Exetools
Page 1 of 5 1 23 Last »
Show 40 post(s) from this thread on one page

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   nice olly plugin (https://forum.exetools.com/showthread.php?t=3242)

britedream 01-20-2004 17:23
nice olly plugin
 
1 Attachment(s)
thanks to ShaG

ollyscript is a nice plugin eventhough still at the start. in this example(aimpr) I will show you how you can find the last exception in asprotect, I am not that familiar with it yet, but
it is very easy to understand.(please use the latest version: .3)

britedream 01-20-2004 17:57
I didn't take into acount the programs with int 3 but you can easly correct that,
just add after eoe lab3: eob lab3 , and
delete the code before ret;(ubp eip)

the above attachment is now corrected for int 3

Nilrem 01-20-2004 21:09
Very, very nice. :D

R@dier 01-20-2004 21:19
@britedream
Thanks
I tested your script on a couple of targets and it works great.


R@dier

britedream 01-20-2004 23:01
my pleasure!

SHaG 01-21-2004 06:55
Terrific script britedream!
Nice to see that my plugin is indeed being used for something!! =)

If anyone has any improvement suggestions please feel free to
post them to OllyDbg users forum
(hxxp://ollydbg.win32asmcommunity.net ) or msg me on EFnet (nick: SHaG).

K3nny 01-21-2004 20:06
Nice plugin :)

britedream 01-22-2004 14:57
for those of us who need to set the breakpoint in the right place, and for simplicity
I didn't check for the signature of the retn
I assumed it to be in the same place which
makes it less perfect, but it works.
for those can add under" lab4:" the following code:

lab4:

eob lab5
mov k,eip
add k,3d
ubp k
esto

lab5:
ret

I hope someone will give a feed back on this.
regards.
[note]
from the above breakpoint you can set memory breakpoint on the code section to find the oep, and also trace for your stolen .. etc, so it is very important breakpoint.

lownoise 01-22-2004 15:31
Nice work
 
Tested your modified script on severall asprotected programs and it works Great;)

britedream 01-22-2004 15:44
To lownoise
I am truely grateful for your respond. Thanks.

lownoise 01-22-2004 19:29
Hardware Breakpoint
 
Hopefully in the next version of the plugin there's support for hardware breakpoints:D

britedream 01-22-2004 19:42
I agree!
Also stack breakpoint is very important it will save alot of trace and avoid some loops plus other things. ollyscript should follow at least the bps in olly.

britedream 01-22-2004 20:11
the good thing about script is that you see how things are done and you learn each time you see one, it is a live tutorial.

lownoise 01-22-2004 21:03
Quote:
Originally posted by britedream
I agree!

How did those words come up to your mind :p:D


Also stack breakpoint is very important it will save alot of trace and avoid some loops plus other things. ollyscript should follow at least the bps in olly.
lets hope that SHaG modifies his plugin soon so we don't have to that :D

Special thanks goes to you britedream for the work you're doing to make a live without asprotect easily;)

britedream 01-22-2004 21:17
Thank you Lowoise for the gentle consideration, wishing you the success in anything you do.

Regards
britedream


All times are GMT +8. The time now is 02:31.
Page 1 of 5 1 23 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX