Exetools
Page 2 of 4 1 2 34
Show 40 post(s) from this thread on one page

Exetools (https://forum.exetools.com/index.php)
-   Community Tools (https://forum.exetools.com/forumdisplay.php?f=47)
-   -   OllyDBG v2.xx plugin - OllyExt (https://forum.exetools.com/showthread.php?t=15258)

ferrit.rce 10-13-2013 22:04
Just take the last original Olly, install my plugin, turn on the mentioned protections and it should work. I'm using Win7 Pro. Related the exceptions I have the exact same settings.

Quote:
Originally Posted by sendersu (Post 87355)
Hi, thanks for details
most strange thing is that ...... it works just 1 time!
the second time and the rest the app under test is just crashing!
do you see the same behaviour?

2) I've ida/etc SW installed, but not running - does it matter?
3) what OS are you working on

P.S> here is my olly setings http://prntscr.com/1x0ldg
are you using the same?

ferrit.rce 10-14-2013 17:07
Hey, I've just found the problem :) It's an olly config issue. You have to turn off SFX -> Unpack SFX modules automatically and will work like a charm. Per default it's enabled but it should be off...

quygia128 10-22-2013 13:55
Quote:
Originally Posted by Newbie_Cracker (Post 87192)

I've found some bugs but now remember these:

- Show Symbolic address is too stupid in OD2.x for CALL DWORD[adr]. If you press space on such codes OD shows

CALL DWORD PTR DS:[<&KERNEL32.GetSystemTimeAsFileTime>] instead of CALL DWORD PTR DS:[4080AC].

I really hate it !
I will code a plugin to Fix this problem automatic way when you run OllyDbg, please wait.

BR,
quygia128

ferrit.rce 10-23-2013 14:25
1 Attachment(s)
New v1.6 is out. Changes:
Code:
- CreateThread
- Version information resource added

nikre 10-23-2013 19:08
get error when try rip recursive
Unable to find target jump address at 00000000
File: OllyExtCodeRip.cpp Line: 191
Result of GetLastError: 00000000

ferrit.rce 10-23-2013 23:25
Please send me an example binary and the range what you wanted to rip.
Quote:
Originally Posted by nikre (Post 87539)
get error when try rip recursive
Unable to find target jump address at 00000000
File: OllyExtCodeRip.cpp Line: 191
Result of GetLastError: 00000000

quygia128 10-23-2013 23:47
@ferrit.rce:

Inside the function, i think you should use GetProclimits to get End address of function(RET) (must analysis code)

Get point of Jump command (jump XXX), calc byte lenght from XXX To End of function and copy data to clipboard.

sendersu 10-24-2013 01:47
@author
have you seen this interesting piece of code?
http://pastebin.com/6kbt1Vka

did you already have it inside the Ext the tool? :)

memcpy 10-24-2013 02:36
This pastebin is irrelevant, it's for Kernel debugger detection. Olly is usermode debugger. You don't have to add this mate.

ferrit.rce 10-24-2013 19:49
1. The feature must go without code analysis
2. I'm doing that what you've described but we have a possible problem with the recursive feature

Quote:
Originally Posted by quygia128 (Post 87549)
@ferrit.rce:

Inside the function, i think you should use GetProclimits to get End address of function(RET) (must analysis code)

Get point of Jump command (jump XXX), calc byte lenght from XXX To End of function and copy data to clipboard.

nikre 10-25-2013 12:33
1 Attachment(s)
@ferrit.rce

here example
I found one were work recursive
Code:
CALL 004053DC                                ;//00403D90:

ferrit.rce 10-25-2013 17:59
OK, I'll take a look at it...

Quote:
Originally Posted by nikre (Post 87579)
@ferrit.rce

here example
I found one were work recursive
Code:
CALL 004053DC                                ;//00403D90:

ferrit.rce 10-26-2013 17:57
1 Attachment(s)
New v1.6.1 is out. Changes:
Code:
- Recursive code ripping fix

sendersu 12-06-2013 08:09
@ferrit.rce
the OllyExt 1.6.1 does not run at all @Win2k3 server x32...
not even any line in log window of Olly201... :(
http://prntscr.com/290fap
http://prntscr.com/290fih
http://prntscr.com/290g8l
P.S. another v2 plugin OllyDumpEx v1.30 was successfully loaded

any ideas?

s0me0n3 12-07-2013 18:12
Quote:
Originally Posted by sendersu (Post 87550)
@author
have you seen this interesting piece of code?
http://pastebin.com/6kbt1Vka

did you already have it inside the Ext the tool? :)
Quote:
Originally Posted by memcpy (Post 87552)
This pastebin is irrelevant, it's for Kernel debugger detection. Olly is usermode debugger. You don't have to add this mate.
I have to disagree from what I can see on the pastebin stuff:

Quote:
//On the other hand, if KdPitchDebugger is set to false, a check for the "SeDebugPrivilege"
//privilege is conducted, a sign of presence of Kernel and/or UserMode debugger(s).
and

Quote:
else
{
printf("Kernel Debugger present\r\n");
if(retValue != 0xC0000022) printf("UserMode Debugger present as well\r\n");
}
}
Tell me where I am wrong.


All times are GMT +8. The time now is 08:48.
Page 2 of 4 1 2 34
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX