1
votes

I am looking at some executables that use anti-disassembly techniques, often causing code to be obfuscated as text. In IDA Pro, there are the easy 'c' and 'd' hotkeys to switch instructions between code and data. Is there an equivalent way to do that in Ollydbg?

For example:

As data:

.text:00401283                 db 55h
.text:00401284                 db 89h
.text:00401285                 db 0E5h ; s
.text:00401286                 dd 480C458Bh

As code:

.text:00401283                 push    ebp
.text:00401284                 mov     ebp, esp
.text:00401286                 mov     eax, [ebp+0Ch]
2
The best you can do is Analysis->Analyse Code (Ctrl-A) and Analysis->Remove analysis from selection (Ctrl-Bkspace). Both accessible from the right-click context menu of the disassembly pane of the cpu window.enhzflep

2 Answers

1
votes

yes dump memory and right click on it. select the format that you want to see. Disassemble show data as assembly code.

enter image description here

1
votes

right click->Analysis->Analyse code or ctrl+a