Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.

To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.

The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.

All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.

ODbgScript - my wishes for improvement

Bugs/suggestions/scripts/... for OllyScript plugin
shERis

ODbgScript - my wishes for improvement

Post by shERis »

Dear Epsylon3!

I made a new topic for our wishes of improvement of ODbgScript!

Here are my wishes (I am waiting very long time for fulfillment :-[ ):

1. OPCODE addr -> new function
OPCODE addr sets the $RESULT variable to the opcode bytes, $RESULT_1 variable to mnemonic opcode (i.e. MOV ECX,EAX) and $RESULT_2 to the length of the opcode. If an invalid opcode appears, $RESULT_2 should be 0. addr is increased by the length of the opcode (disassemble command). With this function you can step forward through code.

2. PREOP addr -> new function
PREOP addr sets the $RESULT variable to address of previous opcode of addr. If any error occurs, $RESULT is 0. With this function you can step back through code.

3. REF addr -> new function
REF addr works as "Find references to .. Selected command" and "Find references", Ctrl R, in OllyDbg. Now the problem is, that there are not defined arrays. The $RESULT variable should now be set to the first reference addr and $RESULT_1 to the opcode if available and $RESULT_2 to the comment (like reference window). The next refs you can get by using NEXTREF.

4. NEXTREF addr -> new function
NEXTREF addr works as REF, but results in the next reference. Another call of NEXTREF should result in the next reference and 0 if no more is found.

5. GMI -> more arguments
gmi addr,MEMBASE and
gmi addr,MEMSIZE
The $RESULT variable is set with the base memory adress / the memory size of an existing memory block.
If addr is in module the result could be MODULEBASE/MODULESIZE. (MODULEBASE and MODULSIZE now returns 0 if an address outside module is used.)

6. ALLOC len -> new function
ALLOC allocates a new memory block of length len, the base address is returned in the $RESULT variable. If any error occurs, $RESULT is 0.

7. FIND -> improvement
FIND should work with variables too (instead of only constants now)!
Example:
var x
mov x, "6A00E8"
find eip, x // find a PUSH 0 followed by some kind of call

8. FINDOP -> improvement
FIND should work with variables too (instead of only constants now)!
Example:
var x
mov x, "6A00"
findop eip, x // find a PUSH 0

9. GPA -> improvement -> OK !
GPA should work with variables too (instead of only constants now)!
Example:
var api
mov api, "MessageBoxA"
var dll
mov dll, "user32.dll"
gpa api, dll // After this $RESULT is the address of MessageBoxA

10. FINDMEM addr, what -> new function
Same as FIND, but searches in all allocated memory blocks (like search function in memory map window), not only in the memory, in which addr is located !

11. WRT what, file -> new function
WRT writes what (string or value) to specified file file. If file exists, it is overwritten.

12. WRTA what, file -> new function
WRT writes what (string or value) to specified file file, but it appends data to existing file.



I hope, this is not to much for you. But I think some functions are not very difficult to realize.

Thanx for implementing in ODbgScript, Epsylon3 :-))

~hERi~
Epsylon3
Senior Member
Posts: 129
Joined: Fri May 26, 2006 5:10 pm
Location: France

ODbgScript - my wishes for improvement

Post by Epsylon3 »

if somebody has some time to do some functions... give me the code... i'll merge to the plugin....

i'm very busy this week...

but i'll add this new funcs and also other GUI things... like "edit script file", "script breakpoints (to pause or step)"
shERis

ODbgScript - my wishes for improvement

Post by shERis »

Hi Epsylon3!

I am a newbe in programming C. So I can´t help you. But if someone else could do ...

Thank for your help!

~hERi~
Epsylon3
Senior Member
Posts: 129
Joined: Fri May 26, 2006 5:10 pm
Location: France

ODbgScript - my wishes for improvement

Post by Epsylon3 »

i've made a new version for script debugging (step to step and breakpoints) and hotkeys...

these commands will be implemented soon :

FIND & FINDOP improvements
WRT WRTA implementation

Check the "1.20" thread, i will edit it when done...
shERis

ODbgScript - my wishes for improvement

Post by shERis »

Hi Epsylon3!
I tried to help you and made a new function GMEMI instead of improving GMI (point 5).
You can see it here.

Furthermore I changed GPA (point 9). Errorhandling now can be made by the script with $RESULT_1.
You can see it here.

The code is NOT tested, there could be bugs! Please check and integrate in your script!

I have added help text for your help file readme.

Thanks

~hERi~
shERis

ODbgScript - my wishes for improvement

Post by shERis »

Links were not well !
GMEMI.txt
GPA.txt
nick_name

ODbgScript - my wishes for improvement

Post by nick_name »

for the GPA's case , instead of using another variable $RESULT_1 cant it simply return string " INVALID DLL / LIB " in the $RETURN variable ??
shERis

ODbgScript - my wishes for improvement

Post by shERis »

Hi nick_name!
This is the current state. But I is not useful. When a variable address is given to GPA by the script and this address is invalid, then the script stops with an error message and you cannot handle the error with the script himself! The execution of the script is canceled.
Therefore it is better you include some code (only 5 lines) and make your own error message handler (with your own error message!).

~hERi~
nick_name

ODbgScript - my wishes for improvement

Post by nick_name »

shERis , ya i understand ur point, but after handling that error why dont u just strcopy CUSTOM ERR MSG into $RETURN
( i mean if that's not impossible , i have'nt looked into the code )

i guess that'd just keep things a little less complicated

thank you.
mr haggar

ODbgScript - my wishes for improvement

Post by mr haggar »

gpa [x],[y]

gives error message and exit script if x ordinal is not found in y dll, as you noticed. It would be good that in next versions in case of wrong ordinal, return value to $RESULT is 0 instead of exiting script. In this way script can continue or we can chose to continue or not.


Next issue; script plugin uses always focused - always on top message box. It would be good to make them not focused in case of trouble shoting script. Because you are allowed then to abort script or pause it.


So Epsylon3 I hope that you will find some time for this in new versions. I know that you have probably more important things than this, I just wanted to say that new plugin is great and you are doing great job. Thanks.

Regards, haggar.
shERis

ODbgScript - my wishes for improvement

Post by shERis »

That´s all right, mr haggar!

I hope too, that Epsylon3 has more time to improve ODdbgScript. We all are waiting for it!

Perhaps I have some additional ideas for improvement.

~hERi~
Epsylon3
Senior Member
Posts: 129
Joined: Fri May 26, 2006 5:10 pm
Location: France

ODbgScript - my wishes for improvement

Post by Epsylon3 »

yea... i will make changes as soon as possible...

made :
1.24 (19 Nov 2005)
+ FIND and FINDOP supports strings and string vars arguments
+ MSG and MSGYN have now Cancel buttons to pause script (MSGYN returns 2 if canceled)
# Script will now pause instead of stop when error is returned from commands
+ Script Breakpoints (to "debug" a script)
+ Added Real "Load Script" to start paused (script window)
+ Added Step/Resume and Hotkeys (script window)
Epsylon3
Senior Member
Posts: 129
Joined: Fri May 26, 2006 5:10 pm
Location: France

ODbgScript - my wishes for improvement

Post by Epsylon3 »

shERis

ODbgScript - my wishes for improvement

Post by shERis »

Hi Epsylon3!

I tried your new version - and found a bug !

1. FIND eip, #8B??# (wildcard search) doesn´t work any more !!!
2. FIND only works with string constants and string vars! Binary searching is not possible! Perhaps there should be a function to set a string variable supported by the FIND function with the content of a pointer to a string or binary value in memory.
3. I find script pausing after an command error not useful. A command error must be corrected by modifiying the script. This is only possible if you always manually abort the script! Please restore the original function of aborting the script when a command error appears.
5. The context menu of the script window should have the abort menu item too.

All other improvements are very good !

~hERi~
Epsylon3
Senior Member
Posts: 129
Joined: Fri May 26, 2006 5:10 pm
Location: France

ODbgScript - my wishes for improvement

Post by Epsylon3 »

ok, i will try to fix that....

made for 1.25 (22 Nov 2005)
+ Added WRT (write a file) and WRTA (append) commands: WRT file, data
# fixed OllyDbg focus problem
# fixed path of created files when full path given

For the 3. ... i will keep the pause, could be usefull to ignore after error, but you can use the MRU to restart script.... or Restart Debug session, which requieres script reloading too (for the moment)...
Locked