Hello,

could someone explain what is the meaning of the upward, downward, right arrows (or triangles) that appear in the hex dump column in the Disassembler
pane of the CPU window? Is it explained somewhere on the help file?

Regards,
yaa

there are jump directions (up/down) and right arrows say that a jump has destination to that address

What about the dollar sign? What is it for? Thx.

Regards,
yaa

$ means start of a procedure/routine (not 1oo% sure).

mmmhhh, usually routines have a thick border that groups the relative code toghether. However I sometimes see the dollar sign also next to instructions that are not the start of a routine.

For example debugging OllyDbg's own code I see the following:

00401059 > $ E9 6E400900 JMP OLLYDBG.004950CC

and this is not the start of any routine.

Regards,
yaa

yaa: yup, that is the module entrypoint - where the program starts

And what about instructions like the following:

00494134 /. 55 PUSH EBP
004950F4 /. 55 PUSH EBP
00495100 /. 55 PUSH EBP

They seem to be the start of a procedure an yet they have no dollar sign next to them.
It seems that they differ from those "dollar signed" only for the fact that they don't seem to be used anywhere inside the code (the call tree is empty). Could it be that the dollar sign indicates the start of a procedure that is also used inside the progam?

Regards,
yaa

$ indicates that the procedure is direct called (using call), the other procedures are called indirectly (pushed as arguments to another procedures).

Does OllyDbg provide an easy and fast way of finding procedures passed as arguments to other procedures?

Regards,
yaa

yaa: do you mean Find references (CTRL+R)? (you must be on the first line of your procedure)

Yup, that is what I was looking for. Thx.

Regards,
yaa