吾爱破解 - 52pojie.cn

 找回密码
 注册[Register]

QQ登录

只需一步,快速开始

查看: 25968|回复: 94
收起左侧

[Debuggers] NoLoVeR 新修改版PUBLIC...

  [复制链接]
微笑一刀 发表于 2009-4-25 22:06
被某人以断背威胁...吓死了.只能屈服在某人淫威之下发出来了.....
附加窗口滚轮操作方式改动,原来的好几多人不稀饭。。。
修改OD本身字符参考功能,使其支持中文,(其实OD本身的功能还是很“强饭”的)
其他的改动不大,大概就是标题,类名之类。
这个版本不会自动下载PDB,也不会自动加载(除非在同一个目录),上个版本好多人说卡。。。无语。。。
根据无PP无真相定律,放上个PP。

sshot-1.png


插件先加载,附加窗口支持鼠标滚轮,过Execryptor检测.库函数序号后置.复制粘贴BUG.关闭OD快捷键ALT+Q,设置环境变量可自动下载并加载PDB等等.
部分修改方法来自互联网.有一些修改已经不记得是取自哪里了...
修改了窗口标题.未修改类名,可以自行修改.或配合STRONGOD使用.

附件中包含部分自己提取的LIB文件.可以识别一些仅有序号而没有函数名的CALL或JMP

加载符号需设置环境变量.
设置环境变量名:_NT_SYMBOL_PATH
内容
SRV*F:\OllyDbg\Symbols*
http://msdl.microsoft.com/download/symbols  ;;F:\Ollydbg\Symbols根据需要自行修改.

当然也可以不设置环境变量加载PDB.不过需要用批处理或者在CMD窗口运行如下命令.
set _NT_SYMBOL_PATH=SRV*F:\Tools\Ollydbg\Symbols*
http://msdl.microsoft.com/download/symbols   ;;F:\Ollydbg\Symbols根据需要自行修改.
NoLoVeR.exe (根据需要自己修改OD的名字)

附件中的symchk.exe 是下载符号(PDB)用的,使用方法可以用symchk c:\windows\system32\*.dll 这种方式下载,未设置环境变量且为使用/s参数设置符号路径的时候将会自动使用默认路径SRV*%SYSTEMROOT%\SYMBOLS*
http://msdl.microsoft.com/download/symbols 即系统目录下的SYMBOLS目录.

SYMCHK.EXE使用说明

symchk [/r] [/q] [Input options] <Filename> [/s <SymbolPath>] [options]

<Filename>      Name of the file or directory that contains the executables
                to perform symbol checking on.

/s <SymbolPath> Semi-colon separated list of symbol paths.  Symbol server
                paths are allowed.  To retrieve symbols to a downstream
                store, use "SRV*<downstream store>*<symbol server>" for
                the symbol path.  See the debugger documentation for more
                details.

/r              Perform recursive operations on the <Filename> specified.  The
                wildcard * can be used in filenames.

/q              Turn off all output options by default. Only output turned on
                with a output flag (see below) will be printed

--------------------------------------------------------------------------------
* Input options (choose only one):
/if <Filename>       Input is a file name.  Wildcards can be used to specify
                     the file name. Default if nothing is specified.
/id <DumpFile>       Input is a dump file.
/ih <HotFix>         Input is a self-extracting Hotfix cab.
/ie <ExeName>        Input is an application name that is currently running.
                     If the provided ExeName is '*', all currently running
                     processes will be checked.
/im <ManifestList>   Input is a manifest previously created using the /om <file>
                     option.
/ip <;ProcessId>      Input is a process id. If the provided ProcessID is '*',
                     all currently running processes will be checked.
/it <TextFileList>   Input is a list of files, one per line, inside of a text
                     file.

--------------------------------------------------------------------------------
* Action options (choose only one):
/av  For each binary, Verify symbols exist and match.  Default.

--------------------------------------------------------------------------------
* Symbol checking options:
/cc  when symbol checking a hotfix cab, don't look for symbols inside the cab.
     By default, symchk will look for symbols in the cab as well as in the
     provided symbol path.
/cn  When symbol checking a running process, don't suspend that process.  User
     must ensure the process doesn't exit before symbol checking finishes.
/cs  Skip verifying that there is CodeView data. Symchk will verify that there
     IS codeview data by default.

- Symbol checking options for DBG information (choose one):
/ds  If image was built so that there is information that belongs in a DBG
     file, then this option verifies that the DBG information is stripped
     from the image and that the image points to a DBG file. Default.
/de  If image was built so that there is information that belongs in a DBG
     file, then this option verifies that the DBG information is STILL in the
     image and that the image does not point to a DBG file.
/dn  Verify that the image does not point to a DBG file and that DBG
     information is not in the image.

- Symbol checking options for PDB files:
/pa  Allow both public and private PDBs.  Default.
/pf  Verify that PDB files contain full source information.
/ps  Verify that PDB files are stripped and do not contain full source
     (private) information.
/pt  Verify that PDB files are stripped, but do have type information.  Some
     PDB files may be stripped but have type information added back in.

--------------------------------------------------------------------------------
* Symbol checking exclude options:
/ea <Filename>  Don't perform symbol checking for the binaries listed in the
                file specified.  <Filename> is a text file that contains the
                name of each binary, one per line.
/ee <Filename>  Perform symbol checking and report files that pass or are
                ignored, but don't report errors for binaries listed in the
                file specified.  <Filename> is a text file that contains the
                name of each binary, one per line.

--------------------------------------------------------------------------------
* Symbol path options:
/s[epsu]  <SymbolPath>  Use <SymbolPath> as the search path.

   NOTE: If the '/s' option is not used, SymChk defaults to using the value
         in %_NT_SYMBOL_PATH%. If %_NT_SYMBOL_PATH% is not defined, then SymChk
         will default to:
           SRV*%SYSTEMROOT%\SYMBOLS*
http://msdl.microsoft.com/download/symbols

* Modifiers (choose all that apply):
   e - check each path individually instead of checking all paths at once.
   p - force checking for private symbols.  Public symbols will be treated as
       not matching. (Implies the 'e' and 'u' modifiers.)
   s - force checking for public (split) symbols. Private symbols will be
       treated as not matching. (Implies the 'e' and 'u' modifiers.)
   u - force updating of downstream stores. If the symbol path includes a
       downstream store, always re-check the server for the symbol. Only
       stores that are checked against will be updated.
   NOTE: The 's' and 'p' options are mutually exclusive. Only the last one
         present will be used.

--------------------------------------------------------------------------------
* Output options (choose all that apply):
/ob       Give the full path for binaries in the output messages for symbol
          checking.
/oc[x[a]] <Directory>    Create a flat symbols tree in <Directory> which
          contains all matching symbols. If 'x' is also used, copy the matching
          binaries into <Directory> as well. If 'a' is also present, the binary
          will always be copied to the flat symbol tree even if symbol checking
          failed.
/od       List all details.  Same as /oe /op /oi
/oe       List individual errors.  Errors will be sent to the output by default.
          This option is only needed when using /q
/oi       List each file that is ignored.
/op       List each file that passes.
/os       Give the full path for symbols in the output messages for symbol
          checking.
/ot       Send totals to the output.  Totals are sent to the output by default.
          This option is only needed when using /q
/ov       Print version information for checked binaries as well.

- Extended output options:
/ol <File>     In addition to the messages sent to standard out, write a
               file that contains a comma separated list of all the
               binaries and their symbols that pass symbol checking.
/om <Manifest> Print out a manifest file for later use with the '/im' option.
/v             Turn on verbose output mode.
--------------------------------------------------------------------------------
* Module filtering options when checking processes or dump files (choose one):
/fm <Module>  Filter results to only include the named module.

--------------------------------------------------------------------------------
* Misc options
/port     Old usage to new usage quick porting table
--------------------------------------------------------------------------------

推荐配合海风的STRONGOD插件运行.:smoke
权限=10.
鉴于某些人不太喜欢附加窗口的滚轮操作方式,与自动加载PDB。。。
其他的改动不大,大概就是标题,类名之类。
这个版本不会自动下载PDB,也不会自动加载(除非在同一个目录),上个版本好多人说卡。。。无语。。。
根据无PP无真相定律,放上个PP。

NoLoVeR.rar

545.92 KB, 下载次数: 647, 下载积分: 吾爱币 -1 CB

发帖前要善用论坛搜索功能,那里可能会有你要找的答案或者已经有人发布过相同内容了,请勿重复发帖。

Hmily 发表于 2009-4-25 22:10
NN真坏,用断背威胁人家一刀.....[s:19]
Tale 发表于 2009-4-25 22:14
mycsy 发表于 2009-4-25 22:14
f00l 发表于 2009-4-25 22:15
俺不是断背T.T
freecat 发表于 2009-4-25 22:21
一刀的东东要支持一下De
419190390 发表于 2009-4-25 22:25
这个倒真是精品哦···超厉害啊 ··
419190390 发表于 2009-4-25 22:28
好东西花大钱啊 ·····花了11CB了····
estelle 发表于 2009-4-25 22:29
膜拜一个二刀有diy的id
zapline 发表于 2009-4-25 22:40
果然好东东
可以在VISTA下运行
您需要登录后才可以回帖 登录 | 注册[Register]

本版积分规则

返回列表

RSS订阅|小黑屋|处罚记录|联系我们|吾爱破解 - LCG - LSG ( 京ICP备16042023号 | 京公网安备 11010502030087号 )

GMT+8, 2024-12-27 14:42

Powered by Discuz!

Copyright © 2001-2020, Tencent Cloud.

快速回复 返回顶部 返回列表