Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   OllyScript Dump problem (https://forum.exetools.com/showthread.php?t=8157)

SystemeD 09-16-2005 20:05
OllyScript Dump problem
 
Hi all,
I'm trying to write a little script for Olly using OllyScript v0.92. I simply place an hw breakpoint and then I dump a portion of memory with this command:
Code:
DM
DM addr, size, file
-----------
Dumps memory of specified size from specified address to specified file
Well, the dump is not correct! It doesn't have the right size and I discover that 0D is added somewhere in the dump.
Here is an example of the dump compared with one taken with the IsDebuggerPresent plugin's dump feature. Look at offset 0x77.

OllyScript:
Code:
Offset      0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F

00000000  4D 5A 90 00 03 00 00 00  04 00 00 00 FF FF 00 00  MZ�.........ÿÿ..
00000010  B8 00 00 00 00 00 00 00  40 00 00 00 00 00 00 00  ¸.......@.......
00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ................
00000030  00 00 00 00 00 00 00 00  00 00 00 00 80 00 00 00  ............€...
00000040  0E 1F BA 0E 00 B4 09 CD  21 B8 01 4C CD 21 54 68  ..º..´.Í!¸.LÍ!Th
00000050  69 73 20 70 72 6F 67 72  61 6D 20 63 61 6E 6E 6F  is program canno
00000060  74 20 62 65 20 72 75 6E  20 69 6E 20 44 4F 53 20  t be run in DOS
00000070  6D 6F 64 65 2E 0D 0D 0D  0A 24 00 00 00 00 00 00  mode.....$......
00000080  00 50 45 00 00 4C 01 03  00 82 7F 6C 42 00 00 00  .PE..L...‚lB...
IsDebuggerPresent:
Code:
Offset      0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F

00000000  4D 5A 90 00 03 00 00 00  04 00 00 00 FF FF 00 00  MZ�.........ÿÿ..
00000010  B8 00 00 00 00 00 00 00  40 00 00 00 00 00 00 00  ¸.......@.......
00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ................
00000030  00 00 00 00 00 00 00 00  00 00 00 00 80 00 00 00  ............€...
00000040  0E 1F BA 0E 00 B4 09 CD  21 B8 01 4C CD 21 54 68  ..º..´.Í!¸.LÍ!Th
00000050  69 73 20 70 72 6F 67 72  61 6D 20 63 61 6E 6E 6F  is program canno
00000060  74 20 62 65 20 72 75 6E  20 69 6E 20 44 4F 53 20  t be run in DOS
00000070  6D 6F 64 65 2E 0D 0D 0A  24 00 00 00 00 00 00 00  mode....$.......
00000080  50 45 00 00 4C 01 03 00  82 7F 6C 42 00 00 00 00  PE..L...‚lB....
Any idea on how to solve this problem?
Thanks.

Jay 09-16-2005 21:59
I did hear mention of a bug in the original ollyscript, I uploaded a fixed dll that is supposed to fix it though I never got around to trying it.
http://rapidshare.de/files/5164283/OllyScript_fixed.rar.html

SystemeD 09-16-2005 22:34
Hi Jay,
Thank you very much, it works perfectly now! :)


All times are GMT +8. The time now is 16:26.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX