v0.92
A big bug in script synchronization fixed (thanks loveboom!).
GN behaviour updated.
MOV can now write strings to memory.

v0.91
A bug related to pausing the application fixed, the GN command added, ASM returns $RESULT.

v0.9
+ New commands: ASK, BPL, BPLCND, COB, COE, EVAL, EXEC/ENDE, GN, TICND, TOCND
+ Execution of code in the target process context
+ String concateration with ADD or EVAL
+ Input box
+ Logging breakpoints
+ Removal of EOB and EOE
+ Tracing with condition
+ Get name of address
# ASM now returns assembled length in $RESULT
# Fixed pause crash bug
# Fixed bug with JBE, hopefully it was the last of the Jxx bugs
# OllyScript now REQUIRES OllyDbg v1.10. No other versions are officially supported.

Work perfect thanks PsyCKO.

Ricardo Narvaja

A new question (sorry psyCKO)

If the $RESULT is in a loop using GN function, when GN found an api, $RESULT is a string, and when not is an api $RESULT is 0

if in this loop i put

cpm $RESULT, 0

when $RESULT is a string the script make an error message for compare an string with an integer (cero).

How i can compare $RESULT for look if is an api address or a cero, without error.

Soory for my problems

Ricardo Narvaja

Stupid bug. New build posted on site.

Well i download the new version and the error si the same

cmp $RESULT_1,#0000
Je salto:

or

cmp $RESULT_1,0
Je salto:

if $RESULT_1 has a string the script stop in a error in this line

Ricardo

Other bug

this is my script

When you reach the oep of a packed program, after you dump the file, the script fill the zone 401000-xxxxxx with the name of the dll, the api, and the IAT posicion.
Before run the script is needed fill the zone 401000-xxxxxx where the plugin will write the names with zeros (right click-BINARY-FILL WITH ZEROS) for the script acomodate the names.

Look the script is a alfa version with the results of this i can rebuild the table in the dumped file perfect but there is a bug jeje
---------------------------------------------------------------------- ----------------
var ju
var pu
var op
var end
var tu
var zero



mov op,401000


ask "INGRESAR INICIO DE TABLA"
mov ju,$RESULT
cmp ju,0
je fin

ask "INGRESAR FINAL DE TABLA"
mov end,$RESULT
cmp end,0
je fin

log "TABLA DE FUNCIONES IMPORTADAS"


pipi:
mov pu,[ju]

log pu
cmp pu,0
je cero:

gn pu

log ju
log $RESULT_1
log $RESULT_2



mov [op],$RESULT_1

find op, #00#
mov op,$RESULT
mov [op],".dll"


find op, #00#
mov op,$RESULT

inc op
log op
log $RESULT_2
mov [op],$RESULT_2
find op, #00#
mov op,$RESULT

log $RESULT

inc op
log op
mov [op],ju
add op,5


sigue:


add ju,4
cmp ju,end
jae fin
jmp pipi



fin:

ret

cero:
mov zero,op
log zero
mov [op],#00000000000000000000#
add op,11
jmp sigue:

---------------------------------------------------------------------- -

WELL the plugin work but never go to cero:

in the log i can see values of pu=00000000

but in

log pu
cmp pu,0
je cero:

NEVER JUMP TO CERO and not log zero this is a fail in cmp or je

cero:
mov zero,op
log zero
mov [op],#00000000000000000000#
add op,11
jmp sigue:

Ricardo Narvaja

je cero: is incorrect.
maybe you meant je zero ? =)

je cero

go to

cero:
mov zero,op
log zero
mov [op],#00000000000000000000#
add op,11
jmp sigue:


zero is a variable

Ricardo Narvaja

I complete the script with the fill with 00 before the script start, with this, and the bug resolved, the script wiil be perfect for the tut of manual reconstruction of iat without IMPORT RECONSTRUCTOR.

Ricardo Narvaja

Great... but still about the supposed bug:
Your script posted above is:
log pu
cmp pu,0
je cero:
...
cero:
mov zero,op
log zero

you wrote:
je cero:
but you meant
je cero // (without the colon ( )

Does it still not work if you make those changes?

Yes thanks this was the bug the final script for make a list of dlls, apis and adresses of IAT for use in my tuts of manual rebuilding of IAT without IMPORT RECONSTRUCTOR.
The other bug in cmp $RESULT,0 when $RESULT is a STRING, is unresolved but i don't use in this script, if you resolve this bug i can improve this script better.
---------------------------------------------------------------------- ---------------

var ju
var pu
var op
var end
var tu
var zero
var zona


mov ju,403184
mov op,401000


ask "INGRESAR INICIO DE TABLA"
mov ju,$RESULT
cmp ju,0
je fin

ask "INGRESAR FINAL DE TABLA"
mov end,$RESULT
cmp end,0
je fin

log "TABLA DE FUNCIONES IMPORTADAS"

mov zona, ju
sub zona, 5

sub zona,401000

log zona

fill 401000, zona, 00

pipi:
mov pu,[ju]

log pu
cmp pu,0
je cero

gn pu

log ju
log $RESULT_1
log $RESULT_2



mov [op],$RESULT_1

find op, #00#
mov op,$RESULT
mov [op],".dll"


find op, #00#
mov op,$RESULT

inc op
log op
log $RESULT_2
mov [op],$RESULT_2
find op, #00#
mov op,$RESULT

log $RESULT

inc op
log op
mov [op],ju
add op,5


sigue:


add ju,4
cmp ju,end
jae fin
jmp pipi



fin:

ret

cero:
mov zero,op
log zero
add op,16
jmp sigue

---------------------------------------------------------------------- ---------------

Ricardo Narvaja

The other bug in cmp $RESULT,0 when $RESULT is a STRING, is unresolved

Damn. Uploaded new build. This script now works:
var x
mov x, "0"
cmp x, 0
je ok
ret

ok:
msg "ok"
ret

Thanks i try

Ricardo

Yes works perfect i put the new tute in my FTP thanks.

Ricardo Narvaja