Hi everyone! I just wrote a quick OllyDbg 1.x plugin and I wanted to share it. If you don’t know what that means, read my other article instead at the Buguroo Blog which has a more detailed explanation on what it is and how to use it. This post is more about why I wrote it and how it works.
Anyway. After a conversation on Twitter about how it’s becoming increasingly harder to find the venerable WIN32.HLP file – and how it was becoming ever more outdated, I came to realize I didn’t know of any OllyDbg plugin to use the more modern and up to date MSDN documentation. I asked around and no one else seems to have written such a plugin, so I wrote my own.
It’s sort of a dirty hack – in general there’s no easy way of overriding existing features in Olly, the plugin API is rather meant to add new functionality. So after messing about with it for a while I came up with an easy hack – the plugin just hooks the WinHelp() API call to detect when WIN32.HLP is about to be opened, and launches the default web browser instead. Any other help file is launched normally.
The next step would be to search the MSDN looking for the API call the user requested. Then again, a quick hack came to the rescue đŸ™‚ since instead of figuring out how to perform MSDN searches it was much easier to just use a Google search with the “I Feel Lucky” button. You can find out more here about the unofficial Google Search API.
The plugin is also compatible with the newer Immunity Debugger which is based in OllyDbg, and was tested on both.
To install, just copy the DLL file in the plugins folder (by default is the same where the main EXE lives). You do need to have set the win32.hlp file in the configuration at some point (so Olly actually tries to open it, otherwise the plugin never finds out). It doesn’t need to be the real file though, any file named “win32.hlp” will do the trick, even if it’s 0 bytes long. đŸ™‚
Enjoy!
Breaking Code 
didn’t worked tried as ypu told ..nothing appear
Comment by Darkwarrior86 — November 11, 2012 @ 5:58 am
Hi Darkwarrion86, I’d like to know in what setup you tried it so I can reproduce the problem. What version of Windows do you have? Is it OllyDbg or ImmDbg and which version? What’s your default browser?
Comment by Mario Vilas — November 11, 2012 @ 12:17 pm
Doesn’t work here as well. Win8 x64, OllyDbg 2.01h and Firefox 19 beta. OllyDbg still opens the win32.hlp file…
Comment by Trakuna — January 17, 2013 @ 7:11 pm
Maybe they changed something in OllyDbg 2, AFAIK it didn’t support plugins back when I wrote this. I’ll try and see how it can be fixed, thanks!
Comment by Mario Vilas — January 18, 2013 @ 12:32 pm
The difference seems to be that the plugin is not loading, probably because the API interface has been changed significantly, according to the web site. I’ll have to study the new API and see if a plugin can be made that works both for the old and the new version…
Comment by Mario Vilas — January 18, 2013 @ 3:29 pm