Hello all,
I'm adding some new features to cmdline plugin, but I've got a problem...
I added some commands, but one of them is not working on Xp and it's working fine on windows 2003. Command is "eip address", used to move eip.
Well if I do: "eip esp" or "eip address", on windows 2003 everything is ok, if I try the same on windows xp it's not working at all... Writememory command returns error (in windows xp, esp is not even translated to an address, in fact I get a parser error, on w2k3 I have no probz :/).
"eip" is implemented in this way:
1. read memory at current eip and store in a buffer
2. assemble a jmp to given address
3. step on this jump
4. restore memory at old location

Point 4. fails, but only on Xp... Can someone explain me why please? I can't find a logical reason and of coz it's not a memory protection problem, coz the same happens on short jumps (1 or 2 bytes ahead).
If you wish to download a pre-release version you can get it from http://quequero.org/store/various/qcmdline.zip
("http://quequero.org/store/various/qcmdline.zip
")
Of coz sources will be published soon (I have to add some other features). Thanx a lot!

And what are the commands availables?

The zip have no help, and when you type one only letter, there are no help, for know the commands.

Ricardo Narvaja

Sry Ricardo,
I provided no help coz I upload it there only for backup
Btw until now I added an "e" command:

e eip 9090
e 00401000 bytes...
e register/address bytes

Like in softice, so u can edit memory directly from commandline (btw there seems to be a bug (or a feature, I don't know) in olly plugin engine, the first byte can't be a letter, that is: e eip CC returns error, you have to do something like e eip 90CC).

I added an "eip command":

eip address
eip register

for moving eip, with a special case:

eip eip

that assemble a "jmp eip", often useful when you need time to dump a program .
A buffer overflow has been fixed ;p and I changed the style, now it's smaller, and I like it more ;p. There's still an history (browsable with up/down) and I added an alias for bp=bpx an bl (breakpoints list) for softice nostalgic ;p for now it's everything, I started to work on it only yestarday ... But the bug described in my previous post is far from my comprehension )... Really.

Thanx Ricardo.

I'm trying to change eip using Get/SetThreadContext, I can change eip value in context, but, is there a way to "force" OllyDbg to re-read the context for using the updated eip? Thanx a lot

</table>okz