Results 1 to 3 of 3

Thread: Findreferences OllyDbg plugin API documentation

  1. #1

    Findreferences OllyDbg plugin API documentation


    I'm using OllyDbg 1.1 and am writing a plugin. I'd like to get all references (calls in particular) of a specified function. I can do this in the Olly GUI, but there is no documentation for the corresponding API function:

    extc int cdecl Findreferences(ulong base,ulong size,ulong addr0,ulong addr1, ulong origin,int recurseonjump,char *title);

    Could anyone please shed some light on what the correct values are if I want to retrieve alls calls to a function entry point?


    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Red wine, not vodka! ZaiRoN's Avatar
    Join Date
    Oct 2001
    Blog Entries
    004010B8   33C0             XOR EAX,EAX
    004010BA   90               NOP
    004010BB   83C0 01          ADD EAX,1
    004010BE   40               INC EAX
    004010BF   0000             ADD BYTE PTR DS:[EAX],AL
    004010C1   E8 F2FFFFFF      CALL Copia_di.004010B8
    004010C6   90               NOP
    004010C7   68 B8104000      PUSH Copia_di.004010B8
    004010CC   0000             ADD BYTE PTR DS:[EAX],AL
    004010CE   E8 E7FFFFFF      CALL Copia_di.004010BA
    004010D3   90               NOP
    If you want to find all the references to 0x4010B8 you have to call FindReferences using this form:
    Findreferences(0x401000, 0x2000, 0x4010B8,0x4010B9,0x4010B8,0,"Test references");
    Ollydbg looks for references inside range 401000/401000+2000. It's pretty easy to understand how Findreferences works, you have only to play with the parameters.
    The function returns two entries: 4010C1 and 4010C7 and Ollydbg shows the result on a new window. If you want to use the entries in your plugin (i.e. filtering call instructions only...) you have to retrieve them using the function PlugingetValue:
    t_table *tTable;
    tTable = (t_table *)Plugingetvalue(VAL_REFERENCES);
    Message(NULL, "Address: %X",((t_sortheader*)tTable->>addr);
    Plugingetvalue in combination with VAL_REFERENCES is used to get the table with found references. Once you have it you can start with your own operation. I simply print the first reference.

    I'm not an Olly guru but that's a way...
    Last edited by ZaiRoN; February 1st, 2007 at 10:50.

  3. #3
    Thank you very much for the quick reply - this looks exactly like the info I was looking. Will try it out.


    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. New plugin for OllyDbg
    By Aster!x in forum Plugins (General)
    Replies: 32
    Last Post: August 2nd, 2011, 04:14
  2. OllyDbg 1.03b released - plugin support
    By TBD in forum Tools of Our Trade (TOT) Messageboard
    Replies: 1
    Last Post: September 9th, 2010, 06:55
  3. How to add new plugin in OllyDbg
    By nidostyle in forum OllyDbg Support Forums
    Replies: 2
    Last Post: September 27th, 2007, 03:27
  4. sentinel sdk documentation
    By Shub-nigurrath in forum Advanced Reversing and Programming
    Replies: 1
    Last Post: June 21st, 2006, 05:07
  5. OllyDbg scripting plugin
    By crassy in forum OllyScript Plugin
    Replies: 42
    Last Post: May 7th, 2004, 09:11


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts