吾爱破解 - LCG - LSG |安卓破解|病毒分析|www.52pojie.cn

 找回密码
 注册[Register]

QQ登录

只需一步,快速开始

查看: 9093|回复: 27
收起左侧

[OllyDbg 1.x Plugin] GODUP - Godfather+ Olly Debugger Universal Plug-in

  [复制链接]
Hmily 发表于 2018-10-16 14:56
整理爱盘,顺便备份一个04年用来导入map的插件

GODUP - Godfather+  Olly Debugger Universal Plug-in

ver. 1.2 2004-08-09

add:        Resource viewer can show Delphi and Borland C builder forms
add:        Resource viewer can show dialogs
add:        Resource viewer can show version infos

fix:        Problem with executing dumpsig.exe if full path have space in it
fix:        Memory leak with showing bitmap resources

Experimental -        Resource viewer - automatic breakpoint search on static
                events from Delphi or BCB form - Works ONLY for DELPHI and BCB

How to use it:

1. in Olly debuger select executable which you want to examine
   (ALT+E) or menu View -> Executable modules
2. Analyse it
3. Now you can use Resource viewer.

When you inspect form in resource viewer you see something like:

  object Button1: TButton
    Left = 32
    Top = 24
    Width = 75
    Height = 25
    Caption = 'Button1'
    TabOrder = 0
    OnClick = Button1Click    <--- Double click here!!!!!
  end

Go to OnClick = Button1Click event and press double click - plugin will
try to find all places where event with this name is valid and put breakpoint there
automatically.

This don't work with:
- Events which are set dinamically on runtime (They don't exist on form)
- programs protected with ASProtect
(place for setting breakpoint is correct, and  breakpoint is set, after that I get
exception 80000003 when try to execute this code)

ver. 1.1 2004-08-01

add:        Resource viewer can show DIB resources
add:        Resoruces saving
add:        Signature loader selector - selecting full row in grid for better visibility
add:        Settings pannel
add:        Possibility to decide where your notepad files will go
add:        Notepad files have name builded from short process name + _dbg.txt

fix:        Incorrect PE flag reading for signatrue files (thx TQN)
fix:        Correct position of components on form after resize
fix:        Support for executable packers which expand resources in memory out of
        resource section defined in PE header (PeCompact)
fix:    Some minor fixes


from this release I use TQN version of coverted plugin.h
(my is not so perfectly converted)

Personal greetings to:
        tbd, TQN, redmullet


ver. 1.0 2004-07-26

This plug-in consist of 5 handy tools:

1.        Map loader
2.        Resource viewer
3.        Process info
4.        IDA signature loader
5.        Notepad

1.        Map loader - use it for loading map files produced by compiler or by
IDA. You can use it to load label names and/or to load comments from .map file.
There is no any checking if map file match currently debugged process.

2.        Resource viewer - use it for looking to your resources ;-) This is
probably only viewer which works through direct memory access - means that you
can even look to resources of compressed (protected) executables.
NOTE: Still in experimental phase.

3.        Process info - Give you basic information about process + try to
recognize compiler and protection mechanism. . Process info use signature file
signs.txt from PE tools v1.5  (NEOx, .Cryorb) Fell free to add your own
signatures and share it with us.

4.        IDA signature loader - probably mostly wanted add on for Olly debugger -
now you can use IDA signature without IDA ;-) Just look to process info - find
your compiler and select and apply matching IDA signature. It's not problem if
you apply wrong one, you can apply another also. Only what you must do is to set
proper path to IDA signatures, and you need sigdump.exe file from IDA resource
kit.

5.        Notepad - Simple but smart notepad which load your notes per process
automatically every time.


INSTALLATION:
Just unpack all files to your Olly debug plug-in directory.

-------------------------------------------------------------------------------
Plug-in is written in Delphi 7, using self converted plugin.h from Olly Plug-in
Kit.

Plug-in in this version can recognize 85%-90% functions from IDA signature
files. I still missing logic, which guys from Datarescue use, when procedure or
function has same first 32 bytes.(Then you must use checksums for rest of
procedure etc?pretty complicated without proper documentation)

-------------------------------------------------------------------------------
Thanks to:
        Olly for magnificent debugger.
        NEOx, .Cryorb for Signature file from PE tools.
        Martin Lafferty for ConsoleApp.pas.
        guys who make RXLibrary.

Greetings to:
        all crackers especially +ones ;-).


gf+

GoDup1_2.zip

465.76 KB, 下载次数: 180, 下载积分: 吾爱币 -1 CB

免费评分

参与人数 5吾爱币 +6 热心值 +5 收起 理由
dsfdgfdgfhgf + 1 + 1 感谢楼主,绝对是好东西
wi5101 + 1 + 1 我也不懂,但是觉得很厉害的样子
Sound + 3 + 1 鼓励转贴优秀软件安全工具和文档!
tame + 1 + 1 一脸懵逼的进来,一脸懵逼的出去
林逸 + 1 虽然什么都不懂但是还是来占占楼

查看全部评分

发帖前要善用论坛搜索功能,那里可能会有你要找的答案或者已经有人发布过相同内容了,请勿重复发帖。

TIANFU 发表于 2018-12-8 19:09
为什么要删我的帖子?还清空的热心值???我的资源有假?下面那么多人拿了资源,有人说资源有问题吗?我自己花几百块钱买的资料给大家分享出来挣个热心值不可以吗?让人心寒!!!!!!!!!!!!!!
 楼主| Hmily 发表于 2018-10-18 14:51
cxj98 发表于 2018-10-18 07:36
@Hmily
请大神说说这个有何用?这么古老的东西发出来有何意义所在?

好好看看文章?
qq3353558 发表于 2018-10-16 14:59
haoxueertd 发表于 2018-10-16 15:00
嗯,不太懂~
头像被屏蔽
qq81241523 发表于 2018-10-16 15:03
提示: 作者被禁止或删除 内容自动屏蔽
weliong 发表于 2018-10-16 15:38
好久没看到大神发帖了,赶紧来占楼。
wangqiustc 发表于 2018-10-16 15:38
哇塞,这是充分利用了论坛资源
fjqisba 发表于 2018-10-16 15:46
额,我还以为更新了呢
双眼皮的微笑 发表于 2018-10-16 16:18
虽然我看不懂。但是还是要支持老大。
于生 发表于 2018-10-16 16:50
我也看不懂。但还是支持下
m4n0w4r 发表于 2018-10-16 17:17
好久不見了你的帖子。 謝謝!
您需要登录后才可以回帖 登录 | 注册[Register]

本版积分规则 警告:本版块禁止灌水或回复与主题无关内容,违者重罚!

快速回复 收藏帖子 返回列表 搜索

RSS订阅|小黑屋|处罚记录|联系我们|吾爱破解 - LCG - LSG ( 京ICP备16042023号 | 京公网安备 11010502030087号 )

GMT+8, 2024-3-29 16:13

Powered by Discuz!

Copyright © 2001-2020, Tencent Cloud.

快速回复 返回顶部 返回列表