Symbols on Demand (an OllyDbg plugin)
OllyDbg is able to use dbghelp.dll and symsrv.dll to show extended debug information, such as the module source code (if referenced by the debug information) or module symbols from a PDB file (which can be fetched from the Microsoft Symbol Server for system modules). The problem is that if you turn on this option, module loading becomes much slower. On the other hand, this information is very handy, so there’s a dilemma as of whether to turn it on.
The Symbols on Demand plugin provides the best of both worlds: it disables loading of this extended debug information by default, but allows to load it explicitly for any module, at any time. Using this approach, loading is still fast, but if you need to load extended debug information for a module, you can easily do that.
OllyDbg v1.10 and v2.01 are supported. For OllyDbg v1.10, there’s additional functionality: you can set the symbols search path, which is set by default to SRV*.\Symbols*http://msdl.microsoft.com/download/symbols. You can also choose to retrieve undecorated symbol names. These options can be set in the INI file of OllyDbg, in the plugin’s section.
symbols_on_demand.zip (4.96 kB)
For your convenience, here are the dbghelp.dll and symsrv.dll files:
dbghelp_symsrv.zip (579.8 kB)
Tags: ollydbg, symbols on demand
dbghelp_symsrv.zip
First combo of dll I found that actually works. And I do have Visual Studio and Win debug tools and like 20 symsrv dlls around.
Big thanks, man! As for the OnDemand plug!
Great stuff. Also, huge thanks for the Multiline Asm! The pain I’d be in if I had to inline stuff by hand.
You rock.
I put the plugin dll into my olly v1.10 folder and the dbghelp/symsrv dlls in the plugin folder too. But when i try to load symbols for an executable that uses ntdll calls, it doesn’t resolve symbols and says “No symbols were loaded for Exe.exe…”
Am i doing something wrong ?
These should go to the main folder, together with ollydbg.exe.
I’ve copied the dbghelp/syssrv dlls to the same folder as ollydbg’s and still get the message “No symbols were loaded for ntdll” for example
Upload your ollydbg folder as a zip file, and I’ll look at it.
Sorry for not replying, i forgot to check for an answer.
Anyway i happened to use a custom version of ollydbg previously(Legend of rand0m’s version) and had a few problems with it. So decided to get a fresh ollydbg 1.10 version. And to day i tried your plugin on it and now it says loaded symbols successfully.
Just a question though : I’ve tried using x64dbg and it recognizes function names (for instance DirectX function) whereas in ollydbg it says apphelp.XXXXXX (XXXXXX being the address within apphelp module) for the same instruction, is this a symbol issue ?
I don’t know, but I don’t think that it has something to do with the plugin.
You might also want to try OllyDbg v2, or ask the author of x64dbg about it.
Alright thanks for the answers and the plugin !
Nice plugin thx 🙂