| Сейчас на форуме: bartolomeo, johnniewalker, NIKOLA, vasilevradislav (+6 невидимых) |
 |
eXeL@B —› Софт, инструменты —› Modified CmdLine Plug-in |
| Посл.ответ | Сообщение |
|
|
Создано: 30 апреля 2007 16:56 · Личное сообщение · #1 Description This plug-in is a modified version of the default command line plugin and offers the following enhancements: - Added a printing functionality to Cmdline.dll - Can evaluate multiple expressions on conditional Log breakPoints and log them - Can accept arguments as comma seperated values. Ex: print eax,ecx,edx,byte ptr ds:[eax],hex 403000 - Can accept dot notation in Conditional Log BreakPoints for silent logging and continuation. Ex: .print eax,ecx .next command (.ti,.to,.si,.so,.run) ========================================= added one more command loaddll on the commandline type loaddll "your_dll" (dll should be in search path) or loadlll fully qualified path to your dll (path length <= MAX_PATH) to load any dlls in debugees process space a sample usage attaching piotr banias efilter.dll to an arbitrary process 10000000 Module C:\WINDOWS\DESKTOP\EFILTER.DLL 10001234 Debug string: [*] Efilter by Piotr Bania <http://pb.specialised.info> is now loading 1000125F Debug string: [*] Efilter: Attached to WIN.EXE - pid: 0xFFF8C575 10001266 Debug string: --------------------------------------------------------------------- BFEE0000 Module C:\WINDOWS\SYSTEM\NTDLL.DLL 00401000 Program entry point Loaded c:\windows\desktop\efilter.dll you can load dlls while process is running or stopped ========================================== added third command loadplugin "yourplugin" can load plugins dynamically without having to copy plugin to either pluginpath or without restarting the session also if you have already 32 plugins loaded you can free the last plugin and replace it with your new plugin ========================================== added fourth command Loadpdb you can load symbol files from microsoft symbol server set _NT_SYMBOL_PATH environment variable copy the dbghlp.dll and symsrv.dll to ollydbg directory (these are redistributable files from windbg installation 6.6.7.5 version) inside ollydbg do ALT+F1 type loadpdb c:\windows\system32\ntdll.dll thats all for now www.openrce.org/downloads/download_file/206  |
|
|
Создано: 30 апреля 2007 17:20 · Личное сообщение · #2 спасибо,щас посмотрим,то под висту мало пашет плагинов для ольки ( ----- Má enginn renna undan því sem honum er skapað |
|
eXeL@B —› Софт, инструменты —› Modified CmdLine Plug-in |
Для печати