-------------------------------
OllyScript plugin v0.62 by SHaG
-------------------------------
1. About OllyScript
2. Status
2.1 What's new in v0.62?
3. Documentation
3.1 Language
3.2 Labels
3.3 Comments
3.4 Menus
4. Contact me
5. License
6. Thanks!
------------------------------
1. About OllyScript
-------------------
OllyScript is a plugin for OllyDbg, which is, in my opinion,
the best application-mode debugger out there. One of the best
features of this debugger is the plugin architecture which allows
users to extend its functionality. OllyScript is a plugin
meant to let you automate OllyDbg by writing scripts in an
assembly-like language. Many tasks involve a lot of repetitive
work just to get to some point in the debugged application. By
using my plugin you can write a script once and for all.
------------------------------
2. Status (4 March 2004)
----------------------------
Fixed another hardware breakpoint bug (thanks loveboom).
Also added ability to change the EFLAGS register (see the MOV command and section 3.1).
2.1 What's new?
---------------
The internal architecture of the plugin totally redone and object-oriented
(its not perfect OO, but bear with it). Because of this rewrite, bugs are
likely to appear. Please report them to me ASAP!
Bugs with script processing are fixed, parts of code are redone etc.
+ New commands:
BPCND, BC, BPMC, JA, JB, JAE, JBE, AI, AO, TI, TO
+ Conditional breakpoints
+ Breakpoint clearing (even memory)
+ Tracing and animation
+ More jumps
+ Can change EFLAGS register
# BP behaviour fixed (it now SETS breakpoint, instead of TOGGLEING it).
# Bugs in script processing fixed (thanks s0nkite).
# LOG now logs things like strings that are referenced by the address,
referenced function addresses etc. Try it, its cool!
# EOB now works correctly with hardware breakpoints.
# "Thanks" section of readme updated. =)
------------------------------
3. Documentation
----------------
Two example scripts (tElock098.osc and UPX.osc) are available with this release.
The scripts will when run immediately find the OEP packed executable.
3.1 Language
------------
The scripting language of OllyScript is an assembly-like language.
In the document below, src and dest can be (unless stated otherwise):
- Constant in the form of a hex number withot prefixes and suffixes (i.e. 00FF, not 0x00FF or 00FFh)
- Variable previously declared by VAR
- A 32-bit register (one of EAX, EBX, ECX, EDX, ESI, EDI, EBP, ESP, EIP). Non 32-bit registers are not supported at
the moment, but you can use SHL/SHR and AND to get their values.
- A memory reference in square brackets (i.e. [401000] points to the memory at address 401000, [ecx] points to the memory at address ecx).
- A flag with an exclamation mark in front (one of !CF, !PF, !AF, !ZF, !SF, !DF, !OF)
The following commands are available at the moment:
ADD dest, src
-------------
Adds src to dest and stores result in dest
Example:
add x, 0F
add eax, x
add [401000], 5
AI
--
Executes "Animate into" in OllyDbg
Example:
ai
AND dest, src
-------------
ANDs src and dest and stores result in dest
Example:
and x, 0F
and eax, x
and [401000], 5
ASM addr, command
-----------------
Assemble a command at some address
Example:
asm eip, "mov eax, ecx"
AO
--
Executes "Animate over" in OllyDbg
Example:
ao
BC addr
-------
Clear unconditional breakpoint at addr.
Example:
bc 401000
bc x
bc eip
BP addr
--------
Set unconditional breakpoint at addr.
Example:
bp 401000
bp x
bp eip
BPCND addr, cond
----------------
Set breakpoint on address addr with condition cond.
Example:
bpcnd 401000, "ECX==1"
BPMC
----
Clear memory breakpoint.
Example:
bpmc
BPHWC addr
----------
Delete hardware breakpoint at a specified address
Example:
bphwc 401000
BPHWS addr, mode
----------------
Set hardware breakpoint. Mode can be "r" - read, "w" - write or "x" - execute.
Example:
bphws 401000, "x"
BPRM addr, size
---------------
Set memory breakpoint on read. Size is size of memory in bytes.
Example:
bprm 401000, FF
BPWM addr, size
---------------
Set memory breakpoint on write. Size is size of memory in bytes.
Example:
bpwm 401000, FF
CMP dest, src
-------------
Compares dest to src. Works like it's ASM counterpart.
Example:
cmp y, x
cmp eip, 401000
CMT addr, text
--------------
Inserts a comment at the specified address
Example:
cmt eip, "This is the entry point"
EOB label
---------
Transfer execution to some label on next breakpoint.
Example:
eob SOME_LABEL
EOE label
---------
Transfer execution to some label on next exception.
Example:
eob SOME_LABEL
ESTI
----
Executes SHIFT-F7 in OllyDbg.
Example:
esti
ESTO
----
Executes SHIFT-F9 in OllyDbg.
Example:
esto
FINDOP addr, what
-----------------
Searches code starting at addr for an instruction that begins with the specified bytes.
When found sets the reserved $RESULT variable. $RESULT == 0 if nothing found.
Example:
findop 401000, #61# // find next POPAD
GPA proc, lib
-------------
Gets the address of the specified procedure in the specified library.
When found sets the reserved $RESULT variable. $RESULT == 0 if nothing found.
Useful for setting breakpoints on APIs.
Example:
gpa "MessageBoxA", "user32.dll" // After this $RESULT is the address of MessageBoxA and you can do "bp $RESULT".
GMI addr, info
--------------
Gets information about a module to which the specified address belongs.
"info" can be MODULEBASE, MODULESIZE, CODEBASE or CODESIZE (if you want other info in the future versions plz tell me).
Sets the reserved $RESULT variable (0 if data not found).
Example:
GMI eip, CODEBASE // After this $RESULT is the address to the codebase of the module to which eip belongs
JA label
--------
Use this after cmp. Works like it's asm counterpart.
Example:
ja SOME_LABEL
JAE label
---------
Use this after cmp. Works like it's asm counterpart.
Example:
jae SOME_LABEL
JB label
--------
Use this after cmp. Works like it's asm counterpart.
Example:
jb SOME_LABEL
JBE label
---------
Use this after cmp. Works like it's asm counterpart.
Example:
jbe SOME_LABEL
JE label
--------
Use this after cmp. Works like it's asm counterpart.
Example:
je SOME_LABEL
JMP label
---------
Unconditionally jump to a label.
Example:
jmp SOME_LABEL
JNE label
---------
Use this after cmp. Works like it's asm counterpart.
Example:
jne SOME_LABEL
LBL addr, text
--------------
Inserts a label at the specified address
Example:
lbl eip, "NiceJump"
LOG src
-------
Logs src to OllyDbg log window.
If src is a constant string the string is logged as it is.
If src is a variable or register its logged with its name.
Example:
log "Hello world" // The string "Hello world" is logged
var x
mov x, 10
log x // The string "x = 00000010" is logged.
MOV dest, src
-------------
Move src to dest.
Src can be a long hex string in the format #<some hex numbers>#, for example #1234#.
Remember that the number of digits in the hex string must be even, i.e. 2, 4, 6, 8 etc.
Example:
mov x, 0F
mov y, "Hello world"
mov eax, ecx
mov [ecx], #00DEAD00BEEF00#
mov !CF, 1
mov !DF, !PF
MSG message
-----------
Display a message box with specified message
Example:
MSG "Script paused"
OR dest, src
-------------
ORs src and dest and stores result in dest
Example:
or x, 0F
or eax, x
or [401000], 5
PAUSE
-----
Pauses script execution. Script can be resumed from plugin menu.
Example:
pause
RET
---
Exits script.
Example:
ret
RTR
---
Executes "Run to return" in OllyDbg
Example:
rtr
RTU
---
Executes "Run to user code" in OllyDbg
Example:
rtu
RUN
---
Executes F9 in OllyDbg
Example:
run
SHL dest, src
-------------
Shifts dest to the left src times and stores the result in dest.
Example:
mov x, 00000010
shl x, 8 // x is now 00001000
SHR dest, src
-------------
Shifts dest to the right src times and stores the result in dest.
Example:
mov x, 00001000
shr x, 8 // x is now 00000010
STI
---
Execute F7 in OllyDbg.
Example:
sti
STO
---
Execu
没有合适的资源?快使用搜索试试~ 我知道了~
673个OllyDbg脱壳脚本,很全的 需要需要的下
共673个文件
txt:668个
osc:5个
5星 · 超过95%的资源 需积分: 24 28 下载量 22 浏览量
2009-09-13
09:36:48
上传
评论
收藏 595KB RAR 举报
温馨提示
673个OllyDbg脱壳脚本,很全的 需要需要的下
资源推荐
资源详情
资源评论
收起资源包目录
673个OllyDbg脱壳脚本,很全的 需要需要的下 (673个子文件)
Aspr2.XX_unpacker_v1.0E.osc 130KB
Aspr 2.XX Unpacker Modify.osc 125KB
Aspr2.XX_unpacker_v1.0SC.osc 125KB
ASProtect+2.3+SKE的脱壳脚本.osc 33KB
Aspr2.XX_IATfixer_v2.2s.osc 33KB
ASProtect 2.xx Virtual Machine Rebuilder.txt 36KB
ASProtect 1.3x - 2.xx IAT Repair Script v1.02.txt 18KB
README.TXT 10KB
ASProtect.v2.0.txt 8KB
ASProtect 2.0 Import Recovery + Scrambled Code Recovery (Delphi & Imagebase 400000).txt 8KB
ASPROTECT 2.0 UNPACK SCRIPT [DELPHI].txt 8KB
aspr_2.0.unpack.txt 8KB
Asprotect 2.00 unpacker.txt 8KB
DetachFarther_MethodTenketsu_hipu_benina.txt 8KB
Armadillo Detach from Client + Unpack (Tenketsu 1000 Bytes Method) v0.1.txt 8KB
ASProtect 2.txt 8KB
Armadillo IAT Destruction.txt 8KB
arm_oep_finder.txt 8KB
Armadillo Detach from Client + Unpack (Ricardo 1000 Bytes Method) v0.1.txt 7KB
DetachFarther_MethodRicardo_hipu_benina.txt 7KB
Armadillo 3.70 Unpack.txt 7KB
arma37.txt 7KB
ASPr_API.txt 7KB
ASProtect 2.x Fix IAT with Import Elimination #3.txt 7KB
arm_detective.txt 6KB
ARMADiLLO_Detective_v1_ollyscript.txt 6KB
ARMADiLLO_Detective_v1.00_ollyscript.txt 6KB
Armadillo Detective v1.00.txt 6KB
Aspro2_AIP2.txt 6KB
ASProtect 2.x Fix IAT with Import Elimination #2.txt 6KB
copymem.txt 6KB
Armadillo CheckFlags v2.txt 6KB
SDProtect 1.12 OEP Finder.txt 6KB
sdprotect.1.12.txt 6KB
ASProtect 2.x Fix IAT with Import Elimination #1.txt 6KB
ASProtect Generic OEP Finder and Import Recovery.txt 6KB
ASPROTECT GENERIC SCRIPT [Orion].txt 6KB
ASProtect 1.xx Generic OEP Finder + IAT Recovery.txt 5KB
aspr_generic.txt 5KB
ohyeah.txt 5KB
Armadillo V4.0-V4.4.Standard.Protection OEP Finder.txt 5KB
HYINGv0.7x.txt 5KB
Hying v0.7x.txt 5KB
HYING'PELOCK 0.7 UNPACK SCRIPT 0.1.txt 5KB
Get Executable PE Information.txt 5KB
ASProtect 2.0x Fix IAT with Import Elimination Optimized.txt 5KB
Hying PeLock 0.7 OEP Finder v0.1.txt 5KB
Armadillo 4.42 CopyMem2 Detach from Client + Fix Import Table Elimination.txt 5KB
AddrEnc.txt 5KB
ASProtect 1.3x OEP Finder + IAT Rebuilder (Call to Call).txt 5KB
PESPIN v0.7.TXT 4KB
PeLock 1.0x Fix IAT + Junk Code + Stolen Code.txt 4KB
PeSpin 0.7 Stolen Code Finder v0.1.txt 4KB
PESPIN 0.7 [loveboom].txt 4KB
Armadillo 3.xx - 4.00 Nanomites VA Finder v1.0.txt 4KB
arm_va_finder.txt 4KB
ohshit.txt 4KB
VAFinder.txt 4KB
PeSpin 1.3 Beta 2 (Private) Detach From Client + Fix Code + Fix Nanomites.txt 4KB
Armadillo NanoTables v2.txt 4KB
ASProtect 1.3x OEP Finder + IAT Rebuilder (Call to JMP).txt 4KB
Armadillo 4.xx CopyMem2 (Fix IAT).txt 4KB
PeSpin 1.3 Beta2.txt 4KB
ASProtect 2.0x Resolve API's to HIGHMEM Calls.txt 4KB
ASProtect 2.0x Resolve API's To HIGHMEM Calls(1).txt 4KB
Enigma 1.txt 4KB
ALEX Protector1.0.txt 3KB
Alex Protector 1.0 Beta 2 Fix IAT + Remove Junk Code v0.1.txt 3KB
ALEX PROTECTOR 1.0 BETA2 V0.1.txt 3KB
ASProtect 2.3 Build 04.26 OEP Finder v1.01.txt 3KB
arm IAT Elimination.txt 3KB
PeLock 1.06 OEP Finder + Stolen Code + Remove Junk JMP's & Code.txt 3KB
arm_detach_1000_bytes_method.txt 3KB
Armadillo Detach from Client + Unpack (Hipu 1000 Bytes Method).txt 3KB
_Call Magicas Delphi.txt 3KB
PeSpin 1.3 Unpacker.txt 3KB
ASProtect 2.0x Rebuild Thunks for VC++.txt 3KB
PeSpin 1.3 Beta 2 (Private) Debug.txt 3KB
Armadillo IAT Eliminator.txt 3KB
arm_3x_dll.txt 3KB
arma_unpack.txt 3KB
ASProtect 2.xx IAT Recovery.txt 3KB
arm_anti_dump.txt 3KB
Armadillo OEP Finder + Fix Magic Jumps + Fix Anti-Dump.txt 3KB
PeSpin 1.1 Unpacker.txt 3KB
svk1.32.TXT 3KB
PeLock 1.txt 3KB
Armadillo 4.42 CopyMem2 Decrypt Code Sections.txt 3KB
Armadillo 3.xx DLL Unpack v0.1.txt 3KB
ASProtect 2.0x Fix IAT.txt 3KB
HYING'PELOCK 0.4.X UNPACK SCRIPT 0.1.txt 3KB
Hying v0.4x.txt 3KB
MSLRH_0.31 UNPACKING SCRIPT.txt 3KB
Enigma 1.02 OEP Finder.txt 3KB
DBPE 2.x OEP-FINDER 0.4 [loveboom].txt 3KB
DBPE 2.x OEP Finder v0.4.txt 3KB
SVKP 1.3x Fix Imports + OEP + Stolen Code v0.2.txt 3KB
Hying PeLock 0.4.x OEP Finder v0.1.txt 3KB
Obsidium114.txt 3KB
SVK PROTECTOR 1.3x SCRIPT [loveboom].txt 3KB
共 673 条
- 1
- 2
- 3
- 4
- 5
- 6
- 7
资源评论
- 火速东尼2014-01-23真的很全!!!
- shenmin21882013-12-01资料丰富,内容多多!
- 泽泓2012-11-06资料丰富,内容多多!
zy1818
- 粉丝: 15
- 资源: 36
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功