Results 1 to 15 of 15

Thread: ApiBreak - New Ollydbg Plugin

  1. #1
    Nonameo
    Guest

    ApiBreak - New Ollydbg Plugin

    Hey guys, i was debugging the other day and had an idea that i think would make it just a little bit easier for me.

    So i decided to make the idea into a plugin

    Its almost complete, it will probably be finished later today, but then i'll have to do some final testing.

    The plugin:
    My plugin lists some commonly used api calls, sorted into 6 groups. The user can quickly and easily put a breakpoint on the entrypoint to one or more of these functions.

    For example:
    User wants to trap all calls to RegQueryValueA, this can be done very easily without having to seach for this in "Intermodular Calls"

    The 6 groups are:
    Registry
    Time
    Dialog
    Memory
    Strings
    Point H

    Time will have things like "GetLocalTime"
    Dialog will have things like "SendDlgItemMessage"
    Memory will have things like "VirtualProtect"
    Strings will have things like "lstrcmp"

    Any suggestions would be appreciated

    Thanks

    -Nonameo-
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Nonameo
    Guest

    ApiBreak - New Ollydbg Plugin

    Well here it is.

    Includes the plugin and help file

    Enjoy

    -Nonameo-

    http://nikt.zog.net.au/ApiBreak.rar
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    1bitshort
    Guest

    ApiBreak - New Ollydbg Plugin

    i hate to sound like a party pooper but i dont see how a plugin can simplify something that is already so simple!
    To breakpoint on an API function its easy enough just to hit Ctrl+G (Goto Address), then type in the API name like VirtualProtect and Olly will take you there. F2 to set the breakpoint. Couldnt get much easier than that!
    Anyway good work and i hope i havent discouraged you from making other plugins, im sure some will find your plugin helpful
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    Nonameo
    Guest

    ApiBreak - New Ollydbg Plugin

    yea, well if anything, this was a major learning experience as far as MASM goes. even if no one uses it, i've got my foot in the door to make more stuff.

    Thanks

    -Nonameo-
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    1bitshort
    Guest

    ApiBreak - New Ollydbg Plugin

    Then it was well worthwhile Now that youve made one plugin hopefully the floodgates will open!
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    Grumper
    Guest

    ApiBreak - New Ollydbg Plugin

    Hi, a very good plugin and usefull.
    It helps a lot, not to set the bp by hand


    But just one thing:

    Is it possible to set Bp on more than one group, without "Start" the
    plugin again.
    Because whenever i set a bp on a group the plugin closes.


    Oh and you should read the posts on exetools forum (Software)
    I like the idea with the ini ( if it is possible)
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  7. #7
    haggar
    Guest

    ApiBreak - New Ollydbg Plugin

    It's not some big thing, but it's good thing for lazy peoples like me who don't want to open modules window every time when wanting to place toggle bp.

    Add CreateFileA and couple more,.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  8. #8
    Grumper
    Guest

    ApiBreak - New Ollydbg Plugin

    Just: One more thing ( if it is possible)


    Some protectors emulate the first Commands of evey APi, so whenever

    they use the API they jump directly to the "middle" of every APi and not to the EP.

    So of course our BP won`t work, even if the app uses the API

    So if it is possible, it will be a good idea to have the possibility not to set the BP on the EP of the APi but some bytes after it.

    Regards
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  9. #9
    1bitshort
    Guest

    ApiBreak - New Ollydbg Plugin

    > So if it is possible, it will be a good idea to
    > have the possibility not to set the BP on the
    > EP of the APi but some bytes after it.

    Two problems with attempting to automate that process ...

    1) It would only be possible if the plugin used a disassembler (or instruction length disassembler like LDE32), because the plugin would need to know that the byte "in the middle of the API function" that it's breaking on is the start of an instruction - you can't set a breakpoint in the middle of an instruction, that just corrupts the code.

    2) Some functions are very short. Consider GetCommandLineA for example:
    7C812C8D A1 F435887C mov eax,[7C8835F4]
    7C812C92 C3 retn
    So in this case it would also need to disassemble and analyse the code (like Ollydbg does) to recognise where the function physically ends. The alternative to that is to assume that API functions are at least 2 instructions long and always set a breakpoint on the 2nd instruction, but if protectors "emulate the first few instructions of API functions" then that defeats that also.

    In other words - don't even bother.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  10. #10
    Fumio
    Guest

    ApiBreak - New Ollydbg Plugin

    I believe your plugin will be useful, however It will not appear in my plugin menu. Yes I have placed Apibreak.dll in olly file.
    Any suggestions on what I could be doing wrong?
    Regards Fumio
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  11. #11
    Nonameo
    Guest

    ApiBreak - New Ollydbg Plugin

    thats weird, i havent had anyone else having this problem..

    are you using an old version of olly ?

    it needs to be 1.08 or higher

    hope this helps

    -Nonameo-
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  12. #12
    Fumio
    Guest

    ApiBreak - New Ollydbg Plugin

    Hi Nonameo,
    Thanks for the reply. I had been using Olly 1.10 (step 2) and have now downloaded latest version and APIBreak initializes. Thanks for your help.
    Fumio
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  13. #13
    pedram
    Guest

    ApiBreak - New Ollydbg Plugin

    Nonameo,

    Interesting plug-in concept. Definetely useful. This functionality can also be achieved by creating the relevant breakpoint sets for OllyDbg Breakpoint Manager available from the stuph page.

    -pedram
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  14. #14
    HAANDI
    Guest

    ApiBreak - New Ollydbg Plugin

    Hi, that one is a really nice Plugin but doesnt cantain some functions I often need.
    The SendMessageA and SendDlgItemMessageA have to have a Contidion MSG==WM_GETTEXT, because so they break to often.
    THen there has to be a CallWindowProcA MSG==WM_GETTEXT.
    For strings in vb a also need __vbaStrCmp.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  15. #15
    Registered User
    Join Date
    May 2006
    Location
    France
    Posts
    129

    ApiBreak - New Ollydbg Plugin

    with OllyScript :

    // === break on load module ===
    var handle
    // trouve l'adresse de la fonction
    gpa "LoadLibraryA","kernel32"
    // stocke l'adresse de la fonction
    mov handle,$RESULT
    // pose un breakpoint
    bp handle //or bphws handle,"x" (hardware bp)

    So you can do that easily, for groups, you can also use several subscripts with #INC group_script.txt

Similar Threads

  1. NonaWrite - New Ollydbg Plugin
    By Nonameo in forum Plugins (General)
    Replies: 19
    Last Post: July 29th, 2006, 17:25
  2. Plugin problem!
    By MNc99 in forum Plugins (General)
    Replies: 2
    Last Post: July 25th, 2005, 14:01
  3. Plugin for Ollydbg and AntiDetectOllyPatch
    By guest in forum Plugins (General)
    Replies: 3
    Last Post: July 12th, 2005, 10:49
  4. Plugin for Ida 4.1.5.520
    By h8er in forum Tools of Our Trade (TOT) Messageboard
    Replies: 2
    Last Post: January 28th, 2002, 18:18
  5. Need help with IDA Plugin
    By Polaris in forum Tools of Our Trade (TOT) Messageboard
    Replies: 0
    Last Post: November 29th, 2001, 17:18

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •