Version : 1.2.0
* 11 buttons added to the native toolbar:
1. The go back/forward button.
2. and finally The Reach beginning/End of procedures button
3. The search for all text string button.
4. Hardware Breakpoints Dialog box opener (In a non modal non child DB).
5. Multi-Commands assembler.
6. Target directory opener.
7. Customizable buttons.
* IDA-like mouse features:
1. The DISASSEMBLY WINDOW:
2. The DEFAULT DUMP WINDOW:
3. The STACK WINDOW:
* Dump and set a HWBP on [ESP].
* 'Universal' stolen code restoring
* Address Informer
* Direct Address Copier
And more.
What's new:
1. Adding support for asm like command in 'multicommand assembler'.
Added commands til now are:
1.1) PUSHSTR -> There'are 2 versions of this cmd:
1.1.1) First one, without argument
(ex: pushstr 'kernel32.dll' -> PUSH 3D0000 ; ASCII "kernel32.dll" )
1.1.2) Second one, accept one argument (The address where to assemble)
ex: pushstr 'kernel32.dll', 401000 -> PUSH 00401000
assembled to: ->
PUSH 00402000
CALL user32.GetWindowLongA)
+/- all constants in windows.inc (thanks hutch and iczelion for this
file) can be used just with the prefix '@'
1.3) INVOKE -> Works like its homologous asm command with an extra
Note that:
1.3.1 - The strings will be assembled in a 'rundom' address
allocated in debugee memory
1.3.2 - you can integrate string directly in the invoke macro
( ex1: invoke MessageBoxA, 'Text1 from invoke macro', 'Text2 from invoke macro', @MB_OK
-> PUSH 0 ; /Style = MB_OK|MB_APPLMODAL
PUSH 1D0030 ; |Title = "Text2 from invoke macro"
PUSH 1D0048 ; |Text = "Text1 from invoke macro"
PUSH 00402000 ; |hOwner = 00402000
CALL DWORD PTR DS:[<&user32.MessageBoxA>> ; \MessageBoxA
1.4) Note that the constants are located in 'BYTES.OEP' file provided
with this version (version of 06/05/ 2008) and you've to re^lace the old
one. Otherwise, all constants will return 0 and will assembled : push 0.
2- Position saving for most important and most used dialog boxes.
Please, consider to use the pushstr macro instead of invoke one if the
lenght of pushed text is > 40 chars Privacy note: The last entered piece
of text to assemble in MCasm is stored in registry
("HKEY_CURRENT_USER\Software\IDAFicator Plugin"), just in case.
3- MuCAsm now remembers last entered text even between debugging 2 sessions.
