29-12-2018, 07:17 AM
المشاركة الأصلية كتبت بواسطة Sn!per X, يوم 27-09-2015 على الساعة 11:39 AM
إقتباس :السلام عليكم
- لمن يريد برمجة Plugins تعمل مع معظم نسخ OllyDBG المعدلة (Patched OllyDbg) و ImmDBG في نفس الوقت
فقط يستعمل الـ Plugin API Unit المرفقة لبرمجة الـ Plugins الخاصة به.
- ما أعجني في السورس أنه توجد دالة تقوم بتغيير أسماء الدوالة المصدرة (Exported Functions) في الـ Memory على حسب
الـ Debugger الذي قام بتحميل DLL الـPlugin. (راجع المرفقات--> آخر 4 دوال).
* السورس الأصلي C ترجم إلى الـ Delphi بواسطة: TQN
* تم تعديل وتحسين السورس ليعمل على نسخ أكثر بواسطة: BobSoft
* السورس يعمل بشكل جيد على: Delphi 6-7
تم تجريب الـ PDK وعملت بشكل جيد على النسخ التالية:
Same plugin (without any recompiling) successfully tested on:
Immunity Debugger (ImmDbg)
Standard OllyDbg v1.10
SND OllyDbg
FOFF Team OllyDbg
Diablo2oo2 OllyDbg
Shadow OllyDbg
DeRoX OllyDbg
OllyIce
OllyHan
BoomBox OllyDbg
NoLoVeR OllyDbg
RAMOllyDBG OllyDbg
CiM's OllyDbg
OllyDbg 9in1 for Themida
Hacnho's OllyDbg
Sabre-Gold OllyDbg
YPOGEiOS OllyDbg
0llyDbg mod by ali.dbg
//==============================================================================
// History
//==============================================================================
v1.00:
o Simple port of OllyDbg PDK (TQN's Delphi version) to Immunity Debugger ..
v1.01: (17-Nov-2008)
o Dynamic resolving of debugger exports, so now plugins can be loaded by OllyDbg or ImmDbg - whatever the debugger Exe name is ..
o All debugger functions changed to be declared as variables .. (Usage is exactly the same as before)
o Auto-changes the Plugin DLL export names (if OllyDbg) - simply alters _IMMDBG_ to _ODBG_ - to allow use on either debugger ..
o Supports SND Edition OllyDbg .. (Different prefix "_SNDG_" and must get exports of Debugger by ordinal)
o Supports Team FOFF edition OllyDbg .. (Different prefix "_FOFF_")
o Supports Diablo2oo2 Edition OllyDbg .. (No exports rva)
o Supports Shadow Edition OllyDbg .. (No exports rva)
o Can now debug ImmDbg / OllyDbg plugins created with this SDK in same debugger (as Plugin DLL is no-longer linked to exe) ..
o Added string constants for Plugin callback (export) names ..
o Added more descriptive PDK_VERSION const that equals original PLUGIN_VERSION ..
v1.02: (26-Nov-2008)
o Supports DeRoX patched OllyDbg (OllyDRX) .. (Different prefix "_DRXG_")
o Example (below, in Usage) is now actually usable to test the PDK ..
o DetectDebuggerVersion() code imporved slightly ..
o Tested with a few more OllyDbg versions (see Notes below for full list) ..
v1.03: (01-Dec-2010)
o Made the debugger detection function accessable by Plugin, for those direct OllyDbg patches ..
o Compatible with CiM's OllyDbg (Packed with Upx) ..
o Compatible with packed OllyDbg, as long as the exports stay in the same place in the file ..
o Tested with a few more OllyDbg versions (see Notes below for full list) ..
o Now also compatible with 0llyDbg mod (with a zero)
o Added fixes to make it also work with new ImmDbg v1.80 where they changed the export names!
//==============================================================================
// Future
//==============================================================================
o Support any other Editions of OllyDbg .. (Send to me if you have one that's not compatible - [email protected])
o Include Py* exports from ImmDbg ..? Or perhaps a function to run a Python script ?
o Asm version, anyone with Asm PDK 1.10 please send to me ..
//==============================================================================
// Notes
//==============================================================================
This WILL NOT work on any OllyDbg version before 1.10 !!
No idea if this works on Vista, if anyone has Vista please let me know if it works ..!
Function descriptions:
ResolveDebuggerExports() -> Dynamically gets the functions exported from the debugger and fixes the addresses for the PDK functions ..
DetectDebuggerVersion() -> Detects if loaded by ImmDbg, OllyDbg 1.10, FOFF Team OllyDbg, SND OllyDbg or OllyDRX ..
FixPluginExportsForOllyDbg() -> If not ImmDbg detected then renames exports of plugin in memory to OllyDbg versions ..