-------------------------------
OllyScript plugin v0.92 by SHaG
-------------------------------
1. About OllyScript
2. Status
2.1 What's new in v0.92?
3. Documentation
3.1 Language
3.1.1 Reserved variables
3.1.2 Commands
3.2 Labels
3.3 Comments
3.4 Menus
4. Integration with other plugins
5. Contact me
6. License and source code
7. Thanks!
------------------------------
1. About OllyScript
-------------------
OllyScript is a plugin for OllyDbg, which is, in my opinion,
the best application-mode debugger out there. One of the best
features of this debugger is the plugin architecture which allows
users to extend its functionality. OllyScript is a plugin
meant to let you automate OllyDbg by writing scripts in an
assembly-like language. Many tasks involve a lot of repetitive
work just to get to some point in the debugged application. By
using my plugin you can write a script once and for all.
------------------------------
2. Status (10 July 2004)
----------------------------
v0.92
A big bug in script synchronization fixed (thanks loveboom!).
GN behaviour updated.
MOV can now write strings to memory.
v0.91
A bug related to pausing the application fixed, the GN command added, ASM returns $RESULT.
v0.9
OllyScript has now been downloaded more then 10000 times! That means more then 2Gb of raw
scripting power flowing down the optic cable veins of the Internet. Not bad if you ask me!
The development of the plugin has been a bit slow, I've got a job programming xray systems
which has taken a lot of time. Sorry about that.
2.1 What's new?
---------------
+ New commands: ASK, BPL, BPLCND, COB, COE, EVAL, EXEC/ENDE, GN, TICND, TOCND
+ Execution of code in the target process context
+ String concateration with ADD or EVAL
+ Input box
+ Logging breakpoints
+ Removal of EOB and EOE
+ Tracing with condition
+ Get name of address
# ASM now returns assembled length in $RESULT
# Fixed pause crash bug
# Fixed bug with JBE, hopefully it was the last of the Jxx bugs
# OllyScript now REQUIRES OllyDbg v1.10. No other versions are officially supported.
------------------------------
3. Documentation
----------------
Two example scripts (tElock098.osc and UPX.osc) are available with this release.
The scripts will when run immediately find the OEP packed executable.
3.1 Language
------------
The scripting language of OllyScript is an assembly-like language.
In the document below, src and dest can be (unless stated otherwise):
- Constant in the form of a hex number withot prefixes and suffixes (i.e. 00FF, not 0x00FF or 00FFh)
- Variable previously declared by VAR
- A 32-bit register (one of EAX, EBX, ECX, EDX, ESI, EDI, EBP, ESP, EIP). Non 32-bit registers are not supported at
the moment, but you can use SHL/SHR and AND to get their values.
- A memory reference in square brackets (i.e. [401000] points to the memory at address 401000,
[ecx] points to the memory at address ecx).
- A flag with an exclamation mark in front (one of !CF, !PF, !AF, !ZF, !SF, !DF, !OF)
- Sometimes byte strings are required. those are scripted as #6A0000# (values between two #) and
must have an even number of characters.
- Some byte strings can contain the wildcard '?', for exampla #6A??00# or #6?0000#
3.1.1 Reserved variables
------------------------
$RESULT
-------
Return value for some functions like FIND etc.
$RESULT_1 and $RESULT_2 are available for some commands.
$VERSION
--------
Contains current version of OllyScript
Example
cmp $VERSION, "0.8"
ja version_above_08
3.1.2 Commands
--------------
#INC file
---------
Includes a script file in another script file
Example:
#inc "anotherscript.txt"
#LOG
----
Enables logging of executed commands.
The commands will appear in OllyDbg log window, and will be prefixed with -->
Example:
#log
ADD dest, src
-------------
Adds src to dest and stores result in dest
Example:
add x, 0F
add eax, x
add [401000], 5
add y, " times" // If y was 1000 before this command then y is "1000 times" after it
AI
--
Executes "Animate into" in OllyDbg
Example:
ai
AN addr
-------
Analyze module which contains the address addr.
Example:
an eip // Same as pressing CTRL-A
AND dest, src
-------------
ANDs src and dest and stores result in dest
Example:
and x, 0F
and eax, x
and [401000], 5
ASK question
------------
Displays an input box with the specified question and lets user enter a response.
Sets the reserved $RESULT variable (0 if cancel button was pressed).
Example:
ask "Enter new EIP"
cmp $RESULT, 0
je cancel_pressed
mov eip, $RESULT
ASM addr, command
-----------------
Assemble a command at some address.
Returns bytes assembled in the reserved $RESULT variable
Example:
asm eip, "mov eax, ecx"
AO
--
Executes "Animate over" in OllyDbg
Example:
ao
BC addr
-------
Clear unconditional breakpoint at addr.
Example:
bc 401000
bc x
bc eip
BP addr
--------
Set unconditional breakpoint at addr.
Example:
bp 401000
bp x
bp eip
BPCND addr, cond
----------------
Set breakpoint on address addr with condition cond.
Example:
bpcnd 401000, "ECX==1"
BPL addr, expr
--------------
Sets logging breakpoint at address addr that logs expression expr
Example:
bpl 401000, "eax" // logs the value of eax everytime this line is passed
BPLCND addr, expr, cond
-----------------------
Sets logging breakpoint at address addr that logs expression expr if condition cond is true
Example:
bplcnd 401000, "eax", "eax > 1" // logs the value of eax everytime this line is passed and eax > 1
BPMC
----
Clear memory breakpoint.
Example:
bpmc
BPHWC addr
----------
Delete hardware breakpoint at a specified address
Example:
bphwc 401000
BPHWS addr, mode
----------------
Set hardware breakpoint. Mode can be "r" - read, "w" - write or "x" - execute.
Example:
bphws 401000, "x"
BPRM addr, size
---------------
Set memory breakpoint on read. Size is size of memory in bytes.
Example:
bprm 401000, FF
BPWM addr, size
---------------
Set memory breakpoint on write. Size is size of memory in bytes.
Example:
bpwm 401000, FF
CMP dest, src
-------------
Compares dest to src. Works like it's ASM counterpart.
Example:
cmp y, x
cmp eip, 401000
CMT addr, text
--------------
Inserts a comment at the specified address
Example:
cmt eip, "This is the entry point"
COB
---
Makes script continue execution after a breakpoint has occured (removes EOB)
Example:
COB
COE
---
Makes script continue execution after an exception has occured (removes EOE)
Example:
COE
DBH
---
Hides debugger
Example:
dbh
DBS
---
Unhides debugger
Example:
dbs
DEC var
-------
Substracts 1 from variable
Example:
dec v
DM addr, size, file
-------------------
Dumps memory of specified size from specified address to specified file
Example:
dm 401000, 1F, "c:\dump.bin"
DMA addr, size, file
-------------------
Dumps memory of specified size from specified address to specified file appending to that file if it exists
Example:
dma 401000, 1F, "c:\dump.bin"
DPE filename, ep
----------------
Dumps the executable to file with specified name.
Entry point is set to ep.
Example:
dpe "c:\test.exe", eip
EOB label
---------
Transfer execution to some label on next breakpoint.
Example:
eob SOME_LABEL
EOE label
---------
Transfer execution to some label on next exception.
Example:
eob SOME_LABEL
ESTI
----
Executes SHIFT-F7 in OllyDbg.
Example:
esti
ESTO
----
Executes SHIFT-F9 in OllyDbg.
Example:
esto
EVAL
----
Evaluates a string expression that contains variables.
The variables that are declared in the current script can be enclosed in curly braces {} to be inserted.
Sets the reserved $RESULT variable
Example:
var x
mov x, 1000
eval "The value of x is {x}" // after this $RESULT is "The value of x is 00001000"
EXEC/ENDE
---------
Executes instructions between EXEC and ENDE in the context of the target process.
Values in curly braces {} are replaced by their values.
Example:
// This does some movs
var x
var y
mov x, "eax"
mov y, "0DEADBEEF"
exec
mov {x}, {y} // mov eax
没有合适的资源?快使用搜索试试~ 我知道了~
资源推荐
资源详情
资源评论
收起资源包目录
OllyDbg 1.10 flyODBG + OllyICE 天草随教程附送的教学用软件 (663个子文件)
mapconv.c 4KB
Junkdb.cfg 13KB
OM.chm 112KB
Labeler.def 513B
DBGHELP.DLL 475KB
ODBHELP.DLL 475KB
GODUP.dll 313KB
ollyperl.dll 221KB
pedumper.dll 212KB
OllyScript.dll 208KB
ODbgScript.dll 192KB
CmdBar.dll 130KB
DataRipper.dll 114KB
AJunk.dll 112KB
OllyHelper.dll 88KB
OllyDump V2.21.dll 79KB
MemoryManage.dll 72KB
Labelmaster.dll 70KB
TBar.dll 67KB
Cmdline.dll 61KB
CleanupEx.dll 58KB
HideCapt.dll 56KB
Bookmark.dll 55KB
WatchMan.dll 52KB
LoadMap.dll 48KB
extracopy.dll 44KB
Asm2Clipboard.dll 44KB
DeJunk.dll 40KB
DeJunk.dll 40KB
TracKid.dll 40KB
PuntosMagicos.dll 37KB
Disasm.dll 32KB
OllyMachine.dll 30KB
Labeler.dll 29KB
ustrref.dll 26KB
windowjuggler.dll 24KB
psapi.dll 23KB
UnhExcFlt.DLL 8KB
HideDebugger.dll 7KB
IsDebug V1.4.dll 7KB
krmem.dll 7KB
StayOntop.dll 6KB
MapConv.dll 5KB
windowinfos.dll 4KB
OllyICE.exe 1.24MB
Ollydbg.exe 1.06MB
flyODBG.eXe 588KB
API地址专家.exe 202KB
COOL for XP.exe 160KB
punto h.exe 152KB
dumpsig.exe 55KB
XIdt.exe 28KB
Dll_LoadEx.exe 24KB
loaddll.exe 8KB
DLL_Loader.exe 5KB
exceod(UnhExcFlt).exe 4KB
TestDebugger.EXE 2KB
index.php-getimage=text.gif 99B
index.php-getimage=asc.gif 46B
index.php-getimage=desc.gif 46B
Ollydbg.hlp 354KB
godup.hlp 4KB
index.php-sort=size.htm 242KB
index.php-sort=name.htm 242KB
index.htm 242KB
index.php-sort=date.htm 242KB
index.php-sort=size&order=desc.htm 242KB
index.php-sort=date&order=desc.htm 155KB
index.php-sort=type.htm 139KB
index.php-sort=type&order=desc.htm 113KB
index.php-sort=name&order=desc.htm 106KB
SecuROM 4.xx - 4.84.75+ (Main Executables) OEP Finder v1.1.txt.htm 1KB
SecuROM 4.xx - 4.84.75+ (Other Executable) OEP Finder v1.1.txt.htm 1KB
ASProtect 2.0x Automatic SHIFT+F9.txt.htm 966B
Ollydbg.ini 17KB
DeJunk.ini 15KB
DeJunk.ini 15KB
TBar manager.ini 2KB
OllyMachine.ini 412B
Labeler.ini 109B
OllyDump.ini 64B
CmdBar.ini 37B
CmdBar.ini 37B
HideDebugger.ini 31B
HideDebugger.ini 27B
CleanupEx.ini 23B
tuts4you.jpg 6KB
mfc71.Lib 2.46MB
MFC42.Lib 2.06MB
DeJunk.Log 175B
NSPACK.V1.X-V2.0.oms 868B
UPX.oms 671B
UPX.oms 671B
ASPACK V2.12.oms 658B
ASPack V2.12.oms 658B
Include.oms 443B
HelloWorld.oms 400B
Aspr2.XX.IATfixer.1.02.osc 18KB
Obsidium V1.3.0.0.osc 12KB
Protection Plus V4.2.osc 9KB
共 663 条
- 1
- 2
- 3
- 4
- 5
- 6
- 7
资源评论
- lclzxdz2013-11-13这个真的是天草的吗?感觉用起来和天草教程里的有些区别。不过还是很感谢楼主分享。谢谢
lucky_789
- 粉丝: 5
- 资源: 16
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- 虚拟电脑病毒无害无需资源
- 探索Python数据可视化:Matplotlib库的深入指南
- 全站数据爬取技术与实践:方法、代码与策略
- 微信自动抢红包APP.zip毕业设计参考学习资料
- 为 Wireshark 能使用纯真网络 IP 数据库(QQwry)而提供的格式转换工具.zip
- 音频格式转换工具.zip学习资料程序资源
- 自用固件,合并openwrt和immortalwrt编译AX6(刷机有风险).zip
- 最新GeoLite2-City.mmdb,GeoLite2-Country.mmdb打包下载
- 基于BootStrap + Springboot + FISCO-BCOS的二手物品交易市场系统.zip
- 使用Java语言编写的九格拼游戏,找寻下曾经小时候的记忆.zip
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功