nezumi-lab
February 16th, 2009, 18:17
oh, not again… I got so many letters “how to build Olly plug-ins with MS VC?“. so many too decide to answer here. (feel free to skip this post if you’re experienced enough). this is going to be step-by-step guide. and the first step is…
1) go to http://www.ollydbg.de/ ("http://www.ollydbg.de/") and download PDK 1.10 ("http://www.ollydbg.de/plug110.zip")
2) unpack it and see. there are Plugins.hlp (documentation, but who read documentation after all?), Plugin.h (include file with all definitions); Ollydbg.def (def file for linker), Bookmark.c/Cmdexec.c/Command.c - source code of a few simple plug-ins we’re going to build; cmdline.rtf - documentation for Cmdexec.c plug-in; there is also /VC50 folder. open it and see VC-related stuff: OLLYDBG.LIB - library file for linker, *.mak and *.ds? files for make and Visual Studio. but we’re going to build plug-ins with our hands, so… what do we need?!
3) we need: OLLYDBG.LIB, OLLYDBG.DEF and PLUGIN.H. this is all!
4) let’s try to build Bookmark.c from pure command line!
5) type: “CL.EXE /LD Bookmark.c Ollydbg.lib“, where /LD - key to make DLL (as we know plug-ins are DLLs), Bookmark.c - name of plug-in to build, Ollydbg.lib - library (it should be in current directory or any directory listed in “LIB” environment variable (type “SET LIB” to see your list of LIBs dir); PLUGIN.H should be located in the current directory (you can move it to any system include directory, just type “SET INCLUDE” to see the list);
6) ok, all system are go. we’re pressing enter, and… ops!!! PLUGIN.h wants us to specify /J key (to force compiler to use unsigned char, instead of signed char by default);
7) updated command line looks like: “CL.EXE /LD /J Bookmark.c Ollydbg.lib“, we’re pressing enter and…
8) …endless list of errors of 32 unresolved externals symbols. why?!
9) the answer is: OLLYDBG.LIB is incorrect!!! ok, we have DEF file, so no problem to create the new one;
10) “lib.exe /DEF:Ollydbg.def” (lib.exe comes with Microsoft Visual C++);
11) ok, we have a new Ollydbg.lib. lets try to build the source again… what?! the same errors!!!
12) well, DEF file is wrong and has to be fixed. open it with any text editor and replace all “_” by “”, save changes and exit (of course, we’re supposed to remove only “_” prefixes, do not touching “_” symbols in the middle of functions, but we’re lucky and there is no function with “_” in the middle);
13) run “lib.exe /DEF:Ollydbg.def” again;
14) try to build the source once more: “CL.EXE /LD /J Bookmark.c Ollydbg.lib”
15) fatal error LNK1120: 8 unresolved externals
16) well, 8 is less than 32, so the progress is good and fixed .lib-file is working, but… something is still broken, but… look at names of the unresolved symbols!!!!
17) __imp__DefMDIChildProcA@16, __imp__MessageBoxA@16, __imp__CreatePopupMenu@0…
18) they’re obliviously belong to USER32.lib! so, just add USER32.lib to our command line!!!
19) the final (we hope so) try look like: “cl.exe /J /DL Bookmark.c Ollydbg.lib USER32.lib” <ENTER>
20) wow!!! it was built without any single error or warning!!! we’re very happy!!!
21) copy the fresh Bookmark.dll to Olly’ Plug-in directory and check how good (bad) it is!
22) btw, don’t forget about optimization!!! “cl.exe /Ox /J /DL Bookmark.c Ollydbg.lib USER32.lib“, where /Ox means - max. optimization (of course, feel free to use other compiler keys, whatever you want!!!)
you can download ("http://nezumi-lab.org/ffh/OllyLib.zip") fixed version of Ollydbg.lib/Ollydbg.def. I tested it with Microsoft Visual Studio 6.0 and it works fine.
http://nezumi-lab.org/blog/?p=151
1) go to http://www.ollydbg.de/ ("http://www.ollydbg.de/") and download PDK 1.10 ("http://www.ollydbg.de/plug110.zip")
2) unpack it and see. there are Plugins.hlp (documentation, but who read documentation after all?), Plugin.h (include file with all definitions); Ollydbg.def (def file for linker), Bookmark.c/Cmdexec.c/Command.c - source code of a few simple plug-ins we’re going to build; cmdline.rtf - documentation for Cmdexec.c plug-in; there is also /VC50 folder. open it and see VC-related stuff: OLLYDBG.LIB - library file for linker, *.mak and *.ds? files for make and Visual Studio. but we’re going to build plug-ins with our hands, so… what do we need?!
3) we need: OLLYDBG.LIB, OLLYDBG.DEF and PLUGIN.H. this is all!
4) let’s try to build Bookmark.c from pure command line!
5) type: “CL.EXE /LD Bookmark.c Ollydbg.lib“, where /LD - key to make DLL (as we know plug-ins are DLLs), Bookmark.c - name of plug-in to build, Ollydbg.lib - library (it should be in current directory or any directory listed in “LIB” environment variable (type “SET LIB” to see your list of LIBs dir); PLUGIN.H should be located in the current directory (you can move it to any system include directory, just type “SET INCLUDE” to see the list);
6) ok, all system are go. we’re pressing enter, and… ops!!! PLUGIN.h wants us to specify /J key (to force compiler to use unsigned char, instead of signed char by default);
7) updated command line looks like: “CL.EXE /LD /J Bookmark.c Ollydbg.lib“, we’re pressing enter and…
8) …endless list of errors of 32 unresolved externals symbols. why?!
9) the answer is: OLLYDBG.LIB is incorrect!!! ok, we have DEF file, so no problem to create the new one;
10) “lib.exe /DEF:Ollydbg.def” (lib.exe comes with Microsoft Visual C++);
11) ok, we have a new Ollydbg.lib. lets try to build the source again… what?! the same errors!!!
12) well, DEF file is wrong and has to be fixed. open it with any text editor and replace all “_” by “”, save changes and exit (of course, we’re supposed to remove only “_” prefixes, do not touching “_” symbols in the middle of functions, but we’re lucky and there is no function with “_” in the middle);
13) run “lib.exe /DEF:Ollydbg.def” again;
14) try to build the source once more: “CL.EXE /LD /J Bookmark.c Ollydbg.lib”
15) fatal error LNK1120: 8 unresolved externals
16) well, 8 is less than 32, so the progress is good and fixed .lib-file is working, but… something is still broken, but… look at names of the unresolved symbols!!!!
17) __imp__DefMDIChildProcA@16, __imp__MessageBoxA@16, __imp__CreatePopupMenu@0…
18) they’re obliviously belong to USER32.lib! so, just add USER32.lib to our command line!!!
19) the final (we hope so) try look like: “cl.exe /J /DL Bookmark.c Ollydbg.lib USER32.lib” <ENTER>
20) wow!!! it was built without any single error or warning!!! we’re very happy!!!
21) copy the fresh Bookmark.dll to Olly’ Plug-in directory and check how good (bad) it is!
22) btw, don’t forget about optimization!!! “cl.exe /Ox /J /DL Bookmark.c Ollydbg.lib USER32.lib“, where /Ox means - max. optimization (of course, feel free to use other compiler keys, whatever you want!!!)
you can download ("http://nezumi-lab.org/ffh/OllyLib.zip") fixed version of Ollydbg.lib/Ollydbg.def. I tested it with Microsoft Visual Studio 6.0 and it works fine.
http://nezumi-lab.org/blog/?p=151