由于大多数用的都是1.0版本的OD,所以,以下编写的是OLLYDBG1.0的插件
OllyDbg重命名插件编写
前置知识
日志窗口输出并关联指定地址 _Addtolist(指定地址,1,“字符串”);
反汇编 _Disasm
读取内存 _Readmemory
读取当前地址标签内容 _Findlabel
读取用户名输入的字符串 _Gettext
插件名称 _Insertname
函数模板
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
extern "C" __declspec(dllexport) cdecl int ODBG_Plugindata(char* shortname)
{
const char * pluginName = "插件名";
strcpy_s(shortname, strlen(pluginName) + 1, pluginName);
return PLUGIN_VERSION;
}
HWND g_hOllyDbg;
extern "C" __declspec(dllexport) cdecl int ODBG_Plugininit(int ollydbgversion, HWND hw, ulong *features)
{
if (ollydbgversion < PLUGIN_VERSION)
{
MessageBox(hw, "本插件不支持当前版本OD!", "MyFirstPlugin", MB_ICONERROR);
return -1;
}
g_hOllyDbg = hw;
return 0;
}
extern "C" __declspec(dllexport) cdecl int ODBG_Pluginmenu(int origin, TCHAR data[4096], VOID *item)
{
if (origin == PM_MAIN)
{
strcpy(data, "0&顶部菜单子菜单一,1&顶部菜单子菜单二");
}
if (origin == PM_DISASM)
{
strcpy(data, "鼠标右键主菜单{0&鼠标右键子菜单一,1&鼠标右键子菜单二}");
}
return 1;
}
extern "C" __declspec(dllexport) cdecl void ODBG_Pluginaction(int origin, int action, VOID *item)
{
if (origin == PM_MAIN)
{
if (action == 0)
{
MessageBoxA(g_hOllyDbg, "顶部菜单子菜单一", "点击了顶部子菜单一", MB_ICONINFORMATION);
}
if (action == 1)
{
MessageBoxA(g_hOllyDbg, "顶部菜单子菜单二", "点击了顶部子菜单二", MB_ICONINFORMATION);
}
}
if (origin == PM_DISASM)
{
if (action == 0)
{
MessageBoxA(g_hOllyDbg, "鼠标右键子菜单一", "点击了右键子菜单一", MB_ICONINFORMATION);
}
if (action == 1)
{
MessageBoxA(g_hOllyDbg, "鼠标右键子菜单二", "点击了右键子菜单二", MB_ICONINFORMATION);
}
}
}
|
VS设置
包含SDK文件
设置多字节
关闭SDL检查
或者也可以用安全版的函数
添加参数
至此就能编译成功
输出路径
为了方便查看
设置调试路径
把OD的绝对路径写入,这样就能够调试写的插件
调试启动时OD也会跟着启动,
如下,右击插件子菜单一
