Contents

1  Summary
1.1  Brief introduction
1.2  Homepage
1.3  Installation
1.4  Run
1.4.1  Running script file
1.4.2  Running bytecode file
1.5  About
1.6  History
1.7  Contact

2  OllyMachine Architecture
2.1  Kernel
2.1.1  Addressing space
2.1.2  Register
2.1.3  Flags
2.2  Working flow
2.3  Compiling Error
2.4  Running Exception

3  OllyMachine Assembly Language
3.1  Basic element
3.1.1  Instruction
3.1.1.1  Opcode
3.1.1.2  Operand
Register
Identifier
Digit
3.1.2  Comment
3.2  LABEL
3.3  Data Transfer instructions
3.3.1  MOV
3.3.2  XCHG
3.3.3  LDS
3.3.4  PUSH
3.3.5  POP
3.4  Arithmetic Instructions
3.4.1  Addition Instructions
3.4.1.1  ADD
3.4.1.2  INC
3.4.2  Subtraction Instructions
3.4.2.1  SUB
3.4.2.2  DEC
3.4.2.3  CMP
3.4.3  Multiplication Instructions
3.4.3.1  MUL
3.4.4  Division Instructions
3.4.4.1  MUL
3.5  Logical Instructions
3.5.1  Logical Operatioin Instructions
3.5.1.1  AND
3.5.1.2  OR
3.5.1.3  NOT
3.5.1.4  XOR
3.5.2  Shift Instructions
3.5.2.1  SHL
3.5.2.2  SHR
3.6  Control Transfer Instructions
3.6.1  Unconditional Transfer Instructions
3.6.1.1  JMP
3.6.2  Conditional Transfer Instructions
3.6.2.1  JE
3.6.2.2  JNE
3.6.2.3  JB
3.6.2.4  JNAE
3.6.2.5  JNB
3.6.2.6  JAE
3.6.2.7  JBE
3.6.2.8  JNA
3.6.2.9  JNBE
3.6.2.10  JA
3.7  Misc Instructions
3.7.1  INCLUDE
3.7.2  NOP
3.7.3  PAUSE
3.7.4  HALT
3.7.5  INVOKE

4  OllyMachine API
4.1  Hello World!
4.2  Invoking Method
4.3  Handy Invoking Method
4.4  Return Value
4.5  Basic Input Output API
4.5.1  MSG
4.5.2  MSGYN
4.5.3  PrintNum
4.5.4  PrintBuf
4.5.5  PrintBufToDump
4.5.6  PrintBufToNewDump
4.5.7  UpdateDumpBuf
4.5.8  InputText
4.5.9  InputHexLong
4.6  Memory Process API
4.6.1  ReadMemLong
4.6.2  WriteMemLong
4.6.3  WriteMemHexes
4.6.4  ReadFileIntoMem
4.6.5  DumpMem
4.6.6  DumpMemAppend
4.6.7  DumpAsPE
4.7  Search and Replace API
4.7.1  FindOpcode
4.7.2  Find
4.7.3  ReverseFind
4.7.4  Search
4.7.5  ReverseSearch
4.7.6  GetPrevOpAddr
4.7.7  GetNextOpAddr
4.7.8  GetProcAddress
4.7.9  Fill
4.7.10  ReplaceBytes
4.7.11  ReplaceBytesEx
4.7.12  CopyBytesTo
4.8  Assembly API
4.8.1  ASM
4.8.2  __asm
4.8.3  Analyse
4.9  Running API
4.9.1  RunToReturn
4.9.2  RunToUserCode
4.9.3  Run
4.9.4  AnimateInto
4.9.5  AnimateOver
4.9.6  StepInto
4.9.7  StepIntoS
4.9.8  StepOver
4.9.9  StepOverS
4.9.10  ESTI
4.9.11  ESTO
4.9.12  GO
4.10  Trace API
4.10.1  TraceInto
4.10.2  TraceOver
4.10.3  TraceIntoCond
4.10.4  TraceOverCond
4.11  Breakpoint API
4.11.1  BP
4.11.2  BC
4.11.3  BPCND
4.11.4  BPL
4.11.5  BPLCND
4.11.6  BPRM
4.11.7  BPWM
4.11.8  BPMC
4.11.9  BPHWS
4.11.10  BPHWC
4.11.11  EOB
4.11.12  EOBINT3
4.11.13  EOBHW
4.11.14  EOBMEM
4.11.15  EOE
4.11.16  COB
4.11.17  COE
4.12  Module API
4.12.1  GMI
4.13  Comment and LABEL API
4.13.1  Comment
4.13.2  SetLbl
4.14  LOG API
4.14.1  LogText
4.14.2  LogLong
4.15  Anti Anti-Debug API
4.15.1  HideOD
4.15.2  UnHideOD
4.16  Buffer API
4.16.1  malloc
4.16.2  free
4.16.3  VirtualAllocEx
4.16.4  VirtualFreeEx
4.16.5  strcpy
4.16.6  strcat
4.16.7  strlen
4.16.8  ltoa
4.16.9  memcpy
4.17  Debug Assistant API
4.17.1  FindProcBegin
4.17.2  FindProcEnd
4.17.3  FindPrevProc
4.17.4  FindNextProc
4.17.5  FollowCall
4.18  Misc API
4.18.1  IsWinNTKernel
4.18.2  GotoCpuAddr
4.18.3  GotoDumpAddr