Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.

To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.

The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.

All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.

Plugin OllyDbg : FullDisasm

Plugin related discussions.

For plugins, tools and tutorials see <a href="/collaborative/tools/index.php/Category:OllyDbg_Extensions">OllyStuph</a>
BeatriX
Junior Member
Posts: 25
Joined: Tue Aug 08, 2006 3:32 pm

Plugin OllyDbg : FullDisasm

Post by BeatriX »

Hi,

Here is a small plugin for OllyDbg 1.10 which allows you to replace the old disassemble routine used in OllyDbg by a more recent one (beaengine). With this plugin, you can now debug MMX, FPU, SSE, SSE2, SSE3 and SSSE3 without problems. Example :

Without FullDisasm :

http://binary-reverser.org/tools/FullDi ... isasm1.jpg


With FullDisasm : (press Ctrl+W) :

http://binary-reverser.org/tools/FullDi ... isasm2.jpg

With FullDisasm : (press Ctrl+X)

http://binary-reverser.org/tools/FullDi ... isasm3.jpg


http://binary-reverser.org/tools/FullDi ... Disasm.dll
User avatar
Kayaker
Posts: 4179
Joined: Thu Oct 26, 2000 11:00 am

Post by Kayaker »

Thank you BeatriX,

If it's all right with you, I'd like to add it to the OllyStuph page. It can be updated any time you wish.

Regards,
Kayaker
BeatriX
Junior Member
Posts: 25
Joined: Tue Aug 08, 2006 3:32 pm

Post by BeatriX »

ok, you can add it :) thanks.
User avatar
Shub-nigurrath
Senior Member
Posts: 431
Joined: Mon May 10, 2004 2:00 pm
Location: Obscure Kadath

Post by Shub-nigurrath »

excellent work, can I ask a minor adjustment? An option to insert disassembled code all caps, like normally does Olly..
(¯`·._.·[¯¨´*·~-.¸¸,.-~*´¨ Ŝħůβ¬Ňïĝµŕřāŧħ ₪¯¨´*·~-.¸¸,.-~*´¨]·._.·´¯)
There are only 10 types of people in the world: Those who understand binary, and those who don't
http://www.accessroot.com
User avatar
FoxB
Posts: 458
Joined: Thu Mar 21, 2002 7:20 am
Location: Earth
Contact:

Post by FoxB »

Thu Jun 28 15:27:47 2007 HTTP/1.1 404 Not Found on first place.

try http://reverseengineering.online.fr/too ... Disasm.dll
User avatar
lcx2005
Posts: 57
Joined: Tue Jun 06, 2006 12:56 am

Post by lcx2005 »

FoxB wrote:Thu Jun 28 15:27:47 2007 HTTP/1.1 404 Not Found on first place.

try http://reverseengineering.online.fr/too ... Disasm.dll

Both working for me, But when i use Opera 8.53 the dll change to exe. :confused: but in IE dll.
~ Destination is there,but a little step to reach ~
User avatar
Polaris
Posts: 223
Joined: Sun Jun 02, 2002 2:00 pm
Location: Invincible Cyclones Of FrostWinds
Contact:

Post by Polaris »

Good job, really a nice plugin!
Stand In The Fog With So Cold A Heart... Watching The Death Of The Sun...
BeatriX
Junior Member
Posts: 25
Joined: Tue Aug 08, 2006 3:32 pm

Post by BeatriX »

thanks :) I have added the option Shub-nigurrath asked. You can now have the disasm in upper case. FullDisasm just generate a small file named FullDisasm.txt to save this parameter. (0 = lowercase and 1 = uppercase)
User avatar
lcx2005
Posts: 57
Joined: Tue Jun 06, 2006 12:56 am

Post by lcx2005 »

Thanx for the update.
~ Destination is there,but a little step to reach ~
User avatar
countryman
Junior Member
Posts: 28
Joined: Fri Jan 07, 2005 6:12 am

Thanx to everybody~~~

Post by countryman »

It's really Good plug-in.
thank a lot...
God blessing you!!!
blabberer
Senior Member
Posts: 1535
Joined: Wed Dec 08, 2004 11:12 am

Post by blabberer »

nice plugin there BeatriX
BeatriX
Junior Member
Posts: 25
Joined: Tue Aug 08, 2006 3:32 pm

Post by BeatriX »

thanks :) Here is an updated version with two new options :
1 ) You can now use tabulation between mnemonic and arguments .(thanks to AvOid for the idea).
2 ) You can see in the right window (with registers) informations about supported technologies on your processor.

FullDisasm 1.4 :

http://binary-reverser.org/tools/FullDi ... Disasm.dll
BeatriX
Junior Member
Posts: 25
Joined: Tue Aug 08, 2006 3:32 pm

Post by BeatriX »

new update. Here is the 1.5 version.

1 ) FullDisasm is now able to disassemble SSE4.1 and SSE4.2
2 ) FullDisasm allows to use 2 new syntaxes : NASM and GOASM.
3 ) For those two syntaxes, FullDisasm allows to display numbers under 2 formats : C style and asm style -> 0x1234 or 1234h.

Examples :

Code: Select all

OllyDbg MASM32 Syntax :

00401000  PUSH TEST.004016EE
00401005  PUSH DWORD PTR FS:[0]
0040100C  MOV DWORD PTR FS:[0], ESP
00401013  PUSH TEST.0041531A     
00401018  CALL <JMP.&kernel32.LoadLibraryA>

FullDisasm MASM32 Syntax :

00401000  push 4016EEh
00401005  push dword ptr fs:[0h]
0040100C  mov dword ptr fs:[0h], esp
00401013  push 41531Ah                             
00401018  call 413228h

FullDisasm NASM Syntax :

00401000  push 4016EEh
00401005  push dword [fs:0h]
0040100C  mov dword [fs:0h], esp
00401013  push 41531Ah                            
00401018  call 413228h

FullDisasm NASM Syntax + C style numbers :

00401000  push 0x4016EE
00401005  push dword [fs:0x0]
0040100C  mov dword [fs:0x0], esp
00401013  push 0x41531A                           
00401018  call 0x413228

FullDisasm GOASM Syntax :

00401000  push 4016EEh
00401005  push d fs:[0h]
0040100C  mov d fs:[0h], esp
00401013  push 41531Ah                           
00401018  call 413228h

FullDisasm GOASM Syntax + C style numbers :

00401000  push 0x4016EE
00401005  push d fs:[0x0]
0040100C  mov d fs:[0x0], esp
00401013  push 0x41531A                           
00401018  call 0x413228
http://reverseengineering.online.fr/too ... Disasm.dll
User avatar
Kayaker
Posts: 4179
Joined: Thu Oct 26, 2000 11:00 am

Post by Kayaker »

Hi

I found a bit of an "issue" with the plugin. Any breakpoint you set is interpreted and displayed as an "INT3", instead of showing the underlying instruction as Olly normally does. Toggle the bp off and the proper disassembly returns, toggle the bp back on and the plugin corrupts the disasm by showing the hidden 0xCC.

Now, this may be by design or by nature, it doesn't really matter. The problem is that the effect is present whether the plugin is being used or not, simply being loaded from the plugin directory is enough for it to be making these overt changes.

I don't see anything in ODBG_Plugininit that might be causing that, but if the plugin isn't being used it shouldn't be having such an effect on the display. Just thought I'd mention that.

Regards,
Kayaker
BeatriX
Junior Member
Posts: 25
Joined: Tue Aug 08, 2006 3:32 pm

Post by BeatriX »

thanks Kayaker. You are right, in the last versions (1.4 - 1.5), I use my own buffer filled with readprocessmemory to catch the code to analyze instead of using the OllyDbg's buffer. This is the reason of such trouble. I have fixed this problem in the version 1.53.
By the way, displaying int3 is a natural behavior from the disassemble engine and not a feature I wanted to "exploit".

http://reverseengineering.online.fr/too ... Disasm.dll
Locked