-
-
[分享]一款OD插件,名曰“寄存神搜”是我从上百款插件中试出来并汉化的
-
发表于: 2014-7-10 18:30
-
简直是重启类软件的 噩梦
手工汉化了下
手工汉化了下
OllyStepNSearch v0.6.2 plugin
2006 Didier Stevens https://DidierStevens.com
2010 Mark D. Adams http://myblog.org
This plugin allows you to search for a given text when automatically
stepping through the debugged program.
When the plugin is enabled, it will step automatically through the debugged
program once a step command (like Step Into) is issued.
Enabling the plugin is done with the "Options" menu command.
After enabling, press F7 to start.
After each step, the plugin will check which registers have changed.
If a changed register points to a string, it is logged.
If a search string has been defined and it is contained in the string
pointed to by the register or the Information pane, the stepping is paused.
Comparison is case sensitive.
A search string is defined by entering it with the "Options" menu command.
It is remembered in the OllyDbg INI file.
Entering an empty string disables the break on string command.
OllyStepNSearch can search in strings pointed to by registers (Search Registers toggle)
and it can search in the Information pane of the CPU window (Search Information toggle).
Read the "Information window" help section of the OllyDbg v1.10 help file if you're not familiar
with the Information pane.
If the search string is not found, debugging is resumed. If the current address
is lower than the limit address (by default 0x10000000) a step into command is
issued. A step over command is issued if the current address is higher than the
limit address, or if the current command is a call/jump to an address higher
than the limit address.
The limit address can be changed in the Options dialog.
The plugin can be disabled automatically when the search string is found (Disable after break toggle).
I added this option because I usually want to single step after finding the search string,
but often forgot to disable the plugin before single stepping.
Restarting the debugged program disables the plugin.
★★调试样例★★★
- Start OllyDbg and load the ftp.exe program (in system32 directory)
- Start the OllyStepNSearch plugin "Options" menu command
- Enter "google" as Search string (without the double quotes, of course)
- Enable StepNSearch
- Click OK
- Press F7 to start debugging
- Go to the FTP window and type "open google.com" and press enter
- The StepNSearch plugin will stop debugging when a register points to
a string containing google.
On my Windows XP SP2, this happens when EAX points to "open google.com".
- You can continue with F7 and see how ftp.exe parses the "open google.com" command.
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
可以的 |
wonderzdh
