This is a really small plugin that I have written for improving attach feature of OllyDbg.
With this plugin,you can attach to process by identifing its PID directly,not only selecting process list. In addition,you can find PID of process by dragging a small cursor on each window(This can be used on some protection which remove process from process list like GameGuard).

Please let me know about Bugs, and your suggestions for more process attaching options.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: BlkLabel
Rating: 0.0 (0 votes)
Author: Veronica Chapman                        
Website: http://www.veronicachapman.com/OllyDbg/
Current version: 1.0
Last updated: September 30, 2008
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: BlkLabel is a bulk labelling plugIn for OllyDbg.

The objective is to take a Memory Map listing from a compilation and extract all Label-Address (Symbol-Address) pairs from such a (text) file. These are then fed into OllyDbg such that it will display Symbols rather than Memory Addresses. This renders OllyDbg's presentations about as readable as is possible in a Debugging Environment.

The precursor is, of course, the availability of a Memory Map in textual format. Most IDEs (Linkers) should be able to produce that.

This is the link:

http://www.VeronicaChapman.com/OllyDbg/BlkLabel.zip

There is a ReadMe that explains the package. The PlugIn comes with a Help File that explains everything anyway (as far as I can see).

The main PlugIn (BlkLabel.dll) calls a Sub-Plugin (SubLabel.dll). All of the reformatting to support the extraction of Label-Address pairs for a specific Memory Map File Format is contained within SubLabel.dll. Write a different one of those, and you can decipher the Memory Map File of your choice. You just need to create an Export to handle (maybe translate) each Character, and another to decipher each Text Record. BlkLabel itself handles all the rest.

Oh. There's just one small thing. The Source Code is contained in the package, but the PlugIn is written in Clarion ... so I don't know if it will be much use to you but if it is you are welcome to use it.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: CLBPlus!
Rating: 0.0 (0 votes)
Author: Robert Ayrapetyan                        
Website: N/A
Current version: 1.0
Last updated: October 1, 2005
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Extends standard capabilities of conditional log breakpointing, utilizing OllyDbg feature which allows passing commands to plugins from "Set conditional log breakpoint window". Version only supports a DUMP command, but with included source this is great example for creating additional functions.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Cleanup Ex
Rating: 0.0 (0 votes)
Author: Gigapede                        
Website: N/A
Current version: 1.12
Last updated: March 11, 2003
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Deletes all .udd, .bak files. Plugin & udd dir support.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Code Ripper
Rating: 0.0 (0 votes)
Author: Ziggy                        
Website: N/A
Current version:
Last updated: April 19, 2006
Direct D/L link: Locally archived copy
License type: Free
Description: Rips selected code from OllyDbg disassembler window and formats according to MASM, C/C++ (inline assembler) or Delphi (inline assembler). Customizable, supports labels, comments, detailed help.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Conditional Branch Logger
Rating: 0.0 (0 votes)
Author: Blabberer / dELTA / Kayaker                        
Website: N/A
Current version: 1.0
Last updated: June13, 2007
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Conditional Branch Logger is a plugin which gives control and logging capabilities for conditional branch instructions over the full user address space of a process. Useful for execution path analysis and finding differences in code flow as a result of changing inputs or conditions. It is also possible to log conditional jumps in system dlls before the Entry Point of the target is reached. Numerous options are available for fine tuning the logging ranges and manipulating breakpoints.
Also listed in: Code Coverage Tools, Profiler Tools, Tracers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Data Ripper
Rating: 0.0 (0 votes)
Author: Ziggy                        
Website: N/A
Current version: 1.2
Last updated: January 28,.2006
Direct D/L link: Locally archived copy
License type: Free
Description: Rips any kind of data from an app being debugged with OllyDbg. The ripped data can be formatted and "declared" in the syntax of MASM, C/C++ and Delphi. Data Ripper is useful whenever you need to rip data, tables, etc. out of an app so the data can be used in another compiled program.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: DeJunk
Rating: 0.0 (0 votes)
Author: flyfancy                        
Website: N/A
Current version:
Last updated: October 16, 2003
Direct D/L link: Locally archived copy
License type: Free
Description: Find/remove junkcode from packers, customizable.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: DebugPlugin
Rating: 0.0 (0 votes)
Author: TBD                        
Website: N/A
Current version: 1.0
Last updated: November 28, 2002
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Loads OllyDbg and breakpoints on load plugin routine.
For OllyDbg 1.08b ONLY.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Exception Counter
Rating: 0.0 (0 votes)
Author: ZeetreX                        
Website: N/A
Current version: 0.1
Last updated: August 25, 2006
Direct D/L link: Locally archived copy
License type: Free
Description: A plugin to automate the process of unpacking with exceptions. (Count the number of exceptions before the app runs and then pass exceptions n-1 times in next restart)
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: ExtraCopy
Rating: 0.0 (0 votes)
Author: Regon                        
Website: N/A
Current version: 0.9
Last updated: July 1, 2003
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Copy portions of code inside OllyDbg and to clipboard.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: FullDisasm
Rating: 0.0 (0 votes)
Author: BeatriX                        
Website: http://beatrix2004.free.fr
Current version: 2.0
Last updated: April 22, 2009
Direct D/L link: http://beatrix2004.free.fr/FullDisasm/FullDisasm.zip
License type: Free
Description: This plugin replaces the default OllyDbg disassembly routine with an engine which supports MMX, FPU, SSE, SSE2, SSE3, SSSE3, SSE4.1 and SSE4.2 instructions and undocumented instructions called "aliases". Displays processor support for these technologies. Allows disassembling globally or only on selected lines in Masm, Nasm ,GoAsm syntax and AT&T Syntax. Available as a plugin for OllyDbg or Immunity Debugger.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Games Invader
Rating: 0.0 (0 votes)
Author: GamingMasteR                        
Website: http://www.tuts4you.com/download.php?view.2148
Current version: 2.1
Last updated: March 1, 2008
Direct D/L link: Locally archived copy
License type: Free
Description: I coded this plugin to help games hackers working on OllyDbg, it allows you to cheat games with OllyDbg.

+Ability to choose memory types to scan.
+Ability to determine the scanned memory scope.
+Can scan for [Exact values], [Values bigger than x], [Values smaller than x] or [values between x,y] .
+Scanning Algorithm optimized, now it's very fast than the old version.
+Auto update for found values.
+Known bugs fixed.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: GoDup
Rating: 0.0 (0 votes)
Author: godfather+                        
Website: N/A
Current version: 1.2
Last updated: August 9, 2004
Direct D/L link: Locally archived copy
License type: Free
Description: IDA signature loader/map loader/resource viewer/process info. View dialogs, version info and Delphi/BorlandC forms.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Hide Caption
Rating: 0.0 (0 votes)
Author: Gigapede                        
Website: N/A
Current version: 1.00
Last updated: November 21, 2002
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Hides MDI windows caption to get more space
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Hide Debugger
Rating: 0.0 (0 votes)
Author: Asterix                        
Website: N/A
Current version: 1.24
Last updated: April 19, 2006
Direct D/L link: Locally archived copy
License type: Free
Description: This plugin hides OllyDbg from many debugger detection tricks.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Immunity Debugger
Rating: 0.0 (0 votes)
Author: Immunity Inc / Oleh Yuschuk                        
Website: http://debugger.immunityinc.com
Current version: 1.6
Last updated: March 27, 2008
Direct D/L link: N/A
License type: Free
Description: Immunity Debugger is based on OllyDbg.

Immunity Debugger is a powerful new way to write exploits, analyze malware, and reverse engineer binary files. It builds on a solid user interface with function graphing, the industry's first heap analysis tool built specifically for heap creation, and a large and well supported Python API for easy extensibility.

* A debugger with functionality designed specifically for the security industry
* Cuts exploit development time by 50%
* Simple, understandable interfaces
* Robust and powerful scripting language for automating intelligent debugging
* Lightweight and fast debugging to prevent corruption during complex analysis
* Connectivity to fuzzers and exploit development tools
Also listed in: OllyDbg Custom Versions, Ring 3 Debuggers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: IsDebuggerPresent
Rating: 0.0 (0 votes)
Author: SV                        
Website: N/A
Current version: 1.4
Last updated: June 30, 2003
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Hide debugger from IsDebuggerPresent Windows API.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: LCB Plugin
Rating: 0.0 (0 votes)
Author: scherzo                        
Website: N/A
Current version: 0.10
Last updated: December 30, 2006
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Plugin to export and import labels, comments and breakpoints. Functionally a combination of Labelmaster with improved abilities, and Olly Breakpoint Manager.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Labeler
Rating: 0.0 (0 votes)
Author: Gigapede                        
Website: N/A
Current version: 1.33
Last updated: October 31, 2004
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Creates label/structs. Plugin & udd dir support.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Labelmaster
Rating: 0.0 (0 votes)
Author: Joe Stewart                        
Website: http://www.joestewart.org
Current version:
Last updated: January 13, 2004
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Import/export user-defined labels and comments.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: LoadSome
Rating: 0.0 (0 votes)
Author: n1kto                        
Website: N/A
Current version: 0.1b
Last updated: August 13, 2006
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Plugin manager of sorts. Allows you to create separate folders for plugins and load/unload them to the Plugins menu.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: MapConv
Rating: 0.0 (0 votes)
Author: godfather+ / TBD / SHaG                        
Website: N/A
Current version: 1.4
Last updated: June 10, 2003
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Imports .map files from SoftICE or IDA.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Memory Watch
Rating: 0.0 (0 votes)
Author: Ziggy                        
Website: N/A
Current version: 1.0
Last updated: May 29, 2007
Direct D/L link: Locally archived copy
License type: Free
Description: Memory Watch(MW) provides functions which allow a debugged app to be automatically stepped while watching for a particular memory value(s), register value(s) and/or string value(s). MW can pause when a watch value is found or log watch events to the Ollydbg log file.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: MemoryDump
Rating: 0.0 (0 votes)
Author: aeon                        
Website: N/A
Current version:
Last updated: September 6, 2007
Direct D/L link: Locally archived copy
License type: Free
Description: Plugin allows convenient dumping of a selected number of bytes from Dump window. Available as a plugin for OllyDbg or Immunity Debugger.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: MemoryManage
Rating: 0.0 (0 votes)
Author: playar                        
Website: N/A
Current version:
Last updated: October 19, 2004
Direct D/L link: Locally archived copy
License type: Free
Description: Basic utility for adding Execute/Read/Write memory blocks to a process. Code injection anyone?
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Modified Command Line Plugin
Rating: 0.0 (0 votes)
Author: anonymouse                        
Website: N/A
Current version:
Last updated: April 23, 2007
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Useful new features added to default Cmdline.dll plugin:
LOADDLL - load a dll into the context of the debugee.
LOADPDB - load PDB symbol files into Olly directly from Microsoft server.
LOADPLUGIN - load a plugin dynamically without restarting Olly. Bypasses 32 plugin limit.
PRINT - allows multiple expressions to be output to log window per conditional breakpoint.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: NonaWrite
Rating: 0.0 (0 votes)
Author: Nonameo                        
Website: N/A
Current version: 1.2
Last updated: June 4, 2006
Direct D/L link: Locally archived copy
License type: Free
Description: Multiline assembler for code snippet injection, with string declarations and comment support. Includes Help file.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: NtGlobalFlag
Rating: 0.0 (0 votes)
Author: Stingduk                        
Website: N/A
Current version: 1.1
Last updated: June 5, 2005
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Activates the NtGlobalFlag setting SET_LDR_SHOW_SNAPS in order to output the LDR emitted debug strings used during process initialization.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Olly Advanced
Rating: 0.0 (0 votes)
Author: MaRKuS TH_DJM                        
Website: N/A
Current version: 1.26 Beta 12
Last updated: March 13, 2007
Direct D/L link: Locally archived copy
License type: Free
Description: A very complete selection of anti-debug settings, bugfixes and additional options for OllyDbg. Includes Help file for v1.26 Beta 5.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Olly Breakpoint Manager
Rating: 0.0 (0 votes)
Author: Pedram Amini                        
Website: http://pedram.redhive.com
Current version:
Last updated: July 13, 2005
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Breakpoint exporting, importing and automatic loading. Allows for exchange of useful breakpoint "sets" between researchers.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Olly Heap Vis
Rating: 0.0 (0 votes)
Author: Pedram Amini                        
Website: http://pedram.redhive.com
Current version:
Last updated: June 10, 2005
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Display, search and visualize allocated memory blocks in debugee process. Restores and extends OllyDbg's disabled "Heap" option for Win2K and above.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Olly HitTrace
Rating: 0.0 (0 votes)
Author: David Zimmer                        
Website: http://sandsprite.com/openSource.html
Current version:
Last updated: September 15, 2006
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Extension of the ModuleBpx code, allows you to set breakpoints and will automatically trace over them logging hitcounts so you can see how often different functions get called. Also supports the use of a logging expression so it can dump runtime data to logwindow on each hit.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Olly ModuleBpx
Rating: 0.0 (0 votes)
Author: David Zimmer                        
Website: http://sandsprite.com/openSource.html
Current version:
Last updated: September 21, 2006
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Olly Plugin that allows you to set break points by module name and rva. Once the module is loaded it will calculate the VA and set the breakpoints for you. Great for dlls which load and unload and are rebased everytime.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Olly ToolBar Manager
Rating: 0.0 (0 votes)
Author: arjuns                        
Website: N/A
Current version:
Last updated: May 25, 2006
Direct D/L link: Locally archived copy
License type: Free
Description: Plugin which allows you to add up to 50 custom buttons to a docking tool bar. Drag and Drop, Easy Button Management.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: OllyBkmrX
Rating: 0.0 (0 votes)
Author: 3070                        
Website: http://www.at4re.com/f/showthread.php?p=47083#post47083
Current version: 1.0.0.3
Last updated: March 28, 2009
Direct D/L link: Locally archived copy
License type: Free
Description: Ollydbg bookmarking plugin
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: OllyBonE
Rating: 0.0 (0 votes)
Author: Joe Stewart                        
Website: http://www.joestewart.org
Current version: 0.1
Last updated: June 17, 2006
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Break-on-Execute for OllyDbg. Unique kernel driver plugin implements PaX-like page protection in order to break on execution of unpacked code at OEP. From the RECON 2006 presentation Semi-Automatic Unpacking on IA-32 Using OllyBonE.
PDF of presentation obtained from RECON 2006 - Conference Proceedings at CodeBreakersJournal (http://www.codebreakers-journal.com/index.php)
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: OllyCallTrace
Rating: 0.0 (0 votes)
Author: Harmony Security                        
Website: http://www.harmonysecurity.com/OllyCallTrace.html
Current version: 1.0
Last updated: October 23, 2007
Direct D/L link: Locally archived copy
License type: Free
Description: OllyCallTrace is a plugin for OllyDbg (version 1.10) to trace the call chain of a thread allowing you to monitor it for irregularities to aid in the debugging of stack based buffer overflows as well as to quickly plot the execution flow of a program you are reversing.

Simply install the plugin and set a breakpoint on a location you want to trace from, e.g. ReadFile() or WSARecv(). When this breakpoint is hit, activate OllyCallTrace and press F7 to begin the automated single stepping and recording of the call chain. When you are finished tracing the code, pause execution or disable OllyCallTrace and view the OllyCallTrace Log to see the recorded call chain.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: OllyDbg (OllyICE Modification)
Rating: 0.0 (0 votes)
Author: Hacnho                        
Website: N/A
Current version: 1.10.0
Last updated: August 27, 2006
Direct D/L link: Locally archived copy
License type: Free
Description: This is the final OllyDbg release from Hacnho, his further enhanced OllyDbg Hacnho modification. It includes all the bug fixes from his original Hacnho. It is also compressed using the Themida 1.xx Ring-0 engine to help hide the debugger from detection. Be warned it runs quite slowly because of this and it is not very compatible with certain operating systems (WinXP SP2) and applications like anti-virus tools. Blue Screens of Death (BOD) are quite common with this Olly.
Also listed in: OllyDbg Custom Versions
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: OllyDbg (Shadow Modification)
Rating: 0.0 (0 votes)
Author: Shadow                        
Website: N/A
Current version: 1.10.0
Last updated: August 27, 2006
Direct D/L link: Locally archived copy
License type: Free
Description: Apart from a couple of aesthetic modifications Shadow's Olly modification has quite a few bug fixes and changes. Not much is known about exactly what changes have been made but it is regarded as being one of the better modified OllyDbg versions available. Known to be well-hidden.
Also listed in: OllyDbg Custom Versions
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: OllyDump
Rating: 0.0 (0 votes)
Author: Gigapede                        
Website: N/A
Current version: 3.00.110
Last updated: March 24, 2005
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Dump debuggee process memory and Rebuild IAT.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: OllyFlow (+ OllyGraph)
Rating: 0.0 (0 votes)
Author: henryouly / Joe Stewart                        
Website: N/A
Current version: 0.71
Last updated: August 20, 2005
Direct D/L link: Locally archived copy
License type: Free / Open Source (partial)
Description: OllyFlow (henryouly) is an extended version of OllyGraph (Joe Stewart). OllyFlow creates VCG-compatible function and xref graphs similar to IDA. Requires Wingraph32.exe (GPL license). OllyFlow does not include source, but OllyGraph does, so the two plugins are included as a package.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: OllyGuard
Rating: 0.0 (0 votes)
Author: MOID                        
Website: N/A
Current version: 0.1.2
Last updated: April 19, 2007
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Small plugin to fixes OllyDBG's buggy handling of EXCEPTION_PAGE_GUARD (Olly has fatal problems with guarded pages, it uses them itself internally to set memory breakpoints on access, however, every guard page violation caused by any other reason than its own guarded pages is also treated as a memory breakpoint by Olly, which can e.g. thus be used as an anti-debugging trick by protectors etc, but this plugin fixes this weakness in Olly)

Like any useful plugin, it uses undocumented stuff. ;) It patches Olly 1.10 so that it can hook exception handling and breakpoint setting correctly. Probably won't work on any other version.

Includes source and also a version for Invisible SnD Ollydbg.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: OllyPad
Rating: 0.0 (0 votes)
Author: SHaG                        
Website: N/A
Current version: 1.1
Last updated: June 12, 2004
Direct D/L link: Locally archived copy
License type: Free
Description: Handy yellow resident "notepad" for taking project notes.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: OllyScript
Rating: 0.0 (0 votes)
Author: SHaG / Epsylon3                        
Website: http://e3.lescigales.org/olly
Current version: 1.48
Last updated: May 27, 2006
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Automate OllyDbg by writing scripts in an assembly-like language. Very useful. Check link for latest updates.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: OllyStepNSearch
Rating: 0.0 (0 votes)
Author: Didier Stevens                        
Website: http://didierstevens.wordpress.com
Current version: 0.6.1
Last updated: November 13, 2006
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: This plugin allows you to search for a given text string being referenced by the running code of a program, by automatically stepping through the debugged program and performing this analysis for each executed instruction.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: PE Dumper
Rating: 0.0 (0 votes)
Author: FKMA                        
Website: N/A
Current version: 3.03
Last updated: January 14, 2008
Direct D/L link: Locally archived copy
License type: Free
Description: This is new PE Dumper plugin for best user mode debugger OllyDbg.
The PE Dumper is similar to OllyDump by Gigapede but fully rewritten and have
some features:

- You can dump any *.exe and *.dll from debugged process address space.
- You can add/remove sections to/from resulting dump. If you are add new section,
you specify VA and size of memory region to add as section, attributes, File Offset, RAW size and section name. So, now you can add to dump any memory regions created by protectors during debug session.
- Antidump antiprotection and most correct save dump technics: during dumping,
against other dumpers, PE Dumper save only present memory pages (basing on VA & Virtual size). So, if between memory regions present non-allocated space, most other dumpers (and OllyDump too) will not save dump correctly, but PE Dumper will save all correctly.
- Fix raw sizes correct only RAW size of image according to Virtual Sizes.
- Paste header from disk - use header from disk, it's clear.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: RL!APIFinder
Rating: 0.0 (0 votes)
Author: ap0x                        
Website: http://ap0x.jezgra.net
Current version: 0.2
Last updated: July 4, 2006
Direct D/L link: Locally archived copy
License type: Free
Description: Useful API finder, allows for adding new modules, setting breakpoints, browsing exports, autocompletion, goto feature.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: SEHSpy
Rating: 0.0 (0 votes)
Author: pnluck                        
Website: http://pnluck.altervista.org
Current version:
Last updated: September 4, 2006
Direct D/L link: Locally archived copy
License type: Free
Description: This plugin shows the context of the debugged process (before an exception) in an Seh Handler. It may be useful for packer analyzing, or generally during an exception.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: SnD Crypto Scanner (Olly/Immunity Plugin)
Rating: 0.0 (0 votes)
Author: Loki                        
Website: http://tuts4you.com/forum/index.php?showtopic=15447
Current version: 0.5 (beta)
Last updated: March 30, 2008
Direct D/L link: N/A
License type: Freeware
Description: A scanner for crypto signatures as an Olly/Immunity Plugin:

(Following text from the forum thread)
Been coding this for a while and now kinda got bored with it so releasing it as a beta. Sure I'll go back to it again later... just need to do something else now.

Hopefully you will find this useful - the advantage of having it as a plugin means that breakpoints can easily be set where required, and signatures can be located quickly.


Setting Breakpoints:
The buttons try and use a little bit (not much :P) intelligence when setting breakpoints. In the data section, "hardware on access" or "memory access" breakpoints are set on the specific VA referenced. In the code section, a 'hardware on execution' breakpoint is set at the beginning of the disassembled line the referenced dword is on. Hope that makes a little sense :)


Limitations:
Signatures are either made up of dwords or byte sequences. This gives 2 main weaknesses:
- some algorithms use similar dwords, distinguishing between them is not always simple.
- the algorithm finds the first instance of a given dword in a signature. If you have code which has multiple algorithms which use some of the same dwords, the referenced VA will always point to the first instance in the file.

Without doing some in depth analysis, its impossible to determine which algorithm uses a specific instance of a dword. This tool is therefore only going to make analysis a little easier, not do it for you.


Future Development:
Currently the plugin uses the plugin API to get the current file name and then reads it into allocated memory. It does not read memory inside Olly. This means packed files will need to be unpacked and the unpacked instance debugged. In future I plan to give an option to either scan the file or memory (perhaps even a specified memory range).

If you have an idea for development, want to add signatures or just want to tell me how crap this is, please go for it :)
Also listed in: Crypto Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: StayOnTop
Rating: 0.0 (0 votes)
Author: matthijsln                        
Website: N/A
Current version: 1.0
Last updated: December 2, 2002
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Makes individual MDI client windows to stay on top
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: StollyStructs
Rating: 0.0 (0 votes)
Author: jstorme                        
Website: N/A
Current version: 1.0
Last updated: January 19, 2007
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: A plugin to help visualise and label data structures from within OllyDbg. Approximately 1200 common Windows data structures are defined.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Uhooker
Rating: 0.0 (0 votes)
Author: Core Security                        
Website: http://oss.coresecurity.com/projects/uhooker.htm
Current version: 1.3
Last updated: December 17, 2007
Direct D/L link: bin_Uhooker_2007-10-23_21.51__uhooker_v1.2_complete.zip
License type: Free / Open Source
Description: The Universal Hooker is a tool to intercept execution of programs. It enables the user to intercept calls to API calls inside DLLs, and also arbitrary addresses within the executable file in memory. Requires Python interpreter. Zip file includes the online documentation and script examples, but see author link for latest updates.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Watch Man
Rating: 0.0 (0 votes)
Author: Gigapede                        
Website: N/A
Current version: 1.00
Last updated: November 21, 2002
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Helps in creating watches
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: WindowInfo
Rating: 0.0 (0 votes)
Author: DDM/FFF                        
Website: N/A
Current version:
Last updated: April 29, 2003
Direct D/L link: Locally archived copy
License type: Free
Description: Get handle of window based on mouse position.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: WindowJuggler
Rating: 0.0 (0 votes)
Author: EsseEmme                        
Website: N/A
Current version: 0.06
Last updated: July 26, 2004
Direct D/L link: Locally archived copy
License type: Free
Description: Enable/disable/click/close windows.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)


RSS feed Feed containing all updates and additions for this category.

RSS feed Feed containing all updates and additions for this category, including sub-categories.


Subcategories

There are 2 subcategories to this category.


Retrieved from "http://www.woodmann.com/collaborative/tools/index.php/Category:OllyDbg_Extensions"



Views
Category Navigation Tree
RCE Tools
   Categorized by Target Type  (172)
   Categorized by Tool Type  (933)
   Anti Anti Test Tools  (14)
   Assemblers  (15)
   Code Coverage Tools  (11)
   Code Injection Tools  (32)
   Code Ripping Tools  (2)
   Crypto Tools  (4)
   Data Extraction Tools  (18)
   Debuggers  (41)
   Decompilers  (15)
   Deobfuscation Tools  (11)
   Dependency Analyzer Tools  (5)
   Diff Tools  (28)
   Disassemblers  (45)
   Dongle Analysis Tools  (19)
   Exe Analyzers  (30)
   Firefox Extensions  (1)
   GUI Manipulation Tools  (14)
   Hardware Reversing Tools  (19)
   Hex Editors  (11)
   IDA Signature Creation Tools  (5)
   Kernel Tools  (11)
   Memory Data Tracing Tools  (6)
   Memory Patchers  (3)
   Memory Search Tools  (7)
   Monitoring Tools  (101)
   Network Tools  (15)
   PE Executable Editors  (77)
   Packers  (16)
   Patch Packaging Tools  (7)
   Profiler Tools  (10)
   Programming Libraries  (31)
   Regular Expression Tools  (3)
   Resource Editors  (11)
   Reverse Engineering Frameworks  (7)
   Source Code Tools  (11)
   String Finders  (5)
   Symbol Tools  (11)
   System Information Extraction Tools  (7)
   Technical PoC Tools  (7)
   Test and Sandbox Environments  (16)
   Tool Extensions  (132)
   CFF Explorer Extensions  (5)
   Filemon Extensions  (1)
   Firefox Extensions  (1)
   IDA Extensions  (37)
   ImpREC Extensions  (2)
   Obsidian Extensions  (1)
   OllyDbg Custom Versions  (3)
   OllyDbg Extensions  (69)
   Regmon Extensions  (1)
   SoftICE Extensions  (6)
   WinDbg Extensions  (6)
   Tool Hiding Tools  (5)
   Tool Signatures  (21)
   Tracers  (16)
   Unpacking Tools  (57)
   Needs New Category  (1)