Writing a VB Plugin for OllyDbg
Ok some people will ask why I would bother...but VB really makes interfaces a breeze, is super quick to debug, and well my entire code base is already written in it.
So this article highlights a way to make a VB plugin for OllyDbg. This same technique also works for IDA plugins and PEiD plugins. The base technique can even be applied to creating Delphi plugins for IDA using standard DLLs.
Olly was written in C and all of its plugin APIs use the cdecl calling convention. To be able to interface VB with it, we need to use stdcall functions and have the VB runtime properly loaded and initalized.
The easiest way to accomplish both of these things at once is to create a small stub Dll plugin in Cpp for Olly to load. This stub will handle the plugin initalization, adding menu items to Olly, and then starting up our VB code when it is time to launch our plugin.
The plugin stub is also responsible for providing the VB app with a set of stdcall functions so it can access the Olly cdecl plugin API.
When it comes time to launch the plugin, our Cpp code creates an instance of our VB COM server and calls a method on its main interface. This loads and initilizes VB runtime and transfers execution over to our VB Code.
The VB code then in turns uses stdcall exports from the Cpp dll via the VB Declare function mechanism. A basic block diagram looks like the following:
This sample plugin will extract all user entered comments from Olly. Thanks goes out to Joe Stewart and his LabelMaster plugin for an example on how to yank the comments out using Ollys plugin API :)
To install the plugin just copy both dlls over to your Olly plugins directory. Make sure to register the VB dll (VbOllyPlugin.dll) with regsvr32 because it is a COM server. Both Dlls have to be in the same directory so the VB one can load the exports from the stub.
I suppose the next step to this is to have the Cpp stub be able to enumerate and dynamically load and initilize multiple VB plugins for use and integration in Olly. Where the Cpp olly plugin would in turn support its own plugin framework designed around VB modules for integration back into Olly. However I am not that bored at this moment :)
Anyway, I was wondering how to interface a VB UI as an Olly plugin so here it is :P
Download Sample files
Once you are comfortable with the basics, you can also check out some of the more involved examples.
-dzzie
Note 1:
as a side note, this is not limited to only working between 2 dlls you can also export functions from your VC exes and use the same trick
Note 2:
this same basic technique can also be used to create .NET plugins. Here is a sample of a C# plugin for IDA
and a C# plugin for PEiD I tried to do
the exact same thing for Olly, but as soon as I tried to create the object I
would always get an error that mscoree was trying to load up twice.
Has to be something olly specific will play with it more sometime.
Note 3:
if you dont have VB dont worry...you can also use the freeware version of Vb5 (Control Creation Edition) to create VB5CCE plugins for IDA