Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.

To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.

The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.

All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.

Plugin: Memory Dump

Plugin related discussions.

For plugins, tools and tutorials see <a href="/collaborative/tools/index.php/Category:OllyDbg_Extensions">OllyStuph</a>
aeon
Junior Member
Posts: 26
Joined: Thu Jun 07, 2007 4:20 am

Plugin: Memory Dump

Post by aeon »

Hi

I often need copy just a number of bytes from debugged process to a file , there are few plugins but all of them works on principle of entering start and end addresses manually. I've been searching for something simple which would allowed me easily copy a number of bytes from dump window but could not find anything, so I decided to write it myself.

Simply select desired bytes in dump window , open right click menu and
pick 'Memory Dump' to save them.

that's all

I know it's lame, it's my first plugin.....I hope somebody find it useful

http://rapidshare.com/files/41739240/Me ... p.zip.html
BeatriX
Junior Member
Posts: 25
Joined: Tue Aug 08, 2006 3:32 pm

Post by BeatriX »

Yes, it is a good tool. Thanks :) Usually, we must dump the entire section and cut it with an hex editor. Now, it is very simple. Just a question, what are the others plugins which allow us to dump bytes ?

I just know "Data Ripper" to dump datas usable in a source code. "Export table" is doing the same thing with less options.
aeon
Junior Member
Posts: 26
Joined: Thu Jun 07, 2007 4:20 am

Post by aeon »

BeatriX wrote:Usually, we must dump the entire section and cut it with an hex editor. Now, it is very simple.
I was tired of this


I just know "Data Ripper" to dump datas usable in a source code. "Export table" is doing the same thing with less options.
yep, but those you mention are different, I know of 2 which do binary dump
one is Memory Backup and second is IsDebuggerPresent, it contains a dumper
BeatriX
Junior Member
Posts: 25
Joined: Tue Aug 08, 2006 3:32 pm

Post by BeatriX »

just a small comment. I don't think it is a good idea to pack your plugin aeon. Not very handy if we want to debug or disassemble it. Are you afraid with the size of your dll ? And more, if I want to debug Olly with Olly itself, by default, we get the famous message about BaseOfCode.
aeon
Junior Member
Posts: 26
Joined: Thu Jun 07, 2007 4:20 am

Post by aeon »

well, I do not like having my plugin debugged or disassembled, just because my coding is terrible , I've seen packed plugins although it was only UPX , yep, size is another reason I do not like 22KB, 11KB is much better
LLXX
Senior Member
Posts: 981
Joined: Wed Aug 17, 2005 8:37 pm

Post by LLXX »

BeatriX wrote:just a small comment. I don't think it is a good idea to pack your plugin aeon. Not very handy if we want to debug or disassemble it. Are you afraid with the size of your dll ? And more, if I want to debug Olly with Olly itself, by default, we get the famous message about BaseOfCode.
Packed? So what? No problem! Nothing a little reversing can't fix ;)

If you don't want your code disassembled, this is the wrong forum for you. Consider that many of the users here are quite skilled reversers and for them unpacking is trivial.

...but really, OllyDbg already has this functionality. Select bytes, Rightclick -> Binary -> Binary Copy. Then paste in whatever editor of choice.
[ ~Litana L.X. Xahanien~ ]
blabberer
Senior Member
Posts: 1535
Joined: Wed Dec 08, 2004 11:12 am

Post by blabberer »

LLXX wrote:...but really, OllyDbg already has this functionality. Select bytes, Rightclick -> Binary -> Binary Copy. Then paste in whatever editor of choice.
well that copies ascii representation of binary
not as .bin :p

though you can copy bin
with right click-> createbackup-> save backup to file :smug:

this plugin copies specific selection while save backup will save the entire page so it has some added functionality that may be of use to some
aeon
Junior Member
Posts: 26
Joined: Thu Jun 07, 2007 4:20 am

Post by aeon »

If you don't want your code disassembled, this is the wrong forum for you. Consider that many of the users here are quite skilled reversers and for them unpacking is trivial.
I still do not want my code disassembled but that's not important , I know somebody does it and that's fine, that's point of this forum, to learn.

Probably none of the serious programmers want their applications to be disassembled and still is a high chance somebody will do it. :cool:


Binary Copy copies hex representation of selected bytes, not bytes themselves
aeon
Junior Member
Posts: 26
Joined: Thu Jun 07, 2007 4:20 am

Post by aeon »

I have made small update :

- copy to clipboard: this comes handy when user wants to access string from dump fast and use it immediately somewhere else (does not work very well with control characters)

- version for immunity debugger

http://www.zippyshare.com/v/55465328/Me ... p.zip.html
aeon
Junior Member
Posts: 26
Joined: Thu Jun 07, 2007 4:20 am

Post by aeon »

I've added exporting tables for c, asm and delphi

http://www1.zippyshare.com/v/11314507/file.html
aeon
Junior Member
Posts: 26
Joined: Thu Jun 07, 2007 4:20 am

Post by aeon »

I did last update

Description:

Code: Select all


In the dump window right click and select 'Memory Dump' in the popup menu 
 pick your choice.

 Possible choices are:

 - File
    Copies selected bytes from dump into a file.
			
 - Clipboard
    Copies selected bytes from dump into a clipboard (text only).

 - Delphi/Pascal Table
    Generates table of selected bytes which can be easily used in Delphi/Pascal

 - C/C++ Table
    Generates table of selected bytes which can be easily used in C/C++

 - ASM Table
    Generates table of selected bytes which can be easily used in Assembler 
    (MASM Tested)

 - Visual Basic Table
    Generates table of selected bytes which can be easily used in Visual Basic 

 - Range Dump
    Dumps Range of defined bytes by: 

	- Lenght : Tick End Address/Lenght
        - End Address : Untick End Address/Lenght

    Xor Dump With: Self-explanatory 
	
    Button with [<] symbol enters address of last byte clicked(not selected) in the dump,
    it's more convenient than entering addresses manually.


 - Xor Selection
    Xors Selection and shows dumped data in Olly's window. This window cannot be used 
    for another byte manipulation with plugin because dump is created in your Win's 
    temporary folder and not in memory.



http://www.zippyshare.com/v/4380600/file.html
JMI
Senior Member
Posts: 5329
Joined: Wed Apr 25, 2001 2:00 pm

Post by JMI »

Thanks again for keeping us updated! :yay:

Regards,
JMI
TQN
Senior Member
Posts: 121
Joined: Thu Oct 02, 2003 1:21 am

Post by TQN »

Simple but very good plugin, aeon. Can you post or PM me the source code ?
Thank you very much !
User avatar
Nacho_dj
Posts: 95
Joined: Mon Jul 04, 2005 2:07 am
Contact:

Post by Nacho_dj »

aeon wrote:

Code: Select all

 - Delphi/Pascal Table
    Generates table of selected bytes which can be easily used in Delphi/Pascal
I wish this had been developed before, I have managed very big block of bytes to be converted to Delphi tables. :eek:

Well, from now this will get easier and more confortable.

Many thanks for your good work :yay:

Nacho_dj
aeon
Junior Member
Posts: 26
Joined: Thu Jun 07, 2007 4:20 am

Post by aeon »

TQN wrote:Simple but very good plugin, aeon. Can you post or PM me the source code ?
Thank you very much !
huh, you are the guy who made SDK for delphi :)

did not I metion that my coding is ..... ehm......terrible? If there is something wrong(bug) or you're interested in something particular, just tell me
Nacho_dj wrote:I wish this had been developed before, I have managed very big block of bytes to be converted to Delphi tables. :eek:

Well, from now this will get easier and more confortable.

Many thanks for your good work :yay:

Nacho_dj
actually there is such plugin



thank you guys , you're welcome ;)
Locked