[转帖]OD2-ExPlug v2.0.14.02-OllyDbg插件区-看雪-安全社区|安全招聘|kanxue.com

[转帖]OD2-ExPlug v2.0.14.02

2015-1-6 09:52 4756

[转帖]OD2-ExPlug v2.0.14.02

暴强

2015-1-6 09:52

4756

Name: OD2-ExPlug v2.0.14.02
Date: 01.05.2015
Author: quygia128
Home: http://cin1team.biz

=========================
Introduction:
=========================
OD2-ExPlug is a plugin for latest version of OllyDbg v2.01(x32).
I’m usually use and really like a plugin from AT4RE Team that is “IDAFicator”
by Zool@nd3r but it’s unavailable for the newest OllyDbg2 so i decided to
make own plugin which inside many functions to work under OllyDbg2.
I’m working on my plugin to improve more features and convenient to use OllyDbg2
so if you found any problem/Bug please let me now at:
CiN1 forum/Tuts4you forum/eXeTools forum or via Email: quygia128@gmail.com
I will fix in the next version.
Thanks you for support.

Special Thanks To:
TQN, BoB, phpbb3, Zool@nder, cektop, scherzo,Hellsp@wn
What, TBD, godfather, pnta, Vic4Key, Mr.Teo, KhongBiet
Greetingz To:
eXeTools Community,
Tuts4you Community,
HVA Community,
ARTeam,
Woodmann and AT4RE Comunity.

=========================
Features:
=========================

+ Main Menu +

- Breakpoint Manager
   . Export Breakpoints
   . Import Breakpoints
   . Delete [INT3,Hard & Memory] Breakpoints
- Comment Manager
   . Import Comments
   . Export Comments
- MAP File Master
   . Import Labels
   . Import Comments
   . Import MAP To Library
   . Open Label Tabel
   . Clear All Labels
   . Clear All Comments
- Plugin Debug Break (IDAPro,OllyDbg,ImmDbg,x32_dbg)
   . DoMyJob
   . Support..
- Help..
- Option..
- About...

+ Disasm Memu +

- Data Copy
   . ASNI (str) (Copy ansi string to clipboard) (Ctrl+Alt+A)
   . WIDE (str) (Copy wide string to clipboard) (Ctrl+Alt+W)
   . Unicode (str) (Copy Unicode string to clipboard) (Ctrl+Alt+U)
   . BYTE (Copy 1 BYTE)
   . WORD (Copy 2 BYTE)
   . DWORD (Copy 4 BYTE)
   . Address (Copy selected address) (Alt+Insert)
- Breakpoint Manager
   . Import Breakpoints
   . Export Breakpoints
   . Delete All INT3 BPs (Delete all INT3 Breakpoints)
   . Delete All Hard BPs (Delete all Hardware Breakpoints)
   . Delete All Mem  BPs (Delete all Memory Breakpoints)
- Tools
   . Notepad{File 01}
   . Calculator{File 02}
   . TaskMgr{File 03}
   . HashTool{File 04}
   . Regedit{File 05}
   . Configuration
- Label Master
   . Add New Label (Ctrl+Shift+E)
   . Open Label Table (Ctrl+Shift+T/L)
   . Follow In Dump (Ctrl+D)
   . Search By Google (Ctrl+Shift+G)
- ASM2Clipboard (Ctrl+Shift+A)
- ASCII Hint
- ByteCounter
- Go EIP (Shortcut Only: Esc)

+ Dump Menu +

- Data Copy
   . ASNI (str) (Copy ansi string to clipboard) (Ctrl+Alt+A)
   . WIDE (str) (Copy wide string to clipboard) (Ctrl+Alt+W)
   . Unicode (str) (Copy Unicode string to clipboard) (Ctrl+Alt+U)
   . BYTE (Copy 1 BYTE)
   . WORD (Copy 2 BYTE)
   . DWORD (Copy 4 BYTE)
   . Address (Copy selected address)(Alt+Insert)
- Memory Manager
   . Table Exporter (x)
   . Dump To File
   . Encode/Decode
   . Advance Dump (E/D)
   . ReverseHex (Ctrl+Z)
   . MiNiHash (Ctrl+Alt+Z)
- Follow In Dump (Ctrl+D)
- Follow In Disassembler (Ctrl+Alt+D)
- Create DumpWindow (Ctrl+Alt+C)

+ Info Bar +

- Add selected count(er)

+ Register Menu +

- Hardware Breakpoint [ESP]

+ INT3Breakpoint & Main Menu +

- Breakpoint->
   . Set a few breakpoint

+ HotKey +
   . "Esc" : go EIP(current origin) (Allow on any MDIWindows)
   . "," : Copy BYTE
   . "." : Copy WORD
   . "/" : Copy DWORD
   . "`" : Copy Address
   . "[" : Go to start of function (You must analysis code before use it)
   . "]" : Go to end (RET) of function
   . "Shift + 4" [CPU Dump] : Set/Remove Memory Breakpoint On Access
   . "Shift + 5" [CPU Dump] : Set/Remove Hardware Breakpoint On Access
   . "Shift + 4" [CPU Disasm] : Set/Remove Memory Breakpoint On Excu
   . "Shift + 5" [CPU Disasm] : Set/Remove Hardware Breakpoint On Excu
   . "Ctrl+Alt+Gray *" : Set "Malware Analysis" breakpoint group
   . "Ctrl+Alt+Gray /" : Set "NETWORK" breakpoint group
   . "Shift+P": Go To Address you have been copied from dump windows.

=========================
Install:
=========================
   1. Copy "OD2ExPlug.DLL" and "OD2ExPlug.INI" files to OllyDbg "plugins" dir.
   2. Copy folder "EXP" to "plugins" dir(Important).If not available You can still use Old "EXP" packed released
   3. See in OD2ExplugHelp/IMG dir.
   . NOTES: Plugin Work Only with New Config(OD2ExPlug.INI), copy it to "Plugins" dir(Important). Delete it if you want to restore default setting.
   .

=========================
ChangeLogs:
=========================

+ OD2-ExPlug v2.0.14.02
- 01/05/2015
. Update INT3, Hard, Mem Breakpoints Manager Engines
. Update Hardware Breakpoints Manager[Follow in Dump/disasm cpu]
. Update "Table Exporter" To v3.0
     + Supported Export Table in Python
     + Export Table as Text & Shellcode
     + Supported Encode/Decode (Add/Sub,Xor,Rol,& Ror)
. Removed Regedit Access(Slow by Some AV Active Hight Protection)
. Remove All Timer.
. Add "Module Name" to Infor Bar Status
. Add Sign For Delphi 2009, XE.7 & Freepascal Lazarus IDE
. Add API Breakpoint "InternetGetConnectedState"
. Minimize Interval of Hint is 30000(30s)
. Add UpperCase/LowerCase for Hash Result(MiNiHash)
.

+ OD2-ExPlug v201.13
- 10/29/2014
. Fixed [Bigger] Internal BUG(Crash OllyDbg in version 12)
. Fixed "Search by Google" (Allows Access if Labels is Exist)
. Fixed "API helper(BTN ?)" (Allows Access & Open API if Labels is Exist)
. Fixed dialog is appeare incorrectly if Not XPStyle.
. Edit Some Shortcut.
. Add Enter(VK_RETURN) Key on "Add New Label" & "Advance Go ExPression"
. Remove Module on "Search by Google"(Keep API Name Only)
. I'm Removing Delay On Windows 8|Above(Not Test) (Thanks to Vic4Key)
. Fix Some BUG in Breakpoint Manager(Import & Export & Delete & Detect Bps)
. Improved Auto Update (Auto restart OllyDbg & Update Plugin)
.

+ OD2-ExPlug v201.12
- 10/12/2014
. Add Update-Checker
. Add Plugin DebugBreak for IDA Pro 6.5 & x32_dbg
. Add Auto Insert Module Loaded Label(Thanks to LCF-AT for good idea)
. Fixed & Improve Advance Go ExPression
. Fixed Find OEP
. Fixed Plugin DebugBreak
. Improved MiNiHash To Version 0.3
. Remove EnumWindows API Patch
. Changes Left-Click On BTN "I" to "Import Label"
            Right-Click On BTN "I" to "Import Label & Comment"
. API Helper(?) Supported(*.CHM & *.HLP)
. Change OD2-ExPlug Options.
.

+ OD2-ExPlug v201.11
- 07/02/2014
. Upgrade Menu "Breakpoints"
. Upgrade "Go Expression"
. Fixed: Run playtime Plugin(Open Lua script on Window 7)
. Add Copy "Unicode(str)"
. Add "Memory Manager"
- Dump(Memory) To File
- Encode/Decode(Add/Sub/XoR/Shift and Rotation Bit/zlib)
- Advance Dump(E/D)
. Add Hotkey for Memory/Hardware Breakpoint(@+ HotKey)
. Add Simple HideOD2
.+++ PEB -> BeingDebugged
         ++PEB -> ntGlobalFlag
         ++PEB -> ProcessHeap.HeapFlags
         ++PEB -> ProcessHeap.ForceFlags
   ++PEB -> ProcessHeap.ProcHeapFlag
      .+++ Access & Modify API
         ++API -> CheckRemoteDebuggerPresent
         ++API -> BlockInput
         ++API -> OutputDebugStringA
         ++API -> FindWindowA
         ++API -> FindWindowExA
         ++API -> GetTickCount
         ++API -> ZwYieldExecution
         ++API -> KiRaiseUserExceptionDispatcher
   ++API -> Process32FirstW
   ++API -> EnumWindows
   ++API -> Module32Next

+ OD2-ExPlug v201.10a
- 04/19/2014
. Upgrade Menu "Breakpoints"
. Upgrade "Hardware Break[ESP]"
. Add "Find OEP"
. Add "Find All Strings"
. Add "BTN To Run LUA and Python Script"
. Add "BTN To Run Online/Offline API Help"
. Add "Go Expression"
. Change Shortcut of "ByteCounter" to "Ctrl+Shift+B" ("Ctrl+Shift+C" used by OllyGraph)
.

+ OD2-ExPlug v201.09
- 11/03/2013
. Add "Import MAP To Library"
. Add "BTN iL"
. Right Click On "BTN iL" (Copy Victim path)
. Upgrade "Label Manager" (Add Module, Command)
. Fixed crash OllyDbg On "Open Label Table"
. Fixed internal bugs (I Know)

New Menu:
- Import MAP To Library (*.DLL, *.*)
   . Import Label
   . Import Comments
   . Import Signatures
   . Search All Label From Module
   . Clear All Signature Of Module

+ OD2-ExPlug v201.08
- 10/16/2013
. Add "New Option"
. Add "Open Label Table"
. Add "Olly Hints" (Show The Hint In Status Bar)
. Add Right Click On "BTN I" (Import Label Only)
. Add "Set/Remove Memory Bps" On E In CPUDisasm (Shift + 4 or Shift + Space) (Shortcut Only)
. Add "Set/Remove Memory Bps" On RW In CPUDump (Shift + 4 or Shift + M) (Shortcut Only)
. Fixed Table Exporter (On Seclect Language)
. Fixed Follow In Dump (CPU_DUMPHIST //Add change to Dump history)
. Upgrade Menu "Breakpoint->" Engine (Set/Remove/Checked If Exist API Address In Bps List)
. Read "OD2ExPlug.ini" for more detail
. Fixed internal bugs

New Menu:
- Open Label Table
   . Search All Labels (Shift + S)
   . View In CPU Disasm (Shift + W)
   . Set/Remove INT3 Beakpoint (Shift + 3)
   . Set/Remove Hard Breakpoint (Shift + 4 or Shift + H)
   . Copy Address Of Label (Alt + Insert)
   . Copy File Offset (Shift + O) (Shortcut Only)

+ OD2-ExPlug v201.07
- 09/30/2013
. Add "New Option"
. Add "MAP File Master"
. Add "Plugin Debug Break"
. Add "Label Master"
. Add "Offset address" to status bar
. Fixed MiNiHash
. Fixed internal bugs

+ OD2-ExPlug v201.06
- 09/09/2013
. Add "New Option"
. Add "Breakpoint Manager"
. Add "Hardware Manager"
. Add "ASM2Clipboard"
. Add GoTo Start(Hotkey "[") & End(Hotkey "]") of Function
. Add "Table Exporter" (Max Len Supported 150000 byte)
. Update Count(er) (Converter LEN,VALUE(Hexadecimal) to Decimal)
. Bytecouter (Max Len Supported 60000 byte)
. Update MiNiHash(Auto detect Widestring), ReverseHex to version 0.2
. Fixed bug on copy Wide(str)
. Fixed internal bugs

+ OD2-ExPlug v201.05+
- 08/07/2013
   . Fix bugs

+ OD2-ExPlug v201.05
- 08/05/2013
. Add New Option
. Allow choose external tools for (Notepad,calculator,TaskMgr,HashTool)
. Add Hotkey
. Add Create DumpWindow
. Fixed Count(er), now, i think its good work :)
- (Bug: Overwrite message from OllyDbg)
. Fixed in ByteCounter(on get data) (Thanks to Vic4key)
. Fixed a few internal bug

+ OD2-ExPlug v201.04
- 07/02/2013
. Add Data Copy
. Add new breakpoint list (Malware Analysis + NET)
. Fix minor bug on MiNiHash

+ OD2-ExPlug v201.03
- 06/22/2013
. Fix bug on get debug status
. Fix bug open path (On Windows 7 - Try reopen OD if not work)
. Fix Go EIP (work faild when use function "new origin here")
. Fix Hardware Breakpoint [ESP] (work faild when register modify by user)
. Fix and Correct new bp list
. Add icon BTN for open regedit
. Add option Enable Icon BTN

+ OD2-ExPlug v201.02
- 06/15/2013
. Add breakpoint menu in OD Menu
. Fix count(er)
. Add icon BTN (victimpath and ollyPath)
. Add Go EIP for go to current line (Shortcut: Esc)
. Add shorcut for Dump Menu

+ OD2-ExPlug v201.01
- 06/12/2013
. First release

[培训]《安卓高级研修班(网课)》月薪三万计划，掌握调试、分析还原ollvm、vmp的方法，定制art虚拟机自动化脱壳的方法

#OllyDbg 2.x

上传的附件：