nice olly plugin

britedream · #1 01-20-2004, 17:23

thanks to ShaG

ollyscript is a nice plugin eventhough still at the start. in this example(aimpr) I will show you how you can find the last exception in asprotect, I am not that familiar with it yet, but
it is very easy to understand.(please use the latest version: .3)

britedream · #2 01-20-2004, 17:57

I didn't take into acount the programs with int 3 but you can easly correct that,
just add after eoe lab3: eob lab3 , and
delete the code before ret;(ubp eip)

the above attachment is now corrected for int 3

#3 01-20-2004, 21:09

Very, very nice.

#4 01-20-2004, 21:19

@britedream
Thanks
I tested your script on a couple of targets and it works great.

R@dier

britedream · #5 01-20-2004, 23:01

my pleasure!

SHaG · #6 01-21-2004, 06:55

Terrific script britedream!
Nice to see that my plugin is indeed being used for something!! =)

If anyone has any improvement suggestions please feel free to
post them to OllyDbg users forum
(hxxp://ollydbg.win32asmcommunity.net ) or msg me on EFnet (nick: SHaG).

K3nny · #7 01-21-2004, 20:06

Nice plugin

britedream · #8 01-22-2004, 14:57

for those of us who need to set the breakpoint in the right place, and for simplicity
I didn't check for the signature of the retn
I assumed it to be in the same place which
makes it less perfect, but it works.
for those can add under" lab4:" the following code:

lab4:

eob lab5
mov k,eip
add k,3d
ubp k
esto

lab5:
ret

I hope someone will give a feed back on this.
regards.
[note]
from the above breakpoint you can set memory breakpoint on the code section to find the oep, and also trace for your stolen .. etc, so it is very important breakpoint.

#9 01-22-2004, 15:31

Tested your modified script on severall asprotected programs and it works Great

britedream · #10 01-22-2004, 15:44

To lownoise
I am truely grateful for your respond. Thanks.

#11 01-22-2004, 19:29

Hopefully in the next version of the plugin there's support for hardware breakpoints

britedream · #12 01-22-2004, 19:42

I agree!
Also stack breakpoint is very important it will save alot of trace and avoid some loops plus other things. ollyscript should follow at least the bps in olly.

britedream · #13 01-22-2004, 20:11

the good thing about script is that you see how things are done and you learn each time you see one, it is a live tutorial.

#14 01-22-2004, 21:03

Quote:

Originally posted by britedream
I agree!

How did those words come up to your mind

Also stack breakpoint is very important it will save alot of trace and avoid some loops plus other things. ollyscript should follow at least the bps in olly.

lets hope that SHaG modifies his plugin soon so we don't have to that

Special thanks goes to you britedream for the work you're doing to make a live without asprotect easily

britedream · #15 01-22-2004, 21:17

Thank you Lowoise for the gentle consideration, wishing you the success in anything you do.

Regards
britedream

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode