From Collaborative RCE Tool Library
IDAFicator
| Tool name: | IDAFicator |
|
||
|---|---|---|---|---|
| Author: | AT4RE | |||
| Website: | http://www.at4re.com | |||
| Current version: | 1.2.12 | |||
| Last updated: | May 6, 2008 | |||
| Direct D/L link: | http://www.at4re.com/tools/Releases/Zool@nder/IDAFicator/IDAFicator_1.2.12.zip | |||
| License type: | Free | |||
| Description: | This plugin tries to make the life of OllyDBG© users easier by bringing to him some fast and frequently used function. And here is the list of features brought by the plugin: Versio, : 1.2.8 What's new: - optimized assembling abilities (ONE.SHOT.ASSEMBLER) - new breakpoints menu - 3 new custom functions - new mouse actions and shortcuts in disasm and dump windows Version : 1.2.0 * 11 buttons added to the native toolbar: 1. The go back/forward button. 2. and finally The Reach beginning/End of procedures button 3. The search for all text string button. 4. Hardware Breakpoints Dialog box opener (In a non modal non child DB). 5. Multi-Commands assembler. 6. Target directory opener. 7. Customizable buttons. * IDA-like mouse features: 1. The DISASSEMBLY WINDOW: 2. The DEFAULT DUMP WINDOW: 3. The STACK WINDOW: * Dump and set a HWBP on [ESP]. * 'Universal' stolen code restoring * Address Informer * Direct Address Copier And more. What's new: 1. Adding support for asm like command in 'multicommand assembler'. Added commands til now are: 1.1) PUSHSTR -> There'are 2 versions of this cmd: 1.1.1) First one, without argument (ex: pushstr 'kernel32.dll' -> PUSH 3D0000 ; ASCII "kernel32.dll" ) 1.1.2) Second one, accept one argument (The address where to assemble) ex: pushstr 'kernel32.dll', 401000 -> PUSH 00401000 1.2) PUSHALL -> push several commands (ex: pushall 0402000, @GWL_EXSTYLE call GetWindowLongA assembled to: -> PUSH 00402000 CALL user32.GetWindowLongA) +/- all constants in windows.inc (thanks hutch and iczelion for this file) can be used just with the prefix '@' 1.3) INVOKE -> Works like its homologous asm command with an extra Note that: 1.3.1 - The strings will be assembled in a 'rundom' address allocated in debugee memory 1.3.2 - you can integrate string directly in the invoke macro ( ex1: invoke MessageBoxA, 'Text1 from invoke macro', 'Text2 from invoke macro', @MB_OK -> PUSH 0 ; /Style = MB_OK|MB_APPLMODAL PUSH 1D0030 ; |Title = "Text2 from invoke macro" PUSH 1D0048 ; |Text = "Text1 from invoke macro" PUSH 00402000 ; |hOwner = 00402000 CALL DWORD PTR DS:[<&user32.MessageBoxA>> ; \MessageBoxA ex1: And invoke GetPrivateProfileIntA, 'Section Name', 'Key', 0, 'B:\bla\bla\bla\bla.ini' -> PUSH 1D0060 ; /IniFileName = "B:\bla\bla\bla\bla.ini" PUSH 0 ; |Default = 0 PUSH 1D0077 ; |Key = "Key" PUSH 1D007B ; |Section = "Section Name" CALL DWORD PTR DS:[<&kernel32.GetPrivate> ; \GetPrivateProfileIntA ) 1.4) Note that the constants are located in 'BYTES.OEP' file provided with this version (version of 06/05/ 2008) and you've to re^lace the old one. Otherwise, all constants will return 0 and will assembled : push 0. 2- Position saving for most important and most used dialog boxes. Please, consider to use the pushstr macro instead of invoke one if the lenght of pushed text is > 40 chars Privacy note: The last entered piece of text to assemble in MCasm is stored in registry ("HKEY_CURRENT_USER\Software\IDAFicator Plugin"), just in case. 3- MuCAsm now remembers last entered text even between debugging 2 sessions. |
|||
| Related URLs: |
|
|||
| Screenshot: |
|---|
 |
Feed containing all updates for this tool.
(please also edit it if you think it fits well in some additional category, since this can also be controlled)
You are welcome to add your own useful notes about this tool, for others to see!