Flag: Tornado! Hurricane!

 Forums >>  Debuggers  >>  can we code script like Olly Hit Snake plugin using Ollydbg Script?

Topic created on: May 9, 2012 09:17 CDT by nokimchen .

I'd like to write a script which can read the opcodes with its parameter in real-time. Olly Hit Snake plugin can do some part of what i want. Modification of Olly Hit Snake can certainly help me. But the problem is that i don't know C language. So, i would like to write a script using ollyDbgScript like:

var counter                           //variable to crawl the code
var buff                              //var to save the eip & opcode

mov counter, 1                        //initiate the vriable

start:                                //lable for looping
         cmp counter,3E8             //loop for 1000 times (3E8 in HEX= 1000 in DEC)
         ja finish                   //exit after 10 loops
         inc counter                 //Increase ocounter by 1, else ollydbg will freeze

         add buff, eip               //add the eip (address) to the variable
         add buff, " >> "            //just for convience
         opcode eip                  //get the opcodes of that address
         add buff, $RESULT_1         //put the opcode in the variable
         log buff                    //log the variable in the ollydbg log window
         mov buff,""                 //clear the variable

         ESTEP                       //(ESTEP  = f8)  step over the code  //sti = F7
         jmp start                   //If the counter is lower than 10 we jump back
finish:

The problem is: This 1000 lopps takes more than a minute. So, for a million loops, it'll may take days! This is beacuse of the implementation of ESTEP in the script. Is there any alternative which can make the script fast like Olly Hit Snake plugin?

Btw, i want this script to write 'cus certain malware creates a new thread dynamically and randomly and removes the thread immediately it is executed. So, the 'search command' feature of ollydbg dont work :(

  NirIzr     May 11, 2012 08:18.50 CDT
it takes a lot of time because you write it an interpreted language. either C or assembly would do a lot better.

Note: Registration is required to post to the forums.

There are 31,038 total registered users.


Recently Created Topics
Ultimate Hacking Cha...
Jun/21
CreateMutex
May/31
let 'IDAPython' impo...
Sep/24
set 'IDAPython' as t...
Sep/24
GuessType return une...
Sep/20
About retrieving the...
Sep/07
How to find specific...
Aug/15
How to get data depe...
Jul/07
Identify RVA data in...
May/06
Immunity Debugger Re...
Aug/03


Recent Forum Posts
How to find specific...
hackgreti
Problem with ollydbg
sh3dow
How can I write olly...
sh3dow
New LoadMAP plugin v...
mefisto...
Intel pin in loaded ...
djnemo
OOP_RE tool available?
Bl4ckm4n
OOP_RE tool available?
van7hu
Should binaries be n...
Kolisar
Problem with ollydbg
nullx42
!findtrampoline Immu...
skycrack


Recent Blog Entries
crystalwade
Jul/20
test

nieo
Mar/22
Android Application Reversing

halsten
Mar/14
Breaking IonCUBE VM

oleavr
Oct/24
Anatomy of a code tracer

hasherezade
Sep/24
IAT Patcher - new tool for ...

More ...


Recent Blog Comments
nieo on:
Mar/22
IAT Patcher - new tool for ...

djnemo on:
Nov/17
Kernel debugger vs user mod...

acel on:
Nov/14
Kernel debugger vs user mod...

pedram on:
Dec/21
frida.github.io: scriptable...

capadleman on:
Jun/19
Using NtCreateThreadEx for ...

More ...


Imagery
SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit