godup.hlp
上传用户:haohao_zhu
上传日期:2014-08-15
资源大小:2446k
文件大小:4k
- GODUP - Godfather+ Olly Debugger Universal Plug-in
- ver. 1.2 2004-08-09
- add: Resource viewer can show Delphi and Borland C builder forms
- add: Resource viewer can show dialogs
- add: Resource viewer can show version infos
- fix: Problem with executing dumpsig.exe if full path have space in it
- fix: Memory leak with showing bitmap resources
- Experimental - Resource viewer - automatic breakpoint search on static
- events from Delphi or BCB form - Works ONLY for DELPHI and BCB
- How to use it:
- 1. in Olly debuger select executable which you want to examine
- (ALT+E) or menu View -> Executable modules
- 2. Analyse it
- 3. Now you can use Resource viewer.
- When you inspect form in resource viewer you see something like:
- object Button1: TButton
- Left = 32
- Top = 24
- Width = 75
- Height = 25
- Caption = 'Button1'
- TabOrder = 0
- OnClick = Button1Click <--- Double click here!!!!!
- end
- Go to OnClick = Button1Click event and press double click - plugin will
- try to find all places where event with this name is valid and put breakpoint there
- automatically.
- This don't work with:
- - Events which are set dinamically on runtime (They don't exist on form)
- - programs protected with ASProtect
- (place for setting breakpoint is correct, and breakpoint is set, after that I get
- exception 80000003 when try to execute this code)
- ver. 1.1 2004-08-01
- add: Resource viewer can show DIB resources
- add: Resoruces saving
- add: Signature loader selector - selecting full row in grid for better visibility
- add: Settings pannel
- add: Possibility to decide where your notepad files will go
- add: Notepad files have name builded from short process name + _dbg.txt
- fix: Incorrect PE flag reading for signatrue files (thx TQN)
- fix: Correct position of components on form after resize
- fix: Support for executable packers which expand resources in memory out of
- resource section defined in PE header (PeCompact)
- fix: Some minor fixes
- from this release I use TQN version of coverted plugin.h
- (my is not so perfectly converted)
- Personal greetings to:
- tbd, TQN, redmullet
- ver. 1.0 2004-07-26
- This plug-in consist of 5 handy tools:
- 1. Map loader
- 2. Resource viewer
- 3. Process info
- 4. IDA signature loader
- 5. Notepad
- 1. Map loader - use it for loading map files produced by compiler or by
- IDA. You can use it to load label names and/or to load comments from .map file.
- There is no any checking if map file match currently debugged process.
- 2. Resource viewer - use it for looking to your resources ;-) This is
- probably only viewer which works through direct memory access - means that you
- can even look to resources of compressed (protected) executables.
- NOTE: Still in experimental phase.
- 3. Process info - Give you basic information about process + try to
- recognize compiler and protection mechanism. . Process info use signature file
- signs.txt from PE tools v1.5 (NEOx, .Cryorb) Fell free to add your own
- signatures and share it with us.
- 4. IDA signature loader - probably mostly wanted add on for Olly debugger -
- now you can use IDA signature without IDA ;-) Just look to process info - find
- your compiler and select and apply matching IDA signature. It's not problem if
- you apply wrong one, you can apply another also. Only what you must do is to set
- proper path to IDA signatures, and you need sigdump.exe file from IDA resource
- kit.
- 5. Notepad - Simple but smart notepad which load your notes per process
- automatically every time.
- INSTALLATION:
- Just unpack all files to your Olly debug plug-in directory.
- -------------------------------------------------------------------------------
- Plug-in is written in Delphi 7, using self converted plugin.h from Olly Plug-in
- Kit.
- Plug-in in this version can recognize 85%-90% functions from IDA signature
- files. I still missing logic, which guys from Datarescue use, when procedure or
- function has same first 32 bytes.(Then you must use checksums for rest of
- procedure etc