Ollydbg Comment Column - win32 api
https://stackoverflow.com/questions/4115441
-
29-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
From what i see in the various videos/screenshots, whenever you load an executable, the win32 api calls are visible in the comment column in the main CPU window.
How can one achieve this? In my version, i don't see them.
Thanks.
Solution
Try 'analyzing' at the current location or the location where you expect to see comments. When analyzing self-modifying code like packers, decryptors etc, the contents of the CPU window might not have been 'analyzed' by Ollydbg, because they could just have been unpacked, or modified.
To analyze, right click at the desired location in CPU Window. Select Analysis> Analyze Code.
OTHER TIPS
IIRC, it's always there but the default column size just hides it. Try increasing the column size of the disassembly window and you should see it.
try 'Analyze This' Plugin for ollydbg
AnalyzeThis! is an OllyDbg plugin to allow OllyDbg's analysis function to operate outside of the marked code segment, by telling OllyDbg the current segment is the code segment.
Another way would be to switch to OllyDbg 2 -> MUCH better analysis; and more comments in Comment Column
PS: Analysis depends upon the executable type (c++, vb6, Delphi), so the Comment section may vary
