Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.

To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.

The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.

All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.

ODbgScript v1.30 - Feature Requests and Bug Report

Bugs/suggestions/scripts/... for OllyScript plugin
hila123

ODbgScript v1.30 - Feature Requests and Bug Report

Post by hila123 »

something wrong with the below script, try to test the script with a delphi program, it will not pause....

var temp1

mov temp1, eip
add temp1, 0b
bphws temp1, "x"
//bp temp1

eob check
eoe check
esto

check:
cmp eip, temp1
je test
esto

test:
sti
mov [401000], eip <-this line will not execute if using hardware breakpoint
pause
esto

if i changed the hardware breakpoint to memory breakpoint....the above script work....this happened to ollyscript 0.92 as well....
hila123

ODbgScript v1.30 - Feature Requests and Bug Report

Post by hila123 »

found a problem with find function...

find function cannot find these values...

7C80A405
77DEB908
7C826E0C
77D86C0F

below is the sample script

mov count, 0
mov temp1, 402000
mov temp2, temp1
mov temp3, 0

mov [temp1], 7C812C8D
add temp1, 4
mov [temp1], 7C80A405
add temp1, 4
mov [temp1], 77DEB908
add temp1, 4
mov [temp1], 56800C00
add temp1, 4
mov [temp1], 7C826E0C
add temp1, 4
mov [temp1], 77D86C0F
add temp1, 4
mov [temp1], 7C80AA66

log_data:
cmp count, 7
je end
mov temp3, [temp2]
find 401000, temp3
log $RESULT
add temp2, 4
inc count
jmp log_data

end:
msg "check log"
ret

seem likes the find function not able to find value pattern ??????0?
nick_name

ODbgScript v1.30 - Feature Requests and Bug Report

Post by nick_name »

(1)
mov eip,402233 ...... eip = 401000
mov eax,1000 ....... eip = 401000

but on the 2nd line, the EIP should reflect EIP=402233 in the script window.

(2)
when the script is not finished, but the app terminates due to
exeption or something else.
after a restart/ctrl-F2 , the rest of the script will try to execute
and will show a SCRIPT FINISHED msg like it shows for RET.

i would suggest : the script should restart back as the apps gets
restarted.

and on the script reload, the src should be RE-read 'n reloaded
coz after editing, it becomes a little tiresome to reload each time.

(3)
the input box of ASK does'nt always take inputs properly on clicking
OK button by mouse !!
please look into the matter

(4)
the prob with EOB persists, it does'nt work as it's supposed to

feature request
**is it possible to add a READ or READ-LINE feature.
which will add the first token or the first line from a file
into $RESULT variable.

**the script should re-read the script-source upon restart.

**is it possible to implement a FIND REFERENCES TO > CALL DESTINATION

thank you.
Epsylon3
Senior Member
Posts: 129
Joined: Fri May 26, 2006 5:10 pm
Location: France

ODbgScript v1.30 - Feature Requests and Bug Report

Post by Epsylon3 »

- I fixed the problem with find... here only... you can use findmem or findop (for code search) which works for that

- eip is read only... and hmm i need to test some things about that...

i will release 1.42 soon... it's on my second pc...

for EOB/EOE... hmm i never used that, do you have something (a script and prog) to help me to test that ?
nick_name

ODbgScript v1.30 - Feature Requests and Bug Report

Post by nick_name »

Feature Request

Epsylon3, can you make the input requesting boxes like
1. msg
2. msgyn
3. ask
NOT to be MODAL ??

this way, for example, if i need to check the address of IAT section
from a alt+m in olly ... i can do that and put it into the ASK question
box.

THANK YOU
nick_name

ODbgScript v1.30 - Feature Requests and Bug Report

Post by nick_name »

BUG!! BUG!! BUG!!

ODBGScript 1.41 crashes if i try to execute with X
the follwoing command ... i was going to perform

exec
popfd
popad
ende

but after X..exec[ENTER] in the script window
ODBG crashes

please look into it
nick_name

ODbgScript v1.30 - Feature Requests and Bug Report

Post by nick_name »

MSG shows messagebox with OK / CANCEL buttons
i think only OK button is enough for that

MSGYN shows messagebox with YES/NO/CANCEL buttons
i guess only YES / NO buttons are required

thank you.
nick_name

ODbgScript v1.30 - Feature Requests and Bug Report

Post by nick_name »

BUG!! BUG!! BUG!!

1.)
shr tm1,24 seems to have problem

i had to replace with

shr tm1,8
shr tm1,8
shr tm1,8

to get it working properly
Epsylon3
Senior Member
Posts: 129
Joined: Fri May 26, 2006 5:10 pm
Location: France

ODbgScript v1.30 - Feature Requests and Bug Report

Post by Epsylon3 »

shr tm1,24 <- 0x24 ! not 24.

the cancel in MSG boxes permits to pause and to cancel, after, a script
nick_name

ODbgScript v1.30 - Feature Requests and Bug Report

Post by nick_name »

rev 401204 returns 4124000
can it return 04124000

please check

** thanks Epsylon3, the SHR,24 was my mistake
thanks for pointing me to it.
nick_name

ODbgScript v1.30 - Feature Requests and Bug Report

Post by nick_name »

EOB/EOE Demonstration Code

bp 402233 // bphws 402233,"x"

L1:
eob LOG
esto
jmp L1

LOG:
log eip,""

the eob wont trigger if bphws xxxxxx,"x" is set <-- hardware bp
it works for bp xxxxxx memory bp's only

thank you.
nick_name

ODbgScript v1.30 - Feature Requests and Bug Report

Post by nick_name »

problem with - ASK
------------------------------
ask cant handle the following script :
=========================================
ASK "emni+emni --> onno shob ulta palta [HEX] kotha ??"
ret
=========================================

problem with - lower/ UPPER CaSe
------------------------------------------------
some of the commands can handle both upper 'n lower cases
but some can not .... for example RET

please look into the matter.

THANK YOU.
nick_name

ODbgScript v1.30 - Feature Requests and Bug Report

Post by nick_name »

Problem with LM

mov alloc_size,1000

alloc alloc_size
mov binary_paste,$RESULT
lm binary_paste,alloc_size,".\log-HIGHMEM-calls.BIN" <-- this line wont work

log-HIGHMEM-calls.BIN = is a file previously dumped with
dm dump_addr,alloc_size,".\log-HIGHMEM-calls.BIN"
am i going wrong anywhere ??
Epsylon3
Senior Member
Posts: 129
Joined: Fri May 26, 2006 5:10 pm
Location: France

ODbgScript v1.30 - Feature Requests and Bug Report

Post by Epsylon3 »

LM : Relative paths with .\ and ..\ are not supported, just remove it
Epsylon3
Senior Member
Posts: 129
Joined: Fri May 26, 2006 5:10 pm
Location: France

ODbgScript v1.30 - Feature Requests and Bug Report

Post by Epsylon3 »

1.42 (07 Jan 2006)
+ Script Auto Reset if debugged app is restarted
* Better script uppercase support
* Problem with strings containing brackets
Locked