Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.

To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.

The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.

All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.

ODbgScript - my wishes for improvement

Bugs/suggestions/scripts/... for OllyScript plugin
Epsylon3
Senior Member
Posts: 129
Joined: Fri May 26, 2006 5:10 pm
Location: France

ODbgScript - my wishes for improvement

Post by Epsylon3 »

the PREOP concept is a very good idea....

and i think it could be a full new concept :) the reverse execution....
but i dont know if it's really possible to know last eip with plugins....
because the plugin is not called on every CPU commands...

hmm so... i release 1.25 :

1.25 (22 Nov 2005)
+ Added FINDMEM to search into the whole memory
+ Added WRT (write a file) and WRTA (append) commands: WRT file, data
+ Added GMEMI function (Memory Block Informations)
# GPA now returns 0 and continue if the API is not found, $RESULT_2 set to Proc name if found.
# fixed OllyDbg focus problem
# fixed path of created files when full path given
# fixed FIND binary wildcards, broken in 1.24
shERis

ODbgScript - my wishes for improvement

Post by shERis »

Hi Epsylon3!

Great thanx for adding some of my wishes!

I tried FINDMEM, but it only finds the first appearance of "what". Can you add the addr variable as in FIND? Addr should be any address in the whole memory and FINDMEM should begin search with a valid memory block address greater or equal addr. If addr==0 then FINDMEM should find the first appearance.

I think this should be possible. Please improve the function for me!

PREOP:
I don´t think about reverse execution (this could really be a full new concept!), no, I only think about getting the previous opcode of an address in code. I found "Disassembleback" in Ollys plugin help - this is the function PREOP should call. And OPCODE should call "Disasm".

Can you add my other wishes too ?

~hERi~
SHaG

ODbgScript - my wishes for improvement

Post by SHaG »

PREOP is kinda hard to implement... SoftIce has a feature that shows the last instruction (or last eip) before the breakpoint was hit, but the opcode used for that feature is a protected one - it cant be used by a user-mode program, only in kernel-mode... I tried to implement that and ended up with a kernel-mode driver which was quite unstable..
Epsylon3
Senior Member
Posts: 129
Joined: Fri May 26, 2006 5:10 pm
Location: France

ODbgScript - my wishes for improvement

Post by Epsylon3 »

ok, i've made some changes in released 1.26

PREOP addr
FINDMEM what [,from]

but the preop will not give last eip after a jump or ret... just last instruction before this address...
shERis

ODbgScript - my wishes for improvement

Post by shERis »

Hey, Epsylon3, you are quite fast!

I know, that PREOP only can find the last instruction before the given address and not the last eip before a given eip!

I will test out new 1.26.

Thanx

~hERi~
shERis

ODbgScript - my wishes for improvement

Post by shERis »

Hi Epsylon3!

I tried PREOP - and found a problem.
Some apps allocate memory and run code in this allocated memory block. When you try to call PREOP with such memory address you get 0 as result. Is it possible to use mod->codebase/mod->codesize and/or membase/memsize for Disassembleback depending on the memory block of addr? PREOP now works on for example in kernel32, but not in an allocated memory block.

Furthermore I would need OPCODE!

Please help me !

Thanx

~hERi~
Epsylon3
Senior Member
Posts: 129
Joined: Fri May 26, 2006 5:10 pm
Location: France

ODbgScript - my wishes for improvement

Post by Epsylon3 »

ok... i will set preop to membase instead of codebase... i hope that will work...

1.27 (25 Nov 2005)
+ Added REF to get References to selected command
+ Added OPCODE command to get command bytes, text and size at specified address
# Better comments handling
# Better #inc handling (using also current script path)
# PREOP now works in memory block, not only in code block
hila123

ODbgScript - my wishes for improvement

Post by hila123 »

Epsylon3,

thanks for updating the Ollyscript so frequently...

the script windows is very useful for debugging script but i would like to have an option to change the value of specific variable from this script windows as well...is that possible to do that in next version?

another thing is can u give the "Step" command a shortcut key that we do not need to go to the plugin menu every time when we need to step through the script...

thanks in advance
shERis

ODbgScript - my wishes for improvement

Post by shERis »

Hi Epsylon3!

I tried your improvements of 1.27.

PREOP: works fine !
REF: works fine !
OPCODE: works fine, but it doesn´t increase addr by the opcode length

The new functions are very helpful !

Now I´m only ALLOC missing...

Much thanx to you, you made really great work. Especially the script window is very, very useful ! Step shortcut would be useful too.

I hope that you are able to make more improvements of the script :-))

~hERi~
nick_name

ODbgScript - my wishes for improvement

Post by nick_name »

Epsylon3, GREAT WORK MATE !!!

i had a tiny request ... please try to add a menu in the olly's right click menu in the code section ... as shown the following picture
and if possible please IGNORE that full script location thing, just the filename would be good enough

Image
Epsylon3
Senior Member
Posts: 129
Joined: Fri May 26, 2006 5:10 pm
Location: France

ODbgScript - my wishes for improvement

Post by Epsylon3 »

Ctrl + S is not working to step script ?

for the ALLOC function, could you tell me more on what do you wanna do ?

For the plugin menu, i can do that, but it will be as buggy as MRU of main menu.... (i can't refresh menu, made only at load time)
XanSama

ODbgScript - my wishes for improvement

Post by XanSama »

hey Epsylon3, just wondering if we could see a second $result output for the ask command that states the length of the string the user input. would be quite useful on occasion :) also, if it's possible to fix the set width of the ask dialog box that would be good. it seems to only display about 40chars or so.
XanSama

ODbgScript - my wishes for improvement

Post by XanSama »

and for the alloc thing i think he means something like an automated usage of VirtualAllocEx, where instead of having to make the call and specify the process handle and all the other stuff. so you could simply type "alloc 1024" and it would allocate 1024bytes of memory to the processes address space and set $RESULT to the starting address.

edit: err VirtualAlloc is probably closer than VirtualAllocEx, but i'm sure you get the idea.
Epsylon3
Senior Member
Posts: 129
Joined: Fri May 26, 2006 5:10 pm
Location: France

ODbgScript - my wishes for improvement

Post by Epsylon3 »

Ok, i will try to do that...
XanSama

ODbgScript - my wishes for improvement

Post by XanSama »

lol ^_^, that was a fast response.
Locked