I downloaded and used OllyScript. Itīs really a great tool! Many thanx for that! And of course Olly for his great debugger.

But now I would need some more functionality of OllyScript.

This is my desire to debug a proggy without running it:

1. A function OPCODE addr, which sets the $RESULT variable to the opcode bytes, $RESULT_1 variable to mnemonic opcode (i.e. MOV ECX,EAX) and $RESULT_2 to the lenght of the opcode. If an invalid opcode appears, $RESULT_2 should be 0.

2. A function NEXTOP addr, which sets the $RESULT variable to next opcode of addr. If any error occurs, $RESULT should be 0.

3. A function PREOP addr, which sets the $RESULT variable to previous opcode of addr. If any error occurs, $RESULT should be 0.

4. A function REF addr, which works as "Find references to .. Selected command" and "Find references", Ctrl R, in OllyDbg. Now the problem is, that there are not defined arrays. The $RESULT variable should now be set to the first reference addr and $RESULT_1 to the opcode if available and $RESULT_2 to the comment (like reference window).

5. A function NEXTREF addr, which works as REF, but results in the next reference. Another call of NEXTREF should result in the next reference and 0 if no more is found.

6. Another way could be to extract data of the references window with some get functions.

7. It would be useful to directly write something to a specified file with a WRT (Write) and WRTA (Write append) function.



This should be enough for today.


If there is an ability to realize this functions, I would be very, very glad ;-))


Many thanx for your work

Bye

~hERi~

Will see what I can do. =)
At the moment I'm in the middle of a quite intensive project at work, so I really don't have too much time for the plugin...

Perhaps you have some time !

Thanx psyCKO :-)

Hi psyCKO!

I have another wish from you for OllyScript:

more arguments for GMI:

gmi addr,MEMBASE and
gmi addr,MEMSIZE

The $RESULT variable is set with the base memory adress / the memory size of an new allocated memory block (VirtualAlloc).

If addr is in module the result could be MODULEBASE/MODULESIZE. (MODULEBASE and MODULSIZE now returns 0 if an address outside module is used.)

Thanx for implementing :-))

~hERi~

I think other option for more suitable use is needed.

When i need use a script , i go to plugin - OLLYSCRIPT, and load the script.
I have script is need repeat 50 times. Each time i go to OLLYSCRIPT-OPEN etc.

Is posible if i need only use the same last script, a button type play-stop, for execute the last script charged in memory, and only if a need a new script, go to OPEN again? Is very important to me, thanks.

Ricardo Narvaja

Great ideas! Will implement asap

here is another wish list for next version..

for repl command can get the value from variable

var find
var replace
repl eip, find, replace, 100


for asm command can get the value from variable

var addr
mov addr, 401000

asm eip, "jmp {addr}"
the output should be "jmp 401000"