Ollydbg 1.10's plugin LsMem2CAry.dll
来源:互联网 发布:分期乐软件靠谱吗 编辑:程序博客网 时间:2024/06/03 21:59
前言
在OD1.1中, 需要将选择好的内存数据转成在工程中需要的C数组.
用Winhex打开进程, 是有这个功能的, 但是这有点繁琐.
今天自己打造了一个OD1.1的插件, 帮我将选择好的内存数据存到剪贴板或附加到OD目录中的LsMem2CAry.log.
我就可以直接将转换好的C数组贴到工程中用了.
工程下载点
srcOllyDbg110PluginMem2CAry.zip
UI
实现
// @file MyDll.cpp// @brief Ollydbg 1.10's plugin LsMem2CAry.dll by LostSpeed@csdn// on cpu dump window, select memory range// copy select bytes as C Language Array text// * copy array text define to clipboard// * or copy array text to default file <OllyDbgDir>\\LsMem2CAry.log#include "stdafx.h"#include "MyDll.h"// include ollydbg's sdk// 从http://www.ollydbg.de/下载的plug110.zip中带的OLLYDBG.LIB编译不过...// 报错 : error LNK2001: unresolved external symbol _Readmemory// 用的pediy上osc_092_src.rar中的Plugin.h和OLLYDBG.LIB编译通过#include "Plugin.h"#pragma comment(lib, "OLLYDBG.LIB")#define PROG_NAME "LsMem2CAry"#define OPT_TYPE_BASE 0x1000#define OPT_TYPE_TO_CLIPBOARD (OPT_TYPE_BASE + 1)#define OPT_TYPE_TO_FILE (OPT_TYPE_BASE + 2)BOOL MemOptByType(DWORD dwAddrBegin, DWORD dwAddrEnd, int iType);BOOL MemOptToClipBoard(const char* pBuf, DWORD dwBufLen);BOOL MemOptToFile(const char* pcFileName, const char* pBuf, DWORD dwBufLen);BOOL APIENTRY DllMain(HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ){ switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: case DLL_PROCESS_DETACH: break; } return TRUE;}MYDLL_API int foo(void){ return 42;}// 必须存在ODBG_Plugininit, 才会调用ODBG_Plugindataextc int _export cdecl ODBG_Plugindata(char shortname[32]){ strcpy(shortname, PROG_NAME); // Name of plugin return PLUGIN_VERSION;};extc int _export cdecl ODBG_Plugininit( int ollydbgversion, HWND hw, ulong* features){ if (ollydbgversion < PLUGIN_VERSION) { return -1; } return 0;};extc int _export cdecl ODBG_Pluginmenu(int origin, char data[4096], void* item){ int iRc = FALSE; char szBuf[MAXBYTE] = {'\0'}; switch (origin) { case PM_CPUDUMP: { if (NULL != data) { // main menu name strcpy(data, "#copy select memory range byte content as C array text {"); // sub menu id = 0, is "copy to clipboard" strcat(data, "0 copy to clipboard,"); // sub menu id = 1, is "append to default file[LsMem2CAry.log]" strcat(data, "1 append to default file[<OllyDbgDir>\\LsMem2CAry.log]"); strcat(data, "}"); iRc = TRUE; // ! } } break; default: break; // Any other window }; return iRc; // Window not supported by plugin}extc void _export cdecl ODBG_Pluginaction(int origin, int action, void* item){ char szBuf[MAXBYTE] = {'\0'}; t_dump* pItemInfo = (t_dump*)item; switch (origin) { case PM_CPUDUMP: { if (0 == action) { // copy to clipboard if (NULL != pItemInfo) { // pItemInfo->base : 所在内存区(section)开始地址 // pItemInfo->size : 所在内存区(section)的size // pItemInfo->addr : 可见窗格的开始地址 // pItemInfo->lastaddr : 可见窗格的结束地址(不包含) // pItemInfo->sel0 : 已经选择的字节范围开始地址(已经排序) // pItemInfo->sel1 : 已经选择的字节范围结束地址(已经排序, 不包含) // pItemInfo->startsel : 开始选择字节范围的开始地址 MemOptByType(pItemInfo->sel0, pItemInfo->sel1 - 1, OPT_TYPE_TO_CLIPBOARD); } } else if (1 == action) { MemOptByType(pItemInfo->sel0, pItemInfo->sel1 - 1, OPT_TYPE_TO_FILE); } } break; default: break; };}BOOL MemOptByType(DWORD dwAddrBegin, DWORD dwAddrEnd, int iType){ // append to default file[LsMem2CAry.log] BOOL bRc = FALSE; DWORD dwIndex = 0; DWORD dwModPos = 0; BYTE ucAryToReadByte[2] = {'\0'}; char* pcContainer = NULL; DWORD dwContainerLen = 0; char szBuf[MAXBYTE] = {'\0'}; try { if (dwAddrEnd >= dwAddrBegin) { // 0x100字节 用来写修饰内容 // 每个字节显示出来, 最多要占用7个字节(0xXX,\r\n) dwContainerLen = (dwAddrEnd - dwAddrBegin) * 7 + 0x100; pcContainer = new char[dwContainerLen]; ZeroMemory(pcContainer, dwContainerLen); // array begin sprintf(szBuf, "unsigned char szMemAry_0x%X_0x%X[%ld] = {\r\n", dwAddrBegin, dwAddrEnd, dwAddrEnd - dwAddrBegin + 1); strcat(pcContainer, szBuf); /** */ // format a byte one by one, append to pcContainer dwModPos = 0; for (dwIndex = dwAddrBegin; dwIndex <= dwAddrEnd; dwIndex++) { Readmemory(ucAryToReadByte, dwIndex, sizeof(char), MM_RESILENT); // 加缩进 if (0 == dwModPos) { strcat(pcContainer, " "); } // 加字节内容 sprintf(szBuf, "0x%2.2X", ucAryToReadByte[0]); strcat(pcContainer, szBuf); if (dwIndex != dwAddrEnd) { strcat(pcContainer, ", "); } // 一行8个元素 if ((7 == dwModPos) && (dwIndex != dwAddrEnd)) { strcat(pcContainer, "\r\n"); dwModPos = 0; } else { dwModPos++; } } // array end sprintf(szBuf, "};\r\n\r\n"); strcat(pcContainer, szBuf); // depend iType do diffrent task if (OPT_TYPE_TO_CLIPBOARD == iType) { bRc = MemOptToClipBoard(pcContainer, strlen((const char*)pcContainer)); sprintf(szBuf, "%s : copy memory [0x%X] ~ [0x%X] to clipboard", bRc ? "success" : "failed", dwAddrBegin, dwAddrEnd); } else if (OPT_TYPE_TO_FILE == iType) { bRc = MemOptToFile("LsMem2CAry.log", pcContainer, strlen((const char*)pcContainer)); sprintf(szBuf, "%s : copy memory [0x%X] ~ [0x%X] append to file [<OllyDbgDir>\\%s]", bRc ? "success" : "failed", dwAddrBegin, dwAddrEnd, "LsMem2CAry.log"); } else { sprintf(szBuf, "%s", "功能未实现"); } } else { sprintf(szBuf, "%s", "软件BUG1, 请联系作者"); } } catch (...) { sprintf(szBuf, "%s", "发生了异常, 请联系作者"); } Infoline(szBuf); Updatelist(); Flash(szBuf); if (NULL != pcContainer) { delete [] pcContainer; pcContainer = NULL; } return TRUE;}BOOL MemOptToClipBoard(const char* pBuf, DWORD dwBufLen){ BOOL bRc = FALSE; HGLOBAL hglbCopy = NULL; BYTE* pcBufForClipBoard = NULL; do { if (!OpenClipboard(NULL)) { break; } if ((NULL == pBuf) || (0 == dwBufLen) || (0xffffffff == dwBufLen)) { break; } hglbCopy = GlobalAlloc(GMEM_MOVEABLE, (dwBufLen + 1) * sizeof(char)); if (NULL == hglbCopy) { break; } EmptyClipboard(); pcBufForClipBoard = (BYTE*)GlobalLock(hglbCopy); pcBufForClipBoard[dwBufLen] = '\0'; memcpy(pcBufForClipBoard, pBuf, dwBufLen); GlobalUnlock(pcBufForClipBoard); SetClipboardData(CF_TEXT, hglbCopy); bRc = TRUE; } while (0); CloseClipboard(); return bRc;}BOOL MemOptToFile(const char* pcFileName, const char* pBuf, DWORD dwBufLen){ BOOL bRc = FALSE; HANDLE hFile = INVALID_HANDLE_VALUE; DWORD dwFileSizeHigh = 0; DWORD dwFileSizeLow = 0; DWORD dwNumberOfBytesWritten = 0; try { do { if (NULL == pcFileName) { break; } hFile = ::CreateFileA( pcFileName, GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ, NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); if (INVALID_HANDLE_VALUE == hFile) { break; } // append to file tail dwFileSizeLow = GetFileSize(hFile, &dwFileSizeHigh); if ((0 != dwFileSizeLow) || (0 != dwFileSizeHigh)) { SetFilePointer(hFile, 0, NULL, FILE_END); } // &dwNumberOfBytesWritten 不能给NULL, 有异常被捕获 WriteFile(hFile, pBuf, dwBufLen, &dwNumberOfBytesWritten, NULL); bRc = TRUE; } while (0); } catch (...) { } if ((NULL != hFile) && (INVALID_HANDLE_VALUE != hFile)) { CloseHandle(hFile); hFile = NULL; } return bRc;}
0 0
- Ollydbg 1.10's plugin LsMem2CAry.dll
- replace ollydbg's WNDPROC on OD's plugin
- OllyFlow plugin for Ollydbg
- Ollydbg Anti Anti Hardware Breakpoint Plugin
- RL!APIFinder, OllyDbg plugin by ap0x
- RL!Weasle 0.6 OllyDBG plugin by ap0x
- RL!APIFinder OllyDBG plugin 0.3 by ap0x
- Plugin OllyDbg : FullDisasm 1.1 by Beatrix2004
- OD plugin - PhantOm.dll
- SehSpy:OllyDbg's plug-in by pnluck
- OllyDbg
- Ollydbg
- OllyDBG
- Ollydbg
- OllyDbg
- vim/gvim `s plugin
- 用Ollydbg手脱PECompact加壳的DLL
- Ollydbg手脱UPX加壳的DLL
- python 构建一个回调函数2
- ACM书中题目 K
- Backward Digit Sums POJ
- 生成Cordova项目,给Cordova加插件
- pwnable.kr [Toddler's Bottle]
- Ollydbg 1.10's plugin LsMem2CAry.dll
- 《ACM程序设计》书中题目K(爱搭积木的小鲍勃)
- 第十周:66. Plus One
- 基于广度优先搜索的自适应贪吃蛇实现
- 通用单链表(一)
- vivo面试笔记
- Spring AOP 项目出现 通配符的匹配很全面, 但无法找到元素 'aop:config' 的声明。错误
- Ubuntu-16.04安装Xdebug-2.2.5及相关介绍
- 103. Binary Tree Zigzag Level Order Traversal