Flag: Tornado! Hurricane!

OllyDbg Plugins: Modified PDK

File Information
Category Open Source # Downloads Version
OllyDbg Plugins No 7,156 1.0

Download from OpenRCE
MD5 Sum: 9B128C7DC1D7749DE262947990B190FC

Last updated on Nov 30, -1.

Author Information
Username Name E-Mail URL
Alex Clarke

Description This is a mirror of the modified PDK from Alex Clarke that is hosted on OllyDbg.de under the "what's new" page. I came across it when I was searching for a reason as to why OllyDbg's PDK doesn't correctly export Attachtoactiveprocess(). Alex's modified PDK does export that routine among other changes he made, outlined here in his original e-mail to Oleh:

----- snip snip -----

Oleh,

Firstly congratulations and thanks for OllyDbg - it's incredibly good. I've been playing with the SDK using C++ for a plugin. I've made a few modifications that make the SDK header work better when using it in C++ code in (at least) a couple of newer C++ compilers (namely Borland C++ builder v1 and Visual Studio.net). They also remove various errors/warnings and the need for unsigned characters (when compiling .cpp's) or forcing byte packing (any source file). Finally I've got intellisense working with the SDK (the code hints in VisC).

Here's how the edits work:

Firstly, forcing compilation with 'chars unsigned as default' (when used from a .cpp file) is not as much of a problem when using the SDK from genuine C++ (i.e. when compiling a file with a .cpp extension). The ANSI standard prohibits implicit casting between signed char *, unsigned char * and char *. Since you've explicitly declared all the necessarily unsigned char params/returns, Visual C++.net causes an error if this is attempted regardless of the compiler switch setting. Borland C++ builder (v1 - using the older ANSI rules) warns about mixing types, but I'm pretty sure later versions will kick them out. I appreciate that there is a problem with sign extension when using the implied conversions, but this doesn't appear as if it will be a problem in your API.

You don't need to compile with 'byte packing' anymore (when using plugin.h from either a .c or .cpp) - pushing/popping the packing for definitions for the necessary structures and 'envelopes' should be sufficient (the bookmark plugin is fine from both compilers).

I've noticed that you return an enum in the Getstatus API. I've had a number of problems with sending enums out of C++Builder, the reason being that they are treated as bytes rather than longs if only small values are defined for the type. I don't think that returning them will be any problem, but you may get problems with builder if they are passed into the routines. As a cautionary measure I have added the #pragmas to declare your enums as longs (i'm guessing borland C++ compiler supports this but don't know for sure). It should allow safe enumeration of several of the sets of defines if desired.

Intellisense didn't work. This is because it makes globally declared type info available, but not global function prototypes unless they are in a namespace or the code body is declared in the project somewhere. I've put a namepace 'ODBG' around (just) the function declarations, and a 'using namespace ODBG' command to make it behave exactly as before when the functions are not called in the global scope, but if you stick ODBG:: in front of a function call you'll get a hint. Also I've tidied up the extern "C"'s (should make older versions of intelisense / newer versions of builder give more readable hints).

Afterthought: Thrown in a header #ifdef block to stop cyclic includes too.

Find attached the modified header, the import lib produced for builder and the def file/import lib for vc7. The libs may work in different versions of the respective compilers. VS.net didn't like the VC50 one, but builder seemed to be fine with the borland one (sending mine for the sake of completion).

Hope that's useful.

AL :)

Alex Clarke

----- snip snip -----

There are 31,320 total registered users.


Recently Created Topics
[help] Unpacking VMP...
Mar/12
Reverse Engineering ...
Jul/06
hi!
Jul/01
let 'IDAPython' impo...
Sep/24
set 'IDAPython' as t...
Sep/24
GuessType return une...
Sep/20
About retrieving the...
Sep/07
How to find specific...
Aug/15
How to get data depe...
Jul/07
Identify RVA data in...
May/06


Recent Forum Posts
Finding the procedur...
rolEYder
Question about debbu...
rolEYder
Identify RVA data in...
sohlow
let 'IDAPython' impo...
sohlow
How to find specific...
hackgreti
Problem with ollydbg
sh3dow
How can I write olly...
sh3dow
New LoadMAP plugin v...
mefisto...
Intel pin in loaded ...
djnemo
OOP_RE tool available?
Bl4ckm4n


Recent Blog Entries
halsten
Mar/14
Breaking IonCUBE VM

oleavr
Oct/24
Anatomy of a code tracer

hasherezade
Sep/24
IAT Patcher - new tool for ...

oleavr
Aug/27
CryptoShark: code tracer ba...

oleavr
Jun/25
Build a debugger in 5 minutes

More ...


Recent Blog Comments
nieo on:
Mar/22
IAT Patcher - new tool for ...

djnemo on:
Nov/17
Kernel debugger vs user mod...

acel on:
Nov/14
Kernel debugger vs user mod...

pedram on:
Dec/21
frida.github.io: scriptable...

capadleman on:
Jun/19
Using NtCreateThreadEx for ...

More ...


Imagery
SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit