Page 1 of 4 1234 LastLast
Results 1 to 15 of 49

Thread: Plugin OllyDbg : FullDisasm

  1. #1

    Plugin OllyDbg : FullDisasm

    Hi,

    Here is a small plugin for OllyDbg 1.10 which allows you to replace the old disassemble routine used in OllyDbg by a more recent one (beaengine). With this plugin, you can now debug MMX, FPU, SSE, SSE2, SSE3 and SSSE3 without problems. Example :

    Without FullDisasm :

    http://binary-reverser.org/tools/FullDisasm/FullDisasm1.jpg


    With FullDisasm : (press Ctrl+W) :

    http://binary-reverser.org/tools/FullDisasm/FullDisasm2.jpg

    With FullDisasm : (press Ctrl+X)

    http://binary-reverser.org/tools/FullDisasm/FullDisasm3.jpg


    http://binary-reverser.org/tools/FullDisasm/FullDisasm.dll
    Last edited by BeatriX; June 27th, 2007 at 16:01.

  2. #2
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,157
    Blog Entries
    5
    Thank you BeatriX,

    If it's all right with you, I'd like to add it to the OllyStuph page. It can be updated any time you wish.

    Regards,
    Kayaker

  3. #3
    ok, you can add it thanks.

  4. #4
    Super Moderator Shub-nigurrath's Avatar
    Join Date
    May 2004
    Location
    Obscure Kadath
    Posts
    430
    excellent work, can I ask a minor adjustment? An option to insert disassembled code all caps, like normally does Olly..
    (`._.[*~-.,.-~* ŜħůβŇĝŕřāŧħ ₪*~-.,.-~*]._.)
    There are only 10 types of people in the world: Those who understand binary, and those who don't
    http://www.accessroot.com

  5. #5
    Founder FoxB's Avatar
    Join Date
    Mar 2002
    Location
    Earth
    Posts
    450
    Thu Jun 28 15:27:47 2007 HTTP/1.1 404 Not Found on first place.

    try http://reverseengineering.online.fr/tools/FullDisasm/FullDisasm.dll

  6. #6
    Teach,Flame,Enl*ten me :) lcx2005's Avatar
    Join Date
    Jun 2006
    Posts
    57
    Quote Originally Posted by FoxB View Post
    Thu Jun 28 15:27:47 2007 HTTP/1.1 404 Not Found on first place.

    try http://reverseengineering.online.fr/tools/FullDisasm/FullDisasm.dll

    Both working for me, But when i use Opera 8.53 the dll change to exe. but in IE dll.
    ~ Destination is there,but a little step to reach ~

  7. #7
    Master Of Nebulah Frost Polaris's Avatar
    Join Date
    Jun 2002
    Location
    Invincible Cyclones Of FrostWinds
    Posts
    221
    Good job, really a nice plugin!
    Stand In The Fog With So Cold A Heart... Watching The Death Of The Sun...

  8. #8
    thanks I have added the option Shub-nigurrath asked. You can now have the disasm in upper case. FullDisasm just generate a small file named FullDisasm.txt to save this parameter. (0 = lowercase and 1 = uppercase)

  9. #9
    Teach,Flame,Enl*ten me :) lcx2005's Avatar
    Join Date
    Jun 2006
    Posts
    57
    Thanx for the update.
    ~ Destination is there,but a little step to reach ~

  10. #10

    Thanx to everybody~~~

    It's really Good plug-in.
    thank a lot...
    God blessing you!!!

  11. #11
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,529
    Blog Entries
    15
    nice plugin there BeatriX

  12. #12
    thanks Here is an updated version with two new options :
    1 ) You can now use tabulation between mnemonic and arguments .(thanks to AvOid for the idea).
    2 ) You can see in the right window (with registers) informations about supported technologies on your processor.

    FullDisasm 1.4 :

    http://binary-reverser.org/tools/FullDisasm/FullDisasm.dll

  13. #13
    new update. Here is the 1.5 version.

    1 ) FullDisasm is now able to disassemble SSE4.1 and SSE4.2
    2 ) FullDisasm allows to use 2 new syntaxes : NASM and GOASM.
    3 ) For those two syntaxes, FullDisasm allows to display numbers under 2 formats : C style and asm style -> 0x1234 or 1234h.

    Examples :

    Code:
    OllyDbg MASM32 Syntax :
    
    00401000  PUSH TEST.004016EE
    00401005  PUSH DWORD PTR FS:[0]
    0040100C  MOV DWORD PTR FS:[0], ESP
    00401013  PUSH TEST.0041531A     
    00401018  CALL <JMP.&kernel32.LoadLibraryA>
    
    FullDisasm MASM32 Syntax :
    
    00401000  push 4016EEh
    00401005  push dword ptr fs:[0h]
    0040100C  mov dword ptr fs:[0h], esp
    00401013  push 41531Ah                             
    00401018  call 413228h
    
    FullDisasm NASM Syntax :
    
    00401000  push 4016EEh
    00401005  push dword [fs:0h]
    0040100C  mov dword [fs:0h], esp
    00401013  push 41531Ah                            
    00401018  call 413228h
    
    FullDisasm NASM Syntax + C style numbers :
    
    00401000  push 0x4016EE
    00401005  push dword [fs:0x0]
    0040100C  mov dword [fs:0x0], esp
    00401013  push 0x41531A                           
    00401018  call 0x413228
    
    FullDisasm GOASM Syntax :
    
    00401000  push 4016EEh
    00401005  push d fs:[0h]
    0040100C  mov d fs:[0h], esp
    00401013  push 41531Ah                           
    00401018  call 413228h
    
    FullDisasm GOASM Syntax + C style numbers :
    
    00401000  push 0x4016EE
    00401005  push d fs:[0x0]
    0040100C  mov d fs:[0x0], esp
    00401013  push 0x41531A                           
    00401018  call 0x413228
    http://reverseengineering.online.fr/tools/FullDisasm/FullDisasm.dll

  14. #14
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,157
    Blog Entries
    5
    Hi

    I found a bit of an "issue" with the plugin. Any breakpoint you set is interpreted and displayed as an "INT3", instead of showing the underlying instruction as Olly normally does. Toggle the bp off and the proper disassembly returns, toggle the bp back on and the plugin corrupts the disasm by showing the hidden 0xCC.

    Now, this may be by design or by nature, it doesn't really matter. The problem is that the effect is present whether the plugin is being used or not, simply being loaded from the plugin directory is enough for it to be making these overt changes.

    I don't see anything in ODBG_Plugininit that might be causing that, but if the plugin isn't being used it shouldn't be having such an effect on the display. Just thought I'd mention that.

    Regards,
    Kayaker

  15. #15
    thanks Kayaker. You are right, in the last versions (1.4 - 1.5), I use my own buffer filled with readprocessmemory to catch the code to analyze instead of using the OllyDbg's buffer. This is the reason of such trouble. I have fixed this problem in the version 1.53.
    By the way, displaying int3 is a natural behavior from the disassemble engine and not a feature I wanted to "exploit".

    http://reverseengineering.online.fr/tools/FullDisasm/FullDisasm.dll

Similar Threads

  1. Replies: 10
    Last Post: August 31st, 2012, 18:58
  2. Replies: 14
    Last Post: March 11th, 2012, 08:29
  3. DebugActiveProcessStop Plugin for OllyDbg
    By Teerayoot in forum Plugins (General)
    Replies: 13
    Last Post: November 8th, 2004, 07:53
  4. Plugin OllyDbg problem
    By OllyView in forum Plugins (General)
    Replies: 3
    Last Post: October 3rd, 2004, 10:19
  5. Need help with IDA Plugin
    By Polaris in forum Tools of Our Trade (TOT) Messageboard
    Replies: 0
    Last Post: November 29th, 2001, 17:18

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •