Announcement

Collapse

Forum Guidelines

This forum is for finished source code that is working properly. If you have questions about this or any other source code, please post it in one of the Discussion Forums, not here.
See more
See less

Ollydbg plugin framework for PowerBasic

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Ollydbg plugin framework for PowerBasic

    Creating OllyDbg plugins with PowerBasic is very easy, and with this framework you can get straight into it.

    Here is main include file, OLLYDBG.INC ...

    Code:
    %PLUGIN_VERSION = 108

%NM_NONAME      = &h00            '// Undefined name
%NM_ANYNAME     = &hFF            '// Name of any type
'// Names saved in the data file of module they appear.
%NM_PLUGCMD     = &h30            '// Plugin commands to execute at break
%NM_LABEL       = &h31            '// User-defined label
%NM_EXPORT      = &h32            '// Exported (global) name
%NM_IMPORT      = &h33            '// Imported name
%NM_LIBRARY     = &h34            '// Name from library or object file
%NM_CONST       = &h35            '// User-defined constant
%NM_COMMENT     = &h36            '// User-defined comment
%NM_LIBCOMM     = &h37            '// Comment from library or object file
%NM_BREAK       = &h38            '// Condition related with breakpoint
%NM_ARG         = &h39            '// Arguments decoded by analyzer
%NM_ANALYSE     = &h3A            '// Comment added by analyzer
%NM_BREAKEXPR   = &h3B            '// Expression related with breakpoint
%NM_BREAKEXPL   = &h3C            '// Explanation related with breakpoint
%NM_ASSUME      = &h3D            '// Assume function with known arguments
%NM_STRUCT      = &h3E            '// Code structure decoded by analyzer
%NM_CASE        = &h3F            '// Case description decoded by analyzer
'// Names saved in the data file of main module.
%NM_INSPECT     = &h40            '// Several last inspect expressions
%NM_WATCH       = &h41            '// Watch expressions
%NM_ASM         = &h42            '// Several last assembled strings
%NM_FINDASM     = &h43            '// Several last find assembler strings
%NM_LASTWATCH   = &h48            '// Several last watch expressions
%NM_SOURCE      = &h49            '// Several last source search strings
%NM_REFTXT      = &h4A            '// Several last ref text search strings
%NM_GOTO        = &h4B            '// Several last expressions to follow
%NM_GOTODUMP    = &h4C            '// Several expressions to follow in Dump
%NM_TRPAUSE     = &h4D            '// Several expressions to pause trace
'// Pseudonames.
%NM_IMCALL      = &hFE            '// Intermodular call
%NMHISTORY      = &h40            '// Converts NM_xxx to type of init list

%CPU_ASMHIST     = &h1    '// Add change to Disassembler history
%CPU_ASMCENTER   = &h4    '// Make address in the middle of window
%CPU_ASMFOCUS    = &h8    '// Move focus to Disassembler
%CPU_DUMPHIST    = &h10    '// Add change to Dump history
%CPU_DUMPFIRST   = &h20    '// Make address the first byte in Dump
%CPU_DUMPFOCUS   = &h80    '// Move focus to Dump
%CPU_REGAUTO     = &h100    '// Automatically switch to FPU/MMX/3DNow!
%CPU_RUNTRACE    = &h200    '// Show run trace data at offset asmaddr
%CPU_STACKFOCUS  = &h800    '// Move focus to Stack
%CPU_NOCREATE    = &h4000    '// Don't create CPU window if absent
%CPU_REDRAW      = &h8000    '// Redraw CPU window immediately
%CPU_NOFOCUS     = &h10000    '// Don't assign focus to main window

'////////////////////// EXPORTED PLUGIN CALLBACK FUNCTIONS //////////////////////
'// Origins of standard OllyDbg windows as passed to plugin. In parenthesis is
'// the type of item you get in ODBG_Pluginmenu(), ODBG_Pluginaction() and
'// ODBG_Pluginshortcut(). Note that this item can be NULL!
%PM_MAIN        = 0        '// Main window        (NULL)
%PM_DUMP        = 10       '// Any Dump window    (t_dump*)
%PM_MODULES     = 11       '// Modules window     (t_module*)
%PM_MEMORY      = 12       '// Memory window      (t_memory*)
%PM_THREADS     = 13       '// Threads window     (t_thread*)
%PM_BREAKPOINTS = 14       '// Breakpoints window (t_bpoint*)
%PM_REFERENCES  = 15       '// References window  (t_ref*)
%PM_RTRACE      = 16       '// Run trace window   (int*)
%PM_WATCHES     = 17       '// Watches window     (1-based index)
%PM_WINDOWS     = 18       '// Windows window     (t_window*)
%PM_DISASM      = 31       '// CPU Disassembler   (t_dump*)
%PM_CPUDUMP     = 32       '// CPU Dump           (t_dump*)
%PM_CPUSTACK    = 33       '// CPU Stack          (t_dump*)
%PM_CPUREGS     = 34       '// CPU Registers      (t_reg*)


'// Parameters of Plugingetvalue().
%VAL_HINST              = 1     '// Current program instance
%VAL_HWMAIN             = 2     '// Handle of the main window
%VAL_HWCLIENT           = 3     '// Handle of the MDI client window
%VAL_NCOLORS            = 4     '// Number of common colors
%VAL_COLORS             = 5     '// RGB values of common colors
%VAL_BRUSHES            = 6     '// Handles of common color brushes
%VAL_PENS               = 7     '// Handles of common color pens
%VAL_NFONTS             = 8     '// Number of common fonts
%VAL_FONTS              = 9     '// Handles of common fonts
%VAL_FONTNAMES          = 10    '// Internal font names
%VAL_FONTWIDTHS         = 11    '// Average widths of common fonts
%VAL_FONTHEIGHTS        = 12    '// Average heigths of common fonts
%VAL_NFIXFONTS          = 13    '// Actual number of fixed-pitch fonts
%VAL_DEFFONT            = 14    '// Index of default font
%VAL_NSCHEMES           = 15    '// Number of color schemes
%VAL_SCHEMES            = 16    '// Color schemes
%VAL_DEFSCHEME          = 17    '// Index of default colour scheme
%VAL_DEFHSCROLL         = 18    '// Default horizontal scroll
%VAL_RESTOREWINDOWPOS   = 19    '// Restore window positions from .ini
%VAL_HPROCESS           = 20    '// Handle of Debuggee
%VAL_PROCESSID          = 21    '// Process ID of Debuggee
%VAL_HMAINTHREAD        = 22    '// Handle of main thread
%VAL_MAINTHREADID       = 23    '// Thread ID of main thread
%VAL_MAINBASE           = 24    '// Base of main module in the process
%VAL_PROCESSNAME        = 25    '// Name of the active process
%VAL_EXEFILENAME        = 26    '// Name of the main debugged file
%VAL_CURRENTDIR         = 27    '// Current directory for debugged process
%VAL_SYSTEMDIR          = 28    '// Windows system directory
%VAL_DECODEANYIP        = 29    '// Decode registers dependless on EIP
%VAL_PASCALSTRINGS      = 30    '// Decode Pascal-style string constants
%VAL_ONLYASCII          = 31    '// Only printable ASCII chars in dump
%VAL_DIACRITICALS       = 32    '// Allow diacritical symbols in strings
%VAL_GLOBALSEARCH       = 33    '// Search from the beginning of block
%VAL_ALIGNEDSEARCH      = 34    '// Search aligned to item's size
%VAL_IGNORECASE         = 35    '// Ignore case in string search
%VAL_SEARCHMARGIN       = 36    '// Floating search allows error margin
%VAL_KEEPSELSIZE        = 37    '// Keep size of hex edit selection
%VAL_MMXDISPLAY         = 38    '// MMX display mode in dialog
%VAL_WINDOWFONT         = 39    '// Use calling window's font in dialog
%VAL_TABSTOPS           = 40    '// Distance between tab stops
%VAL_MODULES            = 41    '// Table of modules (.EXE and .DLL)
%VAL_MEMORY             = 42    '// Table of allocated memory blocks
%VAL_THREADS            = 43    '// Table of active threads
%VAL_BREAKPOINTS        = 44    '// Table of active breakpoints
%VAL_REFERENCES         = 45    '// Table with found references
%VAL_SOURCELIST         = 46    '// Table of source files
%VAL_WATCHES            = 47    '// Table of watches
%VAL_CPUFEATURES        = 50    '// CPU feature bits
%VAL_TRACEFILE          = 51    '// Handle of run trace log file
%VAL_ALIGNDIALOGS       = 52    '// Whether to align dialogs
%VAL_CPUDASM            = 53    '// Dump descriptor of CPU Disassembler
%VAL_CPUDDUMP           = 54    '// Dump descriptor of CPU Dump
%VAL_CPUDSTACK          = 55    '// Dump descriptor of CPU Stack
%VAL_APIHELP            = 56    '// Name of selected API help file
%VAL_HARDBP             = 57    '// Whether hardware breakpoints enabled




TYPE t_disasm               '// Results of disassembling
  ip AS DWORD                     '// (*) Instrucion pointer
  dump AS STRING * 256            '// Hexadecimal dump of the command
  result AS STRING * 256          '// Disassembled command
  comment AS STRING * 256         '// Brief comment
  opinfo1 AS STRING * 256         '// Comments to command's operands
  cmdtype AS LONG              '// (*) One of C_xxx
  memtype AS LONG              '// (*) Type of addressed variable in memory
  nprefix AS LONG              '// (*) Number of prefixes
  indexed AS LONG              '// Address contains register(s)
  jmpconst AS LONG             '// (*) Constant jump address
  jmptable AS LONG             '// (*) Possible address of switch table
  adrconst AS LONG             '// (*) Constant part of address
  immconst AS LONG             '// (*) Immediate constant
  zeroconst AS LONG            '// (*) Whether contains zero constant
  fixupoffset AS LONG          '// (*) Possible offset of 32-bit fixups
  fixupsize AS LONG            '// (*) Possible total size of fixups or 0
  jmpaddr AS LONG              '// Destination of jump/call/return
  condition AS LONG            '// 0xFF:unconditional, 0:false, 1:true
  dwerror AS LONG                '// (*) Error while disassembling command
  warnings AS LONG             '// (*) Combination of DAW_xxx
  optype(3) AS LONG            '// Type of operand (extended set DEC_xxx)
  opsize(3) AS LONG            '// Size of operand, bytes
  opgood(3) AS LONG            '// Whether address and data valid
  opaddr(3) AS LONG            '// Address if memory, index if register
  opdata(3) AS LONG            '// Actual value (only integer operands)
  t_operand(3) AS LONG      't_operand op[3];                '// Full description of operand
  regdata(8) AS LONG           '// Registers after command is executed
  regstatus(8) AS LONG         '// Status of registers, one of RST_xxx
  addrdata AS LONG             '// Traced memory address
  addrstatus AS LONG           '// Status of addrdata, one of RST_xxx
  dwregstack(32) AS LONG        'ulong regstack[NREGSTACK];  '// Stack tracing buffer
  dwrststatus(32) AS LONG       'int  rststatus[NREGSTACK];  '// Status of stack items
  dwnregstack AS LONG       'int  nregstack;             '// Number of items in stack trace buffer
  reserved(29) AS LONG         '// Reserved for plugin compatibility
END TYPE


TYPE t_bar
  nbar AS LONG                 '// Number of active columns
  lfont AS LONG                 '// Font used for bar segments
  dx(17) AS LONG        '// Actual widths of columns, pixels
  defdx(17) AS LONG          '// Default widths of columns, chars
  nameptr AS LONG  'char           *name[NBAR]          '// Column names (may be NULL)
  mode AS STRING * 17           '// Combination of BAR_xxx bits
  captured  AS LONG           '// One of CAPT_xxx, set to CAPT_FREE
  active   AS LONG            '// Info about how mouse is captured
  prevx AS LONG                '// Previous mouse coordinate
END TYPE


TYPE t_sorted                '// Descriptor of sorted table
  sName AS STRING * 260      '// Name of table, as appears in error messages
  numentries AS LONG       '// Actual number of entries
  nmax AS LONG             '// Maximal number of entries
  selected AS LONG         '// Index of selected entry or -1
  seladdr AS LONG          '// Base address of selected entry
  itemsize AS LONG         '// Size of single entry
  version AS LONG          '// Unique version of table
  dwdata AS LONG            '// Elements, sorted by address
  dwSORTFUNC AS LONG  '   *sortfunc;        '// Function which sorts data or NULL
  dwDESTFUNC AS LONG  '  *destfunc;        '// Destructor function or NULL
  dwsort AS LONG             '// Sorting criterium (column)
  dwsorted AS LONG          '// Whether indexes are sorted
  index AS LONG  '// Indexes, sorted by criterium
  suppresser AS LONG      '// Suppress multiple overflow errors
END TYPE

TYPE t_memory              '// Memory block descriptor
  dwbase AS LONG             '// Base address of memory block
  dwsize AS LONG             '// Size of block
  dwtype AS LONG             '// Service information, TY_xxx
  dwowner AS LONG            '// Address of owner of the memory
  dwinitaccess AS LONG       '// Initial read/write access
  dwaccess AS LONG           '// Actual status and read/write access
  dwthreadid AS LONG         '// Block belongs to this thread or 0
  sModule AS STRING * 8      '//char  sect[SHORTLEN];   '// Name of module section
  strCopy AS DWORD           '//char  *copy  '// Copy used in CPU window or NULL
  reserved(8) AS LONG     '// Reserved for plugin compatibility
END TYPE


TYPE t_table
    hWnd AS LONG
    sortdata AS t_sorted
    bardata  AS t_bar
    showbar AS LONG
    hscroll AS INTEGER
    colsel AS INTEGER
    lmode AS LONG
    lfont AS LONG
    scheme AS INTEGER
    hilite AS INTEGER
    offset AS LONG
    xshift AS LONG
    drawfunc AS LONG
END TYPE

TYPE t_dump                    '// Current STATUS OF dump WINDOW
  table AS t_table               't_table             '// Treat dump WINDOW AS custom table
  dimmed AS LONG               '// DRAW IN lowcolor IF nonzero
  dwTHREADID AS DWORD          '// Use decoding AND registers IF NOT 0
  dumptype AS LONG         '// Current dump TYPE, DU_xxx+count+SIZE
  specdump AS DWORD   'SPECFUNC   *specdump         '// Decoder OF DU_SPEC dump types
  menutype AS LONG 'INT        menutype          '// Standard menus, MT_xxx
  itemwidth AS LONG  'INT        itemwidth         '// Length OF displayed item, characters
  showstackframes AS LONG 'INT        showstackframes   '// SHOW stack frames IN address dump
  showstacklocals AS LONG  'INT        showstacklocals   '// SHOW names OF locals IN stack
  showsource AS LONG  'INT        showsource        '// SHOW source AS comment IN disassembler
  szFilename AS STRING * 260  '%MAX_PATH 'char       filename[MAXPATH] '// NAME OF displayed OR backup file
  lBase AS DWORD 'ulong      BASE              '// Start OF memory block OR file
  lSize AS DWORD 'ulong      SIZE              '// SIZE OF memory block OR file
  dwADDR AS DWORD              '// Address OF first displayed BYTE
  dwlastaddr AS DWORD          '// Address OF last displayed BYTE + 1
  sel0 AS DWORD              '// Address OF first selected BYTE
  sel1 AS DWORD              '// Last selected BYTE (NOT included!)
  startsel AS DWORD          '// Start OF last selection
  captured AS LONG          '// Mouse IS captured by dump
  reladdr AS DWORD           '// Addresses relative TO this
  relname AS STRING * 8        'char       relname[SHORTLEN] '// Symbol FOR relative zero address BASE
  tFilecopy AS DWORD  'char       *FILECOPY         '// COPY OF the file OR NULL
  tbackup AS DWORD   'char       *backup           '// Old backup OF memory/file OR NULL
  runtraceoffset AS LONG   '// Offset back IN run TRACE
  reserved(8) AS DWORD  '    reserved[8]       '// Reserved FOR the future extentions
END TYPE

TYPE t_module
 dwBase AS DWORD     '// Base address of module
 dwSize AS DWORD     '// Size occupied by module
 dwType AS DWORD     '// Service information, TY_xxx
 dwCodebase AS DWORD '// Base address of module code block
 dwResbase AS DWORD  '// Base address of resources
 dwResSize AS DWORD  '// Size of resources
 t_stringtable AS DWORD '// Pointers to string resources or null
 nstringtable AS DWORD  '// Actual number of used stringtable
 maxstringtable AS DWORD '// Actual number of allocated stringtable
 entry AS DWORD         '// Address of <ModuleEntryPoint> or null
 sRest AS STRING * 2048  '// ignore the rest of the structure
END TYPE

'// EXPORTS
DECLARE FUNCTION ODBG_Pluginclose CDECL ALIAS "_ODBG_Pluginclose" () AS LONG
DECLARE FUNCTION ODBG_Plugindata CDECL ALIAS "_ODBG_Plugindata"      (shortname AS ASCIIZ * 32) AS LONG 'char shortname[32]
DECLARE FUNCTION ODBG_Plugininit CDECL ALIAS "_ODBG_Plugininit"      (BYVAL ollydbgversion AS INTEGER, BYVAL hw AS LONG, features AS DWORD) AS LONG 'int ollydbgversion,HWND hw,ulong *features
DECLARE FUNCTION ODBG_Pluginmenu CDECL ALIAS "_ODBG_Pluginmenu"      (BYVAL origin AS DWORD, xdata AS ASCIIZ * 4096, BYVAL item AS DWORD) AS LONG  'int origin,char data[4096],void *item
DECLARE SUB      ODBG_Pluginaction  CDECL ALIAS "_ODBG_Pluginaction" (BYVAL origin AS LONG, BYVAL action AS LONG, BYVAL item AS DWORD PTR) 'int origin,int action,void *item
DECLARE SUB      ODBG_Pluginreset   CDECL ALIAS "_ODBG_Pluginreset"   ()
DECLARE SUB      ODBG_Plugindestroy CDECL ALIAS "_ODBG_Plugindestroy" ()

'// IMPORTS
DECLARE FUNCTION ReadCommand(BYVAL dwAddr AS LONG, BYVAL sBufOutPtr AS DWORD) AS LONG
DECLARE FUNCTION Insertname(BYVAL lAddr AS DWORD, BYVAL lType AS LONG, szName AS ASCIIZ) AS LONG
DECLARE FUNCTION Findmodule (BYVAL dwAddr AS LONG) AS DWORD
DECLARE SUB      Addtolist(BYVAL lLine AS LONG, BYVAL lColor AS LONG, szText AS ASCIIZ)
DECLARE SUB      Flash(szText AS ASCIIZ)
DECLARE FUNCTION Plugingetvalue(BYVAL lType AS LONG) AS LONG
DECLARE FUNCTION Findprocend(BYVAL lAddr AS LONG) AS LONG
DECLARE SUB      Setcpu(BYVAL lThreadID AS LONG, BYVAL lASMaddr AS LONG, BYVAL lCPUaddr AS LONG, BYVAL lStackAddr AS LONG, BYVAL mode AS LONG)

'#####################################################################################################################################3
'// WIN32API ...

%DLL_PROCESS_ATTACH = 1
DECLARE FUNCTION GetProcAddress LIB "KERNEL32.DLL" ALIAS "GetProcAddress" (BYVAL hModule AS DWORD, lpProcName AS ASCIIZ) AS LONG
DECLARE FUNCTION GetModuleHandle LIB "KERNEL32.DLL" ALIAS "GetModuleHandleA" (lpModuleName AS ASCIIZ) AS DWORD
    Last edited by Wayne Diamond; 18 Jun 2008, 12:01 AM.
    -
    Tags: None
  • #2
    Here is a simple bare-bones demo that shows the basic framework of the plugin, has code for adding labels and comments, and shows how to add menus to Ollydbg and react to them.

    Code:
    #COMPILE DLL "c:\olly\skeleton.dll"  '// Change to your OllyDbg directory
#INCLUDE "win32api.inc"
#INCLUDE "ollydbg.inc"
 
GLOBAL hInst AS DWORD
GLOBAL ghWndOlly AS DWORD, gPID AS DWORD, ghProc AS DWORD, gModuleBase AS DWORD, gItemMain AS DWORD, gszExeFile AS DWORD '// Ollydbg.exe process information
GLOBAL hAddtolist AS DWORD, hPlugingetvalue AS DWORD, hInsertName AS DWORD, hProcEnd AS DWORD, hSetCPU AS DWORD, hFindModule AS DWORD, hReadCommand AS DWORD '// Exported Olly functions
 
SUB GetOllyInfo  '// Get info about the ollydbg.exe process
    CALL DWORD hPlugingetvalue USING Plugingetvalue(BYVAL %VAL_HWMAIN) TO ghWndOlly
    CALL DWORD hPlugingetvalue USING Plugingetvalue(BYVAL %VAL_PROCESSID) TO gPID
    CALL DWORD hPlugingetvalue USING Plugingetvalue(BYVAL %VAL_HPROCESS) TO ghProc
    CALL DWORD hPlugingetvalue USING Plugingetvalue(BYVAL %VAL_MAINBASE) TO gModuleBase
    CALL DWORD hPlugingetvalue USING Plugingetvalue(BYVAL %VAL_CPUDASM) TO gItemMain
    CALL DWORD hPlugingetvalue USING Plugingetvalue(BYVAL %VAL_EXEFILENAME) TO gszExefile
END SUB

SUB ODBG_GenericSub(szSubName AS ASCIIZ) '// Call any function exported by ollydbg.exe
LOCAL hProc AS LONG, hLib AS LONG
hLib = GetModuleHandle(BYVAL 0)
hProc = GetProcAddress(hLib, szSubName)
CALL DWORD hProc
END SUB

SUB AddComment(BYVAL dwAddr AS DWORD, szComment AS ASCIIZ) '// Add a comment to an address
    CALL DWORD hInsertName USING Insertname(BYVAL dwAddr, BYVAL %NM_COMMENT, szComment)
END SUB

SUB AddLabel(BYVAL dwAddr AS DWORD, szLabel AS ASCIIZ)     '// Define an address as a label
    CALL DWORD hInsertName USING Insertname(BYVAL dwAddr, BYVAL %NM_LABEL, szLabel)
END SUB

FUNCTION ODBG_Plugindata  ALIAS "ODBG_Plugindata" (shortname AS ASCIIZ * 32) EXPORT AS LONG
 shortname = "PowerBasic Plugin"
 FUNCTION = %PLUGIN_VERSION
END FUNCTION

FUNCTION ODBG_Plugininit (BYVAL ollydbgversion AS INTEGER, BYVAL hw AS LONG, features AS DWORD) EXPORT AS LONG
  CALL DWORD hAddtolist USING Addtolist(BYVAL 0, BYVAL 0, " ")
  CALL DWORD hAddtolist USING Addtolist(BYVAL 0, BYVAL 1, "PowerBasic Plugin skeleton for OllyDbg")   '1=red, 0=black, -1=gray
  CALL DWORD hAddtolist USING Addtolist(BYVAL 0, BYVAL -1, "by Wayne Diamond")
  CALL DWORD hAddtolist USING Addtolist(BYVAL 0, BYVAL 0, " ")
  FUNCTION = 0
END FUNCTION

FUNCTION ODBG_Pluginmenu (BYVAL origin AS DWORD, xdata AS ASCIIZ * 4096, BYVAL item AS DWORD) EXPORT AS LONG
LOCAL pd AS t_dump
IF origin = %PM_MAIN THEN  '// Add to the Plugins menu
        xdata = "1&My 1st Menu Item,2&My 2nd Menu,|3&About"   '// use "|" as a bar seperator
        FUNCTION = 1:  EXIT FUNCTION
ELSEIF origin = %PM_DISASM THEN
        xData = "My Plugin{1&My right-click menu" '// Add to the right-click menu in the disassembly window pane
        FUNCTION = 1:  EXIT FUNCTION
END IF
END FUNCTION

SUB ODBG_Pluginaction (BYVAL origin AS LONG, BYVAL action AS LONG, BYVAL item AS DWORD PTR) EXPORT
LOCAL lRet AS LONG
 IF origin = %PM_MAIN THEN
    SELECT CASE action
     CASE 1:
         MSGBOX "My 1st Menu Item pressed"
     CASE 2:
         MSGBOX "My 2nd Menu Item pressed"
     CASE 3:
         MSGBOX "Powerbasic Plugin skeleton for OllyDbg", %MB_ICONINFORMATION + %MB_OK, "About"
    END SELECT
 ELSEIF origin = %PM_DISASM THEN
     IF action = 1 THEN
         MSGBOX "My right-click menu pressed"
     END IF
 END IF
END SUB

FUNCTION ODBG_Pluginclose() EXPORT AS LONG
END FUNCTION

SUB ODBG_Pluginreset() EXPORT
END SUB

SUB ODBG_Plugindestroy() EXPORT
END SUB


FUNCTION LIBMAIN(BYVAL hInstance AS LONG, BYVAL fwdReason AS LONG, BYVAL lpvReserved AS LONG) EXPORT AS LONG
LOCAL hLib AS LONG
  IF fwdReason = %DLL_PROCESS_ATTACH THEN
      hInst = hInstance
      hLib = GetModuleHandle(BYVAL 0)
      hAddtolist = GetProcAddress(hLib, "_Addtolist")
      hPlugingetvalue = GetProcAddress(hLib, "_Plugingetvalue")
      hInsertName = GetProcAddress(hLib, "_Insertname")
      hProcEnd = GetProcAddress(hLib, "_Findprocend")
      hSetCPU = GetProcAddress(hLib, "_Setcpu")
      hFindModule = GetProcAddress(hLib, "_Findmodule")
      hReadCommand = GetProcAddress(hLib, "_Readcommand")
  END IF
  FUNCTION = 1
END FUNCTION
    -

    Comment

    • #3
      This one isn't a true OllyDbg plugin, but because OllyDbg will actually load any DLL file that exists in its directory you can create a DLL that doesn't export any of the usual OllyDbg plugin functions, and simply respond instead to LIBMAIN's %DLL_PROCESS_ATTACH.

      This one simply deletes all the *.UDD and *.BAK files in the OllyDbg directory whenever you start OllyDbg.

      Code:
      #COMPILE DLL "c:\olly\uddkill.dll"
#INCLUDE "win32api.inc"
 
FUNCTION AppPath() AS STRING
 LOCAL hModule AS LONG, buffer AS ASCIIZ * 256, sBuf AS STRING
 hModule = GetModuleHandle(BYVAL 0&)
 GetModuleFileName hModule, Buffer, 256
 sBuf = TRIM$(Buffer)
 FUNCTION = LEFT$(sBuf, INSTR(-1, sBuf, "\"))
END FUNCTION
 
FUNCTION LIBMAIN(BYVAL hInstance AS LONG, BYVAL fwdReason AS LONG, BYVAL lpvReserved AS LONG) EXPORT AS LONG
  LOCAL sFile AS STRING, sPath AS STRING
  sPath = AppPath
  IF fwdReason = %DLL_PROCESS_ATTACH THEN
      sFile = DIR$(sPath & "*.udd",39)
      DO WHILE sFile <> ""
          KILL sPath & sFile
          sFile = DIR$
      LOOP
      sFile = ""
      sFile = DIR$(sPath & "*.bak",39)
      DO WHILE sFile <> ""
          KILL sPath & sFile
          sFile = DIR$
      LOOP
  END IF
  FUNCTION = 1
END FUNCTION
      -

      Comment

      • #4
        Many thanks!

        Comment

        Previous template Next
        Working...
        X

        We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, and to analyze site activity. For additional details, refer to our Privacy Policy.

        By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.

        I Agree