Greets,
as i mentioned in some thread earlier, i'm working on a plugin that incorporates a full blown open source C/C++ Interpreter. It covers about 80-90% on K&R-C, ANSI-C and C++ language constructs. (Multiple inheritance, virtual function, function overloading, operator overloading, default parameter, template, etc..).
Currently it supports a limited win32 api and most of Ollydbg API via precompiled libraries.
However to be more usable as "true" scripting plugin, it needs more support from the ollydbg plugin api.
What is completely missing is an asynchronous notification api (via callbacks) to help synchronizing plugins to certain states of the debugger and debuggee.
The present ODBG_Pluginmainloop( DEBUG_EVENT...) is just a notification callback from the main debug thread. It only delivers the standard debug API events - which is not sufficient.
Consider the following simple example (all steps are should be done automagically via script):
load target application
search for signatures (memory/imports/exports)
set temporary breakpoints
go/trace
break due to breakpoints
search for signatures (memory/imports/exports)
set temporary breakpoints
go/trace
do some stuff/patching/dumping
...
With the current implementation of the plugin api, even synchronizing to the first step doesnt work: to find out, when the target application has been loaded completely and ollydbg stopped at system/entry point (NOTE: ODBG_Pluginmainloop PROCESS_CREATE event comes too early, any action, e.g. setting breakpoints wont work).
I suggest to expand plugin API for use of true event notifictions (via callback mechanism) which allow the synchronization to all asynchronous actions:
- all debugger breaks due finish of certain actions (OpenEXEFile, Animate, (Run)Trace, Go API, ...)
To let the debugger stay stable as possible (if plugin misbehaves) i suggest decoupling of event callbacks using
1. firing callbacks in a separate notifier thread or
2. decouple callbacks using internal (hidden) window and PostMessage() API
The plugin should be given the possibility to register callback for certain events (event mask).
If some condition is reached all registered callbacks from the plugins are called using events filter (in a separate context)...
additionally the plugin API (header file) can be improved by:
- using include guards (plugin.h)
- plausible naming convention (why "addtolist()" when "Log( SEVERITY, FACILITY, ...)" is more descriptive?)
- let all API functions return an error code (enumeration, see later) if possible (void Tempbreakpoint(..) - how i know it failed?)
- make more use of "const" modifier (current format string specifiers make casting to "char*" necessary for const format strings)
- immediate return values are used inconsistently, use of bool and enumeration types return types makes code alot more type-safe and readable (keywords like "true"/"false" and enums like ERROR_SUCCESS are better suited than return 0, 1, -1 ...)
- plugin entry point names should defined via preprocessor macros for people who are using other compiler vendors than borland (borland's linker only allows "DllEntryPoint", MS is using "DllMain"/custom one, this imposes several problems for generated executables: to get CRT init and static global ctor/dtor stuff to work, predefined entry points other than "DllEntryPoint" must be used)
- exporting with "cdecl" imposes linkage name problems (which are already fixed in plugin.h using quick hacks). DLL API export convention is usually "stdcall" (like win32)
- most preprocessor #define's should be better symbolic constants (enums), they add alot of type safety (function parameters) and are better to incorporate (#define's ignore namespaces, stresses interpreter preprocessor...)
- alignment directives like #pragma pack(1) should be used with #pragma push/pop together on plugin structs only (not global) (possible performance loss due to global byte-alignment on our internal data manipulation)
This is my feedback + suggestions.
Regards,
Anastasius Focht
PS: Ollydbg is the best user mode debugger i've seen so far. Keep up the good work
