hi, i am a new user to ollydbg. i am running ollydbg inside VMWARE (to analyze some evil code). i am going through the code and putting comments / labels on for interesting routines that i found. however, when i rename the binary and reopen it again in olly on a different machine. i lose ALL of my information (which takes at least 15 minutes to relabel/comment).

so, my question comes down to this: how do i save my comments/labels such that i can view them at work or a friend's house (using ollydbg). i notice that there is a UDD (user defined definitions?) file in the olly directory; am i supposed to do something with this? thank you. (i posted because this is really frustrating to me, i am tired of spending 30+ minutes relabeling/commenting things).

Yup you already guessed it - simply take the .udd file with you, put it where olly expects to see it, and make sure the executable or .dll is not different from what you have been working on, name or code, if 1 instruction is different in the code olly will dump the udd file and build a new one - maybe someone a little more knowledgable here knows of a way around that part.

SiGiNT

You have many options:
- use OllySync
- put your udd directory on network drive and use that drive in vmware machine
- write a plugin to export names
- and more which I can't remeber/imagine.
Personally I'm using Linux Slackware which runs VMware. IDA is running on host and used through it's debugger to debug binaries on guest via remote debugging. I've put Olly's udd directory on a samba share. Of course my network drives have proper permission set - drive with tools is read only (that breaks IDA, but as I mentioned I'm running it on host).
And with this solution I could use my tools in real Windows and under VMWare

thank you. this will save me many hours from now on

You could also hex edit the UDD file to reflect the new path of the file to be analysed. But again as sigint3 already mentioned the .exe and/or .dll should be the same, otherwise you will get a new udd created by Olly.

Cheers.