MAPIMP Plugin version 0.6

Posted: December 22, 2009 in RE Tools

MAPIMP Plugin version 0.6
by takerZ/tPORt
mod by BoRoV/TSRh
2009

• What is it?
This is an OllyDbg plugin which will help you to import map files exported by IDA, Dede, IDR, Microsoft and Borland linkers

• Why?
There are many plugins using which you can perform similar actions, but mapimp:
– Recognizes debugged file segments and applies names correctly
– Has an option to overwrite or skip names that intersect already defined
– Has a filter option which gives you great name demangling potential
– Works fast (but who cares nowadays, right?)

Version info:
+ added
* fixed
– removed

0.6: ( by BoRoV )
* fixed a bug with files who not have extension (thanks to sendersu for the report)
* fixed a bug in autoimport feature
* added feature, double click in list with masks to edit selected mask

0.5:
+ added name demangling feature
+ now it is possible to choose whether to apply names to debugged module or
currently viewed module
* map file parsing routine was a hack and so rewriten. Should now support IDA,
DeDe, IDR, Microsoft and Borland (thanks to void and awerto for CodeGear tests)
linkers map files and handle names longer than 235 characters (string buffer is
now 1kb long)
* recompiled with pcre 8.0. See changelog at http://www.pcre.org/changelog.txt
* fixed a bug when mapimp broke import procedure when trying to import a name to a
module with less number of segments than the name’s segment addressed
* fixed a bug when OllyDbg crashed while displaying format containing names in the
progress bar
* fixed a bug with an accelerators when it was unable to check\uncheck checkboxes
using a mouse click. The winner of “The stupidest bug of a year” award
* fixed a bug in autoimport feature which made it search for the map file every
int3 break event including step over (thanks to 9999 for the report)
* fixed “Options” window look with Windows themes (thanks to BoRoV for the report)
* config file moved to plugins folder

0.4:
* fixed map file parsing routine. Now you can load some
structure-incorrect map files like those which Interactive Delphi
Reconstructor exports
* fixed a bug with global shortcuts. ODBG_Pluginshortcut callback
works reeeally weird. Now press Ctrl + Shift + I to import
and Ctrl + Shift + M to open options window

0.3:
+ added keyboard shortcuts
* fixed memory leak in mask_filter function
* fixed mask manager’s focus and selection behaviour
* fixed a bug when being closed “Options” window did not return focus
to OllyDbg’s main window if it temporarily lost activity
* now autoimport does not search for the map file until debugee changes
* code refactored

0.2:
+ added autoimport feature (thanks to Jupiter for the idea)
+ added “Edit” button for mask manager
* more informative regular expression error messages
* fixed a bug when mapimp did not make the “Options” window modal while
inputing masks. So if you closed the options window with active input
box it caused a deadlock
* some interface changes

0.1:
+ first release

Download here
Change to mapimp06.7z!!

Best Regards
m4n0w4r

Comments
  1. kienmanowar says:

    Version 0.7 is out.

    – removed “Add, “Edit” and “Delete” buttons and implemented context menu for mask

    manager

    – now it is possible to save/load mask list alone. Availible from context menu and

    with key shortcuts Ctrl + S/Ctrl + L for “save” and “load” operations respectively

    (thanks to Jupiter for the idea)

    – fixed a bug in mask_filter function. Local buffers were too short to hold

    some names’ parts. That caused stack corruption and thus crash

    – pcre library updated to 8.01. See http://www.pcre.org/changelog.txt

    – recompiled pcre with PCRE_MATCH_LIMIT set to MAXBUFLEN which default value of

    10000000 or something like that caused a deadlock while using assertions, strong

    quantifiers like * and so on. Now all regular expressions seem to be working ok

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.