Recent changes to 11: FindOpRev makes Ollydbg freezehttps://sourceforge.net/p/odbgscript/bugs/11/Recent changes to 11: FindOpRev makes Ollydbg freezeenThu, 15 Feb 2018 15:23:23 -0000#11 FindOpRev makes Ollydbg freezehttps://sourceforge.net/p/odbgscript/bugs/11/?limit=25#74f6<div class="markdown_content"><p>Nice to see my ages-old project still being alive and kicking! :) Will fix this - my first fix since v0.93 or something.</p></div>SHaGThu, 15 Feb 2018 15:23:23 -0000https://sourceforge.net7db4c0d697756abf0cdb015aa202dbf04fe1e927FindOpRev makes Ollydbg freezehttps://sourceforge.net/p/odbgscript/bugs/11/<div class="markdown_content"><p>**### Phenom<br/> -&gt;When using the command FindOpRev in a script (to search certain command backwards) there's a great change to make Ollydbg hung and not responding anymore.</p> <h3 id="background">background:</h3> <p><code>bool OllyLang::DoFINDOPREV(string args)</code> <br/> in<em> ODbgScript.1.82.src\OllyLangCommands.cpp</em><br/> gets stucked in a endlessloop in case there is nothing found.</p> <h3 id="workaroundfix">Workaround/Fix:</h3> <p>If Ollydbg gets freezed. <br/> Start another Ollydbg instance and attach it to the hunged Ollydbg. Pause and trace with F8 a while. You'll probably get soon into the endless loop and do something to break out of it. </p> <h3 id="more-in-detail">More in detail</h3> <p>the problem is that boader check in the find Loop:<br/> do <br/> {<br/> addr = Disassembleback( 0, tmem-&gt;base, tmem-&gt;size, addr, 1, 0); <br/> endaddr = Disassembleback( 0, tmem-&gt;base, tmem-&gt;size, addr, 1, 0); <br/> ok = Readcommand(addr, cmd);</p> <div class="codehilite"><pre><span></span> if(addr == tmem-&gt;base + tmem-&gt;size) ok = 0; if(ok) result = FindWithWildcards(cmd, ops[1].c_str(), endaddr - addr); } while(result != 0 &amp;&amp; ok != 0); </pre></div> <p>While <br/> Since the index in loop is running backwards it should check for lower boundary.<br/> <s>if(addr == tmem-&gt;base + tmem-&gt;size)</s> will check the upper boundary (&lt;-which is excellent for FindOp ) but to make FindOpRev work change it to:</p> <blockquote> <p>if ( addr =&lt; tmem-&gt;base )</p> </blockquote> <h1 id="quickfixdownload">Quickfix/Download:</h1> <p>However here's a fixed binary. <br/> Hehe just two NOP's and the bug is gone. <em>smile</em> <br/> Jay Hoo ya probably all know this game. </p> <p>Beside that I also packed-&gt;<br/> <strong>OdbgScript.xml</strong><br/> in the Zip. It a language definition file for<strong> Notepad++</strong> that enables<strong> code folding </strong>&amp; <strong>syntax highlighting</strong> to make look ya script shiny colorful and well organized.<br/> Original name is '*OdbgScript4npp by SpeedJack.rar' *</p> <h3 id="off-topic">Off topic:</h3> <p>Well I'm sorry for that flaw . <br/> Some years ago I did that Olly Script 0.93 -&gt; 0.94 update. Since reverse engineering needed some search for commands that can also run in reverse. <br/> Wow its a real honor to see that it made its way into ODbgScript!<br/> I even loved ODbgScript before and now when I got the Update to maybe add the FindOp_r I saw that it's already there. Wow magic.</p> <p>Oops I yeah I'm really sorrow for this little glitch.</p> <p>Okay </p> <p>That's it.</p></div>Daniello AltoWed, 14 Feb 2018 15:21:23 -0000https://sourceforge.net4a338d9f4064e11b9d4db2d180526e242b796327