.I'd like to write a script which can read the opcodes with its parameter in real-time. Olly Hit Snake plugin can do some part of what i want. Modification of Olly Hit Snake can certainly help me. But the problem is that i don't know C language. So, i would like to write a script using ollyDbgScript like:
var counter //variable to crawl the code
var buff //var to save the eip & opcode
mov counter, 1 //initiate the vriable
start: //lable for looping
cmp counter,3E8 //loop for 1000 times (3E8 in HEX= 1000 in DEC)
ja finish //exit after 10 loops
inc counter //Increase ocounter by 1, else ollydbg will freeze
add buff, eip //add the eip (address) to the variable
add buff, " >> " //just for convience
opcode eip //get the opcodes of that address
add buff, $RESULT_1 //put the opcode in the variable
log buff //log the variable in the ollydbg log window
mov buff,"" //clear the variable
ESTEP //(ESTEP = f8) step over the code //sti = F7
jmp start //If the counter is lower than 10 we jump back
finish:
The problem is: This 1000 lopps takes more than a minute. So, for a million loops, it'll may take days! This is beacuse of the implementation of ESTEP in the script. Is there any alternative which can make the script fast like Olly Hit Snake plugin?
Btw, i want this script to write 'cus certain malware creates a new thread dynamically and randomly and removes the thread immediately it is executed. So, the 'search command' feature of ollydbg dont work :(
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}