PDA

View Full Version : [plugin] OllyScript v0.8

psyCK0
May 6th, 2004, 11:08
2. Status (6 May 2004)
----------------------------
All right, v0.8 of OllyScript is ready. Thanks to R@dier it now
has a PE dumper engine. I really don't have much time for the plugin
at the moment, so updates will be kinda slow. Please have patience!

!!!IMPORTANT!!!
The plugin is rewritten to work with OllyDbg v1.10c ONLY!!!
If you don't want to upgrade please use v0.7 or earlier!
Also due to a bug in OllyDbg v1.10c this plugin's debugger hiding
functionality is likely to not work with next OllyDbg version.
Of course I will update the plugin immediately when it comes out.

Also I've got some comments about writing values to memory (like NOPs).
It's already there! Please check the MOV command carefully! I've also
added a FILL command to simplify NOPing code and zeroing memory.

TO ALL THE FRIENDS FALLEN VICTIM TO GREEDY SOFTWARE COMPANIES - I GRIEVE WITH YOU.

2.1 What's new?
---------------
+ New commands: DBH, DBS, DPE, FILL
+ PE dumper
+ Debugger hiding
# FIND now accepts wildcards

------------------------------
TBD
May 6th, 2004, 23:09
psyCK0: nice stuff. thanks !
freeshown
May 6th, 2004, 23:34
very nice stuff.
thank u~!
Gigapede
May 7th, 2004, 00:07
Great work!
Because the dump engine was implemented, export function from OllyDump isn't needed anymore.

Thanks.
psyCK0
May 7th, 2004, 00:42
Gigapede: yeah, but maybe you can implement integration with CommandBar ? I have sample code in the readme =)
Gigapede
May 7th, 2004, 02:38
Sorry, I posted update info of new CommandBar to old thread in plugins.

http://ollydbg.win32asmcommunity.net/?action=vthread&forum=2& topic=601
("http://ollydbg.win32asmcommunity.net/?action=vthread&forum=2&topic=601
")


>psyCK0:: I implement command calling OllyScript in CommandBar.
>
>http://dd.x-eye.net/file/cmdbar310109c.zip
>[OSC script file name(fullpath|relative from OllyDbg installed)]
>
>It is nice to make option to set default path of script file in >OllyScript, isn't it ?
>It is such a bother to have to specify full path.
>
>anyway thanks.
>
>Please wait the OllyDump export function.
Anonymous
May 7th, 2004, 03:28
sorry to hijack thread but gigapede did you read this post

http://ollydbg.win32asmcommunity.net/?action=vthread&forum=1& topic=638
("http://ollydbg.win32asmcommunity.net/?action=vthread&forum=1&topic=638
")

any comments
psyCK0
May 7th, 2004, 07:37
Gigapede: cool =)
caty
May 8th, 2004, 11:04
hey psyCK0
i want to do dump file which appends the same file when it breaks,you said this version could to it,but how?
psyCK0
May 8th, 2004, 11:33
i dont really understand your question...
Gigapede
May 8th, 2004, 18:07
Anonymous:: It must be a bug.
At first the label was put on a debuggee image.
I don't know it is possible to put label on outside of debuggee memory, but I try to make it.
caty
May 9th, 2004, 08:53
i dont really understand your question...

I am using this script to dump edi to file,but when it breaks again it overwrites the dump,So instead of overwriting it needs to add the dump(append) to the same file
start:
bp 1AD6358
cmp eip,55407D
jne start
go edi
dm edi, 40, "c:\dump.bin"
msg "script finished"
jmp start
ret
psyCK0
May 9th, 2004, 13:26
aaaah, ok =)
will be available in v0.82!
Anonymous
October 27th, 2004, 10:16
also tell, where from we can get full scripts in single zip file!