📄 plugin.pas
字号:
////////////////////////////////////////////////////////////////////////////////
// //
// OLLYDBG PLUGIN API //
// //
// Version 1.10 //
// //
// Written by Oleh Yuschuk (ollydbg@t-online.de) //
// //
// Internet: http://home.t-online.de/home/Ollydbg //
// //
// This code is distributed "as is", without warranty of any kind, expressed //
// or implied, including, but not limited to warranty of fitness for any //
// particular purpose. In no event will Oleh Yuschuk be liable to you for any //
// special, incidental, indirect, consequential or any other damages caused //
// by the use, misuse, or the inability to use of this code, including any //
// lost profits or lost savings, even if Oleh Yuschuk has been advised of the //
// possibility of such damages. //
// //
////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////
//////////////////////////// IMPORTANT INFORMATION /////////////////////////////
// 1. Export all callback functions by name, NOT by ordinal!
// 2. Force byte alignment of OllyDbg structures!
// 3. Set default char type to unsigned!
// 4. Read documentation!
////////////////////////////////////////////////////////////////////////////////
// //
// Porting from C header file to Delphi unit file by TQN //
// Will compile well with Delphi 6 and Delphi 7 //
// //
// Note: //
// -The _Findknownfunction function not existed in OllyDbg.exe ver 1.10 //
// - The Isprefix function not existed in Plugin.h //
// //
////////////////////////////////////////////////////////////////////////////////
unit Plugin;
interface
uses
Windows;
{$A1} // Struct byte alignment
{$IFDEF VER150}
{$WARN UNSAFE_CODE OFF}
{$WARN UNSAFE_TYPE OFF}
{$WARN UNSAFE_CAST OFF}
{$ENDIF}
////////////////////////////////////////////////////////////////////////////////
////////////////////////////// GENERAL DECLARATIONS ////////////////////////////
const
PLUGIN_VERSION = 110; // Version of plugin interface
WM_USER = $0400;
TEXTLEN = 256; // Maximal length of text string
ARGLEN = 1024; // Maximal length of argument string
USERLEN = 4096; // Maximal length of record in .udd file
SHORTLEN = 8; // Maximal length of short name
BLACK = 0; // Indices of colours used by OllyDbg. In
BLUE = 1; // syntax highlighting, use only colours
GREEN = 2; // 0 to 15 in the least significant bits
CYAN = 3; // of the corresponding mask byte.
RED = 4;
MAGENTA = 5;
BROWN = 6;
LIGHTGRAY = 7;
DARKGRAY = 8;
LIGHTBLUE = 9;
LIGHTGREEN = 10;
LIGHTCYAN = 11;
LIGHTRED = 12;
LIGHTMAGENTA = 13;
YELLOW = 14;
WHITE = 15;
MINT = 16;
SKYBLUE = 17;
IVORY = 18;
GRAY = 19;
NCOLORS = 20; // Total number of defined colours
BKTRANSP = $00; // Background colours in syntax hiliting
BKBLACK = $10;
BKGRAY = $20;
BKWHITE = $30;
BKCYAN = $40;
BKGREEN = $50;
BKRED = $60;
BKYELLOW = $70;
BLACKWHITE = 0; // Colour schemes used by OllyDbg
BLUEGOLD = 1;
SKYWIND = 2;
NIGHTSTARS = 3;
SCHEME4 = 4;
SCHEME5 = 5;
SCHEME6 = 6;
SCHEME7 = 7;
FIXEDFONT = 0; // Fonts used by OllyDbg. Variable-pitch
TERMINAL6 = 1; // fonts are placed at the end of this
FIXEDSYS = 2; // table.
COURIERFONT = 3;
LUCIDACONS = 4;
FONT5 = 5;
FONT6 = 6;
FONT7 = 7;
MAINFONT = 8;
SYSFONT = 9;
INFOFONT = 10;
////////////////////////////////////////////////////////////////////////////////
///////////////////////////// INFORMATION FUNCTIONS ////////////////////////////
procedure Addtolist(addr: LongInt; highlight: Integer; format: PChar); cdecl; varargs;
procedure Updatelist; cdecl;
function Createlistwindow: HWND; cdecl;
procedure Error(format: PChar); cdecl; varargs;
procedure Message(addr: ULONG; format: PChar); cdecl; varargs;
procedure Infoline(format: PChar); cdecl; varargs;
procedure Progress(promille: Integer; format: PChar); cdecl; varargs;
procedure Flash(format: PChar); cdecl; varargs;
////////////////////////////////////////////////////////////////////////////////
/////////////////////////// DATA FORMATTING FUNCTIONS //////////////////////////
// Bits used in Decodeaddress(), Decoderelativeoffset() and Decodethreadname()
// to specify decoding mode:
const
ADC_DEFAULT = $0000; // Default decoding mode
ADC_DIFFMOD = $0001; // Show module only if different
ADC_NOMODNAME = $0002; // Never show module name
ADC_VALID = $0004; // Only decode if allocated memory
ADC_INMODULE = $0008; // Only decode if in some module
ADC_SAMEMOD = $0010; // Decode only address in same module
ADC_SYMBOL = $0020; // Only decode if symbolic name
ADC_JUMP = $0040; // Check if points to JMP/CALL command
ADC_OFFSET = $0080; // Check if symbol for data
ADC_STRING = $0100; // Check if pointer to ASCII or UNICODE
ADC_ENTRY = $0200; // Check if entry to subroutine
ADC_UPPERCASE = $0400; // First letter in uppercase if possible
ADC_WIDEFORM = $0800; // Extended form of decoded name
ADC_NONTRIVIAL = $1000; // Name + non-zero offset
ADC_DYNAMIC = $2000; // JMP/CALL to dynamically loaded name
PLAINASCII = $01; // Plain ASCII character
DIACRITICAL = $02; // Diacritical character
RAREASCII = $10; // Rare ASCII character
function Decodeaddress(addr: ULONG; base: ULONG; addrmode: Integer;
symb: PChar; nsymb: Integer; comment: PChar): Integer; cdecl;
function Decoderelativeoffset(addr: ULONG; addrmode: Integer;
symb: PChar; nsymb: Integer): Integer; cdecl;
function Decodecharacter(s: PChar; c: UINT): Integer; cdecl;
function Printfloat4(s: PChar; f: Single): Integer; cdecl;
function Printfloat8(s: PChar; d: Double): Integer; cdecl;
function Printfloat10(s: PChar; ext: Extended): Integer; cdecl;
function Print3dnow(s: PChar; f: PChar): Integer; cdecl;
function Printsse(s: PChar; f: PChar): Integer; cdecl;
function Followcall(addr: ULONG): ULONG; cdecl;
function IstextA(c: Char): Integer; cdecl;
function IstextW(w: WCHAR): Integer; cdecl;
function Stringtotext(data: PChar; ndata: Integer;
text: PChar; ntext: Integer): Integer; cdecl;
////////////////////////////////////////////////////////////////////////////////
////////////////////////////// DATA INPUT FUNCTIONS ////////////////////////////
const
MAXCMDSIZE = 16; // Maximal length of 80x86 command
NSEQ = 8; // Max length of command sequence
NMODELS = 8; // Number of assembler search models
// Note that each of dialog functions decodes only subset of listed flags.
DIA_ASKGLOBAL = $0001; // Display checkbox 'Global search'
DIA_HEXONLY = $0002; // Hexadecimal format only
DIA_ALIGNED = $0004; // Display checkbox 'Aligned search'
DIA_DEFHEX = $0000; // On startup, cursor in hex control
DIA_DEFASCII = $0010; // On startup, cursor in ASCII control
DIA_DEFUNICODE = $0020; // On startup, cursor in UNICODE control
DIA_SEARCH = $0040; // Is a search dialog
DIA_HISTORY = $0100; // Allows previous hex strings
// Status of animation or trace.
ANIMATE_OFF = 0; // No animation
ANIMATE_IN = 1; // Animate into
ANIMATE_OVER = 2; // Animate over
ANIMATE_RET = 3; // Execute till RET
ANIMATE_SKPRET = 4; // Skip RET instruction
ANIMATE_USER = 5; // Execute till user code
ANIMATE_TRIN = 6; // Run trace in
ANIMATE_TROVER = 7; // Run trace over
ANIMATE_STOP = 8; // Gracefully stop animation
type
p_hexstr = ^t_hexstr;
t_hexstr = packed record // String used for hex/text search
n: Integer; // String length
data: array[0..TEXTLEN-1] of Char; // Data
mask: array[0..TEXTLEN-1] of Char; // Mask, 0 bits are masked
end;
p_asmmodel = ^t_asmmodel;
t_asmmodel = packed record // Model to search for assembler command
code: array[0..MAXCMDSIZE-1] of Char; // Binary code
mask: array[0..MAXCMDSIZE-1] of Char; // Mask for binary code (0: bit ignored)
length: Integer; // Length of code, bytes (0: empty)
jmpsize: Integer; // Offset size if relative jump
jmpoffset: Integer; // Offset relative to IP
jmppos: Integer; // Position of jump offset in command
end;
p_asmmodels = ^t_asmmodels;
t_asmmodels = array[0..NMODELS - 1] of t_asmmodel;
t_extmodel = packed record // Model for extended command search
code: array[0..MAXCMDSIZE-1] of Char; // Binary code
mask: array[0..MAXCMDSIZE-1] of Char; // Mask for binary code (0: bit ignored)
length: Integer; // Length of code, bytes (0: empty)
jmpsize: Integer; // Offset size if relative jump
jmpoffset: Integer; // Offset relative to IP
jmppos: Integer; // Position of jump offset in command
isany: Integer; // Count for ANY's argument
cmdoffset: Integer; // Offset of command in the source
ramask: array[0..MAXCMDSIZE-1] of Char; // Mask for pseudoregister RA
rbmask: array[0..MAXCMDSIZE-1] of Char; // Mask for pseudoregister RB
end;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -