?? immplugin.pas
字號:
////////////////////////////////////////////////////////////////////////////////
// //
// OLLYDBG / IMMDBG PLUGIN API //
// //
// Version 1.10 //
// //
// Written by Oleh Yuschuk (ollydbg@t-online.de) //
// //
// Internet: http://home.t-online.de/home/ollydbg //
// //
// This code is distributed "as is", without warranty of any kind, expressed //
// or implied, including, but not limited to warranty of fitness for any //
// particular purpose. In no event will Oleh Yuschuk be liable to you for any //
// special, incidental, indirect, consequential or any other damages caused //
// by the use, misuse, or the inability to use of this code, including any //
// lost profits or lost savings, even if Oleh Yuschuk has been advised of the //
// possibility of such damages. //
// //
////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////
//////////////////////////// IMPORTANT INFORMATION /////////////////////////////
// 1. Export all callback functions by name, NOT by ordinal!
// 2. Force byte alignment of IMMDBG structures!
// 3. Set default char type to unsigned!
// 4. Read documentation!
////////////////////////////////////////////////////////////////////////////////
// //
// Porting from C header file to Delphi unit file by TQN //
// Will compile well with Delphi 6 and Delphi 7 //
// //
////////////////////////////////////////////////////////////////////////////////
//============================================================================================================================================================//
(*
Immunity Debugger (unofficial) PDK for Delphi
http://www.immunityinc.com/
//========================================================================================================================================================//
By BoB -> Team PEiD
http://www.PEiD.info/Bobsoft/
Version v1.02
//========================================================================================================================================================//
// History //
//========================================================================================================================================================//
v1.00:
o Simple port of OllyDbg PDK (TQN's Delphi version) to Immunity Debugger ..
v1.01: (17-Nov-2008)
o Dynamic resolving of debugger exports, so now plugins can be loaded by OllyDbg or ImmDbg - whatever the debugger Exe name is ..
o All debugger functions changed to be declared as variables .. (Usage is exactly the same as before)
o Auto-changes the Plugin DLL export names (if OllyDbg) - simply alters _IMMDBG_ to _ODBG_ - to allow use on either debugger ..
o Supports SND Edition OllyDbg .. (Different prefix "_SNDG_" and must get exports of Debugger by ordinal)
o Supports Team FOFF edition OllyDbg .. (Different prefix "_FOFF_")
o Supports Diablo2oo2 Edition OllyDbg .. (No exports rva)
o Supports Shadow Edition OllyDbg .. (No exports rva)
o Can now debug ImmDbg / OllyDbg plugins created with this SDK in same debugger (as Plugin DLL is no-longer linked to exe) ..
o Added string constants for Plugin callback (export) names ..
o Added more descriptive PDK_VERSION const that equals original PLUGIN_VERSION ..
v1.02: (26-Nov-2008)
o Supports DeRoX patched OllyDbg (OllyDRX) .. (Different prefix "_DRXG_")
o Example (below, in Usage) is now actually usable to test the PDK ..
o DetectDebuggerVersion() code imporved slightly ..
o Tested with a few more OllyDbg versions (see Notes below for full list) ..
//========================================================================================================================================================//
// Future //
//========================================================================================================================================================//
o Support any other Editions of OllyDbg .. (Send to me if you have one that's not compatible - BobSoft@Gmail.Com)
o Include Py* exports from ImmDbg ..?
//========================================================================================================================================================//
// Notes //
//========================================================================================================================================================//
ResolveDebuggerExports() -> Dynamically gets the functions exported from the debugger and fixes the addresses for the PDK functions ..
DetectDebuggerVersion() -> Detects if loaded by ImmDbg, OllyDbg 1.10, FOFF Team OllyDbg or SND OllyDbg ..
FixPluginExportsForOllyDbg() -> If not ImmDbg detected then renames exports of plugin to OllyDbg versions ..
Same plugin (without any recompiling) successfully tested on:
Immunity Debugger (ImmDbg)
Standard OllyDbg v1.10
SND OllyDbg
FOFF Team OllyDbg
Diablo2oo2 OllyDbg
Shadow OllyDbg
DeRoX OllyDbg
OllyIce
OllyHan
BoomBox OllyDbg
//========================================================================================================================================================//
// Usage //
//========================================================================================================================================================//
To make a plugin that works for both ImmDbg and OllyDbg (including patched OllyDbg):
All you have to do is include this unit in your Plugin project and create the Plugin exports with _IMMDBG_ prefixes ..
<Example>
Library Test;
{$Imagebase 12340000} // Remember to change this, or all plugins try to load at same address, then have to relocate, which is slow!
Uses
Windows,
ImmPlugin;
Const
PluginName = 'Some Plugin'#0; // Must be null-terminated or Plugin menu will show PluginName text + whatever was in the buffer before .. :)
PluginAuth = 'Your name';
Var
ImmDbgHandle : hWnd = 0; // Keep ImmDbg / OllyDbg window handle for showing messagebox etc.
Function PluginData(Name : PChar): Integer; Cdecl;
Begin
CopyMemory(Name, PChar(PluginName), Length(PluginName));
Result := PDK_VERSION;
End;
Function PluginInit(ImmDbgVersion : Integer; hWndImmDbg : HWND; Features : PULONG) : Integer; Cdecl;
Begin
ImmDbgHandle := hWndImmDbg;
Addtolist(0, 1, '%s by %s', PluginName, PluginAuth);
Result := 0;
If (ImmDbgVersion < PDK_Version) Then Begin
Addtolist(0, 1, 'Old version (%d) of debugger detected! .. :( Upgrade!', ImmDbgVersion);
Dec(Result); // Result = -1 for error ..
End;
End;
Exports
PluginData Name '_IMMDBG_Plugindata', // <-- Or can use PluginData_Name instead of string - defined below ..
PluginInit Name '_IMMDBG_Plugininit';
End.
</Example>
..This is enough to enable either OllyDbg or Immunity Debugger to load the plugin ..! No dodgy plugin-patchers, no fuss .. ;)
*)
//============================================================================================================================================================//
Unit ImmPlugin;
Interface
Uses
Windows;
{$A1} // Struct byte alignment ..
{$IFDEF VER150} // Turn of annoying warnings in D7 ..
{$WARN UNSAFE_CODE OFF}
{$WARN UNSAFE_TYPE OFF}
{$WARN UNSAFE_CAST OFF}
{$ENDIF}
//============================================================================================================================================================//
// Added by BoB .. Constants for Plugin callback (export) names, easier than remembering the required case of characters in api string .. ;)
Const
PluginData_Name = '_IMMDBG_Plugindata';
PluginInit_Name = '_IMMDBG_Plugininit';
PluginMainLoop_Name = '_IMMDBG_Pluginmainloop';
PluginSaveUdd_Name = '_IMMDBG_Pluginsaveudd';
PluginUddRecord_Name = '_IMMDBG_Pluginuddrecord';
PluginMenu_Name = '_IMMDBG_Pluginmenu';
PluginAction_Name = '_IMMDBG_Pluginaction';
PluginShortcut_Name = '_IMMDBG_Pluginaction';
PluginReset_Name = '_IMMDBG_Pluginreset';
PluginClose_Name = '_IMMDBG_Pluginclose';
PluginDestroy_Name = '_IMMDBG_Plugindestroy';
Paused_Name = '_IMMDBG_Paused';
PausedEx_Name = '_IMMDBG_Pausedex';
PluginCmd_Name = '_IMMDBG_Plugincmd';
//============================================================================================================================================================//
////////////////////////////////////////////////////////////////////////////////
////////////////////////////// GENERAL DECLARATIONS ////////////////////////////
const
PLUGIN_VERSION = 110; // Version of plugin interface
WM_USER = $0400;
TEXTLEN = 256; // Maximal length of text string
ARGLEN = 1024; // Maximal length of argument string
USERLEN = 4096; // Maximal length of record in .udd file
SHORTLEN = 8; // Maximal length of short name
BLACK = 0; // Indices of colours used by IMMDBG. In
BLUE = 1; // syntax highlighting, use only colours
GREEN = 2; // 0 to 15 in the least significant bits
CYAN = 3; // of the corresponding mask byte.
RED = 4;
MAGENTA = 5;
BROWN = 6;
LIGHTGRAY = 7;
DARKGRAY = 8;
LIGHTBLUE = 9;
LIGHTGREEN = 10;
LIGHTCYAN = 11;
LIGHTRED = 12;
LIGHTMAGENTA = 13;
YELLOW = 14;
WHITE = 15;
MINT = 16;
SKYBLUE = 17;
IVORY = 18;
GRAY = 19;
?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -