Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.

To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.

The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.

All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.

ODbgScript v1.30 - Feature Requests and Bug Report

Bugs/suggestions/scripts/... for OllyScript plugin
Locked
nick_name

ODbgScript v1.30 - Feature Requests and Bug Report

Post by nick_name »

epsylon3, please keep under consideration , the process info and breakpoint feature requests i made above ...
scherzo

ODbgScript v1.30 - Feature Requests and Bug Report

Post by scherzo »

Hi!!! Thanks Epsylon3 for the very useful plugin!!!
I have a problem: I need search all commands "JMP 00402512", for example, and I write this script:

var address
var jmp_content
var jmp_address
mov jmp_address,00402512
search:
find eip,#E9#
mov address,$RESULT
mov jmp_content,address
inc jmp_content
mov jmp_content,[jmp_content]
add jmp_content,address
add jmp_content,5
cmp jmp_content,jmp_address
jne search

I can't use only "find eip,#E912254000", for example because the bytes of a jmp depends of the address when is the jmp.
This problem happens with CALLs, JMPS and other conditional jumps. But the biggest problem is the speed: the script spend very
very time for search commands in the code section.
I suggest a command for this search that it works more fast, like this:


FINDCOM what, addr, start_addr

What - CALL,JMP,JNZ,JE,JA,etc.
addr - address of the command.
start_addr - search code starting at start_addr

For example, I want to search for all "CALL 00402512" starting at 00401000. So, I write this:

FINDCOM CALL, 00402512, 00401000

I don't know if this is possible, but this command will is very useful.
Thanks a lot,
scherzo
nick_name

ODbgScript v1.30 - Feature Requests and Bug Report

Post by nick_name »

use FINDOP

FINDOP
FINDOP addr, what
----------------------
Searches code starting at addr for an instruction that begins with the specified bytes.
When found sets the reserved $RESULT variable. $RESULT == 0 if nothing found.
The search string can also use the wildcard "??" (see below).
Example:
findop 401000, #61# // find next POPAD
findop 401000, #6A??# // find next PUSH of something
shERis

ODbgScript v1.30 - Feature Requests and Bug Report

Post by shERis »

Yes, there is FINDOP, but this command doesn´t solve scherzo´s problem. The problem is the relative address with CALL und JMP commands !!! I think, FINDCOM would be useful.
But you can use the new REF command instead! You´ll find all references to your addr and you only must select all JMP´s.
shERis
shERis

ODbgScript v1.30 - Feature Requests and Bug Report

Post by shERis »

Hi Epsylon3!
I am very sad :-((
We are all waiting for you!
nick_name, hila123 and sometimes I made several posts for bugfix or improvement of ODbgScript, but you seem to be too busy to do anything!
Please take care of your little baby ODbgScript! It´s ill and had to grow.
We all need you and your plugin.
Best wishes
shERis
scherzo

ODbgScript v1.30 - Feature Requests and Bug Report

Post by scherzo »

Hi shERis!!!
I know the REF command, but this command don't work if I want to find CALLs, for example, in a main thread because these kind of section don't pertain to a module ("dll").
So, I hope that the improvement and bugfix will be fixed up.
Thanks so much
shERis

ODbgScript v1.30 - Feature Requests and Bug Report

Post by shERis »

Hi scherzo!
You didn´t say that you want to search in main thread. REF doesn´t work here. Sorry.
Epsylon3
Senior Member
Posts: 129
Joined: Fri May 26, 2006 5:10 pm
Location: France

ODbgScript v1.30 - Feature Requests and Bug Report

Post by Epsylon3 »

yea shERis, i was busy these last 2 weeks, and i ve another week to work hard... after that i think i could work more on our baby :p

today and this week end, there is an open beta test of GuildWars Factions

66DG9-C4RHB-9FKD6-287BJ-LRGCJ

http://www.guildwars.com/downloads/GwSetup.zip


give it a try :p
Epsylon3
Senior Member
Posts: 129
Joined: Fri May 26, 2006 5:10 pm
Location: France

ODbgScript v1.30 - Feature Requests and Bug Report

Post by Epsylon3 »

1.44 (21 Jan 2006)
+ Enhanced GCMT to retrieve automatic comments or comments from analysis
+ Added ITOA and ATOI commands
+ Added GPI (getprocessinfo) command (see docs for info)
* GPA uses LoadLibraryEx to fix a Comctl32 double load
scherzo

ODbgScript v1.30 - Feature Requests and Bug Report

Post by scherzo »

Hi!!! Epsylon3
I have an improvement for ODBGScript: for example, look this script:

var constant
var count
loop:
mov constant,00421548
add contant,count
mov [constant],esi
add count,4
cmp count,1000
ja End
jmp loop
End:
ret

I would write this script like this:

var constant
var count
mov constant,00421548
loop:
mov [constant+count],esi
add count,4
cmp count,1000
ja End
jmp loop
End:
ret

But the plugin don't accept "[constant+count]".
I think that support of variables (two or more) in pointers is a interesting improvement!
Thanks,
scherzo
scherzo

ODbgScript v1.30 - Feature Requests and Bug Report

Post by scherzo »

Hi! I can't edit my last post.
So, I can do this:
mov temp,[address+8]
But I can't do this:
mov [address+8],temp
Why?
scherzo
P.S.: "mov [constant+count],esi" will be interesting too.
SHaG
Posts: 32
Joined: Tue Feb 03, 2004 1:29 pm

Post by SHaG »

So is this still being developed by E3? Im kinda into getting back into the game ;)
User avatar
dELTA
Posts: 4209
Joined: Mon Oct 30, 2000 7:00 am
Location: Ring -1

Post by dELTA »

Cool. :cool: If he doesn't reply here, PM or email him though the board. If he doesn't reply, well, the source of his latest version is available, so just grab it and start your own branch. :) Looking forward to new versions anyway, maybe even such for the upcoming OllyDbg 2.0. :yay:
"Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."
Epsylon3
Senior Member
Posts: 129
Joined: Fri May 26, 2006 5:10 pm
Location: France

Post by Epsylon3 »

i'm back, and ive seen the chinese version....

I'm making a new version 1.50.3 (this .3 will be added to every versions i will make) ;p 3 for Epsylon3

current changelog :


1.50.3 (8 May 2007)
* 4-bytes alignment and speed optimization (thanks Human)
* Added fixes and news from Chinese version :
*ASM
*EXEC,ENDE
+GMI (added DATABASE, RESBASE, RESSIZE constants)
*GN
*LEN bad operand fix
+DIV,MUL commands
+READSTR to read data at addr. (was possible in MOV command too)
+NEG,NOT,ROL,ROR asm commands (real asm code)
*RTU
*ADD, SHL, SHR, SUB, XOR results to script window

Notes : There are some differences between versions :
WRTA doesnt add CR to lines (binary writing)
+SETEXC ??? not working for the moment...
Locked