📄 isdebug.asm
字号:
.586p
.model flat, stdcall ; 32 bit memory model
option scoped ; local labels are enabled, global labels inside
; PROC should be defined with double colons (LABEL::)
option casemap :none ; case sensitive
DlgDumpProc proto :DWORD,:DWORD,:DWORD,:DWORD
DlgOptionProc proto :DWORD,:DWORD,:DWORD,:DWORD
include windows.inc
include kernel32.inc
include user32.inc
include ..\plugin.inc
include masm32.inc
include comdlg32.inc
includelib kernel32.lib
includelib user32.lib
includelib ..\ollydbg.lib
includelib masm32.lib
includelib comdlg32.lib
; ---------------------
; literal string MACRO
; ---------------------
literal MACRO quoted_text:VARARG
LOCAL local_text
.data
local_text db quoted_text,0
.code
EXITM <local_text>
ENDM
CTEXT MACRO quoted_text:VARARG
EXITM <offset literal(quoted_text)>
ENDM
m2m MACRO M1, M2
push M2
pop M1
ENDM
return MACRO arg
mov eax, arg
ret
ENDM
MAXSIZE equ 260
;Dumper.dlg
IDD_DUMP equ 1000
IDC_BTCANCEL equ 1001
IDC_BTDUMP equ 1002
IDC_EDTSIZE equ 1003
IDC_STC1 equ 1004
IDC_EDTOFFSET equ 1005
IDC_STC2 equ 1006
;Res\Params.dlg
IDD_OPTION equ 1001
IDC_GRP1 equ 1003
IDC_CHK1 equ 1001
IDC_STC3 equ 1002
IDC_SLEEPTIME equ 1004
IDC_STC4 equ 1005
IDC_BTN1 equ 1006
IDC_BTN2 equ 1007
;IsDebug.rc
.data
the_byte db 1
null_byte db 0
ofn OPENFILENAME <>
FilterString db "Bin Files",0 ;dont insert between
bin_extend db "*.bin",0,0 ;here
template db "%d",0
str_idb_Autoload db "idb_Autoload",0
str_idb_Sleeptime db "idb_Sleeptime",0
.data?
hinst HINSTANCE ? ; DLL instance
hwmain HWND ? ; Handle of main OllyDbg window
textbuffer db 512 dup(?)
byte_location dd ?
SizeWritten dd ?
hFileWrite dd ?
hMemory_code dd ?
pMemory_code dd ?
SVWinClass db 32 dup(?)
svthreadid dd ?
sleep_time dd ?
auto_load dd ?
dw_buffer dd ?
.code
; Entry point into a plugin DLL. Many system calls require DLL instance
; which is passed to DllEntryPoint() as one of parameters. Remember it.
; Preferrable way is to place initializations into ODBG_Plugininit() and
; cleanup in ODBG_Plugindestroy().
DllEntryPoint proc hi:HINSTANCE, reason:dword, res:dword
.IF reason == DLL_PROCESS_ATTACH
m2m hinst, hi ; Mark plugin instance
.ENDIF
return 1 ; Report success
DllEntryPoint endp
; ODBG_Plugindata() is a "must" for valid OllyDbg plugin. It must fill in
; plugin name and return version of plugin interface. If function is absent,
; or version is not compatible, plugin will be not installed. Short name
; identifies it in the Plugins menu. This name is max. 31 alphanumerical
; characters or spaces + terminating '\0' long. To keep life easy for users,
; this name should be descriptive and correlate with the name of DLL.
ODBG_Plugindata proc C shortname:ptr byte
invoke lstrcpy, shortname, CTEXT("IsDebugPresent") ; Name of plugin
return PLUGIN_VERSION;
ODBG_Plugindata endp
; OllyDbg calls this obligatory function once during startup. Place all
; one-time initializations here. If all resources are successfully allocated,
; function must return 0. On error, it must free partially allocated resources
; and return -1, in this case plugin will be removed. Parameter ollydbgversion
; is the version of OllyDbg, use it to assure that it is compatible with your
; plugin; hw is the handle of main OllyDbg window, keep it if necessary.
; Parameter features is reserved for future extentions, do not use it.
ODBG_Plugininit proc C ollydbgversion:dword, hw:HWND, features:ptr dword
; Check that version of OllyDbg is correct.
.IF ollydbgversion < PLUGIN_VERSION
jmp @@bad_exit
.ENDIF
invoke Addtolist, 0, 0, CTEXT("IsDebugPresent plugin v1.3 (SV 2oo3)")
; Keep handle of main OllyDbg window. This handle is necessary, for example,
; to display message box.
m2m hwmain, hw
return 0
@@bad_exit:
return -1
ODBG_Plugininit endp
; OllyDbg calls this optional function once on exit. At this moment, all MDI
; windows created by plugin are already destroyed (and received WM_DESTROY
; messages). Function must free all internally allocated resources, like
; window classes, files, memory and so on.
ODBG_Plugindestroy proc C
invoke Unregisterpluginclass,addr SVWinClass
ret
ODBG_Plugindestroy endp
; Function is called when user opens new or restarts current application.
; Plugin should reset internal variables and data structures to initial state.
ODBG_Pluginreset proc C
invoke Pluginreadintfromini,hinst,addr str_idb_Autoload,0 ;Auto ?
.if (eax!=0)
invoke Pluginreadintfromini,hinst,addr str_idb_Sleeptime,1000
mov sleep_time,eax ;save time value
lea eax,svthread
invoke CreateThread,NULL,NULL,eax,NULL,NULL,svthreadid
.endif
ret
svthread:
invoke Sleep,sleep_time ;Wait a little ;)
invoke Plugingetvalue,VAL_PROCESSID ;is something loaded ??
.if (eax!=0)
call get_byte_location
mov byte_location,eax
;1==Debugger 0==Clean ;)
invoke Writememory,addr null_byte,byte_location,1,MM_RESTORE
.if (eax!=1)
;ooopps
invoke Error,CTEXT("Error WriteMemory failed")
.elseif
invoke Addtolist, 0, -1, CTEXT(" IsDebugPresent hidden")
.endif
invoke ExitThread,TRUE
.endif
ODBG_Pluginreset endp
; OllyDbg calls this optional function when user wants to terminate OllyDbg.
; All MDI windows created by plugins still exist. Function must return 0 if
; it is safe to terminate. Any non-zero return will stop closing sequence. Do
; not misuse this possibility! Always inform user about the reasons why
; termination is not good and ask for his decision!
ODBG_Pluginclose proc C
; For automatical restoring of open windows, mark in .ini file whether
; Bookmarks window is still open.
return 0
ODBG_Pluginclose endp
; Function adds items either to main OllyDbg menu (origin=PM_MAIN) or to popup
; menu in one of standard OllyDbg windows. When plugin wants to add own menu
; items, it gathers menu pattern in data and returns 1, otherwise it must
; return 0. Except for static main menu, plugin must not add inactive items.
; Item indices must range in 0..63. Duplicated indices are explicitly allowed.
ODBG_Pluginmenu proc C uses ebx origin:dword, data:ptr byte, item:dword
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -