Adding More Menus To My Olly With Reshack

March 16, 2007

I'm adding some additional menus in reshack, I have the menu structure I want with the new ,XXXX control IDs. My question is how do connect the XXXX ids to engauge the action item of the menu to a the external launched exe?

Like in the menu, I want to launch ImpRec. I now have the menu item, just need to figure out the launch sequence based on the fixed path.

I can't find anything in reshack that allows modification of this. I've searched the forum, can't seem to find what I'm trying to do.

Thoughts and tools?

Chris

March 16, 2007

oh dear lol

Resource Hacker is ONLY for editting resources, it will not modifiy ANYTHING in the Code section.

Patch #1

00433A32   /E9 5F070000	 JMP Ollydbg.00434196

to

00433A32   . /E9 0DBC0700   JMP 0llyICU.004AF644

(Thats our cave)

004AF644   > \81FA E51C0000 CMP EDX,1CE5
004AF64A   .  75 1C		 JNZ SHORT 0llyICU.004AF668
004AF64C   .  6A 01		 PUSH 1								 ; /IsShown = 1; Case 26AD of switch 0043382F
004AF64E   .  6A 00		 PUSH 0								 ; |DefDir = NULL
004AF650   .  6A 00		 PUSH 0								 ; |Parameters = NULL
004AF652   .  68 D0F74A00   PUSH 0llyICU.004AF7D0				  ; |FileName = "C:\CrackersKit\Rebuilding\LordPE\LordPE.exe"
004AF657   .  68 7A914B00   PUSH 0llyICU.004B917A				  ; |Operation = "open"
004AF65C   .  6A 00		 PUSH 0								 ; |hWnd = NULL
004AF65E   .  E8 DFFCFFFF   CALL <JMP.&SHELL32.ShellExecuteA>	  ; \ShellExecuteA
004AF663   .^ E9 2E4BF8FF   JMP 0llyICU.00434196
004AF668   >  81FA E61C0000 CMP EDX,1CE6
004AF66E   .  75 1C		 JNZ SHORT 0llyICU.004AF68C
004AF670   .  6A 01		 PUSH 1								 ; /IsShown = 1; Case 26AE of switch 0043382F
004AF672   .  6A 00		 PUSH 0								 ; |DefDir = NULL
004AF674   .  6A 00		 PUSH 0								 ; |Parameters = NULL
004AF676   .  68 E8F74A00   PUSH 0llyICU.004AF7E8				  ; |FileName = "C:\CrackersKit\Rebuilding\ImpRec\ImportRec.exe"
004AF67B   .  68 7A914B00   PUSH 0llyICU.004B917A				  ; |Operation = "open"
004AF680   .  6A 00		 PUSH 0								 ; |hWnd = NULL
004AF682   .  E8 BBFCFFFF   CALL <JMP.&SHELL32.ShellExecuteA>	  ; \ShellExecuteA
004AF687   .^ E9 0A4BF8FF   JMP 0llyICU.00434196
[b]...blah...blah...more entries....[/b]
004AF6FB   >^\E9 0E16F9FF   JMP 0llyICU.00440D0E

Put it this way, if your new to adding functions,etc you might be better off using a plugin

Edited March 16, 2007 by Whiterat

March 16, 2007

whiterat, that is a great example. I clarifies a lot, its just a matter of how do I code my paths.

I don't want to use a plugin, that is what Tbar is for. I can see how the code cave works and the redirector jumps. I just need to figure out how to write the infomation into the code to point to my need paths. Hope to figure the last piece out........i think the nonawrite plugin might work.......not really sure.

Thanks for the tidbit..........

Edit: What is the best way to code this? I'm not sure how to write the ascii string for the push, the assembly makes sense, suggestions for a dev tool that can compile the asm for this so I can cave it?

This is not a normal thing for me, usually its asm or high level......so I'm in new unknown area.

Edited March 16, 2007 by kittmaster

March 16, 2007

check ARTeam eZine number 2, there is great tutorial about adding menus to program..

"Adding new functionality to an old program by Gabri3l"

March 16, 2007

check ARTeam eZine number 2, there is great tutorial about adding menus to program..
"Adding new functionality to an old program by Gabri3l"

Holy sht this is going to be a pita but it will be a great exercise and till help out greatly!!

This is exactly what I'm looking for. I'm planning to update my release of the invisible olly. I'm sure this won't be done overnight, but that explanation will be a great help to get me underway

Thanks Vrane!!

Chris

March 16, 2007

If you want a lot of space you could always add a new section and place your code there...

Ted.

March 16, 2007

If you want a lot of space you could always add a new section and place your code there...
Ted.

I'm still real green on writing code to control shell apps. The DLL method seems cool, but that means another app to learn to compile a dll since masm can't do it......the XN resource editor is cool. The code cave has 9bbh of space, i think that may be enough. Have to see what is the easiest way to do this. Still got some learning to do here.......

All comments and tips welcome......thanks teddy

Chris

March 16, 2007

This is exactly what I'm looking for. I'm planning to update my release of the invisible olly.

cool

March 16, 2007

watch the caves in olly, one of them is in the TLS table, avoid it

a thought, are the relocations really needed with olly? That would give a nice larger section to 00 out and use.

March 16, 2007

Post deleted, current code below!!

Edited March 17, 2007 by kittmaster

March 16, 2007

I don't think you can define a proc with spaces in the name?

my guess...

March 17, 2007

Fungus and I have been working offline to get this working at we are at a critical mass where we have 4 asm errors with the window handler. Can some peep this code and give some pointers? We are almost there!!

This is to create a DLL file that will be code caved and called from OLLY

 
 .386 
.model flat, stdcall  
option casemap:none 
include windows.inc
include masm32.inc
include gdi32.inc
include user32.inc
include kernel32.inc
include Comctl32.inc
include comdlg32.inc
include shell32.inc
include oleaut32.inc
include dialogs.inc
 includelib masm32.lib
includelib gdi32.lib
includelib user32.lib
includelib kernel32.lib
includelib Comctl32.lib
includelib comdlg32.lib
includelib shell32.lib
includelib oleaut32.lib
 .data 
 lpPage1 db "C:_1_1_YDbg\T00ls\PeID\peid0.94.exe",0 
 lpPage2 db "C:_1_1_YDbg\T00ls\Import.REConstructor.V1.6 Final.Modify\ImportREC.eXe",0 
 lpOperation db "open",0  
 .code 
DLLEntry proc hInstDLL:DWORD, reason:DWORD, unused:DWORD	
	.if reason == DLL_PROCESS_ATTACH		  ; initialisation code for when DLL is loaded
		mov eax,TRUE						  ; put TRUE in EAX to continue loading the DLL
	.endif									
	Ret									  ;Return	DLLEntry Endp 
 MenuTools proc
 .IF EDI==2505											  
	;invoke ShellExecute,hWnd,addr lpOperation, addr lpPage1, NULL, NULL, SW_SHOWNORMAL;If Menu ID = 2505 Launch ImpRec 
	  invoke ShellExecute, NULL, NULL, ADDR lpPage1, NULL, NULL,SW_SHOWDEFAULT
 .ELSEIF EDI==2506 
	;invoke ShellExecute,hWnd,addr lpOperation, addr lpPage2, NULL, NULL, SW_SHOWNORMAL;If Menu ID = 2505 Launch  
	  invoke ShellExecute, NULL, NULL, ADDR lpPage2, NULL, NULL,SW_SHOWDEFAULT											  
 .ENDIF 
 RET		;Return to Olly  MenuTools EndP 
 END

These are errors that winasm is generating, it will ASSEMBLE but it doesn't link properly????:

LINK : error LNK2001: unresolved external symbol __DllMainCRTStartup@12

Edited March 17, 2007 by kittmaster

March 17, 2007

Hi Chris,

You have to finish the code with

...
MenuTools EndP
END DLLEntry

Good luck.

March 17, 2007

Yep that did it..........thanks!!

Chris

August 17, 2007

Ok, but how can I add extra buttons?

Here is the pic of lena's Olly

Thanks in advance.

(Sorry for posting on an old thread.)

August 17, 2007

I still want to know how to get olly main window with the header bar like that.

August 18, 2007

Fungus did you try coding a plugin and drawing a button in that area ??

i know you can code pretty well in MASM so why not try coding a dynamic libeaey for that purpose would be better same as Arjuns plugin does........it's the easiest way to do it !!

August 18, 2007

Fungus did you try coding a plugin and drawing a button in that area ??
i know you can code pretty well in MASM so why not try coding a dynamic libeaey for that purpose would be better same as Arjuns plugin does........it's the easiest way to do it !!

I'm really not that good at it yet But I'm trying when I have time. I was meaning lena's cool olly mod, how she made the frame around the main olly window, I tried changing the way olly creates that window but I couldn't get it to work. That would look really sweet with vista and vistamizer imo. Especially the black theme.

But yeah, Adding icons into the main olly toolbar would be cool to do indeed, but I think I got too many tools I use to fit them all in there... I dunno.

I've also tracked down sorta what the issue is with using the manifest and the options windows, the way olly is coded it highlights the tab your on, which is a different color than the background chosen for the inserted controls... I'm not sure how to go about fixing that, any ideas?

Edited August 18, 2007 by Fungus

August 18, 2007

Fungus,

What frame do you mean bro' ?? i checked her olly's picture at ARTeam's forum i didn't notice any frame can you point to it with a snapshot or a bit more explaination.........

still shortcut for tools included in olly is the easiest way to work with olly

i'am worndering on what kinda window you talk.......the window created is fully normal using regular options

i'am thinking what do you mean it should have to get that nice appearence on vista

here is a snapshot of my olly using manifest the options tab are highlighted as always except with different appearences you know............check it out !!

cheers

August 19, 2007

See the funky box around "Make First Pause at" ? It looks even worse on some systems, there is these funky boxes around all the options. And some of them look really bad.

Look more close at piccy of Lena's Olly, she has minimize and close on the frame around main olly window (under the icons and menu bar). This was what I mean.

August 19, 2007

So you want the vista theme, well transparency, to do work to inside box, that would be cool.

Edited August 19, 2007 by What

August 20, 2007

well i hardly notice them hear........you can adjust your monitor colors "constration and brightness" to get the right / normal colors depth..............i dunno if there are any ways to bypass that except of adjusting colors !!

about that minimize and close in the CPU window you mean ??

i didn't get thaqt correctly

cheers

June 6, 2008

hi

i hve a little problem with Whiterat example for add a function in olly

i have all patched in olly

example

004AF644 > \81FA E51C0000 CMP EDX,1CE5

004AF64A . 75 1C JNZ SHORT 0llyICU.004AF668

004AF64C . 6A 01 PUSH 1 ; /IsShown = 1; Case 26AD of switch 0043382F

004AF64E . 6A 00 PUSH 0 ; |DefDir = NULL

004AF650 . 6A 00 PUSH 0 ; |Parameters = NULL

004AF652 . 68 D0F74A00 PUSH 0llyICU.004AF7D0 ; |FileName ="C:\Radasm\radasm.exe"

004AF657 . 68 7A914B00 PUSH 0llyICU.004B917A ; |Operation = "open"

004AF65C . 6A 00 PUSH 0 ; |hWnd = NULL

004AF65E . E8 DFFCFFFF CALL <JMP.&SHELL32.ShellExecuteA> ; \ShellExecuteA

004AF663 .^ E9 2E4BF8FF JMP 0llyICU.00434196

i push in the olly menu my new button crash this

and i cannot add this in olly with assemble function

PUSH 004AF7D0 ; |FileName ="C:\Radasm\radasm.exe"

can your help me or post a flash tutorial please

best greets

ragdog

June 6, 2008

u can get ur job easier just add the import (WinExec) and use it to execute targets better......... works perfectly and no harm done since u'll add a new section for it which u can use as a cave for menu codes !

June 6, 2008

thx for your repley

my problem is solved

thanks in forward

ragdog

Edited June 7, 2008 by ragdog

Sign In

Adding More Menus To My Olly With Reshack

Recommended Posts

kittmaster

Whiterat

kittmaster

Vrane

kittmaster

Teddy Rogers

kittmaster

Vrane

Fungus

kittmaster

Fungus

kittmaster

revert

kittmaster

kaksii

Fungus

Angel-55

Fungus

Angel-55

Fungus

What

Angel-55

ragdog

Angel-55

ragdog

Create an account or sign in to comment

Create an account

Sign in

Community

Search