i would like to show our new mmBBQ API with a nice prove of concept.
We will add Lua scripting to ollyDbg. First of all download:
. Unzip it and youll get a bunch of files. Youre able to use START.bat without changing anything to get a list of processes in your system that you could inject our mmbbq into. 
Just select the index or pid of the process.
Youre able to define a new target in config.lua that mmbbq will injects into if the process is available. Our new Target looks like:
Code:
{
["name"] = "ollydbg",
["title"] = "OllyDbg",
["ver"] = "2.01 (alpha 4)",
["exe"] = "ollydbg.exe",
["md5"] = "782d1e92f58fac5ee91274ab65e6e49f",
["lua"] = "olly_target.lua",
},
lua code that will be executed when you inject mmbbq into ollyDbg 2.0. Now its time for some reversing stuff.
Just start ollyDbg and attach another to it, search in the attaching olly for "Names". There you can find the exported olly functions:
There you can find for example Setint3breakpoint, if we set a breakpoint there and set a breakpoint in the other olly we will see how this function will be called.
A call from our lua API to Setint3breakpoint will now look like this:
Code:
function setBp(address) asmcall.cdecl(getProcAddress(0, "Setint3breakpoint"), address, 0x3001000, 0, 0, 0, 0x53E4B7, 0x53E4B7, 0x53E4B7); end
Code:
function removeBp(address)
asmcall.cdecl(getProcAddress(0, "Removeint3breakpoint"), address, 0x1000);
end
function findLabel(address)
local buffer = new("wchar_t[255]");
asmcall.cdecl(getProcAddress(0, "Findlabel"), address, buffer, 0);
local label = dbg.readWStr(buffer_ptr, true);
print(label);
end
function addLabel(label, address)
local wlabel = char2wchar(label);
asmcall.cdecl(getProcAddress(0, "InsertnameW"), address, 0x21, wlabel);
end
Our POC in action:
Additional information about mmBBQ:
Feel free to ask or visit us at irc.freenode.net #duschkumpane
greetz defragger
