Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.

To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.

The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.

All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.

ODbgScript v1.30 - Feature Requests and Bug Report

Bugs/suggestions/scripts/... for OllyScript plugin
nick_name

ODbgScript v1.30 - Feature Requests and Bug Report

Post by nick_name »

shERis, post the script here ...
Epsylon3
Senior Member
Posts: 129
Joined: Fri May 26, 2006 5:10 pm
Location: France

ODbgScript v1.30 - Feature Requests and Bug Report

Post by Epsylon3 »

hila, to search a DW, you need to reverse it... else find addr, #00112233#

1.43 (13 Jan 2006)
+ Added GCMT to retrieve comment at specified addr
* Fixed LM function

i will try to see the problem later with find... did you try Findmem ?
hila123

ODbgScript v1.30 - Feature Requests and Bug Report

Post by hila123 »

findmem giving the same result of find.....cannot find value pattern ??????0?

thanks for looking into this problem...
shERis

ODbgScript v1.30 - Feature Requests and Bug Report

Post by shERis »

Hi Epsylon3!
Thanx four GCMT command! Works fine!
But I don´t know how to get back an address stored with CMT as string and recalled with GCMT. Result of GCMT is a string (thats ok). But I don´t find a function, which makes a DW address from a address string (reverse of EVAL}.
Please help me!

To nick_name: which script do you mean?
nick_name

ODbgScript v1.30 - Feature Requests and Bug Report

Post by nick_name »

Hi Epsylon3!
I don´t want to be annoying, but I found a bug.
When you single step a script and you come to a RUN command (or ESTO,..), then run is executed (app does something). When app reaches a breakpoint, app execution is stopped.
The script pauses and had to jump to the eob label .
But it does not. The highlighted line in the script window is at the next line of the RUN command and not at the eob label. When you then type S, the script proceeds with the line after the run command!
Please correct the script!
Thanx
shERis


.... i indicated this one
nick_name

ODbgScript v1.30 - Feature Requests and Bug Report

Post by nick_name »

Epsylon3,
just tested the LM with 1.43 it's working GREAT.
thank you.
nick_name

ODbgScript v1.30 - Feature Requests and Bug Report

Post by nick_name »

Hi Epsylon3!
Thanx four GCMT command! Works fine!
But I don´t know how to get back an address stored with CMT as string and recalled with GCMT. Result of GCMT is a string (thats ok). But I don´t find a function, which makes a DW address from a address string (reverse of EVAL}.
Please help me!


sheris,
when u pass an address to eval, eval checks tht address/pointer for strings

but if u pass a string, it's tough to find the address for it ... only way i can
think is to search the whole memory ... not so smart way to do it anyway

to find the address of a comment ....
u can loop thru the whole section
read thier comments and comparing with ur comment
if they matches, u found the address ur looking for

to epsylon3 : if olly keeps a table of comments then i guess the address
retrival against a particular comment can be done easily without that
looping idea
nick_name

ODbgScript v1.30 - Feature Requests and Bug Report

Post by nick_name »

Feature Request :

it would be nice to see a command returning the debugged exe/dll's
informations, like ...

filename
path
size
process id ... etc.
Epsylon3
Senior Member
Posts: 129
Joined: Fri May 26, 2006 5:10 pm
Location: France

ODbgScript v1.30 - Feature Requests and Bug Report

Post by Epsylon3 »

there is only a search for NM_LABEL, NM_EXPORT, NM_IMPORT, NM_LIBRARY or NM_CONST

not for comments

int Findlabelbyname(char *name,ulong *addr,ulong addr0,ulong addr1);

OllyDbg Plugin API v1.10
nick_name

ODbgScript v1.30 - Feature Requests and Bug Report

Post by nick_name »

Feature Requests :

1.

int Plugingetvalue(int type);

VAL_HPROCESS (HANDLE) Handle of debugged process
VAL_PROCESSID Process ID of debugged process
VAL_HMAINTHREAD (HANDLE) Handle of main thread of debugged process
VAL_MAINTHREADID Thread ID of main thread of debugged process
VAL_MAINBASE Base of main module in the debugged process
VAL_PROCESSNAME (char *) Name of the debugged process
VAL_EXEFILENAME (char *) Name of the main debugged file
VAL_CURRENTDIR (char *) Current directory for debugged process
VAL_SYSTEMDIR (char *) Windows system directory


it would be nice to see a command returning the debugged exe/dll's
informations, like ...

filename
path
size
process id ... etc.


2.

int Deletehardwarebreakpoint(int index);
Parameters: index - index of hardware breakpoint to delete (0..3).


delete / disable hardware bp depending upon provided
numbers like ... 1,2,3,4

sometimes it's important for a script to function properly
having no hwbp set ... 'n script does'nt know if there's any hwbp set
this way script will have an option to enable/disable all the hwbp

3.

void Tempbreakpoint(ulong addr,int mode);
Parameters:
addr - code address where temporary breakpoint should be set;
mode - type of breakpoint to set:

TY_ONESHOT|TY_KEEPCOND Set one-shot breakpoint. OllyDbg automatically removes one-shot breakpoint when hit and pauses debugged application
TY_ONESHOT|TY_KEEPCOND|TY_STOPAN Same as above, additionally stops any kind of trace or animation when hit
TY_TEMP|TY_KEEPCOND Set temporary breakpoint. OllyDbg automatically removes temporary breakpoint when hit and immediately continues execution
Any other combination Sets INT3 breakpoint of specified type


int Setbreakpointext(ulong addr,ulong type,uchar cmd,ulong passcount);

Parameters:

addr - address of breakpoint. If address points to data or in the middle of the command, OllyDbg will ask you for confirmation;

type - combination of bits TY_xxx that specify requested actions and type of breakpoint:

Flag Meaning
TY_ACTIVE Set permanent (user) breakpoint or restore disabled
TY_DISABLED Temporarily deactivate permanent breakpoint. If TY_ACTIVE and TY_DISABLED are set simultaneously, TY_DISABLED is ignored
TY_ONESHOT Set one-shot breakpoint that will be automatically removed when hit. Doesn't interfere with active breakpoint
TY_TEMP Set temporary breakpoint that will be automatically removed when hit. Execution continues automatically. TY_TEMP does not interfere with active breakpoint
TY_STOPAN Stop animation if breakpoint is hit
TY_KEEPCODE Force original command (parameter cmd)
TY_SETCOUNT Force pass count even if breakpoint already exists
TY_KEEPCOND Leave associated names of types NM_BREAK, NM_BREAKEXPR, NM_BREAKEXPL and NM_PLUGCMD unchanged. If this bit is not set, breakpoints of types TY_ACTIVE and TY_DISABLED clear these names
cmd - original command that will be saved to descriptor if bit TY_KEEPCODE is set. Otherwise, this parameter is ignored and command is read from the memory;

passcount - pass count, i.e. the number of times this breakpoint should be skipped. If breakpoint already exists and flag TY_SETCOUNT is not set, this parameter is ignored and pass count remains unchanged.


the above 2 fucntions can be helpful setting

TEMPORARY BP
DISABLING A BP
SETTING NUMBER OF PASSES
ONESHOT BREAKPOINT
shERis

ODbgScript v1.30 - Feature Requests and Bug Report

Post by shERis »

Hi Epsylon3, hi nick_name!
Thanx for your answers.
But I think, that I was mistakable. I don´t want a function to search the address of a string variable or the address of string in memory or the address of a comment string (maybe someone else does ...).

What I want is function like this VAL.

mov d,00000040 /d= 040h
eval "{d}" /$RESULT= 000000040
mov strg,$RESULT
VAL strg /$RESULT= 040h !
mov d1,$RESULT /d1= 040h now !
add d1,4 /d1= 044h now !

I think that I now explained better what I ment.
Epsylon3, please can you add such a function ?
shERis
nick_name

ODbgScript v1.30 - Feature Requests and Bug Report

Post by nick_name »

sheris, u can directly do it by "msg d" ... u wont need to eval
but still it would be help wht u r saying

eplylon3, i think this can be done quite easily with atoi or functions like tht

THANK YOU.
shERis

ODbgScript v1.30 - Feature Requests and Bug Report

Post by shERis »

Hmm .. Like >atoi< seems to be good. Result must be in hex.
nick_name

ODbgScript v1.30 - Feature Requests and Bug Report

Post by nick_name »

after atoi ... epsylon3 can always use some of his own converters to convert it into hex ... i guess he already has them
Epsylon3
Senior Member
Posts: 129
Joined: Fri May 26, 2006 5:10 pm
Location: France

ODbgScript v1.30 - Feature Requests and Bug Report

Post by Epsylon3 »

ok so, i think i will make this commands :

atoi s, 16. > hex String to int
atoi s, 10. > dec String to int

itoa n, 16. > int to Hex String
itoa n, 10. > int to Dec String
Locked