Olly PluginsAuthor: David Zimmer Date: 10.22.10 - 6:22pm So i have been fighting with my hit trace plugin today. First let me say i really hate plugin development..it is such a long ass process to compile, install, restart host, launch plugin, configure plugin, launch process, examine results. I have literally been at it all day! So it turns out this plugin has been broken from the start it seems. when you are inside the ODBG_Pluginmainloop inside an EXCEPTION_BREAKPOINT handler, calls like this give you stale data t_thread *th = Findthread(threadId); t_reg tr; tr = th->reg; return tr.r[REG_EAX];Thats fun to know. I tried all kinds of stuff like trying to make it redraw all the panels and what not. Finally i looked at ollyscript source and found what he did..
t_thread* t;
t = Findthread(Getcputhreadid());
CONTEXT context;
context.ContextFlags = CONTEXT_INTEGER | CONTEXT_CONTROL ;
GetThreadContext(t->thread, &context);
switch(i){
case REG_EAX: return context.Eax;
I guess i dont quite get why the olly api fails here. It must be because you are in an exception event and i just missed the memo. Sucks to be me. this was a very long painful debugging session. :(
actually in hindsight..i bet if i had set a timer and then run my handling code outside of the Pluginmainloop after like a 30ms delay everything would have been fine. Turns out the hunch about using a timer to let Pluginmainloop return corrected the problem. This way I can go back to using Expression to eval complex expressions over the simple version i cooked up that explicitly used my own GetRegister routine. Will post a link when complete. The update was all for adding a ascii string dumper feature to it. the things you find when you turn over rocks eghh... Updates added:
Download: OllyHittrace.zip Comments: (0) |
About Me More Blogs Main Site |