Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.

To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.

The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.

All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.

olly plugin scripts

Bugs/suggestions/scripts/... for OllyScript plugin
bestobest
Junior Member
Posts: 23
Joined: Sat Oct 16, 2004 10:10 am

olly plugin scripts

Post by bestobest »

I have dowloaded a bunch of scripts for ollydbg, but how do I turm them into plugin, I've noticed that pluging for olly have to be a DLL, how do I turn a script to dll.
JMI
Senior Member
Posts: 5329
Joined: Wed Apr 25, 2001 2:00 pm

Post by JMI »

We do have certain rules here, which would be clear to you if you have followed the instructions and read the FAQ. Please explain what you have done to investigate this issue yourself. Have you used the search function here? have you search for answers of the net? Have you been to the Olly Forum and looked for answers there? If you have not done allyou really haven't done what you are supposed to do before asking a question. If you have do some, or all of those things already, you are still supposed to indicate that you have searched for the answer yourself and not been able to find what you are looking for. :whoops:

Regards,
JMI
naides
Posts: 1655
Joined: Sat Jan 12, 2002 12:00 pm
Location: Planet Earth

Post by naides »

Have you tried to post the question on the Olllydbg forums? Chances are you may find more info there.
User avatar
dELTA
Posts: 4209
Joined: Mon Oct 30, 2000 7:00 am
Location: Ring -1

Post by dELTA »

You don't actually turn the scripts into plugins, but rather you use a plugin to execute the scripts, namely this one:

http://ollyscript.apsvans.com
User avatar
Polaris
Posts: 223
Joined: Sun Jun 02, 2002 2:00 pm
Location: Invincible Cyclones Of FrostWinds
Contact:

Post by Polaris »

Don't wanna sound boring... But if you don't even know what a DLL or a script is you should forget about RE, learn the basics of computers and then get back here... :devil: :devil: :devil: :devil: :devil: :devil: :devil: :devil:
Stand In The Fog With So Cold A Heart... Watching The Death Of The Sun...
bestobest
Junior Member
Posts: 23
Joined: Sat Oct 16, 2004 10:10 am

olly scripts

Post by bestobest »

I have searched all over, found something at exetools, but when I tried to register to that site it said not accepting new registration
JMI
Senior Member
Posts: 5329
Joined: Wed Apr 25, 2001 2:00 pm

Post by JMI »

That's because I am trying to catch up with the flood of over 2,000 new members in the last couple of months and real workd work has been rather busy. As soon as I can catch up with some house cleaning there, the registration will be open again, at least for a while. In the mean time, did you bother to follow dELTA's advise about ollyscript??

Regards,
JMI
%UNDEFINED%
Posts: 44
Joined: Sun Feb 29, 2004 9:56 am
Location: Reality, unlike some people
Contact:

Post by %UNDEFINED% »

Okay obviously you didn't visit hxxp://ollyscript.apsvans.com/
So I will be nice an do the work for you.

URL to Download the plugin:

hxxp://ollyscript.apsvans.com/getPlugin.php?ver=09

Also, in case you need further help here is the link to the Help (*.chm) file I wrote for OllyScript:

hxxp://ollyscript.apsvans.com/download/osc_091_help.zip

Have a nice day :yay:
Regards,
%UNDEFINED%

"Without change one cannot evolve."
JMI
Senior Member
Posts: 5329
Joined: Wed Apr 25, 2001 2:00 pm

Post by JMI »

Oh, but all that reading is so HARD. Can't you just tell me how? :eek:

;)

Regards,
JMI
bestobest
Junior Member
Posts: 23
Joined: Sat Oct 16, 2004 10:10 am

Post by bestobest »

JMI wrote:That's because I am trying to catch up with the flood of over 2,000 new members in the last couple of months and real workd work has been rather busy. As soon as I can catch up with some house cleaning there, the registration will be open again, at least for a while. In the mean time, did you bother to follow dELTA's advise about ollyscript??

Regards,
Thanks for your response..
bestobest
Junior Member
Posts: 23
Joined: Sat Oct 16, 2004 10:10 am

Post by bestobest »

%UNDEFINED% wrote:Okay obviously you didn't visit hxxp://ollyscript.apsvans.com/
So I will be nice an do the work for you.

URL to Download the plugin:

hxxp://ollyscript.apsvans.com/getPlugin.php?ver=09

Also, in case you need further help here is the link to the Help (*.chm) file I wrote for OllyScript:

hxxp://ollyscript.apsvans.com/download/osc_091_help.zip

Have a nice day :yay:
Thank you
bestobest
Junior Member
Posts: 23
Joined: Sat Oct 16, 2004 10:10 am

Delphi

Post by bestobest »

Need some help, I have this progy coded in delphi I think 5 prog does not appear to be protected by anything like asprotect etc. might be emcripted tho. Anyway program run for 20 min. then exit save and print disabled. To register it open a window there you have a serial number alredy filled next box you enter code, offcourse evry code I enter it say invalid code. This is as far I got with DEDE
004759F0 55 push ebp
004759F1 8BEC mov ebp, esp
004759F3 33C9 xor ecx, ecx
004759F5 51 push ecx
004759F6 51 push ecx
004759F7 51 push ecx
004759F8 51 push ecx
004759F9 51 push ecx
004759FA 53 push ebx
004759FB 56 push esi
004759FC 57 push edi
004759FD 8945FC mov [ebp-$04], eax
00475A00 33C0 xor eax, eax
00475A02 55 push ebp

* Possible String Reference to: 'é$Ùøÿëà_^[‹å]Ã'
|
00475A03 68FF5A4700 push $00475AFF

***** TRY
|
00475A08 64FF30 push dword ptr fs:[eax]
00475A0B 648920 mov fs:[eax], esp
00475A0E B301 mov bl, $01
00475A10 C645F700 mov byte ptr [ebp-$09], $00
00475A14 33D2 xor edx, edx
00475A16 55 push ebp
00475A17 68555A4700 push $00475A55

***** TRY
|
00475A1C 64FF32 push dword ptr fs:[edx]
00475A1F 648922 mov fs:[edx], esp
00475A22 8D55EC lea edx, [ebp-$14]
00475A25 8B45FC mov eax, [ebp-$04]

* Reference to control TfrmStudent.txtEnterCode : TEdit
|
00475A28 8B80E0020000 mov eax, [eax+$02E0]

* Reference to: controls.TControl.GetText(TControl):TCaption;
|
00475A2E E8D166FBFF call 0042C104
00475A33 8B4DEC mov ecx, [ebp-$14]
00475A36 8D45F0 lea eax, [ebp-$10]

* Possible String Reference to: '$0'
|
00475A39 BA185B4700 mov edx, $00475B18

* Reference to: System.Proc_00403CB4
|
00475A3E E871E2F8FF call 00403CB4
00475A43 8B45F0 mov eax, [ebp-$10]

* Reference to: Unit_0040721C.Proc_004080E4
|
00475A46 E89926F9FF call 004080E4
00475A4B 33C0 xor eax, eax
00475A4D 5A pop edx
00475A4E 59 pop ecx
00475A4F 59 pop ecx
00475A50 648910 mov fs:[eax], edx
00475A53 EB18 jmp 00475A6D

* Reference to: System.Proc_004032F0
|
00475A55 E996D8F8FF jmp 004032F0
00475A5A 0100 add [eax], eax
00475A5C 0000 add [eax], al
00475A5E 847840 test [eax+$40], bh
00475A61 00665A add [esi+$5A], ah
00475A64 47 inc edi
00475A65 0033 add [ebx], dh
00475A67 DBE8 fucomi st(0), st(0)
00475A69 63DA arpl dx, bx
00475A6B F8 clc
00475A6C FF8D45F8BA24 dec dword ptr [ebp+$24BAF845]
00475A72 5B pop ebx
00475A73 47 inc edi
00475A74 00E8 add al, ch
00475A76 0AE0 or ah, al
00475A78 F8 clc
00475A79 FF84DB743A8D55 inc dword ptr [ebx+ebx*8+$558D3A74]
00475A80 EC in al, dx
00475A81 8B45FC mov eax, [ebp-$04]

* Reference to control TfrmStudent.txtEnterCode : TEdit
|
00475A84 8B80E0020000 mov eax, [eax+$02E0]

* Reference to: controls.TControl.GetText(TControl):TCaption;
|
00475A8A E87566FBFF call 0042C104
00475A8F 8B45EC mov eax, [ebp-$14]

* Reference to: Unit_00452AE8.Proc_004545EC
|
00475A92 E855EBFDFF call 004545EC

* Reference to TfrmMain instance
|
00475A97 A100904800 mov eax, dword ptr [$00489000]
00475A9C 8B00 mov eax, [eax]

* Reference to : TfrmMain.AllOK()
|
00475A9E E8C1110100 call 00486C64
00475AA3 84C0 test al, al
00475AA5 7411 jz 00475AB8
00475AA7 8D45F8 lea eax, [ebp-$08]

* Possible String Reference to: 'Code accepted. Close LADSIM down an
| d runit again to gain access to the
| extra features.'
|
00475AAA BA3C5B4700 mov edx, $00475B3C

* Reference to: System.Proc_00403A84
|
00475AAF E8D0DFF8FF call 00403A84
00475AB4 C645F701 mov byte ptr [ebp-$09], $01
00475AB8 6A00 push $00
00475ABA 668B0D985B4700 mov cx, word ptr [$00475B98]
00475AC1 B202 mov dl, $02
00475AC3 8B45F8 mov eax, [ebp-$08]

* Reference to: Dialogs.Proc_0044DB20
|
00475AC6 E85580FDFF call 0044DB20
00475ACB 807DF700 cmp byte ptr [ebp-$09], $00
00475ACF 7408 jz 00475AD9
00475AD1 8B45FC mov eax, [ebp-$04]

* Reference to : TApplication._PROC_004457D0()
|
00475AD4 E8F7FCFCFF call 004457D0
00475AD9 33C0 xor eax, eax
00475ADB 5A pop edx
00475ADC 59 pop ecx
00475ADD 59 pop ecx
00475ADE 648910 mov fs:[eax], edx

****** FINALLY
|

* Possible String Reference to: '_^[‹å]Ã'
|
00475AE1 68065B4700 push $00475B06
00475AE6 8D45EC lea eax, [ebp-$14]

* Reference to: System.Proc_004039EC
|
00475AE9 E8FEDEF8FF call 004039EC
00475AEE 8D45F0 lea eax, [ebp-$10]

* Reference to: System.Proc_004039EC
|
00475AF1 E8F6DEF8FF call 004039EC
00475AF6 8D45F8 lea eax, [ebp-$08]

* Reference to: System.Proc_004039EC
|
00475AF9 E8EEDEF8FF call 004039EC
00475AFE C3 ret


* Reference to: System.Proc_00403428
|
00475AFF E924D9F8FF jmp 00403428
00475B04 EBE0 jmp 00475AE6

****** END
|
00475B06 5F pop edi
00475B07 5E pop esi
00475B08 5B pop ebx
00475B09 8BE5 mov esp, ebp
00475B0B 5D pop ebp
00475B0C C3 ret

Can anyone direct me. Thanks
User avatar
dELTA
Posts: 4209
Joined: Mon Oct 30, 2000 7:00 am
Location: Ring -1

Post by dELTA »

Here's a direction for you:

Don't post miles of uncommented code without any other explanation, just so people should tell you where to patch it! Read the FAQ!
bestobest
Junior Member
Posts: 23
Joined: Sat Oct 16, 2004 10:10 am

Post by bestobest »

dELTA wrote:Here's a direction for you:

Don't post miles of uncommented code without any other explanation, just so people should tell you where to patch it! Read the FAQ!
Sorry about the mile of code, about undocumented u tell me that is dede stuff, supposed to be self explanatory, find the button click and trace. if you follow trace it compare ur string to nothing from what I saw, I don't want a patch just to understand the algorithim... Thanks
SHaG
Posts: 32
Joined: Tue Feb 03, 2004 1:29 pm

Post by SHaG »

1. Read tuts
2. Read more tuts
3. Crack crackmes
4. Search forums
5. Come back and ask constructive questions
Locked