#1
|
|||
|
|||
Finding API Address
Hi,
For finding an api address in the context of dlls loaded with target in ollydbg. this ollyplugin is for helping newcommer only, of course , from a lousy coder as well, so I felt it isnot good enough to be posted in release forum,but to share it , I am posting it here , hoping some newbie may find it usefull.(not tested but on xp1) Regards. Update: I added one more checkbox, please note ,in the movie isn't clear, but you have to double clik on the list to have item in the name field. update2: small bug fixed. update3:22/9/2006 tiny cosmetic update4: 24/9/2006 Add checkbox to break on return update5: 28/9/2006 more function added update 6: 30/9/2006 stepped on some bugs update7: 4/10/2006 Last edited by britedream; 10-04-2006 at 21:53. |
#2
|
|||
|
|||
The movie in exe mode isn't very intelligible in 1024x768 resolution.
|
#3
|
|||
|
|||
well seems a nice idea but you can do ctrl+G and write apiname to go to.
but such functionality should be expanded to commandbar like it has softice when you write bpx and press tab it will list all functions starting with string, but there it is also case sensitive |
#4
|
|||
|
|||
Updated
Please test.(there is small bug ,I will fix later)
The Rapishare link is also updated. Regard BD. Last edited by britedream; 09-29-2006 at 04:47. |
#5
|
|||
|
|||
Updated
Stepped on few bugs, it should work fine now.
here is the Rapid link:Updated on 4/10/2006 http://rapidshare.de/files/35462214/FindAddress.rar.html Brief explaination: there are 5 checkboxes,accept first and last,if checked will provide information, always double click on the left big box to have it send to where it should be,or to get breakpoint removed . The first checkbox is for partial search for an api. Last checkbox is to set a breakpoint on return. You can also get the correct api name and address by entering in the address field any address withen an api address space. File in The first post is also updated on 4/10/2006. Regards. BD. Last edited by britedream; 10-04-2006 at 21:57. |
#6
|
|||
|
|||
updated
I have updated the file ,due to ollydbg having some problems , giving incorrect result. That is only apply to setting breakpoint on return in some applications., so I added a check to inform user that setting breakpoint either cann't be detemined or doubtful so he can set it manually if he wish.
Regards. BD. Last edited by britedream; 10-05-2006 at 21:45. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Get APi from the address | ahmadmansoor | General Discussion | 21 | 03-03-2011 07:49 |
Finding base address in a remote process | yaa | General Discussion | 11 | 11-05-2007 07:40 |
how to get the address of the entry point in an API | Warren | General Discussion | 6 | 08-30-2005 16:18 |
Problem with Return Address | ArC | General Discussion | 2 | 08-03-2003 16:13 |