Greetings,

while working on my OllydbgScript COM wrapper i came across "search command sequence".
Usually one uses "CTRL+S" to find sequence of commands.
The current functionality of ollydbg allows for "imprecise pattern search" - a nifty feature.

I'd like to see this functionality exposed in plugin API.
like: "int Findcommandsequence( ulong startAddr, const char* sequence);"
Command sequences itself should be delimeted by predefined char (like "|".

Currently my wrapper implements this functionality at basic level using a combination of
Assemble, Findmemory, Disassembleforward, binary search with imprecise opcode mask which allows "popad | jnz offset" searches.
(*g* yes i looked at the ollyscript scripts floating around to get some ideas).

Another problem when using imprecise syntax is operand size for conditionals: short/long jumps.
Currently "jnz OFFSET" assembles to short jump.
If the opcode sequence uses long jump no avail ;-(
Please add operand for "short/long" differentiation...

Of course there would be no problem at all if "search for command sequence" is exposed via plugin API so i dont need to reimplement this.

Regards,

A. Focht

focht: I think you'd better mail your request to Olly... I've asked him to include some stuff in the next plugin API and he said I could mail him if I wanted something more included... Dont think he reads this forum very often...

imprecise opcode mask which allows "popad | jnz offset" searches
Damn, your wrapper sounds awesome! =)

Hi,

>I think you'd better mail your request to Olly...

i might think about it ...

> Damn, your wrapper sounds awesome! =)
Well the wrapper is about 10% of the whole project thats why it takes so long.
I'm looking forward to release milestone one in a few weeks.

Features:

- full blown ActiveScript development environment, featuring syntax highlighting editor and integrated debugger (threads, locals, callstack, watch, immediate, breakpoints)
- almost any ActiveScript capable language supported (VBScript, JScript, PerlScript, PythonScript tested so far)
- ability to call ollydbg through COM wrapper, parts of plugin's API exposed (yes, i solved the reentrancy/thread problems with ollydbg plugin API - a nifty solution

Oh well ... the IDE+debugger run in the context of ollydbg itself (loaded through a hub plugin) .. if i dont mentioned it

I converted some of the ollydbgscript scripts to test it ... they work as expected though i lack the real targets

If this board would support uploading pictures i would post screenshot ... but well

Regards,

A. Focht

Sounds like my project is doomed. =) Well, it is a bit of a hack anyway.

Waiting to see the nifty solution, that problem was what made me abandon the whole COM wrapper idea...
Suggestion: why limit this to scripting OllyDbg? If it is as good as it sounds, maybe you should make it use plugins (one plugin to script OllyDbg and the ability to write own plugins to script other applications)? Just a thought. =)

Hi again,

>Sounds like my project is doomed. =) Well, it is a bit of a hack anyway.

Hehe ... well that activescript problem bugged me .. until i decided to take on the challenge (i love challenges).
When i found a solution i thought i might be cool to build a complete solution with IDE and debugger around it.
At the time the project grow bigger and bigger ... and now it consumes almost all of my spare time...
The IDE and debugger outlived the ollydbg wrapper soon.

To answer your question:
>Suggestion: why limit this to scripting OllyDbg

It has already been done
The IDE and integrated debugger are cleanly separated projects (DLL) and work standalone without ollydbg.
There is only a small DLL api exposed to initialize, setup gui and run/shutdown the message pump thread.
The hosting app doesnt even need a message pump.

I use a tiny gui app to call the APIs and host the IDE for testing purposes.

For ollydbg case there is a "proxy" plugin, which setup the IDE/debugger DLL.
Additionally there is a small special COM api exposed which help to implement alertable wait functions for ollydbg (e.g. interruptable sleeps, waits for events...).
This hidden COM interface is just optional .. if no COM server implements it, it is not used.

Ollydbg wrapper itself is mapped into scripting namespace using named items.
The mapping of "default" COM servers is completely transparent.
(using config table with "name" -> "ProgID" mapping and TypeLib loader).
No hardcoded stuff ...

Regards,

A. Focht

Here is a screenie/preview (thanks to google i quickly found a free pic hoster)

http://mars.walagata.com/w/focht/ASDevEnv.JPG ("http://mars.walagata.com/w/focht/ASDevEnv.JPG")

Looks awesome. Your work will surely be the IDA of scripting. I hope mine will stay the W32DASM. =)

Looking forward to viewing your source code (or will it be released?).

focht: wow! looking very professional !
looking forward for a release