Hi,
Here is a small plugin for OllyDbg 1.10 which allows you to replace the old disassemble routine used in OllyDbg by a more recent one (beaengine). With this plugin, you can now debug MMX, FPU, SSE, SSE2, SSE3 and SSSE3 without problems. Example :
Without FullDisasm :
http://binary-reverser.org/tools/FullDi ... isasm1.jpg
With FullDisasm : (press Ctrl+W) :
http://binary-reverser.org/tools/FullDi ... isasm2.jpg
With FullDisasm : (press Ctrl+X)
http://binary-reverser.org/tools/FullDi ... isasm3.jpg
http://binary-reverser.org/tools/FullDi ... Disasm.dll
Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.
To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.
The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.
All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.
Please be patient while the rest of the site is restored.
To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.
The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.
All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.
Plugin OllyDbg : FullDisasm
-
Shub-nigurrath
- Senior Member
- Posts: 431
- Joined: Mon May 10, 2004 2:00 pm
- Location: Obscure Kadath
excellent work, can I ask a minor adjustment? An option to insert disassembled code all caps, like normally does Olly..
(¯`·._.·[¯¨´*·~-.¸¸,.-~*´¨ Ŝħůβ¬Ňïĝµŕřāŧħ ₪¯¨´*·~-.¸¸,.-~*´¨]·._.·´¯)
There are only 10 types of people in the world: Those who understand binary, and those who don't
http://www.accessroot.com
There are only 10 types of people in the world: Those who understand binary, and those who don't
http://www.accessroot.com
Thu Jun 28 15:27:47 2007 HTTP/1.1 404 Not Found on first place.
try http://reverseengineering.online.fr/too ... Disasm.dll
try http://reverseengineering.online.fr/too ... Disasm.dll
FoxB wrote:Thu Jun 28 15:27:47 2007 HTTP/1.1 404 Not Found on first place.
try http://reverseengineering.online.fr/too ... Disasm.dll
Both working for me, But when i use Opera 8.53 the dll change to exe.
but in IE dll.~ Destination is there,but a little step to reach ~
-
countryman
- Junior Member
- Posts: 28
- Joined: Fri Jan 07, 2005 6:12 am
Thanx to everybody~~~
It's really Good plug-in.
thank a lot...
God blessing you!!!
thank a lot...
God blessing you!!!
thanks 
Here is an updated version with two new options :
1 ) You can now use tabulation between mnemonic and arguments .(thanks to AvOid for the idea).
2 ) You can see in the right window (with registers) informations about supported technologies on your processor.
FullDisasm 1.4 :
http://binary-reverser.org/tools/FullDi ... Disasm.dll
Here is an updated version with two new options :1 ) You can now use tabulation between mnemonic and arguments .(thanks to AvOid for the idea).
2 ) You can see in the right window (with registers) informations about supported technologies on your processor.
FullDisasm 1.4 :
http://binary-reverser.org/tools/FullDi ... Disasm.dll
new update. Here is the 1.5 version.
1 ) FullDisasm is now able to disassemble SSE4.1 and SSE4.2
2 ) FullDisasm allows to use 2 new syntaxes : NASM and GOASM.
3 ) For those two syntaxes, FullDisasm allows to display numbers under 2 formats : C style and asm style -> 0x1234 or 1234h.
Examples :
http://reverseengineering.online.fr/too ... Disasm.dll
1 ) FullDisasm is now able to disassemble SSE4.1 and SSE4.2
2 ) FullDisasm allows to use 2 new syntaxes : NASM and GOASM.
3 ) For those two syntaxes, FullDisasm allows to display numbers under 2 formats : C style and asm style -> 0x1234 or 1234h.
Examples :
Code: Select all
OllyDbg MASM32 Syntax :
00401000 PUSH TEST.004016EE
00401005 PUSH DWORD PTR FS:[0]
0040100C MOV DWORD PTR FS:[0], ESP
00401013 PUSH TEST.0041531A
00401018 CALL <JMP.&kernel32.LoadLibraryA>
FullDisasm MASM32 Syntax :
00401000 push 4016EEh
00401005 push dword ptr fs:[0h]
0040100C mov dword ptr fs:[0h], esp
00401013 push 41531Ah
00401018 call 413228h
FullDisasm NASM Syntax :
00401000 push 4016EEh
00401005 push dword [fs:0h]
0040100C mov dword [fs:0h], esp
00401013 push 41531Ah
00401018 call 413228h
FullDisasm NASM Syntax + C style numbers :
00401000 push 0x4016EE
00401005 push dword [fs:0x0]
0040100C mov dword [fs:0x0], esp
00401013 push 0x41531A
00401018 call 0x413228
FullDisasm GOASM Syntax :
00401000 push 4016EEh
00401005 push d fs:[0h]
0040100C mov d fs:[0h], esp
00401013 push 41531Ah
00401018 call 413228h
FullDisasm GOASM Syntax + C style numbers :
00401000 push 0x4016EE
00401005 push d fs:[0x0]
0040100C mov d fs:[0x0], esp
00401013 push 0x41531A
00401018 call 0x413228
Hi
I found a bit of an "issue" with the plugin. Any breakpoint you set is interpreted and displayed as an "INT3", instead of showing the underlying instruction as Olly normally does. Toggle the bp off and the proper disassembly returns, toggle the bp back on and the plugin corrupts the disasm by showing the hidden 0xCC.
Now, this may be by design or by nature, it doesn't really matter. The problem is that the effect is present whether the plugin is being used or not, simply being loaded from the plugin directory is enough for it to be making these overt changes.
I don't see anything in ODBG_Plugininit that might be causing that, but if the plugin isn't being used it shouldn't be having such an effect on the display. Just thought I'd mention that.
Regards,
Kayaker
I found a bit of an "issue" with the plugin. Any breakpoint you set is interpreted and displayed as an "INT3", instead of showing the underlying instruction as Olly normally does. Toggle the bp off and the proper disassembly returns, toggle the bp back on and the plugin corrupts the disasm by showing the hidden 0xCC.
Now, this may be by design or by nature, it doesn't really matter. The problem is that the effect is present whether the plugin is being used or not, simply being loaded from the plugin directory is enough for it to be making these overt changes.
I don't see anything in ODBG_Plugininit that might be causing that, but if the plugin isn't being used it shouldn't be having such an effect on the display. Just thought I'd mention that.
Regards,
Kayaker
thanks Kayaker. You are right, in the last versions (1.4 - 1.5), I use my own buffer filled with readprocessmemory to catch the code to analyze instead of using the OllyDbg's buffer. This is the reason of such trouble. I have fixed this problem in the version 1.53.
By the way, displaying int3 is a natural behavior from the disassemble engine and not a feature I wanted to "exploit".
http://reverseengineering.online.fr/too ... Disasm.dll
By the way, displaying int3 is a natural behavior from the disassemble engine and not a feature I wanted to "exploit".
http://reverseengineering.online.fr/too ... Disasm.dll