首页
社区
课程
招聘
IDAFicator 06/05/2008 V 1.2.12
发表于: 2008-5-6 23:09 4359

IDAFicator 06/05/2008 V 1.2.12

2008-5-6 23:09
4359
IDAFicator : A new plugin for Ollydbg fom AT4RE

--------------------------------------------------------------------------------

-------------------------((((06/05/2008 V 1.2.12 )))--------------------------
----------------------------<<<< What's new: >>>>-----------------------------

1. Adding support for asm like command in 'multicommand assembler'.
Added commands til now are:
1.1) PUSHSTR -> There'are 2 versions of this cmd:
1.1.1) First one, without argument
(ex: pushstr 'kernel32.dll' -> PUSH 3D0000 ; ASCII "kernel32.dll" )
1.1.2) Second one, accept one argument (The address where to assemble)
ex: pushstr 'kernel32.dll', 401000 -> PUSH 00401000

1.2) PUSHALL -> push several commands
(ex: pushall 0402000, @GWL_EXSTYLE
call GetWindowLongA

assembled to: ->
PUSH 00402000
CALL user32.GetWindowLongA)

+/- all constants in windows.inc (thanks hutch and iczelion for this
file) can be used just with the prefix '@'

1.3) INVOKE -> Works like its homologous asm command with an extra  
Note that:
1.3.1 - The strings will be assembled in a 'rundom' address
allocated in debugee memory
1.3.2 - you can integrate string directly in the invoke macro
( ex1: invoke MessageBoxA, 'Text1 from invoke macro', 'Text2 from invoke macro', @MB_OK
-> PUSH 0 ; /Style = MB_OK|MB_APPLMODAL
PUSH 1D0030 ; |Title = "Text2 from invoke macro"
PUSH 1D0048 ; |Text = "Text1 from invoke macro"
PUSH 00402000 ; |hOwner = 00402000
CALL DWORD PTR DS:[<&user32.MessageBoxA>> ; \MessageBoxA

ex1: And invoke GetPrivateProfileIntA, 'Section Name', 'Key', 0, 'B:\bla\bla\bla\bla.ini'
-> PUSH 1D0060 ; /IniFileName = "B:\bla\bla\bla\bla.ini"
PUSH 0 ; |Default = 0
PUSH 1D0077 ; |Key = "Key"
PUSH 1D007B ; |Section = "Section Name"
CALL DWORD PTR DS:[<&kernel32.GetPrivate> ; \GetPrivateProfileIntA
)

1.4) Note that the constants are located in 'BYTES.OEP' file provided
with this version (version of 06/05/ 2008) and you've to replace the old
one. Otherwise, all constants will return 0 and will assembled : push 0.

2- Position saving for most important and most used dialog boxes.
Please, consider to use the pushstr macro instead of invoke one if the
lenght of pushed text is > 40 chars Privacy note: The last entered piece
of text to assemble in MCasm is stored in registry
("HKEY_CURRENT_USER\Software\IDAFicator Plugin"), just in case.

3- MuCAsm now remembers last entered text even between debugging 2 sessions.

------------------------------(((( TODO list )))-------------------------------

1- Automatic update of bp menu checked item when starting olly with already
set bpts.
2- Keep a list of disabeled hwbp so reverser can set them on after restarting
HWBP dialogbox
3- Handling the relative jumps by the MuCAsm.

http://www.at4re.com/tools/Releases/Zool@nder/IDAFicator/IDAFicator_1.2.12.zip

[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课

收藏
免费 0
支持
分享
最新回复 (5)
雪    币: 209
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
2
这个是好东西  谢谢分享。。
2008-5-7 00:43
0
雪    币: 260
活跃值: (102)
能力值: ( LV9,RANK:170 )
在线值:
发帖
回帖
粉丝
3
更新关于汇编部分了?
很好,很强大了,呵呵,经常修改exe用这个就比较爽了。
2008-5-7 11:17
0
雪    币: 185
活跃值: (487)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
4
下载更新下看看
2008-5-7 12:04
0
雪    币: 716
活跃值: (162)
能力值: ( LV9,RANK:250 )
在线值:
发帖
回帖
粉丝
5
这东西还没用过,下来试试。
2008-5-7 12:49
0
雪    币: 214
活跃值: (17)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
6
不会用,有没有人可以写个教程?
2008-5-7 14:24
0
游客
登录 | 注册 方可回帖
返回
//