From Collaborative RCE Tool Library

Jump to: navigation, search

IDAFicator

Tool name: IDAFicator
Rating: 5.0 (2 votes)
Author: AT4RE                        
Website: http://www.at4re.com
Current version: 1.2.12
Last updated: May 6, 2008
Direct D/L link: http://www.at4re.com/tools/Releases/Zool@nder/IDAFicator/IDAFicator_1.2.12.zip
License type: Free
Description: This plugin tries to make the life of OllyDBG© users easier by bringing to him some fast and frequently used function. And here is the list of features brought by the plugin:
Versio, : 1.2.8
What's new:
- optimized assembling abilities (ONE.SHOT.ASSEMBLER)
- new breakpoints menu
- 3 new custom functions
- new mouse actions and shortcuts in disasm and dump windows

Version : 1.2.0
* 11 buttons added to the native toolbar:
1. The go back/forward button.
2. and finally The Reach beginning/End of procedures button
3. The search for all text string button.
4. Hardware Breakpoints Dialog box opener (In a non modal non child DB).
5. Multi-Commands assembler.
6. Target directory opener.
7. Customizable buttons.


* IDA-like mouse features:
1. The DISASSEMBLY WINDOW:
2. The DEFAULT DUMP WINDOW:
3. The STACK WINDOW:

* Dump and set a HWBP on [ESP].

* 'Universal' stolen code restoring

* Address Informer

* Direct Address Copier

And more.

What's new:
1. Adding support for asm like command in 'multicommand assembler'.
Added commands til now are:
1.1) PUSHSTR -> There'are 2 versions of this cmd:
1.1.1) First one, without argument
(ex: pushstr 'kernel32.dll' -> PUSH 3D0000 ; ASCII "kernel32.dll" )
1.1.2) Second one, accept one argument (The address where to assemble)
ex: pushstr 'kernel32.dll', 401000 -> PUSH 00401000

1.2) PUSHALL -> push several commands
(ex: pushall 0402000, @GWL_EXSTYLE
call GetWindowLongA

assembled to: ->
PUSH 00402000
CALL user32.GetWindowLongA)

+/- all constants in windows.inc (thanks hutch and iczelion for this
file) can be used just with the prefix '@'

1.3) INVOKE -> Works like its homologous asm command with an extra
Note that:
1.3.1 - The strings will be assembled in a 'rundom' address
allocated in debugee memory
1.3.2 - you can integrate string directly in the invoke macro
( ex1: invoke MessageBoxA, 'Text1 from invoke macro', 'Text2 from invoke macro', @MB_OK
-> PUSH 0 ; /Style = MB_OK|MB_APPLMODAL
PUSH 1D0030 ; |Title = "Text2 from invoke macro"
PUSH 1D0048 ; |Text = "Text1 from invoke macro"
PUSH 00402000 ; |hOwner = 00402000
CALL DWORD PTR DS:[<&user32.MessageBoxA>> ; \MessageBoxA

ex1: And invoke GetPrivateProfileIntA, 'Section Name', 'Key', 0, 'B:\bla\bla\bla\bla.ini'
-> PUSH 1D0060 ; /IniFileName = "B:\bla\bla\bla\bla.ini"
PUSH 0 ; |Default = 0
PUSH 1D0077 ; |Key = "Key"
PUSH 1D007B ; |Section = "Section Name"
CALL DWORD PTR DS:[<&kernel32.GetPrivate> ; \GetPrivateProfileIntA
)

1.4) Note that the constants are located in 'BYTES.OEP' file provided
with this version (version of 06/05/ 2008) and you've to re^lace the old
one. Otherwise, all constants will return 0 and will assembled : push 0.


2- Position saving for most important and most used dialog boxes.
Please, consider to use the pushstr macro instead of invoke one if the
lenght of pushed text is > 40 chars Privacy note: The last entered piece
of text to assemble in MCasm is stored in registry
("HKEY_CURRENT_USER\Software\IDAFicator Plugin"), just in case.

3- MuCAsm now remembers last entered text even between debugging 2 sessions.
Related URLs:
A flash movie showing most important features brought by IDAFicator ;):
http://www.at4re.com/tools/Releases/Zool@nder/IDAFicator/IDAFicator_1.2.8_Help_Flash_Movie.rar


Screenshot:
Screenshot of IDAFicator


RSS feed Feed containing all updates for this tool.

You are welcome to add your own useful notes about this tool, for others to see!



If you find that any information for the tool above is missing, outdated or incorrect, please edit it!
(please also edit it if you think it fits well in some additional category, since this can also be controlled)


Views
Category Navigation Tree
   Code Coverage Tools  (12)
   Code Ripping Tools  (2)
   Crypto Tools  (5)
   Firefox Extensions  (1)
   Hex Editors  (12)
   Memory Patchers  (3)
   Packers  (16)
   Profiler Tools  (10)
   String Finders  (5)
   Tool Hiding Tools  (5)
   Tracers  (17)
   Needs New Category  (2)