命令历史[Command history]
OllyDbg keeps track of up to 1000 last commands displayed in Disassembler window. Each time the debugged program stops on breakpoint or exception, or you step next command, or follow address of jump or call, or simply press Return, OllyDbg adds current address together with thread identifier to the command history. If run trace is inactive, you can navigate through the history by pressing buttons '+' and '-'.
There is also similar data history in CPU Dump.
$#K备份功能[Backup functions]
Disassembler, CPU Dump and all Dump windows can create backup copy of displayed memory block.
Disassembler and CPU Dump create global shared backups. They do it automatically if you modify code or data. Each memory block can have only one global backup. Once created, global backups persist as long as original memory block. Patch manager uses global backups to create list of patches.
Standalone Dump windows create local private backups on your request. When you close Dump window or switch to another memory block, this backup is destroyed. If you have several Dump windows displaying same memory area, their backups are independent.
If backup is available, OllyDbg highlights differences between backup copy and original data. To copy piece of data from backup to original (?undo"), select this piece and choose Undo selection from the pop-up menu, or press Alt+BkSpc.
One can also write backup to file and load it again. This allows to spy differences between the different runs of debugged program. By choosing Search for|Modified command or Search for|Modified data you can quickly find all differences between backup and original.
Following backup functions are available:
View backup - view backup instead of original data. If window displays backup, all its functionality is disabled. If bar is visible, you can press button ?Address" instead.
View actual data - view original data instead of backup. If bar is visible, you can press button ?Backup" instead.
Create backup,
Update backup - creates new or updates existing backup.
Delete backup - destroys backup.
Load backup from file - loads backup from file. OllyDbg warns you if size of backup differs from the size of the dump.
Save backup to file - saves backup to file. Default name for memory backup has form MODULE_XXXXXXXX.mem, where MODULE is the short name of the module (or empty if memory block belongs to no module) and XXXXXXXX is the hexadecimal memory base. For file backup, default name is the name of the original file.
读取备份从文件[Load backup from file]- 从文件中读取备份数据。如果备份数据的大小与当前数据的不同,则OllyDbg会发出警告。
保存备份到文件[Save backup to file]- 备份数据保存到文件中。默认的内存备份文件名为“MODULE_XXXXXXXX.mem”的形式,MODULE是模块名(如果超过八字节,则只保留前八字节;如果内存块不属于任何模块,则为空),XXXXXXXX是十六进制的内存基址。对于文件备份,默认文件名为原始文件名。
