ODbgScript is the Visual version of OllyScript (discontinued by ShaG), it's capable to trace script execution and variables, and also to toggle script breakpoints...

I make this new thread because I can't edit title of 1.20 thread... which had 10 versions 1.20 to 1.29...

These versions have introduced the Script window and MRU Lists, have enhanced strings and pointers handling and also has some new commands... more or less usefull

The Download web directory is http://e3.epsylon.org/olly/
("http://e3.epsylon.org/olly/
")

Archives includes sources and documentation (readme.txt)

1.31 (05 Dec 2005)
+ Added support of operators in pointers ex: [eax+1]
+ Added support of operator + for strings
+ Decimal values are now supported, with the point (ex: 102.)
+ Variables Menu in Script Window to show/edit variables
+ Edit Script Command in Script Window Context Menu
# Modified script window hotkeys, and added Pause

1.30 (04 Dec 2005)
+ Added support of reg8 & reg16 registers (al,ah...dl,dh,ax,bx,cx,dx,bp,sp,si,di)
+ Added support of operators (+-*/&|^><, operators don't have priority, it's made from left to right
">" and "<" are shr and shl, "^" for xor, "&" for and, "|" for or.
+ Variables are now also declared by the destination of mov, if they don't exist
+ Added Result column
+ Value column keeps history of values
+ Enhanced Style of Script Window (current line, jumps, labels, same values)
+ Added KEY to send custom key shorcut to ollydbg (global KEY_DOWN)
+ Added TC to close and delete runtrace
# Fix MRU when a filename contains a comma or { }

The TODO List :
+ Change the icon << if somebody could tell me how

Please discuss here about new commands you want, please give a look in plugins.hlp to see if your wishes could be made with the current plugin SDK of OllyDbg 1.10...

... will be edited later ...

HISTORY :

1.29 (03 Dec 2005)
+ Added LEN to get string length
+ Added REV to reverse dword bytes
+ Added HANDLE to find a window handle (like "Edit" Boxes) in debugged application
# Script is kept on debugged program restart/change
# Fixed FIND commands to search dwords variables
# MRU on DISASM window is now the real one

1.28 (26 Nov 2005)
+ Added "Load Script" in DISASM Context Menu
+ Added "ALLOC size" and "FREE addr, size" to (un)allocate memory page
# Modified Run Script to Load in Main MRU
# MRU is no more showing full path of scripts

1.27 (25 Nov 2005)
+ Added REF to get References to selected command
+ Added OPCODE command to get command bytes, text and size at specified address
# Better comments handling
# Better #inc handling (using also current script path)
# PREOP now works in memory block, not only in code block

1.26 (24 Nov 2005)
+ Added Optionnal Start Address to "FINDMEM what [, StartAddr]" (to continue global search)
+ Added PREOP command to get previous command address before specified address

1.25 (22 Nov 2005)
+ Added FINDMEM to search into the whole memory
+ Added WRT (write a file) and WRTA (append) commands: WRT file, data
+ Added GMEMI function (Memory Block Informations)
# GPA now returns 0 and continue if the API is not found, &#036;RESULT_2 set to Proc name if found.
# fixed OllyDbg focus problem
# fixed path of created files when full path given
# fixed FIND binary wildcards, broken in 1.24

1.24 (19 Nov 2005)
+ FIND and FINDOP supports strings and string vars arguments
+ MSG and MSGYN have now Cancel button to pause script (MSGYN returns 2 if canceled)
# Script will now pause instead of stop when error is returned from commands
+ Script Breakpoints (to "debug" a script)
+ Added Real "Load Script" to start paused (script window)
+ Added Step/Resume and Hotkeys (script window)

1.23 (14 Nov 2005)
+ Enhanced String by Address support for commands (ex: gpa [nAddr],"KERNEL32.DLL"
+ lm, load Dump file to mem: lm, 0x401000, 0x100, "test.bin" (MetaCore)
# fix the dm, lm, dmp, dpe 's default dump path to debugging app's path. (MetaCore)
# fix dm, ...the open file parameter is incorrect, will add mess "0a 0d" at each lines tail. (MetaCore)
# fix all dump related function's parameter check, so when the real mem is smaller then gived
dump length, will not add mess data at the end, and the &#036;result also catched the real dump size. (MetaCore)

1.22 (11 Nov 2005)
+ Added SCMP and SCMPI for string comparaison (SCMPI for case insensitive)
# Restored CMP string comparaison to case sensitive

1.21 (8 Nov 2005)
+ Remember Script Window Position & State
+ Automatic Scroll to follow script
+ Context Menu (Real MRU/Follow) in Script Window
# Fix table refresh
# CMP string compare is now case insensitive

1.20 (7 Nov 2005)
+ Script Window with values and eip
+ CMP now accepts strings from address

1.33 (06 Dec 2005) (Fix version)
# Some fixes
# Added some constants in code
# Fixed a big bug with string operands containing dword operator

1.32 (05 Dec 2005)
+ Execute Script Command Manually is now possible
+ LOG is now highlighted and displays also message in OllyDbg Status bar
+ LCLR command to clear log window
# Updated this Documentation and added a neutral sample script
# Abort Command enhancement

Hi Epsylon3!
Great improvements! I´m really surprised!

I found the following:
When I singlestepped a script with the S key in script window and arrived an ESTO command, ESTO was executed normally. After an exception the script line continued with the next line and not at eoe-label! Perhaps it is the same with eob-label, I didn´t verify that.

I think, it would be more useful, if a script can be loaded only in script window, otherwise the script should be runned immediately. If you have finished a script and you only want to run it (without debugging and looking, what the script does), you always have to change to script window to run it.

In the values row of script window the both values of two parameter instructions are in other order. I think this is a little bit irritating.

Great thanx for your work!

New version every two days? Please include autoupdater ;P

@shERis :

yes you are right, i will restore the Run Script in Disasm window...

for the values row.. yea... was the fastest way to keep history and last values... i will try to fix that..

tx for the infos =)

@kwazar :

i was curious... i never really used C++ before now i understand vectors and iterators, and i have learn many things... a nice month =) even i dont really like the C++

now i think ollyscript is ready to be used, fast.... and i m sure these enhancements will save precious hours =)

I don't know why, but for me the MRU is not working.I have Odbgscript 1.32.
And what this supposed to be(it should say"Dump & fix IAT now!"?
http://img478.imageshack.us/img478/8808/msg7zx.png

Hi Epsylon3!

To me, version 1.3x can't handle the following script


var count

mov count,8

loop:
cmp count, 0
je end
sub count, 1
jmp loop

end:
ret

Thanks for your enhancement to this olly plugin.

hmm yea... 1,31 and 1.32 have introduced many new things.... i will check what is the problem

Gabor : the cause is the operator & but that's not normal ) i check that

VolX
try 1.33, don't have seen problem with this one... but tell me

1.33 (06 Dec 2005) (Fix version)
# Some fixes
# Added some constants in code
# Fixed a big bug with string operands containing dword operator

BUG !! BUG !! BUG !!

i've loaded a target in olly
now moved to the script window
no script loaded , version 1.33
pressed X for executing script command
var a [enter] .... everything okey
mov a , eip ... Olly CRASHED !!!

http://img230.imageshack.us/img230/9047/odbgscript1335pn.jpg

same problem if i try :

msg eip
or,
eval " eip is {eip} "

i think the problem is somehow related to EIP
when the app is just loaded in olly 'n not still getting debugged

guesswork :
olly takes ODBGscript to an unreferrenced invalid memory
coz, the app is not being debugged yet
so NO eip is set

i'll better leave the amendment to Epsylon3
thanks again for the great work !!!

[...]

hmm yea... ok tx... will fix that....

did you know var command is now useless...

mov eax, a will report an error if "a" is not declared but...

mov a, eax creates variable a with the value of eax

no, the problem was not eip, it's just window try to set value to the values column...

1.34 (06 Dec 2005)
+ Added Mark for pointers in values column
+ Added Icons to Windows
+ Added Script Log Window
# Fixed Manual Command when no debugged app or no script loaded.
# Modified Load into Run in main and Disasm Menu
# Added Version ressource, and clean source architecture

delayed... some things to fix before the 1.34 release as you can see :

http://e3.epsylon.org/olly/screenshot.png

incoming.... i ve finished, there is some weird things with Step command... but that doesnt trouble script execution... only the display

Hi Epsylon3!

I found >> mov [addr+4],#EB04# << not working.

When starting plugin, script log windows pops up too and is focused. The focus ist not really good.

When restarting app, plugin should be reloaded too to be able to run the script from the beginning.

There are some bugs in script execution window, but you will know them surely.

yea, ive seen for the restart, and i will try to see for the focus, there is no focus function for log, that's weird...

i've made some things, but i got some problems, a new version will be out... in some days

1.37 (18 Dec 2005)
+ Ask dialog accepts now the Return & Escape Keys
# Log windows Auto Scroll
# The Log Window is no more called with Script Window from main menu
# Fixed bugs in mov command with pointers and buffers
# Fixed bug with hex buffer variables containing bytes < 0x10 (no pb with constants)

1.35 (12 Dec 2005)
+ Added a size optional third parameter to mov Command (strcpy)
+ Added "Clear Log" To Log Window Context Menu
+ Enhanced Support of "dump" variables
# fixed some log problems

epsylon3 , going great !!

can u make one change in the SCRIPT WINDOW
when steppign thru the scripts , the line highlighted is already EXECUTED
can u make it TO BE EXCUTED ... like in olly code window

i dont if it's discussed b4 but i think it makes it a little more literal
thank you.

yep, you are right... and this will fix cursor when the line is a jmp

Hi Epsylon3!

Sorry but this doesnt work any more:

mov addr,00406F00
mov dat,12345678
mov [addr],dat
ret

MOV does simply nothing :-(

arf,

yea, i will test that... 1.38 will be ready after that

there is a problem with hex buffers too

mov dat,#12345678#
mov [addr],dat

1.38 (19 Dec 2005)
+ Added optional LOG command parameter to set log prefix, "" to disable
+ Added LC to clear main log window
# Fixed hex buffer variables, and big mov,<dword> bug
# Script cursor is now normal
# LCLR command clears now the script log only
# (internal) added backup system for sources in post-link batch

the script position (cursor) is not exact when stepping to a label... but it's not really a problem...

epsylon, very fast update !!

at the beginning of the script loading, the line no.1 is highlighted 'n works perfectly as it should

but when the app is restarted , should'nt the script also go back to it's
line no.1 ?? well, it did'nt

and when i reinitiated with ESC , it went back to it's old behaviour 'n started from LOCATION line ( d:&#92;documents and settings&#92; ....) while
it should start from line no.1

and on RET i can also go back to line no.1

it's quite minor i know ... but jst wanted to inform you like always

thank you for your great work once again.

thanks, it's now fixed... in 1.39

BUG !! BUG !! BUG !!

epsylon, the script window works lovely.
if i step thru the script which has RUN , STO the script window retains
its focus which seems great.

but the problem is : if is step thru with S, upon pressing ALT+C the
code window wont get focus !! ... even after the end of the script !!
it seems to remain ALWAYS ON TOP !!
please look into it ...

thank you.

please check if your script window has the option Always on Top Checked... (Context Menu/Appearance)

hmm, oh yea, i see... hmm weird....

yea, focus is now ok... only when needed

Hi Epsylon3!

I found the following:
When I singlestepped a script with the S key in script window and arrived an ESTO command, ESTO was executed normally. After an exception the script line continued with the next line and not at eoe-label! Perhaps it is the same with eob-label, I didn´t verify that.

In the values row of script window the both values of two parameter instructions are in other order. I think this is a little bit irritating.

When script window is opened now, all other applications windows are disabled, OllyDbg too. You are not able to change window content!!! Thats very ugly!

Great thanx for your work!

Behaviour is the same if "Always on top" (Alt F5) is set or not!

Another little bug:
when you load a large script in cript window and then you reload a shorter script, the old script length with content persist, the longer script is only overwritten with the shorter content.

yep... try with this new version (1.40), and tell me if you have any of these problems

1.40 (20 Dec 2005)
+ Added Float variables, registers st(0) <-> st(7), and "in line" operations (+-*/)
Float operations must contain float operands only (no support for integers for the moment)
Float syntax : mov flt, 5.0
# enhanced script window focus
# fixed progress window data if script reloaded is smaller than old one

1.39 (20 Dec 2005)
# Fixed Ask memory alloc problem
# Always Re-focus to Script windows on "Step" from script.
# Fixed cursor on ret/abort

BUG !! BUG !! BUG !!

in the sample script = sample.osc
the script kills olly at :

=====================
Line=15
Command= log [[esp+4]]
=====================

when stepping with S, after ESTO, RUN
the script window does'nt get auto-focus
anymore

please check !!

hmm, yea, there is a problem with this command : i cant know the type of the pointer... is why the line after is log ""+[[esp+4]]

but this script doesnt kill my ollydbg... weird

the autofocus is made for "go" command, but here there is a breakpoint... hmm i'll try to do something...

1.41 (21 Dec 2005)
+ Support for Integer operands in Float Operations (first operand need to be a float)
+ Added Edit Variable dialog for Float vars
# log default type (pointers) is set to DW, was Float in 1.40
# enhanced focus with Ollydbg breakpoints

BUG !! BUG !! BUG !!

first of all ... GREAT work epsylon i've never seen anyone updating his
plugins so fast !! ... it's great

now the problem ...
my target is : calc.exe XP.SP2
script : sample.osc (supplied with the plugin)

i load the target
i load the script
then i press SPACEBAR

the script runs and the app's also RUNNING
the script window now is stopped at :
==============================
Line=12
Command= cmp handle, eip
Result= j
EIP= i
Values <---=7C810856 7C882FC4,7C882FC4
7C882FC4,7C882FC4 7C882FC4,7C882FC4
7C882FC4,7C882FC4 7C882FC4
==============================

now keeping the script like this, if i restart the app in olly, the app wont
wont stop at it's EP ...

it will simply run !!
please check the phenomenon !!

i would propose : if the app is restarted in olly, the
script should restart too

thank you.

hmm, yea it's made... but 1.42 will be released later...

I don't know if it's really helpfull but it should be nice to have on mouse over some information on value of variable or help of the function

Hi Epsylon3!
Hi Olly (Oleh)!
Hi all other OllyDbg and ODbgScript fans!

Very much thanks for your works - we all hope that your works will proceed.

I wish all of you a merry christmas and a happy new year.

I´ll be back in some days.

Your´s
shERis

Merry and happy OllyD =) will try to find something nice to do =)

@helloworld :
hmm yea, could be possible... but... not as tooltips, maybe in a status bar....

no, i made the variables menu to show, and edit or copy/paste variables

ps: visibile only when dbg proggie is paused...

i found a problem with the mov str with len

example

mov location, 402000
mov str, 401000
mov [str], "OllyDBG"

mov [location], [str], 3

if the strlen is less than 4 it will not copy the correct data the location....

if i changed the above command to mov [location], [str], 4, it worked by copying the 4 bytes to the location

in this instruction :

mov [location], [str], 3

[str] is a pointer, not a string... to force the string operation, use that :

mov [location], ""+[str], 3

something wrong with the below script, try to test the script with a delphi program, it will not pause....

var temp1

mov temp1, eip
add temp1, 0b
bphws temp1, "x"
//bp temp1

eob check
eoe check
esto

check:
cmp eip, temp1
je test
esto

test:
sti
mov [401000], eip <-this line will not execute if using hardware breakpoint
pause
esto

if i changed the hardware breakpoint to memory breakpoint....the above script work....this happened to ollyscript 0.92 as well....

found a problem with find function...

find function cannot find these values...

7C80A405
77DEB908
7C826E0C
77D86C0F

below is the sample script

mov count, 0
mov temp1, 402000
mov temp2, temp1
mov temp3, 0

mov [temp1], 7C812C8D
add temp1, 4
mov [temp1], 7C80A405
add temp1, 4
mov [temp1], 77DEB908
add temp1, 4
mov [temp1], 56800C00
add temp1, 4
mov [temp1], 7C826E0C
add temp1, 4
mov [temp1], 77D86C0F
add temp1, 4
mov [temp1], 7C80AA66

log_data:
cmp count, 7
je end
mov temp3, [temp2]
find 401000, temp3
log &#036;RESULT
add temp2, 4
inc count
jmp log_data

end:
msg "check log"
ret

seem likes the find function not able to find value pattern ??????0?

(1)
mov eip,402233 ...... eip = 401000
mov eax,1000 ....... eip = 401000

but on the 2nd line, the EIP should reflect EIP=402233 in the script window.

(2)
when the script is not finished, but the app terminates due to
exeption or something else.
after a restart/ctrl-F2 , the rest of the script will try to execute
and will show a SCRIPT FINISHED msg like it shows for RET.

i would suggest : the script should restart back as the apps gets
restarted.

and on the script reload, the src should be RE-read 'n reloaded
coz after editing, it becomes a little tiresome to reload each time.

(3)
the input box of ASK does'nt always take inputs properly on clicking
OK button by mouse !!
please look into the matter

(4)
the prob with EOB persists, it does'nt work as it's supposed to

feature request
**is it possible to add a READ or READ-LINE feature.
which will add the first token or the first line from a file
into &#036;RESULT variable.

**the script should re-read the script-source upon restart.

**is it possible to implement a FIND REFERENCES TO > CALL DESTINATION

thank you.

- I fixed the problem with find... here only... you can use findmem or findop (for code search) which works for that

- eip is read only... and hmm i need to test some things about that...

i will release 1.42 soon... it's on my second pc...

for EOB/EOE... hmm i never used that, do you have something (a script and prog) to help me to test that ?

Feature Request

Epsylon3, can you make the input requesting boxes like
1. msg
2. msgyn
3. ask
NOT to be MODAL ??

this way, for example, if i need to check the address of IAT section
from a alt+m in olly ... i can do that and put it into the ASK question
box.

THANK YOU

BUG!! BUG!! BUG!!

ODBGScript 1.41 crashes if i try to execute with X
the follwoing command ... i was going to perform

exec
popfd
popad
ende

but after X..exec[ENTER] in the script window
ODBG crashes

please look into it

MSG shows messagebox with OK / CANCEL buttons
i think only OK button is enough for that

MSGYN shows messagebox with YES/NO/CANCEL buttons
i guess only YES / NO buttons are required

thank you.

BUG!! BUG!! BUG!!

1.)
shr tm1,24 seems to have problem

i had to replace with

shr tm1,8
shr tm1,8
shr tm1,8

to get it working properly

shr tm1,24 <- 0x24 ! not 24.

the cancel in MSG boxes permits to pause and to cancel, after, a script

rev 401204 returns 4124000
can it return 04124000

please check

** thanks Epsylon3, the SHR,24 was my mistake
thanks for pointing me to it.

EOB/EOE Demonstration Code

bp 402233 // bphws 402233,"x"

L1:
eob LOG
esto
jmp L1

LOG:
log eip,""

the eob wont trigger if bphws xxxxxx,"x" is set <-- hardware bp
it works for bp xxxxxx memory bp's only

thank you.

problem with - ASK
------------------------------
ask cant handle the following script :
=========================================
ASK "emni+emni --> onno shob ulta palta [HEX] kotha ??"
ret
=========================================

problem with - lower/ UPPER CaSe
------------------------------------------------
some of the commands can handle both upper 'n lower cases
but some can not .... for example RET

please look into the matter.

THANK YOU.

Problem with LM

mov alloc_size,1000

alloc alloc_size
mov binary_paste,&#036;RESULT
lm binary_paste,alloc_size,".&#92;log-HIGHMEM-calls.BIN" <-- this line wont work

log-HIGHMEM-calls.BIN = is a file previously dumped with
dm dump_addr,alloc_size,".&#92;log-HIGHMEM-calls.BIN"
am i going wrong anywhere ??

LM : Relative paths with .&#92; and ..&#92; are not supported, just remove it

1.42 (07 Jan 2006)
+ Script Auto Reset if debugged app is restarted
* Better script uppercase support
* Problem with strings containing brackets

hi Epsylon3,

thanks for the update but i think it's better to make the script stop instead of resetting and start execute again...

btw, is it possible to have a function to read comment? we have cmt to write comment not read....

LM still fails !!

====================
mov path3,"test.BIN" // test.bin was previously dumped by DM
lm alloc_addr,alloc_size,path3
====================

this script still fails to load the test.BIN into memory !!
the .&#92; relative path works with DM ... but still as you've
mentioned i've removed the relative path ... but no help

Feature Request :

1. "Set BREAK-ON-ACCESS" ... breakpoint on memory map sections.

Hi nick_name!
Your feature request:
Do you mean, that you want to set memory breakpoints to different places of memory? In OllyDbg you only can set one BP to a peace of memory, if you try to set a BP to another memory position old memory BP is cleared. I don´t know if this behaviour could be changed by a script. Either it was to difficult to Olly or it isn´t possible at all.
But I would be glad if this could be possible!

hila

if you want to stop only, select pause or step on context menu before reloading the program... the script will not start automatically...

nickname :

Break on access :

BPRM addr, size
---------------
Set memory breakpoint on read. Size is size of memory in bytes.
Example:
bprm 401000, FF

BPWM addr, size
---------------
Set memory breakpoint on write. Size is size of memory in bytes.
Example:
bpwm 401000, FF

note : BPWM is MEMBP_READ | MEMBP_WRITE (since 0.92)

LM

are you sure the memory block has ReadWrite attributes ?

if yes, what is the size you wanna load ? if its big, could you try to reduce size and report me the maximum size... (not sure it's limited but...)

Hi Epsylon3!
I am working on a script and now I would need the follwing function:
GCMT addr: gets the comment of addr set by CMT (because I use comment for saving information). Is that possible?

And a question:
how can I transform a string into a DW (memory address)?
shERis

hi Epsylon3,

find function in version 1.42 still not able to find value in this pattern ??????0?....i can't use findop because it is for finding instruction and it will find nothing in my case....

BUG!! BUG!! BUG!!

epsylon, no matter wht ... LM fails ... i tried this script

=================
dm 401000,1000,"test.bin"
alloc 1000
lm &#036;RESULT,1000,"test.bin"
=================

EOB does'nt work for bprm , bpwm

Hi Epsylon3!
I don´t want to be annoying, but I found a bug.
When you single step a script and you come to a RUN command (or ESTO,..), then run is executed (app does something). When app reaches a breakpoint, app execution is stopped.
The script pauses and had to jump to the eob label .
But it does not. The highlighted line in the script window is at the next line of the RUN command and not at the eob label. When you then type S, the script proceeds with the line after the run command!
Please correct the script!
Thanx
shERis

shERis, could u post the script here ??

EOB dont seem to work with = HARDWARE BP & BPRM , BPWM
but it works fine with BP only

ok seems i have work to do... so lets go...

shERis, post the script here ...

shERis, post the script here ...

hila, to search a DW, you need to reverse it... else find addr, #00112233#

1.43 (13 Jan 2006)
+ Added GCMT to retrieve comment at specified addr
* Fixed LM function

i will try to see the problem later with find... did you try Findmem ?

findmem giving the same result of find.....cannot find value pattern ??????0?

thanks for looking into this problem...

Hi Epsylon3!
Thanx four GCMT command! Works fine!
But I don´t know how to get back an address stored with CMT as string and recalled with GCMT. Result of GCMT is a string (thats ok). But I don´t find a function, which makes a DW address from a address string (reverse of EVAL}.
Please help me!

To nick_name: which script do you mean?

Hi Epsylon3!
I don´t want to be annoying, but I found a bug.
When you single step a script and you come to a RUN command (or ESTO,..), then run is executed (app does something). When app reaches a breakpoint, app execution is stopped.
The script pauses and had to jump to the eob label .
But it does not. The highlighted line in the script window is at the next line of the RUN command and not at the eob label. When you then type S, the script proceeds with the line after the run command!
Please correct the script!
Thanx
shERis

.... i indicated this one

Epsylon3,
just tested the LM with 1.43 it's working GREAT.
thank you.

Hi Epsylon3!
Thanx four GCMT command! Works fine!
But I don´t know how to get back an address stored with CMT as string and recalled with GCMT. Result of GCMT is a string (thats ok). But I don´t find a function, which makes a DW address from a address string (reverse of EVAL}.
Please help me!

sheris,
when u pass an address to eval, eval checks tht address/pointer for strings

but if u pass a string, it's tough to find the address for it ... only way i can
think is to search the whole memory ... not so smart way to do it anyway

to find the address of a comment ....
u can loop thru the whole section
read thier comments and comparing with ur comment
if they matches, u found the address ur looking for

to epsylon3 : if olly keeps a table of comments then i guess the address
retrival against a particular comment can be done easily without that
looping idea

Feature Request :

it would be nice to see a command returning the debugged exe/dll's
informations, like ...

filename
path
size
process id ... etc.

there is only a search for NM_LABEL, NM_EXPORT, NM_IMPORT, NM_LIBRARY or NM_CONST

not for comments

int Findlabelbyname(char *name,ulong *addr,ulong addr0,ulong addr1);

OllyDbg Plugin API v1.10

Feature Requests :

1.

int Plugingetvalue(int type);

VAL_HPROCESS (HANDLE) Handle of debugged process
VAL_PROCESSID Process ID of debugged process
VAL_HMAINTHREAD (HANDLE) Handle of main thread of debugged process
VAL_MAINTHREADID Thread ID of main thread of debugged process
VAL_MAINBASE Base of main module in the debugged process
VAL_PROCESSNAME (char *) Name of the debugged process
VAL_EXEFILENAME (char *) Name of the main debugged file
VAL_CURRENTDIR (char *) Current directory for debugged process
VAL_SYSTEMDIR (char *) Windows system directory

it would be nice to see a command returning the debugged exe/dll's
informations, like ...

filename
path
size
process id ... etc.


2.

int Deletehardwarebreakpoint(int index);
Parameters: index - index of hardware breakpoint to delete (0..3).


delete / disable hardware bp depending upon provided
numbers like ... 1,2,3,4

sometimes it's important for a script to function properly
having no hwbp set ... 'n script does'nt know if there's any hwbp set
this way script will have an option to enable/disable all the hwbp

3.

void Tempbreakpoint(ulong addr,int mode);
Parameters:
addr - code address where temporary breakpoint should be set;
mode - type of breakpoint to set:

TY_ONESHOT|TY_KEEPCOND Set one-shot breakpoint. OllyDbg automatically removes one-shot breakpoint when hit and pauses debugged application
TY_ONESHOT|TY_KEEPCOND|TY_STOPAN Same as above, additionally stops any kind of trace or animation when hit
TY_TEMP|TY_KEEPCOND Set temporary breakpoint. OllyDbg automatically removes temporary breakpoint when hit and immediately continues execution
Any other combination Sets INT3 breakpoint of specified type


int Setbreakpointext(ulong addr,ulong type,uchar cmd,ulong passcount);

Parameters:

addr - address of breakpoint. If address points to data or in the middle of the command, OllyDbg will ask you for confirmation;

type - combination of bits TY_xxx that specify requested actions and type of breakpoint:

Flag Meaning
TY_ACTIVE Set permanent (user) breakpoint or restore disabled
TY_DISABLED Temporarily deactivate permanent breakpoint. If TY_ACTIVE and TY_DISABLED are set simultaneously, TY_DISABLED is ignored
TY_ONESHOT Set one-shot breakpoint that will be automatically removed when hit. Doesn't interfere with active breakpoint
TY_TEMP Set temporary breakpoint that will be automatically removed when hit. Execution continues automatically. TY_TEMP does not interfere with active breakpoint
TY_STOPAN Stop animation if breakpoint is hit
TY_KEEPCODE Force original command (parameter cmd)
TY_SETCOUNT Force pass count even if breakpoint already exists
TY_KEEPCOND Leave associated names of types NM_BREAK, NM_BREAKEXPR, NM_BREAKEXPL and NM_PLUGCMD unchanged. If this bit is not set, breakpoints of types TY_ACTIVE and TY_DISABLED clear these names
cmd - original command that will be saved to descriptor if bit TY_KEEPCODE is set. Otherwise, this parameter is ignored and command is read from the memory;

passcount - pass count, i.e. the number of times this breakpoint should be skipped. If breakpoint already exists and flag TY_SETCOUNT is not set, this parameter is ignored and pass count remains unchanged.


the above 2 fucntions can be helpful setting

TEMPORARY BP
DISABLING A BP
SETTING NUMBER OF PASSES
ONESHOT BREAKPOINT

Hi Epsylon3, hi nick_name!
Thanx for your answers.
But I think, that I was mistakable. I don´t want a function to search the address of a string variable or the address of string in memory or the address of a comment string (maybe someone else does ...).

What I want is function like this VAL.

mov d,00000040 /d= 040h
eval "{d}" /&#036;RESULT= 000000040
mov strg,&#036;RESULT
VAL strg /&#036;RESULT= 040h !
mov d1,&#036;RESULT /d1= 040h now !
add d1,4 /d1= 044h now !

I think that I now explained better what I ment.
Epsylon3, please can you add such a function ?
shERis

sheris, u can directly do it by "msg d" ... u wont need to eval
but still it would be help wht u r saying

eplylon3, i think this can be done quite easily with atoi or functions like tht

THANK YOU.

Hmm .. Like >atoi< seems to be good. Result must be in hex.

after atoi ... epsylon3 can always use some of his own converters to convert it into hex ... i guess he already has them

ok so, i think i will make this commands :

atoi s, 16. > hex String to int
atoi s, 10. > dec String to int

itoa n, 16. > int to Hex String
itoa n, 10. > int to Dec String

epsylon3, please keep under consideration , the process info and breakpoint feature requests i made above ...

Hi!!! Thanks Epsylon3 for the very useful plugin!!!
I have a problem: I need search all commands "JMP 00402512", for example, and I write this script:

var address
var jmp_content
var jmp_address
mov jmp_address,00402512
search:
find eip,#E9#
mov address,&#036;RESULT
mov jmp_content,address
inc jmp_content
mov jmp_content,[jmp_content]
add jmp_content,address
add jmp_content,5
cmp jmp_content,jmp_address
jne search

I can't use only "find eip,#E912254000", for example because the bytes of a jmp depends of the address when is the jmp.
This problem happens with CALLs, JMPS and other conditional jumps. But the biggest problem is the speed: the script spend very
very time for search commands in the code section.
I suggest a command for this search that it works more fast, like this:


FINDCOM what, addr, start_addr

What - CALL,JMP,JNZ,JE,JA,etc.
addr - address of the command.
start_addr - search code starting at start_addr

For example, I want to search for all "CALL 00402512" starting at 00401000. So, I write this:

FINDCOM CALL, 00402512, 00401000

I don't know if this is possible, but this command will is very useful.
Thanks a lot,
scherzo

use FINDOP

FINDOP
FINDOP addr, what
----------------------
Searches code starting at addr for an instruction that begins with the specified bytes.
When found sets the reserved &#036;RESULT variable. &#036;RESULT == 0 if nothing found.
The search string can also use the wildcard "??" (see below).
Example:
findop 401000, #61# // find next POPAD
findop 401000, #6A??# // find next PUSH of something

Yes, there is FINDOP, but this command doesn´t solve scherzo´s problem. The problem is the relative address with CALL und JMP commands !!! I think, FINDCOM would be useful.
But you can use the new REF command instead! You´ll find all references to your addr and you only must select all JMP´s.
shERis

Hi Epsylon3!
I am very sad :-((
We are all waiting for you!
nick_name, hila123 and sometimes I made several posts for bugfix or improvement of ODbgScript, but you seem to be too busy to do anything!
Please take care of your little baby ODbgScript! It´s ill and had to grow.
We all need you and your plugin.
Best wishes
shERis

Hi shERis!!!
I know the REF command, but this command don't work if I want to find CALLs, for example, in a main thread because these kind of section don't pertain to a module ("dll".
So, I hope that the improvement and bugfix will be fixed up.
Thanks so much

Hi scherzo!
You didn´t say that you want to search in main thread. REF doesn´t work here. Sorry.

yea shERis, i was busy these last 2 weeks, and i ve another week to work hard... after that i think i could work more on our baby

today and this week end, there is an open beta test of GuildWars Factions

66DG9-C4RHB-9FKD6-287BJ-LRGCJ

http://www.guildwars.com/downloads/GwSetup.zip
("http://www.guildwars.com/downloads/GwSetup.zip
")

give it a try

1.44 (21 Jan 2006)
+ Enhanced GCMT to retrieve automatic comments or comments from analysis
+ Added ITOA and ATOI commands
+ Added GPI (getprocessinfo) command (see docs for info)
* GPA uses LoadLibraryEx to fix a Comctl32 double load

Hi!!! Epsylon3
I have an improvement for ODBGScript: for example, look this script:

var constant
var count
loop:
mov constant,00421548
add contant,count
mov [constant],esi
add count,4
cmp count,1000
ja End
jmp loop
End:
ret

I would write this script like this:

var constant
var count
mov constant,00421548
loop:
mov [constant+count],esi
add count,4
cmp count,1000
ja End
jmp loop
End:
ret

But the plugin don't accept "[constant+count]".
I think that support of variables (two or more) in pointers is a interesting improvement!
Thanks,
scherzo

Hi! I can't edit my last post.
So, I can do this:
mov temp,[address+8]
But I can't do this:
mov [address+8],temp
Why?
scherzo
P.S.: "mov [constant+count],esi" will be interesting too.

So is this still being developed by E3? Im kinda into getting back into the game

Cool. If he doesn't reply here, PM or email him though the board. If he doesn't reply, well, the source of his latest version is available, so just grab it and start your own branch. Looking forward to new versions anyway, maybe even such for the upcoming OllyDbg 2.0.

i'm back, and ive seen the chinese version....

I'm making a new version 1.50.3 (this .3 will be added to every versions i will make) ;p 3 for Epsylon3

current changelog :


1.50.3 (8 May 2007)
* 4-bytes alignment and speed optimization (thanks Human)
* Added fixes and news from Chinese version :
*ASM
*EXEC,ENDE
+GMI (added DATABASE, RESBASE, RESSIZE constants)
*GN
*LEN bad operand fix
+DIV,MUL commands
+READSTR to read data at addr. (was possible in MOV command too)
+NEG,NOT,ROL,ROR asm commands (real asm code)
*RTU
*ADD, SHL, SHR, SUB, XOR results to script window

Notes : There are some differences between versions :
WRTA doesnt add CR to lines (binary writing)
+SETEXC ??? not working for the moment...