Plugin: Memory Dump

Plugin related discussions.

For plugins, tools and tutorials see <a href="/collaborative/tools/index.php/Category:OllyDbg_Extensions">OllyStuph</a>
Senior Member
Posts: 121
Joined: Thu Oct 02, 2003 1:21 am

Post by TQN »

Hi aeon !
I am modifying the plugin.pas to support plugin for OllyDbg and ImmDbg. With this plugin.pas, we can build only once DLL and it will be used in OllyDbg and ImmDbg as well, not need to build two dll for each OllyDbg and ImmDbg.
I need some plugin source code to test, and I see your plugin is very interest.
User avatar
Posts: 4209
Joined: Mon Oct 30, 2000 7:00 am
Location: Ring -1

Post by dELTA »

Sounds great TQN, please let us know when the update is complete, and where we can find it. :yay:

Aeon, now you have an opportunity to contribute to the actual Olly Delphi SDK, so hurry up sending your source code over to TQN now. ;)
Senior Member
Posts: 5329
Joined: Wed Apr 25, 2001 2:00 pm

Post by JMI »

And don't worry too much about whether or not your "code" is "pretty. If it "works," TQN will "figure it out." :yay:

Junior Member
Posts: 26
Joined: Thu Jun 07, 2007 4:20 am

Post by aeon »

after two years of inactivity I decided for small update

Code: Select all

 Plugin is intended to save/load bytes from momory dump window of the process in 
 various forms. In the dump window right click and select 'Memory Dump' in the popup menu 
 pick your choice.

 Possible choices are:

 - Load Dump
    Allows to fill process' memory with data from a file. (Be sure what you are 
    doing, overwriting the process memory may cause you a lot of trouble.)

 - Save Dump
    Copies selected bytes from dump into a file.
 - Clipboard(Text)
    Copies selected bytes from dump into a clipboard (text only).

 - Delphi/Pascal Table
    Generates table of selected bytes which can be easily used in Delphi/Pascal

 - C/C++ Table
    Generates table of selected bytes which can be easily used in C/C++

 - ASM Table
    Generates table of selected bytes which can be easily used in Assembler 
    (MASM Tested)

 - Visual Basic Table
    Generates table of selected bytes which can be easily used in Visual Basic 

 - Range Dump (ALT+R)
    Dumps Range of defined bytes by: 

	- Lenght : Tick End Address/Lenght
        - End Address : Untick End Address/Lenght

    Xor Dump With: Self-explanatory 
    Button with [<] symbol enters address of last byte clicked(not selected) in the dump,
    it's more convenient than entering addresses manually.

 - Xor Selection
    Xors Selection and shows dumped data in Olly's window. This window cannot be used 
    for another byte manipulation with plugin because dump is created in your Win's 
    temporary folder and not in memory.

 - Quick Dump (ALT+Q)
     Allows quickly select and dump data, mark the start(SHIFT+1) and the end(SHIFT+2) of 
     the block in dump window, then just press (ALT+Q). 

http://rapidshare.com/files/265054369/M ... a.zip.html
Junior Member
Posts: 25
Joined: Tue May 31, 2005 9:31 am

Post by winndy »

This file is neither allocated to a Premium Account, or a Collector's Account, and can therefore only be downloaded 10 times.

This limit is reached.
User avatar
Posts: 4169
Joined: Thu Oct 26, 2000 11:00 am

Post by Kayaker »

Hi aeon

Why don't you just update the already existing entry for your plugin that's been here all along? :yay:

http://www.woodmann.com/collaborative/t ... MemoryDump
Junior Member
Posts: 26
Joined: Thu Jun 07, 2007 4:20 am

Post by aeon »

ok, updated

Post by ulpius »

2009 version:
Auto-Protect blocked security risk
d83fafa4ad118a1ea9e5456e24ff7863 *MemoryDump.dll
Severity: High

I checked the 2007 version:
5ab1135913ea32c418a0bad254e597b9 *MemDump.dll

Where is the source code?
Junior Member
Posts: 26
Joined: Thu Jun 07, 2007 4:20 am

Post by aeon »

There is no spyware/malware/adware in my plugin(unless you got somehow modified version from somewhere else).
AFAIK there has not been any similar complaint from any other user. Auto-Protect (of which existence I was not aware to this day) probably consider upack as threat or they have FP.

You don't have to belive me so don't use it.