Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.

To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.

The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.

All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.

ODbgScript v1.20 - New Script Window !

Bugs/suggestions/scripts/... for OllyScript plugin
mr haggar

ODbgScript v1.20 - New Script Window !

Post by mr haggar »

>If i make a third parameter to the MOV instruction (size 1 2 4, more for string), does that would solve your problem ? << could somebody tell me the right english sentence for this question (US person plz) i'm not sure :p )

You mean that only one byte is loaded in variable? Or in memory too? I was writing one script that decrypts Krypton0.5 pices of code that are encrypted. There I needed ROL and ROR opcodes, also that could work with bytes operands. I needed to decrypt byte-by-byte that pice of code. So what I need is:
- move one byte to variable
- ROL or ROR it
- place decrypted byte instead.
If you can make this working, that would be great. Maybe it can be done with present plugin, but that would be lot of working around.

Next thing that I would like to see. You know this:

gpa "SomeApiNameHere","SomeDllNameHere"

Can you make that script can read api and dll names from ASCII strings in exe? Like:

gpa x,y

where x and y would be addresses of ASCII strings terminated with zero, hardcoded in exe. I was unpacking beria and this would be usefull to rebuild thunks.

Thanks.

O yeah, I din't find manuall in your new plugin. Did I mised it? It would be nice to see new feature explained.
Epsylon3
Senior Member
Posts: 129
Joined: Fri May 26, 2006 5:10 pm
Location: France

ODbgScript v1.20 - New Script Window !

Post by Epsylon3 »

try

gpa [x],[y]

humm... you are right, not working i think...
i will add that in next version...

i'm waiting for some fixes from exetools forum.... to release this next version...

where x y are string addresses
mr haggar

ODbgScript v1.20 - New Script Window !

Post by mr haggar »

Great, thanks.
Epsylon3
Senior Member
Posts: 129
Joined: Fri May 26, 2006 5:10 pm
Location: France

ODbgScript v1.20 - New Script Window !

Post by Epsylon3 »

New version uploaded with sources :

http://e3.epsylon.org/olly/


1.23 (14 Nov 2005)
+ Enhanced String by Address support for commands (ex: gpa [nAddr],"KERNEL32.DLL")
+ lm, load Dm file to mem: lm, 0x401000, 0x100, "test.bin" (MetaCore)
# fix the dm, lm, dmp, dpe 's default dump path to debugging app's path. (MetaCore)
# fix dm, ...the open file parameter is incorrect, will add mess "0a 0d" at each lines tail. (MetaCore)
# fix all dump related function's parameter check, so when the real mem is smaller then gived
dump length, will not add mess data at the end, and the $result also catched the real dump size. (MetaCore)

1.22 (11 Nov 2005)
+ Added SCMP and SCMPI for string comparaison (SCMPI for case insensitive)
# Restored CMP string comparaison to case sensitive
Locked