From Collaborative RCE Tool Library
IDAFicator
| Tool name: | IDAFicator |
|
||
|---|---|---|---|---|
| Author: | AT4RE | |||
| Website: | http://www.at4re.com | |||
| Current version: | 1.2.12 | |||
| Last updated: | May 6, 2008 | |||
| Direct D/L link: | http://www.at4re.com/tools/Releases/Zool@nder/IDAFicator/IDAFicator_1.2.12.zip | |||
| License type: | Free | |||
| Description: | This plugin tries to make the life of OllyDBG© users easier by bringing to him some fast and frequently used function. And here is the list of features brought by the plugin: Versio, : 1.2.8 What's new: - optimized assembling abilities (ONE.SHOT.ASSEMBLER) - new breakpoints menu - 3 new custom functions - new mouse actions and shortcuts in disasm and dump windows Version : 1.2.0 * 11 buttons added to the native toolbar: 1. The go back/forward button. 2. and finally The Reach beginning/End of procedures button 3. The search for all text string button. 4. Hardware Breakpoints Dialog box opener (In a non modal non child DB). 5. Multi-Commands assembler. 6. Target directory opener. 7. Customizable buttons. * IDA-like mouse features: 1. The DISASSEMBLY WINDOW: 2. The DEFAULT DUMP WINDOW: 3. The STACK WINDOW: * Dump and set a HWBP on [ESP]. * 'Universal' stolen code restoring * Address Informer * Direct Address Copier And more. What's new: 1. Adding support for asm like command in 'multicommand assembler'. Added commands til now are: 1.1) PUSHSTR -> There'are 2 versions of this cmd: 1.1.1) First one, without argument (ex: pushstr 'kernel32.dll' -> PUSH 3D0000 ; ASCII "kernel32.dll" ) 1.1.2) Second one, accept one argument (The address where to assemble) ex: pushstr 'kernel32.dll', 401000 -> PUSH 00401000 1.2) PUSHALL -> push several commands (ex: pushall 0402000, @GWL_EXSTYLE call GetWindowLongA assembled to: -> PUSH 00402000 CALL user32.GetWindowLongA) +/- all constants in windows.inc (thanks hutch and iczelion for this file) can be used just with the prefix '@' 1.3) INVOKE -> Works like its homologous asm command with an extra Note that: 1.3.1 - The strings will be assembled in a 'rundom' address allocated in debugee memory 1.3.2 - you can integrate string directly in the invoke macro ( ex1: invoke MessageBoxA, 'Text1 from invoke macro', 'Text2 from invoke macro', @MB_OK -> PUSH 0 ; /Style = MB_OK|MB_APPLMODAL PUSH 1D0030 ; |Title = "Text2 from invoke macro" PUSH 1D0048 ; |Text = "Text1 from invoke macro" PUSH 00402000 ; |hOwner = 00402000 CALL DWORD PTR DS:[<&user32.MessageBoxA>> ; \MessageBoxA ex1: And invoke GetPrivateProfileIntA, 'Section Name', 'Key', 0, 'B:\bla\bla\bla\bla.ini' -> PUSH 1D0060 ; /IniFileName = "B:\bla\bla\bla\bla.ini" PUSH 0 ; |Default = 0 PUSH 1D0077 ; |Key = "Key" PUSH 1D007B ; |Section = "Section Name" CALL DWORD PTR DS:[<&kernel32.GetPrivate> ; \GetPrivateProfileIntA ) 1.4) Note that the constants are located in 'BYTES.OEP' file provided with this version (version of 06/05/ 2008) and you've to re^lace the old one. Otherwise, all constants will return 0 and will assembled : push 0. 2- Position saving for most important and most used dialog boxes. Please, consider to use the pushstr macro instead of invoke one if the lenght of pushed text is > 40 chars Privacy note: The last entered piece of text to assemble in MCasm is stored in registry ("HKEY_CURRENT_USER\Software\IDAFicator Plugin"), just in case. 3- MuCAsm now remembers last entered text even between debugging 2 sessions. |
|||
| Related URLs: |
|
|||
| Screenshot: |
|---|
 |
Feed containing all updates for this tool.
(please also edit it if you think it fits well in some additional category, since this can also be controlled)
