Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Help With Writing Olly Plugin.

Fungus
Fungus
in Programming and Coding

Featured Replies

Posted

Hi All, I was wondering if someone could have a look at my src and tell help figure out what I have done wrong or am missing with my plugin code.

:EDIT:

the dialog boxes don't appear correctly, and the patch just crashes olly when he tries to load a file.

here is the src. It is in masm and winasm studio.

It is a plugin to patch GetSystemTime, to hide olly from various techniques that read it and do some other things, like int3 or checking how long some code takes to execute.

thx :D

Edited by Fungus

Not much only a little problem

i fixed you had inc eax just after xor eax,eax

is caused the problem i removed it and the dialog appeares

normally now i hope it's working too bro' please check it can you ?!

Dialog appeares well now i'am only

checking why ollydbg crashes so try the

attached file and check dialog i'll see the other problem......

Source.rar

Edited by Angel-55

  • Author

Angel-55: thanks alot! Will check immediate :)

It's my first serious x86 code, so I really appreciate your help very much.

Its nice that you share your source code Fungus :thumbsup:

  • Author
Its nice that you share your source code Fungus :thumbsup:

zako; glad to , aren't we supposed to be helping each other here? :D

Ok, here is my newest src (deleted the previous)

ok, I got it working, but it only patches GetSystemTime in Olly's Process, not in the Debugged Process. Any clues?

src.rar

thx

Fungus can you explain more please

i don't understand what you mean 100%

so a bit more explaination is better and any

target to try it with the plugin ?? "CrackMe or similar"

thanx' in advanced and congratulations

for your working Plugin "nice work bro' keep it" !!

Cheers

Because GetSystemTime is pretty constant in all apps, you can get the address of it with GetProcAddress. If you want you can even get the patch addresses from Olly's context. Then, to patch the code in the debuggee you can use Writememory.

  • Author

Angel 55: oh like xADT, it has a plugin for GetSystemTime and int, it sets SEH, invokes GetSystemTime, executes an int3, then invokes GetSystemTime again, and subtracts the results from each other,

if seconds > 0, then I am being debugged.

MOID: do you have an example to use writememory for this? thx :)

I cant download the src i get an error

The error returned was:

Sorry, some required files are missing, if you intended to view a topic, it's possible that it's been moved or deleted. Please go back and try again.

any clue on why this is?

  • Author

Because Teddy changed host yesterday or so, and there is bound to be some errors :)

I can ul somewhere if you wanna look.

I have expanded it to handle GetLocalTime aswell, but I'm still trying to figure out how to set the segment properly, so I write to the debugged process. I checked the src code of Is Debugger Present 1.4, but the way he is setting the segment base isn't making any sense to me :D

I don't understand the assume directive of MASM yet.

It looks like this....

get_byte_location proc
	push ebx
	invoke Getcputhreadid
	.if (eax)
		invoke Findthread,eax				 ;retreive thread info
		assume eax:ptr t_thread
		push [eax].reg.base[4*4]			  ;base of FS
		pop ebx
		add ebx,30h
		invoke Readmemory,addr dw_buffer,ebx,4,MM_RESTORE
		mov eax,dw_buffer
		add eax,2h
	.endif
	pop ebx
	ret

if someone could explain how it works exactly, that would be really cool. The docs on in the SDK don't say much about Findthread, let alone how to set the segment base.

Edited by Fungus

yes please ul it somewhere else , Thanks

Fungus do you get any errors while

using this method ?? if so then could you

please wriet what WinASM says to you and thanx' again .......

the IsDebuggerPresent source isn't with me

i fsome one could upload it it would be nice and

thanx' in advanced and to attach cause there is a problem !!

i fsome one could upload it it would be nice and

Its available on the authors home page

http://membres.lycos.fr/svtc/

Sorry Zako i don't know the author

or his page so thanx' bro' for giving a link

really appreciated thanx' again.........

IsDebuggerPresent_Source.rar

Attachments should be working again. Sorry about this folks...

Ted.

Ted. i have one question why doesn't this link work ??

Link: www.tut4you.com

and thanx' for fixing the attachment problem

it works now perfectly good job !! :)

No Ted. it's a writting mistake it still

doesn't work check it your self here i get this message !!

"This directory no longer exists, please go to: http://www.tuts4you.com/"

I go to that ink and same message like a loop "Endless One"

do you mind checkign it please and thanx' :)

Edited by Angel-55

Maybe a DNS between you and the host still needs to be updated. It looks to me from the link you are trying to go to:

http://www.tuts4you.com/%22

Which, is a directory that does not exist.

If you want to continue this it may be better to start a new topic in Site Bug Reports forum...

Ted.

  • Author

Angel: I haven't tried it yet, I don't understand how the segment base works (guess I spoke too soon in another thread eh?) I keep researching until I figure it out...

Create an account or sign in to comment

Go to topic listing

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.