english.lst

masm 调试工具

[Total]
cmdtotal=75

[commands]
0=$RESULT
1=$VERSION
2=#INC
3=#LOG
4=ADD
5=AI
6=AN
7=AND
8=ASK
9=ASM
10=AO
11=BC
12=BP
13=BPCND
14=BPL
15=BPLCND
16=BPMC
17=BPHWC
18=BPHWS
19=BPRM
20=BPWM
21=CMP
22=CMT
23=COB
24=COE
25=DBH
26=DBS
27=DEC
28=DM
29=DMA
30=DPE
31=EOB
32=EOE
33=ESTI
34=ESTO
35=EVAL
36=EXEC/ENDE
37=FILL
38=FIND
39=FINDOP
40=GN
41=GPA
42=GO
43=GMI
44=INC
45=JA
46=JAE
47=JB
48=JBE
49=JE
50=JMP
51=JNE
52=LBL
53=LOG
54=MOV
55=MSG
56=MSGYN
57=OR
58=PAUSE
59=REPL
60=RET
61=RTR
62=RTU
63=RUN
64=SHL
65=SHR
66=STI
67=STO
68=SUB
69=TI
70=TICND
71=TO
72=TOCND
73=VAR
74=XOR

[info]
0=Return value for some functions like FIND etc.\$RESULT_1 and $RESULT_2 are available for some commands.
1=Contains current version of OllyScript\Example\	cmp $VERSION, "0.8"\	ja version_above_08
2=Includes a script file in another script file\Example:\	#inc "anotherscript.txt"
3=Enables logging of executed commands.\The commands will appear in OllyDbg log window, and will be prefixed with -->\Example:\	#log
4=Adds src to dest and stores result in dest\Example: \	add x, 0F\	add eax, x\	add [401000], 5\	add y, " times" // If y was 1000 before this command then y is "1000 times" after it
5=Executes "Animate into" in OllyDbg\Example:\	ai
6=Analyze module which contains the address addr.\Example:\	an eip // Same as pressing CTRL-A
7=ANDs src and dest and stores result in dest\Example: \	and x, 0F\	and eax, x\	and [401000], 5
8=Displays an input box with the specified question and lets user enter a response.\Sets the reserved $RESULT variable (0 if cancel button was pressed).\Example:\	ask "Enter new EIP"\	cmp $RESULT, 0\	je cancel_pressed\	mov eip, $RESULT
9=Assemble a command at some address.\Returns bytes assembled in the reserved $RESULT variable\Example:\	asm eip, "mov eax, ecx"
10=Executes "Animate over" in OllyDbg\Example:\	ao
11=Clear unconditional breakpoint at addr.\Example:\	bc 401000\	bc x\	bc eip
12=Set unconditional breakpoint at addr.\Example:\	bp 401000\	bp x\	bp eip
13=Set breakpoint on address addr with condition cond.\Example:\	bpcnd 401000, "ECX==1"
14=Sets logging breakpoint at address addr that logs expression expr\Example:\	bpl 401000, "eax" // logs the value of eax everytime this line is passed
15=Sets logging breakpoint at address addr that logs expression expr if condition cond is true\Example:\	bplcnd 401000, "eax", "eax > 1" // logs the value of eax everytime this line is passed and eax > 1
16=Clear memory breakpoint.\Example:\	bpmc
17=Delete hardware breakpoint at a specified address\Example:\	bphwc 401000
18=Set hardware breakpoint. Mode can be "r" - read, "w" - write or "x" - execute.\Example:\	bphws 401000, "x"
19=Set memory breakpoint on read. Size is size of memory in bytes.\Example:\	bprm 401000, FF
20=Set memory breakpoint on write. Size is size of memory in bytes.\Example:\	bpwm 401000, FF
21=Compares dest to src. Works like it's ASM counterpart.\Example: \	cmp y, x\	cmp eip, 401000
22=Inserts a comment at the specified address\Example:\	cmt eip, "This is the entry point"
23=Makes script continue execution after a breakpoint has occured (removes EOB)\Example:\	COB
24=Makes script continue execution after an exception has occured (removes EOE)\Example:\	COE
25=Hides debugger\Example:\	dbh
26=Unhides debugger\Example:\	dbs
27=Substracts 1 from variable\Example:\	dec var
28=Dumps memory of specified size from specified address to specified file\Example:\	dm 401000, 1F, "c:\dump.bin"
29=Dumps memory of specified size from specified address to specified file appending to that file if it exists\Example:\	dma 401000, 1F, "c:\dump.bin"
30=Dumps the executable to file with specified name.\Entry point is set to ep.\Example:\	dpe "c:\test.exe", eip
31=Transfer execution to some label on next breakpoint.\Example:\	eob SOME_LABEL
32=Transfer execution to some label on next exception.\Example:\	eob SOME_LABEL
33=Executes SHIFT-F7 in OllyDbg.\Example:\	esti
34=Executes SHIFT-F9 in OllyDbg.\Example:\	esto
35=Evaluates a string expression that contains variables.\The variables that are declared in the current script can be enclosed in curly braces {} to be inserted.\Sets the reserved $RESULT variable\Example:\	var x\	mov x, 1000\	eval "The value of x is {x}" // after this $RESULT is "The value of x is 00001000"
36=Executes instructions between EXEC and ENDE in the context of the target process.\Values in curly braces {} are replaced by their values.\Example:\// This does some movs\var x\var y\mov x, "eax"\mov y, "0DEADBEEF"\exec\mov {x}, {y} // mov eax, 0DEADBEEF will be executed\mov ecx, {x} // mov ecx, eax will be executed\ende\// This calls ExitProcess in the debugged application\exec\push 0\call ExitProcess\ende\ret
37=Fills len bytes of memory at addr with value\Example:\	fill 401000, 10, 90 // NOP 10h bytes
38=Searches memory starting at addr for the specified value.\When found sets the reserved $RESULT variable. $RESULT == 0 if nothing found.\The search string can also use the wildcard "??" (see below).\\Example:\	find eip, #6A00E8# // find a PUSH 0 followed by some kind of call\	find eip, #6A??E8# // find a PUSH 0 followed by some kind of call
39=Searches code starting at addr for an instruction that begins with the specified bytes. \When found sets the reserved $RESULT variable. $RESULT == 0 if nothing found.\The search string can also use the wildcard "??" (see below).\Example:\	findop 401000, #61# // find next POPAD\	findop 401000, #6A??# // find next PUSH of something
40=Gets the symbolic name of specified address (ex the API it poits to)\Sets the reserved $RESULT variable to the name. If that name is an API\$RESULT_1 is set to the library (ex kernel32) and $RESULT_2 to the name of the API (ex ExitProcess).\Example:\	gn 401000
41=Gets the address of the specified procedure in the specified library.\When found sets the reserved $RESULT variable. $RESULT == 0 if nothing found.\Useful for setting breakpoints on APIs.\Example:\	gpa "MessageBoxA", "user32.dll" // After this $RESULT is the address of MessageBoxA and you can do "bp $RESULT".
42=Executes to specified address (like G in SoftIce)\Example:\	go 401005
43=Gets information about a module to which the specified address belongs.\"info" can be MODULEBASE, MODULESIZE, CODEBASE or CODESIZE (if you want other info in the future versions plz tell me).\Sets the reserved $RESULT variable (0 if data not found).\Example:\	GMI eip, CODEBASE // After this $RESULT is the address to the codebase of the module to which eip belongs
44=Adds 1 to variable\Example:\	inc v
45=Use this after cmp. Works like it's asm counterpart.\Example:\	ja SOME_LABEL
46=Use this after cmp. Works like it's asm counterpart.\Example:\	jae SOME_LABEL
47=Use this after cmp. Works like it's asm counterpart.\Example:\	jb SOME_LABEL
48=Use this after cmp. Works like it's asm counterpart.\Example:\	jbe SOME_LABEL
49=Use this after cmp. Works like it's asm counterpart.\Example:\	je SOME_LABEL
50=Unconditionally jump to a label.\Example:\	jmp SOME_LABEL
51=Use this after cmp. Works like it's asm counterpart.\Example:\	jne SOME_LABEL
52=Inserts a label at the specified address\Example:\	lbl eip, "NiceJump"
53=Logs src to OllyDbg log window.\If src is a constant string the string is logged as it is.\If src is a variable or register its logged with its name.\Example:\	log "Hello world" // The string "Hello world" is logged\	var x\	mov x, 10\	log x // The string "x = 00000010" is logged.
54=Move src to dest.\Src can be a long hex string in the format #<some hex numbers>#, for example #1234#.\Remember that the number of digits in the hex string must be even, i.e. 2, 4, 6, 8 etc.\Example: \	mov x, 0F\	mov y, "Hello world"\	mov eax, ecx\	mov [ecx], #00DEAD00BEEF00#\	mov !CF, 1\	mov !DF, !PF\	mov [403000], "Hello world"
55=Display a message box with specified message\Example:\	MSG "Script paused"
56=Display a message box with specified message and YES and NO buttons.\Sets the reserved $RESULT variable to 1 if YES is selected and 0 otherwise.\Example:\	MSGYN "Continue?"
57=ORs src and dest and stores result in dest\Example: \	or x, 0F\	or eax, x\	or [401000], 5
58=Pauses script execution. Script can be resumed from plugin menu.\Example:\	pause
59=Replace find with repl starting att addr for len bytes.\Wildcards are allowed\Example:\	repl eip, #6a00#, #6b00#, 10\	repl eip, #??00#, #??01#, 10\	repl 401000, #41#, #90#, 1F
60=Exits script.\Example:\	ret
61=Executes "Run to return" in OllyDbg\Example:\	rtr
62=Executes "Run to user code" in OllyDbg\Example:\	rtu
63=Executes F9 in OllyDbg\Example:\	run
64=Shifts dest to the left src times and stores the result in dest.\Example:\	mov x, 00000010\	shl x, 8 // x is now 00001000
65=Shifts dest to the right src times and stores the result in dest.\Example:\	mov x, 00001000\	shr x, 8 // x is now 00000010
66=Execute F7 in OllyDbg.\Example:\	sti
67=Execute F8 in OllyDbg.\Example:\	sto
68=Substracts src from dest and stores result in dest\Example: \	sub x, 0F\	sub eax, x\	sub [401000], 5
69=Executes "Trace into" in OllyDbg\Example:\	ti
70=Traces into calls until cond is true\Example:\	ticnd "eip > 40100A" // will stop when eip > 40100A
71=Executes "Trace over" in OllyDbg\Example:\	to
72=Traces over calls until cond is true\Example:\	tocnd "eip > 40100A" // will stop when eip > 40100A
73=Declare a variable to be used in the script. \Must be done before the variable is used.\Example: \	var x
74=XORs src and dest and stores result in dest\Example: \	xor x, 0F\	xor eax, x\	xor [401000], 5\
[args]
0=<RESULT>
1=$VERSION
2=#INC file
3=#LOG
4=ADD dest, src
5=AI
6=AN addr
7=AND dest, src
8=ASK question
9=ASM addr, command
10=AO
11=BC addr
12=BP addr
13=BPCND addr, cond
14=BPL addr, expr
15=BPLCND addr, expr, cond
16=BPMC
17=BPHWC addr
18=BPHWS addr, mode
19=BPRM addr, size
20=BPWM addr, size
21=CMP dest, src
22=CMT addr, text
23=COB
24=COE
25=DBH
26=DBS
27=DEC var
28=DM addr, size, file
29=DMA addr, size, file
30=DPE filename, ep
31=EOB label
32=EOE label
33=ESTI
34=ESTO
35=EVAL
36=EXEC/ENDE
37=FILL addr, len, value
38=FIND addr, what
39=FINDOP addr, what
40=GN addr
41=GPA proc, lib
42=GO addr
43=GMI addr, info
44=INC var
45=JA label
46=JAE label
47=JB label
48=JBE label
49=JE label
50=JMP label
51=JNE label
52=LBL addr, text
53=LOG src
54=MOV dest, src
55=MSG message
56=MSGYN message
57=OR dest, src
58=PAUSE
59=REPL addr, find, repl, len
60=RET
61=RTR
62=RTU
63=RUN
64=SHL dest, src
65=SHR dest, src
66=STI
67=STO
68=SUB dest, src
69=TI
70=TICND cond
71=TO
72=TOCND cond
73=VAR variant
74=XOR dest, src