Ollyscript v0.5 can now be downloaded at:
http://ollyscript.apsvans.com
("http://ollyscript.apsvans.com
")

New features like API breakpoints, run-to-return, module info etc. are implemented.

From readme.txt:
+ New commands:
CMT, GMI, GPA, LBL, RTR, RTU
+ New example script - tElock 0.98 OEP finder.

Comments please!!! =)

The plugins for 0.4 are compatibles in 0.5?

Ricardo

Yeah, everything is compatible and will be in the future. =)

If you can improve the next version with the BPMs

BPM ON ACCESS

and in more extension of FF bytes only

BPM start, end

for put BPM in sections or big blocks

Ricardo

You are making a good work, FELICITACIONES jeje (in spanish)

Ricardo Narvaja

Bugfixed v0.51 uploaded.



Ricardo Narvaja: thx =)

i make a script with a cmp and next a jne, and the values of the comparation are not equal, but the jne never jump, is a bug?

Ricardo Narvaja

Ricardo Narvaja: could you please mail the script + url to the target to ollyscriptNOSPAM@apsvans.com (remove NOSPAM) so i can have a look?

Just tested this and it works:

var x
var y
mov x, 1
mov y, 2
cmp x, y
jne NOT_EQUAL
msg "x == y"
ret

NOT_EQUAL:
msg "x != y"
ret

Is not a useful script is only a try, use a upx packed program for example.

var pirulo
eoe Break
msg "Please set a memory breakpoint on the section start on 401000 and then press the button of this message"
run

Break:
GMI eip, CODEBASE
mov pirulo,$RESULT
log pirulo
cmp pirulo, 401000
jne siga
msg "equals"
ret

siga:
msg "not equals"
run

in the log pirulo=408000 and are different of 401000 but the msg say equals

Supressing the msg the script only can stop in BPM execution of 401000 section and not in BPM r or w.
Ricardo Narvaja

Ricardo Narvaja: you were right, that was a bug... Fixed now.

v0.52 uploaded.

Supressing the msg the script only can stop in BPM execution of 401000 section and not in BPM r or w.
Not sure what you mean??

Well is not useful jeje

The idea is when unpack a program, the packer stops first in BPM READ or BPM WRITE when unpacking and when is unpacked jump to oep and stop in BPM on execution.
The idea is when stop for bpm see the codebase of the current eip, and if is not 401000, is a bpm R-W, and run without stop, and when the codebase are 401000, you are on BPM X (on execution).
This is the idea quittting the msgs, but is very slow for find oeps, but i put here for example of the bug only.

Ricardo

Spupresing the msgs "equals", and "not equals", the other msg is necesary

Ricardo

How do you mean? Is it still buggy???

Not, i only explain the script

Ricardo

A mailing list for the plugin is now available at:
http://mail.apsvans.com/mailman/listinfo/ollyscript_apsvans.com
("http://mail.apsvans.com/mailman/listinfo/ollyscript_apsvans.com
")

New versions, bugfixes, general discussions, script sharing etc.

It shoult be nice :
- to have a feature that excecute the script step by step
- possibility to edit the script in Ollydbg sofware directly
- to have a separate folder to store all scripts

Good work : ) follow in that way, we like that.

- to have a feature that excecute the script step by step

How do you mean exactly? Like a "step" command on the plugin menu?

- possibility to edit the script in Ollydbg sofware directly

Noted for the future... Don't think its really that important?

- to have a separate folder to store all scripts

Noted. Will be implemented in v0.6.

Step by step
Possibility to debug the script line by line to have an idea how the script is behaving.

If you can improve the next version with ......
bp<-->bc?
bprm<-->bprmc??
like sice bp addr, do something
tc command

loveboom: noted, will see what i can do =)

Plesa can you implement the function 'New origine here CTRL+GRAY*'.

helloword: you can use mov to move values in to EIP