Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Answered] How to support undo in CPU dump from Olly Plugin

tonyweb
tonyweb
in Programming and Coding

Featured Replies

Posted

Hi guys/girls,

I'm really new to Olly plugin writing, so I'm here to beg for your help.

I'm writing a very simple plugin for Olly 1.10 that deals with bytes in CPU dump. I'm using Readmemory and Writememory functions and all works fine ... but modified bytes don't look like modified and I can't invoke undo action on them ;)

I'll explain better. When you do some action on CPU dump like "Binary | Fill With xxx" operations you end up with "red" modified bytes in the dump, bytes you can even restore back to their initial value. That's the effect I'd like to reproduce.

Any pointer, hint or suggestion is appreciated (I'll understand if you'll give me a mouthful :P) .

Thanks in advance and Best Regards,

Tony

P.D. I saw there's a Havecopyofmemory function but I don't think it could be of any help for my matter, or am I wrong :cc_confused:

[EDIT]

Just found that if I'll use "Fill With" options before the one from my plugin, Olly gives me the desired effect ... how can I trigger it if my "action" is the first to be invoked ?

Thanks again for any help.

Regards,

Tony

Edited by tonyweb

Look at OllyDbg disassembly how "Fill with 00's" is implemented (for v1.10 - address 0451306). In short - use function Dumpbackup().

EDIT 2x: I shouldn't rush with the responses.. :blush:

Edited by kao

    • Like 1
    • Author

    @kao

    You're the man kao! :drunk:

    Old and good reversing of Olly itself ... I'm really a dumb :doh:

    Thank you so much mate ... obviously it's working !!! :clap3:

    Case closed ;)

    Best Regards,

    Tony

    P.D. Now I'll try to understand how you reached the location you pointed me, so I won't have to bore you again ... hopefully :innocent:

    [EDIT]

    A simple BP on _Writememory will do it seems (but I'm almost sure you used a more suitable/complex approach) ... thanks again :)

    [EDIT 2]

    I ended up writing this (may be useful for other beginners like me)


    //
    t_memory* memPtr = Findmemory(selStartAddr);if ( memPtr != 0 && memPtr->copy == 0 )	 // if memory block was backuped in CPU window, pointer to backup copy, or NULL otherwise;
    {
       // To support "undo" (credits to kao: cfr. http://forum.tuts4you.com/topic/30438-answered-how-to-support-undo-in-cpu-dump-from-olly-plugin)
       Dumpbackup(pd, BKUP_CREATE); // Create or update backup copy. (t_dump *pd)
    }

    Edited by tonyweb

    Indeed, BP on _Writememory is the fastest way to locate correct code. ;) More complex (and much slower!) approach is to analyze WndProc and try to locate proper handler.

    • Author

    @kao

    That's why you're a professional reverser and I'm just an amateur ;)

    Thanks again and Best Regards,

    Tony

    Create an account or sign in to comment

    Go to topic listing

    Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.