Heya,
i would like to show our new mmBBQ API with a nice prove of concept.
We will add Lua scripting to ollyDbg. First of all download:
[Only registered and activated users can see links. Click Here To Register...]. Unzip it and youll get a bunch of files. Youre able to use START.bat without changing anything to get a list of processes in your system that you could inject our mmbbq into.
[Only registered and activated users can see links. Click Here To Register...]
Just select the index or pid of the process.
Youre able to define a new target in config.lua that mmbbq will injects into if the process is available. Our new Target looks like:
The ["lua"] part defines the entry to the lua script for the new target. Just create olly_target.lua and add your
lua code that will be executed when you inject mmbbq into ollyDbg 2.0. Now its time for some reversing stuff.
Just start ollyDbg and attach another to it, search in the attaching olly for "Names". There you can find the exported olly functions:
[Only registered and activated users can see links. Click Here To Register...]
There you can find for example Setint3breakpoint, if we set a breakpoint there and set a breakpoint in the other olly we will see how this function will be called.
[Only registered and activated users can see links. Click Here To Register...]
A call from our lua API to Setint3breakpoint will now look like this:
I have done some additional functions:
So we are able to find labels for a specific address, set labels, set and remove INT3 breakpoints from lua :)
Our POC in action:
[Only registered and activated users can see links. Click Here To Register...]
Additional information about mmBBQ: [Only registered and activated users can see links. Click Here To Register...]
Feel free to ask or visit us at irc.freenode.net #duschkumpane
greetz defragger
i would like to show our new mmBBQ API with a nice prove of concept.
We will add Lua scripting to ollyDbg. First of all download:
[Only registered and activated users can see links. Click Here To Register...]. Unzip it and youll get a bunch of files. Youre able to use START.bat without changing anything to get a list of processes in your system that you could inject our mmbbq into.
[Only registered and activated users can see links. Click Here To Register...]
Just select the index or pid of the process.
Youre able to define a new target in config.lua that mmbbq will injects into if the process is available. Our new Target looks like:
Code:
{
["name"] = "ollydbg",
["title"] = "OllyDbg",
["ver"] = "2.01 (alpha 4)",
["exe"] = "ollydbg.exe",
["md5"] = "782d1e92f58fac5ee91274ab65e6e49f",
["lua"] = "olly_target.lua",
},
lua code that will be executed when you inject mmbbq into ollyDbg 2.0. Now its time for some reversing stuff.
Just start ollyDbg and attach another to it, search in the attaching olly for "Names". There you can find the exported olly functions:
[Only registered and activated users can see links. Click Here To Register...]
There you can find for example Setint3breakpoint, if we set a breakpoint there and set a breakpoint in the other olly we will see how this function will be called.
[Only registered and activated users can see links. Click Here To Register...]
A call from our lua API to Setint3breakpoint will now look like this:
Code:
function setBp(address) asmcall.cdecl(getProcAddress(0, "Setint3breakpoint"), address, 0x3001000, 0, 0, 0, 0x53E4B7, 0x53E4B7, 0x53E4B7); end
Code:
function removeBp(address)
asmcall.cdecl(getProcAddress(0, "Removeint3breakpoint"), address, 0x1000);
end
function findLabel(address)
local buffer = new("wchar_t[255]");
asmcall.cdecl(getProcAddress(0, "Findlabel"), address, buffer, 0);
local label = dbg.readWStr(buffer_ptr, true);
print(label);
end
function addLabel(label, address)
local wlabel = char2wchar(label);
asmcall.cdecl(getProcAddress(0, "InsertnameW"), address, 0x21, wlabel);
end
Our POC in action:
[Only registered and activated users can see links. Click Here To Register...]
Additional information about mmBBQ: [Only registered and activated users can see links. Click Here To Register...]
Feel free to ask or visit us at irc.freenode.net #duschkumpane
greetz defragger