forked from epsylon3/odbgscript
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathPlugin201.h.orig
4266 lines (3849 loc) · 242 KB
/
Plugin201.h.orig
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
////////////////////////////////////////////////////////////////////////////////
// //
// OLLYDBG 2 PLUGIN HEADER FILE //
// //
// Version 2.01 //
// //
// Written by Oleh Yuschuk (ollydbg@t-online.de) //
// //
// Internet: www.ollydbg.de //
// //
// This code is distributed "as is", without warranty of any kind, expressed //
// or implied, including, but not limited to warranty of fitness for any //
// particular purpose. In no event will Oleh Yuschuk be liable to you for any //
// special, incidental, indirect, consequential or any other damages caused //
// by the use, misuse, or the inability to use of this code, including any //
// lost profits or lost savings, even if Oleh Yuschuk has been advised of the //
// possibility of such damages. //
// //
////////////////////////////////////////////////////////////////////////////////
#define PLUGIN_VERSION 201 // Version of plugin interface
////////////////////////////////////////////////////////////////////////////////
//////////////////////////// IMPORTANT INFORMATION /////////////////////////////
// 1. Plugins are UNICODE libraries!
// 2. Export all callback functions by name, NOT by ordinal!
// 3. Force byte alignment of OllyDbg structures!
// 4. Set default char type to unsigned!
// 5. Most API functions are NOT thread-safe!
// 6. Read documentation!
#ifndef _UNICODE
#error This version must be compiled with UNICODE on
#endif
////////////////////////////////////////////////////////////////////////////////
////////////// PREFERRED SETTINGS AND FIXES FOR BORLAND COMPILERS //////////////
#ifdef __BORLANDC__
#pragma option -a1 // Byte alignment
#pragma option -K // Force unsigned characters!
// Redefinition of MAKELONG removes nasty warning under Borland Builder 4.0:
// boolean OR in one row with arithmetical shift.
#undef MAKELONG
#define MAKELONG(lo,hi) ((LONG)(((WORD)(lo))|(((DWORD)((WORD)(hi)))<<16)))
#endif
////////////////////////////////////////////////////////////////////////////////
///////////// PREFERRED SETTINGS AND FIXES FOR MICROSOFT COMPILERS /////////////
// If you like Microsoft compiler, this will force byte alignment and verify
// that character is set to unsigned.
#ifdef _MSC_VER
#pragma pack(1) // Force byte alignment of structures
#ifndef _CHAR_UNSIGNED // Verify that character is unsigned
#error Please set default char type to unsigned (option /J)
#endif
#endif
////////////////////////////////////////////////////////////////////////////////
////////////////////////////// GLOBAL DEFINITIONS //////////////////////////////
#ifndef _export
#define _export __declspec(dllexport)
#endif
#ifndef _import
#define _import __declspec(dllimport)
#endif
#define MAKEWP(lo,hi) ((WPARAM)MAKELONG(lo,hi))
#define MAKELP(lo,hi) ((LPARAM)MAKELONG(lo,hi))
#define LOINT(l) ((signed short)((WORD)(l)))
#define HIINT(l) ((signed short)(((DWORD)(l)>>16) & 0xFFFF))
#ifndef MAXPATH
#define MAXPATH MAX_PATH
#endif
#ifndef FIELD_OFFSET
#define FIELD_OFFSET(type,field) ((LONG)&(((type *)0)->field))
#endif
#ifndef arraysize
#define arraysize(x) (sizeof(x)/sizeof(x[0]))
#endif
#define TEXTLEN 256 // Max length of text string incl. '\0'
#define DATALEN 4096 // Max length of data record (max 65535)
#define ARGLEN 1024 // Max length of argument string
#define MAXMULTIPATH 8192 // Max length of multiple selection
#define SHORTNAME 32 // Max length of short or module name
typedef unsigned char uchar; // Unsigned character (byte)
typedef unsigned short ushort; // Unsigned short
typedef unsigned int uint; // Unsigned integer
typedef unsigned long ulong; // Unsigned long
// Exports used by plugins are declared as stdapi if they use fixed number of
// arguments, and varapi if variable or if code is written in Assembler
// language (I use C calling conventions). OllyDbg variables are declared as
// oddata.
#ifdef __cplusplus
#define extc extern "C"
#define stdapi(type) extern "C" type __stdcall
#define varapi(type) extern "C" type __cdecl
#define oddata(type) extern "C" const _import type
#define pentry(type) extern "C" type _export cdecl
#else
#define extc
#define stdapi(type) extern type __stdcall
#define varapi(type) extern type __cdecl
#define oddata(type) extern const _import type
#define pentry(type) extern type _export cdecl
#endif
////////////////////////////////////////////////////////////////////////////////
////////////////////////////// FORWARD REFERENCES //////////////////////////////
struct t_table; // Forward reference
struct t_module; // Forward reference
struct t_dump; // Forward reference
////////////////////////////////////////////////////////////////////////////////
////////////////////////////// SERVICE FUNCTIONS ///////////////////////////////
// Flags returned by functions Istext.../Israre...
#define PLAINASCII 0x01 // Plain ASCII character
#define DIACRITICAL 0x02 // Diacritical character
#define RAREASCII 0x10 // Rare ASCII character
// Flags used by Memalloc() and Virtalloc(). Note that Virtalloc() alwyas
// initializes memory to zero.
#define REPORT 0x0000 // Report memory allocation errors
#define SILENT 0x0001 // Don't report allocation errors
#define ZEROINIT 0x0002 // Initialize memory to 0
#define CONT_BROADCAST 0x0000 // Continue sending msg to MDI windows
#define STOP_BROADCAST 0x1234 // Stop sending message to MDI windows
// Symbol decoding mode, used by Decodethreadname(), Decodeaddress() and
// Decoderelativeoffset().
// Bits that determine when to decode and comment name at all.
#define DM_VALID 0x00000001 // Only decode if memory exists
#define DM_INMOD 0x00000002 // Only decode if in module
#define DM_SAMEMOD 0x00000004 // Only decode if in same module
#define DM_SYMBOL 0x00000008 // Only decode if direct symbolic name
#define DM_NONTRIVIAL 0x00000010 // Only decode if nontrivial form
// Bits that control name format.
#define DM_BINARY 0x00000100 // Don't use symbolic form
#define DM_DIFBIN 0x00000200 // No symbolic form if different module
#define DM_WIDEFORM 0x00000400 // Extended form (8 digits by hex)
#define DM_CAPITAL 0x00000800 // First letter in uppercase if possible
#define DM_OFFSET 0x00001000 // Add 'OFFSET' if data
#define DM_JUMPIMP 0x00002000 // Check if points to JMP to import
#define DM_DYNAMIC 0x00004000 // Check if points to JMP to DLL
#define DM_ORDINAL 0x00008000 // Add ordinal to thread's name
// Bits that control whether address is preceded with module name.
#define DM_NOMODNAME 0x00000000 // Never add module name
#define DM_DIFFMODNAME 0x00010000 // Add name only if different module
#define DM_MODNAME 0x00020000 // Always add module name
// Bits that control comments.
#define DM_STRING 0x00100000 // Check if pointer to ASCII or UNICODE
#define DM_STRPTR 0x00200000 // Check if points to pointer to text
#define DM_FOLLOW 0x00400000 // Check if follows to different symbol
#define DM_ENTRY 0x00800000 // Check if unnamed entry to subroutine
#define DM_EFORCE 0x01000000 // Check if named entry, too
#define DM_DIFFMOD 0x02000000 // Check if points to different module
#define DM_RELOFFS 0x04000000 // Check if points inside subroutine
// Standard commenting mode. Note: DM_DIFFMOD and DM_RELOFFS are not included.
#define DM_COMMENT (DM_STRING|DM_STRPTR|DM_FOLLOW|DM_ENTRY)
// Address decoding mode, used by Labeladdress().
#define ADDR_SYMMASK 0x00000003 // Mask to extract sym presentation mode
#define ADDR_HEXSYM 0x00000000 // Hex, followed by symbolic name
#define ADDR_SYMHEX 0x00000001 // Symbolic name, followed by hex
#define ADDR_SINGLE 0x00000002 // Symbolic name, or hex if none
#define ADDR_HEXONLY 0x00000003 // Only hexadecimal address
#define ADDR_MODNAME 0x00000004 // Add module name to symbol
#define ADDR_FORCEMOD 0x00000008 // (ADDR_SINGLE) Always add module name
#define ADDR_GRAYHEX 0x00000010 // Gray hex
#define ADDR_HILSYM 0x00000020 // Highlight symbolic name
#define ADDR_NODEFMEP 0x00000100 // Do not show <ModuleEntryPoint>
#define ADDR_BREAK 0x00000200 // Mark as unconditional breakpoint
#define ADDR_CONDBRK 0x00000400 // Mark as conditional breakpoint
#define ADDR_DISBRK 0x00000800 // Mark as disabled breakpoint
#define ADDR_EIP 0x00001000 // Mark as actual EIP
#define ADDR_CHECKEIP 0x00002000 // Mark as EIP if EIP of CPU thread
#define ADDR_SHOWNULL 0x00004000 // Display address 0
// Mode bits and return value of Browsefilename().
#define BRO_MODEMASK 0xF0000000 // Mask to extract browsing mode
#define BRO_FILE 0x00000000 // Get file name
#define BRO_EXE 0x10000000 // Get name of executable
#define BRO_TEXT 0x20000000 // Get name of text log
#define BRO_GROUP 0x30000000 // Get one or several obj or lib files
#define BRO_MULTI 0x40000000 // Get one or several files
#define BRO_SAVE 0x08000000 // Get name in save mode
#define BRO_SINGLE 0x00800000 // Single file selected
#define BRO_MULTIPLE 0x00400000 // Multiple files selected
#define BRO_APPEND 0x00080000 // Append to existing file
#define BRO_ACTUAL 0x00040000 // Add actual contents
#define BRO_TABS 0x00020000 // Separate columns with tabs
#define BRO_GROUPMASK 0x000000FF // Mask to extract groups
#define BRO_GROUP1 0x00000001 // Belongs to group 1
#define BRO_GROUP2 0x00000002 // Belongs to group 2
#define BRO_GROUP3 0x00000004 // Belongs to group 3
#define BRO_GROUP4 0x00000008 // Belongs to group 4
// String decoding modes.
#define DS_DIR 0 // Direct quote
#define DS_ASM 1 // Assembler style
#define DS_C 2 // C style
varapi (void) Error(wchar_t *format,...);
varapi (void) Conderror(int *cond,wchar_t *title,wchar_t *format,...);
varapi (int) Condyesno(int *cond,wchar_t *title,wchar_t *format,...);
stdapi (int) Stringfromini(wchar_t *section,wchar_t *key,wchar_t *s,
int length);
stdapi (int) Filefromini(wchar_t *key,wchar_t *name,wchar_t *defname);
varapi (int) Getfromini(wchar_t *file,wchar_t *section,wchar_t *key,
wchar_t *format,...);
varapi (int) Writetoini(wchar_t *file,wchar_t *section,wchar_t *key,
wchar_t *format,...);
stdapi (int) Filetoini(wchar_t *key,wchar_t *name);
stdapi (void) Deleteinisection(wchar_t *file,wchar_t *section);
stdapi (int) Getfromsettings(wchar_t *key,int defvalue);
stdapi (void) Addtosettings(wchar_t *key,int value);
stdapi (void) Replacegraphs(int mode,wchar_t *s,uchar *mask,
int select,int n);
stdapi (int) Unicodetoascii(const wchar_t *w,int nw,char *s,int ns);
stdapi (int) Asciitounicode(const char *s,int ns,wchar_t *w,int nw);
stdapi (int) Unicodetoutf(const wchar_t *w,int nw,char *t,int nt);
stdapi (int) Utftounicode(const char *t,int nt,wchar_t *w,int nw);
stdapi (HGLOBAL) Unicodebuffertoascii(HGLOBAL hunicode);
stdapi (int) Iszero(void *data,int n);
stdapi (int) Guidtotext(uchar *guid,wchar_t *s);
stdapi (void *) Memalloc(ulong size,int flags);
stdapi (void) Memfree(void *data);
stdapi (void *) Mempurge(void *data,int count,ulong itemsize,int *newcount);
stdapi (void *) Memdouble(void *data,int *pcount,ulong itemsize,
int *failed,int flags);
stdapi (void *) Virtalloc(ulong size,int flags);
stdapi (void) Virtfree(void *data);
stdapi (int) Broadcast(UINT msg,WPARAM wp,LPARAM lp);
stdapi (int) Browsefilename(wchar_t *title,wchar_t *name,wchar_t *args,
wchar_t *currdir,wchar_t *defext,HWND hwnd,int mode);
stdapi (int) Browsedirectory(HWND hw,wchar_t *comment,wchar_t *dir);
stdapi (void) Relativizepath(wchar_t *path);
stdapi (void) Absolutizepath(wchar_t *path);
stdapi (int) Confirmoverwrite(wchar_t *path);
stdapi (int) Labeladdress(wchar_t *text,ulong addr,ulong reladdr,int relreg,
int index,uchar *mask,int *select,ulong mode);
stdapi (int) Simpleaddress(wchar_t *text,ulong addr,
uchar *mask,int *select);
stdapi (void) Heapsort(void *data,const int count,const int size,
int (_USERENTRY *compare)(const void *,const void *));
stdapi (void) Heapsortex(void *data,const int count,const int size,
int (_USERENTRY *compareex)(const void *,const void *,ulong),
ulong lp);
stdapi (uchar *) Readfile(wchar_t *path,ulong fixsize,ulong *psize);
stdapi (int) Devicenametodosname(wchar_t *devname,wchar_t *dosname);
stdapi (int) Filenamefromhandle(HANDLE hfile,wchar_t *path);
stdapi (void) Quicktimerstart(int timer);
stdapi (void) Quicktimerstop(int timer);
stdapi (void) Quicktimerflush(int timer);
////////////////////////////////////////////////////////////////////////////////
////////////////// FAST SERVICE ROUTINES WRITTEN IN ASSEMBLER //////////////////
varapi (int) StrcopyA(char *dest,int n,const char *src);
varapi (int) StrcopyW(wchar_t *dest,int n,const wchar_t *src);
varapi (int) StrlenA(const char *src,int n);
varapi (int) StrlenW(const wchar_t *src,int n);
varapi (int) HexprintA(char *s,ulong u);
varapi (int) HexprintW(wchar_t *s,ulong u);
varapi (int) Hexprint4A(char *s,ulong u);
varapi (int) Hexprint4W(wchar_t *s,ulong u);
varapi (int) Hexprint8A(char *s,ulong u);
varapi (int) Hexprint8W(wchar_t *s,ulong u);
varapi (int) SignedhexA(char *s,ulong u);
varapi (int) SignedhexW(wchar_t *s,ulong u);
varapi (void) Swapmem(void *base,int size,int i1,int i2);
varapi (int) HexdumpA(char *s,uchar *code,int n);
varapi (int) HexdumpW(wchar_t *s,uchar *code,int n);
varapi (int) Bitcount(ulong u);
varapi (char *) SetcaseA(char *s);
varapi (wchar_t *) SetcaseW(wchar_t *s);
varapi (int) StrcopycaseA(char *dest,int n,const char *src);
varapi (int) StrcopycaseW(wchar_t *dest,int n,const wchar_t *src);
varapi (int) StrnstrA(char *data,int ndata,
char *pat,int npat,int ignorecase);
varapi (int) StrnstrW(wchar_t *data,int ndata,
wchar_t *pat,int npat,int ignorecase);
varapi (int) StrcmpW(const wchar_t *s1,const wchar_t *s2);
varapi (ulong) Div64by32(ulong low,ulong hi,ulong div);
varapi (ulong) CRCcalc(uchar *datacopy,ulong datasize);
varapi (int) Getcpuidfeatures(void);
varapi (void) Maskfpu(void);
varapi (void) Clearfpu(void);
////////////////////////////////////////////////////////////////////////////////
////////////////////// DATA COMPRESSION AND DECOMPRESSION //////////////////////
stdapi (ulong) Compress(uchar *bufin,ulong nbufin,
uchar *bufout,ulong nbufout);
stdapi (ulong) Getoriginaldatasize(uchar *bufin,ulong nbufin);
stdapi (ulong) Decompress(uchar *bufin,ulong nbufin,
uchar *bufout,ulong nbufout);
////////////////////////////////////////////////////////////////////////////////
/////////////////////// TAGGED DATA FILES AND RESOURCES ////////////////////////
#define MI_SIGNATURE 0x00646F4DL // Signature of tagged file
#define MI_VERSION 0x7265560AL // File version
#define MI_FILENAME 0x6C69460AL // Record with full name of executable
#define MI_FILEINFO 0x7263460AL // Length, date, CRC (t_fileinfo)
#define MI_DATA 0x7461440AL // Name or data (t_nameinfo)
#define MI_CALLBRA 0x7262430AL // Call brackets
#define MI_LOOPBRA 0x72624C0AL // Loop brackets
#define MI_PROCDATA 0x6372500AL // Procedure data (set of t_procdata)
#define MI_INT3BREAK 0x336E490AL // INT3 breakpoint (t_bpoint)
#define MI_MEMBREAK 0x6D70420AL // Memory breakpoint (t_bpmem)
#define MI_HWBREAK 0x6870420AL // Hardware breakpoint (t_bphard)
#define MI_ANALYSIS 0x616E410AL // Record with analysis data
#define MI_SWITCH 0x6977530AL // Switch (addr+dt_switch)
#define MI_CASE 0x7361430AL // Case (addr+dt_case)
#define MI_JMPDATA 0x74644A0AL // Jump data
#define MI_NETSTREAM 0x74734E0AL // .NET streams (t_netstream)
#define MI_METADATA 0x74644D0AL // .NET MetaData tables (t_metadata)
#define MI_BINSAV 0x7673420AL // Last entered binary search patterns
#define MI_MODDATA 0x61624D0AL // Module base, size and path
#define MI_PREDICT 0x6472500AL // Predicted command execution results
#define MI_LASTSAV 0x61734C0AL // Last entered strings (t_nameinfo)
#define MI_SAVEAREA 0x7661530AL // Save area (t_savearea)
#define MI_RTCOND 0x6374520AL // Run trace pause condition
#define MI_RTPROT 0x7074520AL // Run trace protocol condition
#define MI_WATCH 0x6374570AL // Watch in watch window
#define MI_LOADDLL 0x64644C0AL // Packed loaddll.exe
#define MI_PATCH 0x7461500AL // Patch data (compressed t_patch)
#define MI_PLUGIN 0x676C500AL // Plugin prefix descriptor
#define MI_END 0x646E450AL // End of tagged file
#ifdef FILE // Requires <stdio.h>
typedef struct t_fileinfo { // Length, date, CRC (MI_FILEINFO)
ulong size; // Length of executable file
FILETIME filetime; // Time of last modification
ulong crc; // CRC of executable file
int issfx; // Whether self-extractable
ulong sfxentry; // Offset of original entry after SFX
} t_fileinfo;
typedef struct t_tagfile { // Descriptor of tagged file (reading)
FILE *f; // File descriptor
ulong filesize; // File size
ulong offset; // Actual offset
ulong tag; // Tag of next accessed record
ulong recsize; // Size of next accessed record
} t_tagfile;
stdapi (FILE *) Createtaggedfile(wchar_t *name,char *signature,ulong version);
stdapi (int) Savetaggedrecord(FILE *f,ulong tag,ulong size,void *data);
stdapi (int) Savepackedrecord(FILE *f,ulong tag,ulong size,void *data);
stdapi (void) Finalizetaggedfile(FILE *f);
stdapi (int) Opentaggedfile(t_tagfile *tf,wchar_t *name,char *signature);
stdapi (int) Gettaggedrecordsize(t_tagfile *tf,ulong *tag,ulong *size);
stdapi (ulong) Gettaggedfiledata(t_tagfile *tf,void *buf,ulong bufsize);
stdapi (void) Closetaggedfile(t_tagfile *tf);
#endif
typedef struct t_nameinfo { // Header of name/data record (MI_NAME)
ulong offs; // Offset in module
uchar type; // Name/data type, one of NM_xxx/DT_xxx
} t_nameinfo;
typedef struct t_uddsave { // .udd file descriptor used by plugins
void *file; // .udd file
ulong uddprefix; // .udd tag prefix
} t_uddsave;
stdapi (int) Pluginsaverecord(t_uddsave *psave,ulong tag,
ulong size,void *data);
stdapi (int) Pluginpackedrecord(t_uddsave *psave,ulong tag,
ulong size,void *data);
stdapi (void) Pluginmodulechanged(ulong addr);
////////////////////////////////////////////////////////////////////////////////
/////////////////////////////// LEXICAL SCANNER ////////////////////////////////
#define SMODE_UPCASE 0x00000001 // Convert keywords to uppercase
#define SMODE_NOEOL 0x00000010 // Don't report SCAN_EOL, just skip it
#define SMODE_NOSPEC 0x00000020 // Don't translate specsymbols
#define SMODE_EXTKEY 0x00000040 // Allow &# and .!?%~ inside keywords
#define SMODE_NOUSKEY 0x00000080 // Underscore (_) is not part of keyword
#define SMODE_NODEC 0x00000100 // nn. is not decimal, but nn and '.'
#define SMODE_NOFLOAT 0x00000200 // nn.mm is not float, but nn, '.', mm
#define SMODE_RADIX10 0x00000400 // Default base is 10, not 16
#define SMODE_ANGLES 0x00000800 // Use angular brackets (<>) for text
#define SMODE_MASK 0x00001000 // Allow masked nibbles in SCAN_INT
#define SCAN_EOF 0 // End of data
#define SCAN_EOL 1 // End of line
#define SCAN_KEY 2 // Keyword in text
#define SCAN_TEXT 3 // Text string (without quotes) in text
#define SCAN_INT 4 // Integer in ival or uval
#define SCAN_FLOAT 5 // Floating-point number in fval
#define SCAN_OP 6 // Operator or punctuator in ival
#define SCAN_INVALID 7 // Invalid character in ival
#define SCAN_SYNTAX 8 // Syntactical error in errmsg
#define SCAN_USER 10 // Base for user-defined types
typedef struct t_scan { // Scan descriptor
// Fill these fields before the first scan. Set line to 1 for 1-based numbers.
ulong mode; // Scanning mode, set of SMODE_xxx
wchar_t *src; // Pointer to UNICODE source data
ulong length; // Length of source data, characters
ulong caret; // Next processed symbol, characters
int line; // Number of encountered EOLs
// Call to Scan() fills some of these fields with scan data.
union {
int ival; // Scanned item as integer number
ulong uval; // Scanned item as unsigned number
};
ulong mask; // Binary mask for uval, SCAN_INT only
long double fval; // Scanned item as floating number
wchar_t text[TEXTLEN]; // Scanned item as a text string
int ntext; // Length of text, characters
wchar_t errmsg[TEXTLEN]; // Error message
int type; // Type of last scanned item, SCAN_xxx
} t_scan;
stdapi (int) Skipspaces(t_scan *ps);
stdapi (void) Scan(t_scan *ps);
stdapi (int) Optostring(wchar_t *s,int op);
////////////////////////////////////////////////////////////////////////////////
///////////////////////// SHORTCUTS, MENUS AND TOOLBAR /////////////////////////
// Input modes of menu functions.
#define MENU_VERIFY 0 // Check if menu item applies
#define MENU_EXECUTE 1 // Execute menu item
// Values returned by menu functions on MENU_VERIFY.
#define MENU_ABSENT 0 // Item doesn't appear in menu
#define MENU_NORMAL 1 // Ordinary menu item
#define MENU_CHECKED 2 // Checked menu item
#define MENU_CHKPARENT 3 // Checked menu item + checked parent
#define MENU_GRAYED 4 // Inactive menu item
#define MENU_SHORTCUT 5 // Shortcut only, not in menu
// Values returned by menu functions on MENU_EXECUTE.
#define MENU_NOREDRAW 0 // Do not redraw owning window
#define MENU_REDRAW 1 // Redraw owning window
// Shortcut descriptions.
#define KK_KEYMASK 0x0000FFFF // Mask to extract key
#define KK_CHAR 0x00010000 // Process as WM_CHAR
#define KK_SHIFT 0x00020000 // Shortcut includes Shift key
#define KK_CTRL 0x00040000 // Shortcut includes Ctrl key
#define KK_ALT 0x00080000 // Shortcut includes Alt key
#define KK_WIN 0x00100000 // Shortcut includes WIN key
#define KK_NOSH 0x00200000 // Shortcut ignores Shift in main menu
#define KK_UNUSED 0x7FC00000 // Unused shortcut data bits
#define KK_DIRECT 0x80000000 // Direct shortcut in menu
// Global shortcuts. They may be re-used by plugins.
#define K_NONE 0 // No shortcut
// Global shortcuts: File functions.
#define K_OPENNEW 100 // Open new executable to debug
#define K_SETARGS 101 // Set command line args for next run
#define K_ATTACH 102 // Attach to the running process
#define K_DETACH 103 // Detach from the debugged process
#define K_EXIT 104 // Close OllyDbg
// Global shortcuts: View functions.
#define K_LOGWINDOW 110 // Open Log window
#define K_MODULES 111 // Open Executable modules window
#define K_MEMORY 112 // Open Memory map window
#define K_WINDOWS 113 // Open list of windows
#define K_THREADS 114 // Open Threads window
#define K_CPU 115 // Open CPU window
#define K_WATCHES 116 // Open Watches window
#define K_SEARCHES 117 // Open Search results window
#define K_RTRACE 118 // Open Run trace window
#define K_PATCHES 119 // Open Patches window
#define K_BPOINTS 120 // Open INT3 breakpoints window
#define K_BPMEM 121 // Open Memory breakpoints window
#define K_BPHARD 122 // Open Hardware breakpoints window
#define K_SOURCES 123 // Open list of source files
#define K_FILE 124 // Open file
// Global shortcuts: Debug functions.
#define K_RUN 130 // Run debugged application
#define K_RUNTHREAD 131 // Run only actual thread
#define K_PAUSE 132 // Pause debugged application
#define K_STEPIN 133 // Step into
#define K_STEPOVER 134 // Step over
#define K_TILLRET 135 // Execute till return
#define K_TILLUSER 136 // Execute till user code
#define K_CALLDLL 137 // Call DLL export
#define K_RESTART 138 // Restart last debugged executable
#define K_CLOSE 139 // Close debuggee
#define K_AFFINITY 140 // Set affinity
// Global shortcuts: Trace functions.
#define K_OPENTRACE 150 // Open Run trace
#define K_CLOSETRACE 151 // Close Run trace
#define K_ANIMIN 152 // Animate into
#define K_ANIMOVER 153 // Animate over
#define K_TRACEIN 154 // Trace into
#define K_TRACEOVER 155 // Trace over
#define K_RUNHIT 156 // Run hit trace
#define K_STOPHIT 157 // Stop hit trace
#define K_RTCOND 158 // Set run trace break condition
#define K_RTLOG 159 // Set run trace log condition
// Global shortcuts: Options.
#define K_OPTIONS 170 // Open Options dialog
#define K_SHORTCUTS 171 // Open Shortcut editor
// Global shortcuts: Windows functions.
#define K_TOPMOST 180 // Toggle topmost status of main window
#define K_CASCADE 181 // Cascade MDI windows
#define K_TILEHOR 182 // Tile MDI windows horizontally
#define K_TILEVER 183 // Tile MDI windows vertically
#define K_ICONS 184 // Arrange icons
#define K_CLOSEMDI 185 // Close all MDI windows
#define K_RESTORE 186 // Maximize or restore active MDI window
#define K_PREVMDI 187 // Go to previous MDI window
#define K_NEXTMDI 188 // Go to next MDI window
// Global shortcuts: Help functions.
#define K_ABOUT 190 // Open About dialog
// Generic table shortcuts.
#define K_PREVFRAME 200 // Go to previous frame in table
#define K_NEXTFRAME 201 // Go to next frame in table
#define K_ACTUALIZE 202 // Actualize table
#define K_COPY 203 // Copy to clipboard
#define K_COPYALL 204 // Copy whole table to clipboard
#define K_CUT 205 // Cut to clipboard
#define K_PASTE 206 // Paste
#define K_TOPMOSTMDI 207 // Make MDI window topmost
#define K_AUTOUPDATE 208 // Periodically update contents of window
#define K_SHOWBAR 209 // Show/hide bar
#define K_HSCROLL 210 // Show/hide horizontal scroll
#define K_DEFCOLUMNS 211 // Resize all columns to default width
// Shortcuts used by different windows.
#define K_SEARCHAGAIN 220 // Repeat last search
#define K_SEARCHREV 221 // Repeat search in inverse direction
// Dump: Data backup.
#define K_BACKUP 240 // Create or update backup
#define K_SHOWBKUP 241 // Toggle backup display
// Dump: Edit.
#define K_UNDO 250 // Undo selection
#define K_COPYADDR 251 // Copy address
#define K_COPYHEX 252 // Copy data in hexadecimal format
#define K_PASTEHEX 253 // Paste data in hexadecimal format
#define K_EDITITEM 254 // Edit first selected item
#define K_EDIT 255 // Edit selection
#define K_FILLZERO 256 // Fill selection with zeros
#define K_FILLNOP 257 // Fill selection with NOPs
#define K_FILLFF 258 // Fill selection with FF code
#define K_SELECTALL 259 // Select all
#define K_SELECTPROC 260 // Select procedure or structure
#define K_COPYTOEXE 261 // Copy selection to executable file
#define K_ZERODUMP 262 // Zero whole dump
#define K_LABEL 263 // Add custom label
#define K_ASSEMBLE 264 // Assemble
#define K_COMMENT 265 // Add custom comment
#define K_SAVEFILE 266 // Save file
// Dump: Breakpoints.
#define K_BREAK 280 // Toggle simple INT3 breakpoint
#define K_CONDBREAK 281 // Set or edit cond INT3 breakpoint
#define K_LOGBREAK 282 // Set or edit logging INT3 breakpoint
#define K_RUNTOSEL 283 // Run to selection
#define K_ENABLEBRK 284 // Enable or disable INT3 breakpoint
#define K_MEMBREAK 285 // Set or edit memory breakpoint
#define K_MEMLOGBREAK 286 // Set or edit memory log breakpoint
#define K_MEMENABLE 287 // Enable or disable memory breakpoint
#define K_MEMDEL 288 // Delete memory breakpoint
#define K_HWBREAK 289 // Set or edit hardware breakpoint
#define K_HWLOGBREAK 290 // Set or edit hardware log breakpoint
#define K_HWENABLE 291 // Enable or disable hardware breakpoint
#define K_HWDEL 292 // Delete hardware breakpoint
// Dump: Jumps to location.
#define K_NEWORIGIN 300 // Set new origin
#define K_FOLLOWDASM 301 // Follow address in Disassembler
#define K_ORIGIN 302 // Go to origin
#define K_GOTO 303 // Go to expression
#define K_JMPTOSEL 304 // Follow jump or call to selection
#define K_SWITCHCASE 305 // Go to switch case
#define K_PREVHIST 306 // Go to previous history location
#define K_NEXTHIST 307 // Go to next history location
#define K_PREVTRACE 308 // Go to previous run trace record
#define K_NEXTTRACE 309 // Go to next run trace record
#define K_PREVPROC 310 // Go to previous procedure
#define K_NEXTPROC 311 // Go to next procedure
#define K_PREVREF 312 // Go to previous found item
#define K_NEXTREF 313 // Go to next found item
#define K_FOLLOWEXE 314 // Follow selection in executable file
// Dump: Structures.
#define K_DECODESTR 330 // Decode as structure
#define K_DECODESPTR 331 // Decode as pointer to structure
// Dump: Search.
#define K_NAMES 380 // Show list of names
#define K_FINDCMD 381 // Find command
#define K_FINDCMDSEQ 382 // Find sequence of commands
#define K_FINDCONST 383 // Find constant
#define K_FINDBIN 384 // Find binary string
#define K_FINDMOD 385 // Find modification
#define K_ALLCALLS 386 // Search for all intermodular calls
#define K_ALLCMDS 387 // Search for all commands
#define K_ALLCMDSEQ 388 // Search for all command sequences
#define K_ALLCONST 389 // Search for all constants
#define K_ALLMODS 390 // Search for all modifications
#define K_ALLSTRS 391 // Search for all referenced strings
#define K_ALLGUIDS 392 // Search for all referenced GUIDs
#define K_ALLCOMMENTS 393 // Search for all user-defined comments
#define K_ALLSWITCHES 394 // Search for all switches
#define K_ALLFLOATS 395 // Search for all floating constants
#define K_LASTRTREC 396 // Find last record in run trace
// Dump: References.
#define K_REFERENCES 410 // Find all references
// Dump: Addressing.
#define K_ABSADDR 420 // Show absolute addresses
#define K_RELADDR 421 // Show offsets from current selection
#define K_BASEADDR 422 // Show offsets relative to module base
// Dump: Comments.
#define K_COMMSRC 430 // Toggle between comments and source
#define K_SHOWPROF 431 // Show or hide run trace profile
// Dump: Analysis.
#define K_ANALYSE 440 // Analyse module
#define K_REMANAL 441 // Remove analysis from selection
#define K_REMANMOD 442 // Remove analysis from the module
// Dump: Help.
#define K_HELPCMD 450 // Help on command
#define K_HELPAPI 451 // Help on Windows API function
// Dump: Data presentation.
#define K_DUMPHA16 460 // Dump as 16 hex bytes and ASCII text
#define K_DUMPHA8 461 // Dump as 8 hex bytes and ASCII text
#define K_DUMPHU16 462 // Dump as 16 hex bytes and UNICODE text
#define K_DUMPHU8 463 // Dump as 8 hex bytes and UNICODE text
#define K_DUMPA64 464 // Dump as 64 ASCII characters
#define K_DUMPA32 465 // Dump as 32 ASCII characters
#define K_DUMPU64 466 // Dump as 64 UNICODE characters
#define K_DUMPU32 467 // Dump as 32 UNICODE characters
#define K_DUMPU16 468 // Dump as 16 UNICODE characters
#define K_DUMPISHORT 469 // Dump as 16-bit signed numbers
#define K_DUMPUSHORT 470 // Dump as 16-bit unsigned numbers
#define K_DUMPXSHORT 471 // Dump as 16-bit hexadecimal numbers
#define K_DUMPILONG 472 // Dump as 32-bit signed numbers
#define K_DUMPULONG 473 // Dump as 32-bit unsigned numbers
#define K_DUMPXLONG 474 // Dump as 32-bit hexadecimal numbers
#define K_DUMPADR 475 // Dump as address with comments
#define K_DUMPADRA 476 // Dump as address with ASCII & comments
#define K_DUMPADRU 477 // Dump as address with UNICODE & comms
#define K_DUMPF32 478 // Dump as 32-bit floats
#define K_DUMPF64 479 // Dump as 64-bit floats
#define K_DUMPF80 480 // Dump as 80-bit floats
#define K_DUMPDA 481 // Dump as disassembly
#define K_DUMPSTRUCT 482 // Dump as known structure
// Stack-specific shortcuts.
#define K_LOCKSTK 490 // Toggle stack lock
#define K_PUSH 491 // Push doubleword
#define K_POP 492 // Pop doubleword
#define K_STACKINDASM 493 // Follow stack doubleword in CPU
#define K_GOTOESP 494 // Go to ESP
#define K_GOTOEBP 495 // Go to EBP
#define K_ESPADDR 496 // Show offsets relative to ESP
#define K_EBPADDR 497 // Show offsets relative to EBP
// Shortcuts of Register pane.
#define K_INCREMENT 500 // Increment register
#define K_DECREMENT 501 // Decrement register
#define K_ZERO 502 // Zero selected register
#define K_SET1 503 // Set register to 1
#define K_MODIFY 504 // Modify contents of register
#define K_UNDOREG 505
#define K_PUSHFPU 506 // Push FPU stack
#define K_POPFPU 507 // Pop FPU stack
#define K_REGINDASM 508 // Follow register in CPU Disassembler
#define K_REGINDUMP 509 // Follow register in CPU Dump
#define K_REGINSTACK 510 // Follow register in CPU Stack
#define K_VIEWFPU 511 // View FPU registers
#define K_VIEWMMX 512 // View MMX registers
#define K_VIEW3DNOW 513 // View 3DNow! registers
#define K_HELPREG 514 // Help on register
// Shortcuts of Information pane.
#define K_EDITOP 520 // Edit contents of operand in info pane
#define K_INFOINDASM 521 // Follow information in CPU Disassembler
#define K_INFOINDUMP 522 // Follow information in CPU Dump
#define K_INFOINSTACK 523 // Follow information in CPU Stack
#define K_LISTJUMPS 524 // List jumps and calls to command
#define K_LISTCASES 525 // List switch cases
#define K_INFOSRC 526 // Follow address in Source code
// Log window.
#define K_LOGINDASM 530 // Follow log address in CPU Disassembler
#define K_LOGINDUMP 531 // Follow log address in CPU Dump
#define K_LOGINSTACK 532 // Follow log address in CPU Stack
#define K_LOGCLEAR 533 // Clear log
#define K_LOGTOFILE 534 // Start logging to file
#define K_STOPLOG 535 // Stop logging to file
// Executable modules.
#define K_MODINDASM 540 // Follow module entry point in CPU
#define K_MODDATA 541 // View module data section in CPU Dump
#define K_MODEXE 542 // Open executable in standalone Dump
#define K_MODNAMES 543 // Show names declared in the module
#define K_GLOBNAMES 544 // Show global list of names
#define K_MODCALLS 545 // Find intermodular calls in module
#define K_MODANALYSE 546 // Analyse selected module
#define K_SAVEUDD 547 // Save module data to .udd file
#define K_LOADUDD 548 // Load module data from .udd file
// Memory map.
#define K_MEMBACKUP 550 // Create backup of memory block
#define K_MEMINDASM 551 // Open memory block in CPU Disassembler
#define K_MEMINDUMP 552 // Open memory block in CPU Dump
#define K_DUMP 553 // Dump memory block in separate window
#define K_SEARCHMEM 554 // Search memory block for binary string
#define K_MEMBPACCESS 555 // Toggle break on access
// List of windows.
#define K_WININDASM 560 // Follow WinProc in CPU Disassembler
#define K_CLSINDASM 561 // Follow ClassProc in CPU Disassembler
// Threads.
#define K_THRINCPU 570 // Open thread in CPU window
#define K_THRTIB 571 // Dump Thread Information Block
#define K_REGISTERS 572 // Open Registers window
#define K_THRSUSPEND 573 // Suspend selected thread
#define K_THRRESUME 574 // Resume selected thread
#define K_THRKILL 575 // Kill selected thread
// Watches.
#define K_ADDWATCH 580 // Add watch
#define K_EDITWATCH 581 // Edit existing watch
#define K_DELWATCH 582 // Delete watch
#define K_WATCHUP 583 // Move watch up
#define K_WATCHDN 584 // Move watch down
#define K_EDITCONT 585 // Edit contents of register or memory
#define K_WATCHINDASM 586 // Follow watch value in CPU Disassembler
#define K_WATCHINDUMP 587 // Follow watch value in CPU Dump
#define K_WATCHINSTACK 588 // Follow watch value in CPU Stack
// Search results.
#define K_SEARCHINDASM 600 // Follow address of found item in CPU
#define K_PREVSEARCH 601 // Follow previous found item in Disasm
#define K_NEXTSEARCH 602 // Follow next found item in Disasm
#define K_FINDTEXT 603 // Find text substring in search results
#define K_BREAKALL 604 // Set breakpoint on all found commands
#define K_CONDBPALL 605 // Set conditional bp on all commands
#define K_LOGBPALL 606 // Set logging bp on all commands
#define K_DELBPALL 607 // Remove breakpoints from all commands
#define K_BREAKCALLS 608 // Set break on calls to function
#define K_CONDBPCALLS 609 // Set cond break on calls to function
#define K_LOGBPCALLS 610 // Set logging break on calls to function
#define K_DELBPCALLS 611 // Remove breakpoints from calls
// Run trace.
#define K_RTPREV 620 // Show previous run trace in Disasm
#define K_RTNEXT 621 // Show next run trace in Disasm
#define K_TRACEINDASM 622 // Follow traced command in CPU
#define K_CLRTRACE 623 // Clear run trace
#define K_REGMODE 624 // Toggle register display mode
#define K_MARKTRACE 625 // Mark address in run trace
#define K_FINDTRADDR 626 // Enter address to mark in run trace
#define K_PREVMARK 627 // Find previous marked address
#define K_NEXTMARK 628 // Find next marked address
#define K_CLEARMARK 629 // Clear address marks in run trace
#define K_PROFILE 630 // Profile selected module
#define K_GLOBPROFILE 631 // Profile whole memory
#define K_SAVETRACE 632 // Save run trace data to the file
#define K_STOPSAVETR 633 // Close run trace log file
// Profile.
#define K_PROFINDASM 640 // Follow profiled command in CPU
#define K_PREVPROF 641 // Follow previous profile item in Disasm
#define K_NEXTPROF 642 // Follow next profile item in Disasm
#define K_PROFMARK 643 // Mark profile address in run trace
// Patches.
#define K_PATCHINDASM 650 // Follow patch in CPU Disassembler
#define K_PREVPATCH 651 // Go to previous patch
#define K_NEXTPATCH 652 // Go to next patch
#define K_APPLYPATCH 653 // Apply patch
#define K_RESTOREPT 654 // Restore original code
#define K_DELPATCH 655 // Delete patch record
// Breakpoint lists.
#define K_DELETEBP 660 // Delete breakpoint
#define K_ENABLEBP 661 // Enable or disable breakpoint
#define K_BPINDASM 662 // Follow breakpoint in CPU Disassembler
#define K_BPINDUMP 663 // Follow breakpoint in CPU Dump
#define K_DISABLEALLBP 664 // Disable all breakpoints
#define K_ENABLEALLBP 665 // Enable all breakpoints
// Source.
#define K_SOURCEINDASM 670 // Follow source line in CPU Disassembler
// List of source files.
#define K_VIEWSRC 680 // View source file
// Names.
#define K_FOLLOWIMP 690 // Follow import in CPU Disassembler
#define K_NAMEINDASM 691 // Follow label in CPU Disassembler
#define K_NAMEINDUMP 692 // Follow label in CPU Dump
#define K_NAMEREFS 693 // Find references to name
#define K_NAMEHELPAPI 694 // Help on selected API function
// Special non-changeable shortcuts.
#define K_0 1008 // Digit 0
#define K_1 1009 // Digit 1
#define K_2 1010 // Digit 2
#define K_3 1011 // Digit 3
#define K_4 1012 // Digit 4
#define K_5 1013 // Digit 5
#define K_6 1014 // Digit 6
#define K_7 1015 // Digit 7
#define K_8 1016 // Digit 8
#define K_9 1017 // Digit 9
#define K_A 1018 // Hex digit A
#define K_B 1019 // Hex digit B
#define K_C 1020 // Hex digit C
#define K_D 1021 // Hex digit D
#define K_E 1022 // Hex digit E
#define K_F 1023 // Hex digit F
// Native OllyDbg tables that support embedded plugin menus:
#define PWM_ATTACH L"ATTACH" // List of processes in Attach window
#define PWM_BPHARD L"BPHARD" // Hardware breakpoints
#define PWM_BPMEM L"BPMEM" // Memory breakpoints
#define PWM_BPOINT L"BPOINT" // INT3 breakpoints
#define PWM_DISASM L"DISASM" // CPU Disassembler pane
#define PWM_DUMP L"DUMP" // All dumps except CPU disasm & stack
#define PWM_INFO L"INFO" // CPU Info pane
#define PWM_LOG L"LOG" // Log window
#define PWM_MAIN L"MAIN" // Main OllyDbg menu
#define PWM_MEMORY L"MEMORY" // Memory window
#define PWM_MODULES L"MODULES" // Modules window
#define PWM_NAMELIST L"NAMELIST" // List of names (labels)
#define PWM_PATCHES L"PATCHES" // List of patches
#define PWM_PROFILE L"PROFILE" // Profile window
#define PWM_REGISTERS L"REGISTERS" // Registers, including CPU
#define PWM_SEARCH L"SEARCH" // Search tabs
#define PWM_SOURCE L"SOURCE" // Source code window
#define PWM_SRCLIST L"SRCLIST" // List of source files
#define PWM_STACK L"STACK" // CPU Stack pane
#define PWM_THREADS L"THREADS" // Threads window
#define PWM_TRACE L"TRACE" // Run trace window
#define PWM_WATCH L"WATCH" // Watches
#define PWM_WINDOWS L"WINDOWS" // List of windows
typedef int MENUFUNC(struct t_table *,wchar_t *,ulong,int);
typedef struct t_menu { // Menu descriptor
wchar_t *name; // Menu command
wchar_t *help; // Explanation of command
int shortcutid; // Shortcut identifier, K_xxx
MENUFUNC *menufunc; // Function that executes menu command
struct t_menu *submenu; // Pointer to descriptor of popup menu
union {
ulong index; // Argument passed to menu function
HMENU hsubmenu; // Handle of pulldown menu
};
} t_menu;
////////////////////////////////////////////////////////////////////////////////
///////////////////////////// MAIN OLLYDBG WINDOW //////////////////////////////
typedef enum t_status { // Thread/process status
STAT_IDLE, // No process to debug
STAT_LOADING, // Loading new process
STAT_ATTACHING, // Attaching to the running process
STAT_RUNNING, // All threads are running
STAT_RUNTHR, // Single thread is running
STAT_STEPIN, // Stepping into, single thread
STAT_STEPOVER, // Stepping over, single thread
STAT_ANIMIN, // Animating into, single thread
STAT_ANIMOVER, // Animating over, single thread
STAT_TRACEIN, // Tracing into, single thread
STAT_TRACEOVER, // Tracing over, single thread
STAT_SFXRUN, // SFX using run trace, single thread
STAT_SFXHIT, // SFX using hit trace, single thread
STAT_SFXKNOWN, // SFX to known entry, single thread
STAT_TILLRET, // Stepping until return, single thread
STAT_OVERRET, // Stepping over return, single thread
STAT_TILLUSER, // Stepping till user code, single thread
STAT_PAUSING, // Process is requested to pause
STAT_PAUSED, // Process paused on debugging event
STAT_FINISHED, // Process is terminated but in memory
STAT_CLOSING // Process is requested to close/detach
} t_status;
varapi (void) Info(wchar_t *format,...);
varapi (void) Message(ulong addr,wchar_t *format,...);
varapi (void) Tempinfo(wchar_t *format,...);
varapi (void) Flash(wchar_t *format,...);
varapi (void) Progress(int promille,wchar_t *format,...);
stdapi (void) Moveprogress(int promille);
stdapi (void) Setstatus(t_status newstatus);
////////////////////////////////////////////////////////////////////////////////
//////////////////////////////// DATA FUNCTIONS ////////////////////////////////
// Name and data types. Do not change order, it's important! Always keep values
// of demangled names 1 higher than originals, and NM_ALIAS higher than
// NM_EXPORT - name search routines rely on these facts!
#define NM_NONAME 0x00 // Means that name is absent
#define DT_NONE 0x00 // Ditto
#define NM_LABEL 0x21 // User-defined label
#define NM_EXPORT 0x22 // Exported name
#define NM_DEEXP (NM_EXPORT+1) // Demangled exported name
#define DT_EORD (NM_EXPORT+2) // Exported ordinal (ulong)
#define NM_ALIAS (NM_EXPORT+3) // Alias of NM_EXPORT
#define NM_IMPORT 0x26 // Imported name (module.function)
#define NM_DEIMP (NM_IMPORT+1) // Demangled imported name
#define DT_IORD (NM_IMPORT+2) // Imported ordinal (struct dt_iord)
#define NM_DEBUG 0x29 // Name from debug data
#define NM_DEDEBUG (NM_DEBUG+1) // Demangled name from debug data
#define NM_ANLABEL 0x2B // Name added by Analyser
#define NM_COMMENT 0x30 // User-defined comment
#define NM_ANALYSE 0x31 // Comment added by Analyser
#define NM_MARK 0x32 // Important parameter
#define NM_CALLED 0x33 // Name of called function
#define DT_ARG 0x34 // Name and type of argument or data
#define DT_NARG 0x35 // Guessed number of arguments at CALL
#define NM_RETTYPE 0x36 // Type of data returned in EAX
#define NM_MODCOMM 0x37 // Automatical module comments
#define NM_TRICK 0x38 // Parentheses of tricky sequences
#define DT_SWITCH 0x40 // Switch descriptor (struct dt_switch)
#define DT_CASE 0x41 // Case descriptor (struct dt_case)
#define NM_DLLPARMS 0x44 // Parameters of Call DLL dialog
#define DT_DLLDATA 0x45 // Parameters of Call DLL dialog
#define DT_DBGPROC 0x4A // t_function from debug, don't save!
#define NM_INT3BASE 0x51 // Base for INT3 breakpoint names
#define NM_INT3COND (NM_INT3BASE+0) // INT3 breakpoint condition
#define NM_INT3EXPR (NM_INT3BASE+1) // Expression to log at INT3 breakpoint
#define NM_INT3TYPE (NM_INT3BASE+2) // Type used to decode expression
#define NM_MEMBASE 0x54 // Base for memory breakpoint names
#define NM_MEMCOND (NM_MEMBASE+0) // Memory breakpoint condition
#define NM_MEMEXPR (NM_MEMBASE+1) // Expression to log at memory break
#define NM_MEMTYPE (NM_MEMBASE+2) // Type used to decode expression
#define NM_HARDBASE 0x57 // Base for hardware breakpoint names
#define NM_HARDCOND (NM_HARDBASE+0) // Hardware breakpoint condition
#define NM_HARDEXPR (NM_HARDBASE+1) // Expression to log at hardware break
#define NM_HARDTYPE (NM_HARDBASE+2) // Type used to decode expression
#define NM_LABELSAV 0x60 // NSTRINGS last user-defined labels
#define NM_ASMSAV 0x61 // NSTRINGS last assembled commands
#define NM_ASRCHSAV 0x62 // NSTRINGS last assemby searches
#define NM_COMMSAV 0x63 // NSTRINGS last user-defined comments
#define NM_WATCHSAV 0x64 // NSTRINGS last watch expressions
#define NM_GOTOSAV 0x65 // NSTRINGS last GOTO expressions
#define DT_BINSAV 0x66 // NSTRINGS last binary search patterns
#define NM_CONSTSAV 0x67 // NSTRINGS last constants to search
#define NM_STRSAV 0x68 // NSTRINGS last strings to search
#define NM_ARGSAV 0x69 // NSTRINGS last arguments (ARGLEN!)
#define NM_CURRSAV 0x6A // NSTRINGS last current dirs (MAXPATH!)
#define NM_SEQSAV 0x6F // NSTRINGS last sequences (DATALEN!)
#define NM_RTCOND1 0x70 // First run trace pause condition
#define NM_RTCOND2 0x71 // Second run trace pause condition
#define NM_RTCOND3 0x72 // Third run trace pause condition
#define NM_RTCOND4 0x73 // Fourth run trace pause condition
#define NM_RTCMD1 0x74 // First run trace match command
#define NM_RTCMD2 0x75 // Second run trace match command
#define NM_RANGE0 0x76 // Low range limit
#define NM_RANGE1 0x77 // High range limit
#define DT_ANYDATA 0xFF // Special marker, not a real data
#define NMOFS_COND 0 // Offset to breakpoint condition
#define NMOFS_EXPR 1 // Offset to breakpoint log expression
#define NMOFS_TYPE 2 // Offset to expression decoding type
typedef struct dt_iord { // Descriptor of DT_IORD data
ulong ord; // Ordinal
wchar_t modname[SHORTNAME]; // Short name of the module
} dt_iord;
#define NSWEXIT 256 // Max no. of switch exits, incl. default
#define NSWCASE 128 // Max no. of cases in exit
// Types of switches and switch exits.
#define CASE_CASCADED 0x00000001 // Cascaded IF
#define CASE_HUGE 0x00000002 // Huge switch, some cases are lost
#define CASE_DEFAULT 0x00000004 // Has default (is default for dt_case)
#define CASE_TYPEMASK 0x00000070 // Mask to extract case type
#define CASE_ASCII 0x00000010 // Intreprete cases as ASCII characters
#define CASE_MSG 0x00000020 // Interprete cases as WM_xxx
#define CASE_EXCPTN 0x00000040 // Interprete cases as exception codes
#define CASE_SIGNED 0x00000080 // Interprete cases as signed
typedef struct dt_switch { // Switch descriptor DT_SWITCH
ulong casemin; // Minimal case
ulong casemax; // Maximal case
ulong type; // Switch type, set of CASE_xxx
int nexit; // Number of exits including default
ulong exitaddr[NSWEXIT]; // List of exits (point to dt_case)