谢谢斑竹
插件放到PLUSE中没有显示,好象不能用

需要将Dumper.dll、Importer.dll、Realign.dll这三个文件放到OLLYDBG.EXE同目录中，将RL!Weasle.dll放到插件目录中才能正常使用！

好像还不行啊

:: What it is?
   RL!Weasle is an OllyDBG plugin that can help you reslove invalid ImpRec imports. It feautures unique specialized tracers and several different generic tracer levels for protections that copy data from dlls and store them to allocated space. This is done by obfuscation skipping and hashing correct instructions that are then compared to original .dll ones.

:: How to install?
If you have original and unmodified version of OllyDBG.exe just copy RL!Weasle.dll, Realign.dll (Realign 1.5 by y0da), Dumper.dll (Dumper engine), Importer.dll (ImporterEngine and deroko`s lenght disassm engine) to OllyDBG plugins folder. If you use modified OllyDBG version (like OllyICE or OllyShadow) then unpack RL!Weasle.dll file with upx -d (UPX 2.0 is used) option and then copy .dll files to OllyDBG plugins folder.

:: How to use it?
In Search filed enter the address which contains the API pointers (eg. 77xxxxxx) and the size of searching. Then press Search (+Search adds new APIs to the list and Search makes a new list). If API redirection is used use Trace Levels (from 1 to 3) and if it is a special API redirection you can use specialized tracers.

Trace Level 1 - traces until a long jump, or PUSH then RET, or until 0x00
Trace Level 2 - traces until a long jump, or PUSH then RET, or until 0x00, or until RETx
Trace Level 3 - traces until a long jump, or PUSH, or until 0x00, or until RETx (ignores nil instuctions NOP, etc.)

Resolve by address option can be used when you know any address in selected .dll file (select it in top .dll list) that you get by traceing. This address can be any address in that API range. If you enter it and select proper .dll file RL!Weasle will find the API in question, and if you select API in APIs list RL!Weasle will resolve the API. For example when you enter VA of MessageBoxA + 5, API resolver will return MessageBoxA API.

Tutorial on plugin using: Unpacking PESpin 1.304
Tutorial on plugin using: Unpacking SLVc0deProtector 1.11

:: Can I report a bug or contact the autor?
   Here is the contact information which you can use to contact me:
     Handle:     ap0x
     WebSite:   http://ap0x.jezgra.net
     Email:       ap0x.rce(at)gmail(dot)(com)

:: History:

v.0.7 beta
+ Public release
+ Released on: 09/14/2006
- Fixed installation issues
- Added IAT auto search option
- Added Dump process option
- Added new DumperEngine 1.2
- Added Read .dll(s) from debugee option
- Fixed AddNewSection function to correctly calculate NTSizeOfImage [this time for good!]
- Added new ImporterEngine 1.3

感谢分享！