ODbgScript v1.30 - Feature Requests and Bug Report

[Epsylon3]

ODbgScript is the Visual version of OllyScript (discontinued by ShaG), it's capable to trace script execution and variables, and also to toggle script breakpoints...

I make this new thread because I can't edit title of 1.20 thread... which had 10 versions 1.20 to 1.29...

These versions have introduced the Script window and MRU Lists, have enhanced strings and pointers handling and also has some new commands... more or less usefull

The Download web directory is http://e3.epsylon.org/olly/


Archives includes sources and documentation (readme.txt)

1.31 (05 Dec 2005)
+ Added support of operators in pointers ex: [eax+1]
+ Added support of operator + for strings
+ Decimal values are now supported, with the point (ex: 102.)
+ Variables Menu in Script Window to show/edit variables
+ Edit Script Command in Script Window Context Menu
# Modified script window hotkeys, and added Pause

1.30 (04 Dec 2005)
+ Added support of reg8 & reg16 registers (al,ah...dl,dh,ax,bx,cx,dx,bp,sp,si,di)
+ Added support of operators (+-*/&|^><), operators don't have priority, it's made from left to right
">" and "<" are shr and shl, "^" for xor, "&" for and, "|" for or.
+ Variables are now also declared by the destination of mov, if they don't exist
+ Added Result column
+ Value column keeps history of values
+ Enhanced Style of Script Window (current line, jumps, labels, same values)
+ Added KEY to send custom key shorcut to ollydbg (global KEY_DOWN)
+ Added TC to close and delete runtrace
# Fix MRU when a filename contains a comma or { }

The TODO List :
+ Change the icon << if somebody could tell me how

Please discuss here about new commands you want, please give a look in plugins.hlp to see if your wishes could be made with the current plugin SDK of OllyDbg 1.10...

[Epsylon3]

... will be edited later ...

HISTORY :

1.29 (03 Dec 2005)
+ Added LEN to get string length
+ Added REV to reverse dword bytes
+ Added HANDLE to find a window handle (like "Edit" Boxes) in debugged application
# Script is kept on debugged program restart/change
# Fixed FIND commands to search dwords variables
# MRU on DISASM window is now the real one

1.28 (26 Nov 2005)
+ Added "Load Script" in DISASM Context Menu
+ Added "ALLOC size" and "FREE addr, size" to (un)allocate memory page
# Modified Run Script to Load in Main MRU
# MRU is no more showing full path of scripts

1.27 (25 Nov 2005)
+ Added REF to get References to selected command
+ Added OPCODE command to get command bytes, text and size at specified address
# Better comments handling
# Better #inc handling (using also current script path)
# PREOP now works in memory block, not only in code block

1.26 (24 Nov 2005)
+ Added Optionnal Start Address to "FINDMEM what [, StartAddr]" (to continue global search)
+ Added PREOP command to get previous command address before specified address

1.25 (22 Nov 2005)
+ Added FINDMEM to search into the whole memory
+ Added WRT (write a file) and WRTA (append) commands: WRT file, data
+ Added GMEMI function (Memory Block Informations)
# GPA now returns 0 and continue if the API is not found, $RESULT_2 set to Proc name if found.
# fixed OllyDbg focus problem
# fixed path of created files when full path given
# fixed FIND binary wildcards, broken in 1.24

1.24 (19 Nov 2005)
+ FIND and FINDOP supports strings and string vars arguments
+ MSG and MSGYN have now Cancel button to pause script (MSGYN returns 2 if canceled)
# Script will now pause instead of stop when error is returned from commands
+ Script Breakpoints (to "debug" a script)
+ Added Real "Load Script" to start paused (script window)
+ Added Step/Resume and Hotkeys (script window)

1.23 (14 Nov 2005)
+ Enhanced String by Address support for commands (ex: gpa [nAddr],"KERNEL32.DLL")
+ lm, load Dump file to mem: lm, 0x401000, 0x100, "test.bin" (MetaCore)
# fix the dm, lm, dmp, dpe 's default dump path to debugging app's path. (MetaCore)
# fix dm, ...the open file parameter is incorrect, will add mess "0a 0d" at each lines tail. (MetaCore)
# fix all dump related function's parameter check, so when the real mem is smaller then gived
dump length, will not add mess data at the end, and the $result also catched the real dump size. (MetaCore)

1.22 (11 Nov 2005)
+ Added SCMP and SCMPI for string comparaison (SCMPI for case insensitive)
# Restored CMP string comparaison to case sensitive

1.21 (8 Nov 2005)
+ Remember Script Window Position & State
+ Automatic Scroll to follow script
+ Context Menu (Real MRU/Follow) in Script Window
# Fix table refresh
# CMP string compare is now case insensitive

1.20 (7 Nov 2005)
+ Script Window with values and eip
+ CMP now accepts strings from address

[Epsylon3]

1.33 (06 Dec 2005) (Fix version)
# Some fixes
# Added some constants in code
# Fixed a big bug with string operands containing dword operator

1.32 (05 Dec 2005)
+ Execute Script Command Manually is now possible
+ LOG is now highlighted and displays also message in OllyDbg Status bar
+ LCLR command to clear log window
# Updated this Documentation and added a neutral sample script
# Abort Command enhancement

[shERis]

Hi Epsylon3!
Great improvements! I´m really surprised!

I found the following:
When I singlestepped a script with the S key in script window and arrived an ESTO command, ESTO was executed normally. After an exception the script line continued with the next line and not at eoe-label! Perhaps it is the same with eob-label, I didn´t verify that.

I think, it would be more useful, if a script can be loaded only in script window, otherwise the script should be runned immediately. If you have finished a script and you only want to run it (without debugging and looking, what the script does), you always have to change to script window to run it.

In the values row of script window the both values of two parameter instructions are in other order. I think this is a little bit irritating.

Great thanx for your work!

[kwazar]

New version every two days? Please include autoupdater ;P

[Epsylon3]

@shERis :

yes you are right, i will restore the Run Script in Disasm window...

for the values row.. yea... was the fastest way to keep history and last values... i will try to fix that..

tx for the infos =)

@kwazar :

i was curious... i never really used C++ before now i understand vectors and iterators, and i have learn many things... a nice month =) even i dont really like the C++

now i think ollyscript is ready to be used, fast.... and i m sure these enhancements will save precious hours =)

[GaBoR]

I don't know why, but for me the MRU is not working.I have Odbgscript 1.32.
And what this supposed to be(it should say"Dump & fix IAT now!")?

[VolX]

Hi Epsylon3!

To me, version 1.3x can't handle the following script


var count

mov count,8

loop:
cmp count, 0
je end
sub count, 1
jmp loop

end:
ret

Thanks for your enhancement to this olly plugin.

[Epsylon3]

hmm yea... 1,31 and 1.32 have introduced many new things.... i will check what is the problem

Gabor : the cause is the operator & but that's not normal ) i check that

[Epsylon3]

VolX
try 1.33, don't have seen problem with this one... but tell me

1.33 (06 Dec 2005) (Fix version)
# Some fixes
# Added some constants in code
# Fixed a big bug with string operands containing dword operator

[nick_name]

BUG !! BUG !! BUG !!

i've loaded a target in olly
now moved to the script window
no script loaded , version 1.33
pressed X for executing script command
var a [enter] .... everything okey
mov a , eip ... Olly CRASHED !!!

[nick_name]

same problem if i try :

msg eip
or,
eval " eip is {eip} "

i think the problem is somehow related to EIP
when the app is just loaded in olly 'n not still getting debugged

guesswork :
olly takes ODBGscript to an unreferrenced invalid memory
coz, the app is not being debugged yet
so NO eip is set

i'll better leave the amendment to Epsylon3
thanks again for the great work !!!

[nick_name]

[...]

[Epsylon3]

hmm yea... ok tx... will fix that....

did you know var command is now useless...

mov eax, a will report an error if "a" is not declared but...

mov a, eax creates variable a with the value of eax

no, the problem was not eip, it's just window try to set value to the values column...

[nick_name]

thanks for the quick reply Epsylon3
u r doing a great job
hope u'll keep it up