r42fr Posted January 28, 2013 Posted January 28, 2013 How to write a plugin for ollydbg the last version?
mArTi Posted January 28, 2013 Posted January 28, 2013 For the last ollydbg version, you'll have to take the .lib and headers from : http://www.ollydbg.de/plug201h.zipThere is not a lot of documentation, and it is quite hard to write plugins since it's not finished. But as I successed and many of other people, you should be able too.You will have to code in c/c++ with unicode and you'll have to put at least this function :: http://www.ollydbg.de/Help/ODBG2_Pluginquery.htm More infos : odbg2 callbacks = http://www.ollydbg.de/Help/i_Plugins.htmActual API info : http://www.ollydbg.de/Help/Main.htm 1
ragdog Posted January 28, 2013 Posted January 28, 2013 and it is quite hard to write plugins No is easy like Olly 1 i have written 3 Olly2 plugins with many function. But is Olly2 not finish "Release version" is the write plugins senseless But In Olly2 is not any function like olly 1 "Copy to Executable >> all modificatons" this is angry
mArTi Posted January 29, 2013 Posted January 29, 2013 @ragdog: I directly tried to write odbg2 plugins and it's quite hardcore with the APIs when you want your plugin to be in the debugging process and do some memory stuff.
ragdog Posted January 29, 2013 Posted January 29, 2013 (edited) it's quite hardcore I have long educated the pdk and have many traced in olly now is it easy and have wrote plugins for add new function like dataripper,rva converter or anti debug,...... but i must now change my source for the version "PLUGIN_VERSION equ 002010001h " and find the new Rva address to patch my function in the new olly. and now wait i for the final release of Ollydbg2 And in Olly2 is patching not easy it have not any function like Olly1 "Copy to Executable >> all modificatons" Edited January 29, 2013 by ragdog
6748222 Posted January 30, 2013 Posted January 30, 2013 How do u rip data from dump windows? I cant figure it out.. unless i emulate ctrl+c key press T____T Ps.Olly is so rare and API documentation is still so poooor. my2Cents!
Vic Posted January 30, 2013 Posted January 30, 2013 (edited) Lets use the OllyDbg 2 API stdapi (HGLOBAL) Copydumpselection(t_dump *pd, int mode) to copy the code you selected. Edited January 30, 2013 by vic4key 1
mrexodia Posted January 30, 2013 Posted January 30, 2013 And in Olly2 is patching not easy it have not any function like Olly1 "Copy to Executable >> all modificatons"You should be able to use the Edit->Copy to executable menu. I did not test very well though... Greetings
6748222 Posted January 30, 2013 Posted January 30, 2013 (edited) Lets use the OllyDbg 2 API stdapi (HGLOBAL) Copydumpselection(t_dump *pd, int mode) to copy the code you selected. This gived me direction to look for as i use Olly1 Edited: Nwm, i solved it with ReadMemory @100 Edited January 31, 2013 by 6748222
ragdog Posted January 31, 2013 Posted January 31, 2013 @Mr. eXoDia You should be able to use the Edit->Copy to executable menu. I did not test very well though... Yes only a one selected line what if i have many patched on differrent addresseThen must you select part for part and Edit->Copy to executable In Olly1 can your use Copy to Executable >> all modificatons Try it
mrexodia Posted January 31, 2013 Posted January 31, 2013 @ragdog: it's true indeed... maybe making a plugin that selects all data in range of the raw_size will help (although I have no idea how to create olly2 plugins) Greetings
ragdog Posted February 1, 2013 Posted February 1, 2013 (edited) To coding a Olly2 plugin is not the problem But how it works this function to copy all modifiction Ok i can read out the after modfied the bytes from memory and write my own patcher but is not same olly 1 I have ask Oleh via Email but not any answhere ,and i hope Oleh add this function in a later function And if I do not know he implement this "copy all mod" in a later version , is make a plugin for it useless works. And Multiasm for Ollydbg2 is useless You can patch it with multiasm but not with olly save it Edited February 1, 2013 by ragdog
r42fr Posted March 2, 2013 Author Posted March 2, 2013 Оkay but what if I want to search for anti-debugger tricks.How I can search through the hole code?
e_z_minded_guy Posted April 17, 2013 Posted April 17, 2013 I just want to thank everyone for posting such useful information about programming plugin's for Ollydbg. Very useful stuff here!
boleto Posted April 24, 2013 Posted April 24, 2013 Hi allIn latest version of olly plugins writen with VC, plugin can not call ODBG2_Pluginuddrecord function.For example when restart or exit ollydbg i lose my already setting bocmarks, but this happens only when plugin is compiled with CodeBlocks or VC, with Borland it worked correctly.Has anyone seen or found a solution for this "problem" ?
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now