Teddy Rogers Posted November 30, 2008 Posted November 30, 2008 This is an update to the Immunity Debugger (unofficial) Delphi PDK...New in this version:- All debugger exports are resolved dynamically. This means your plugin will not be forced to use debugger with certain name, which is useful for evading anti-debug tricks ..- Plugins developed with this PDK can also be used with standard OllyDbg and patched editions, including : SND OllyDbg, FOFF Team OllyDbg, Shadow OllyDbg, Diablo2oo2 OllyDbg and others ..- No changes are needed to your code to allow use with other debuggers, all this is handled invisibly and automatically.. How it works:The SDK has startup code which checks which Debugger is loading it, if Immunity Debugger then no changes are needed .. Otherwise, the code tries to determine which edition of OllyDbg is being used ..If OllyDbg Exports Rva is removed (Shadow and Diablo2oo2 versions) then it is found, and the exports are dynamically filled into the plugin .. If OllyDbg Exports are ordinals (SND version) then the ordinal values are used to resolve exports ..For OllyDbg to load the plugin, the plugin callback functions exported from the plugin are patched in memory to have _ODBG_ prefix before the debugger checks the names .. For FOFF Team and SND versions, the plugin callback functions are different to standard OllyDbg, and these are patched with _FOFF_ or _SNDG_ .. How to use:Simply add the unit to your Delphi plugin project file and ensure the exports are for Immunity Debugger (with _IMMDBG_ prefix to names) everything else is automatic ..!Any plugin you create with this PDK will be compatible with Immunity Debugger, normal OllyDbg and most popular patched versions of OllyDbg ..http://tuts4you.com/download.php?view.2112Ted.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now