Multiline Ultimate Assembler v2.3

Multiline Ultimate Assembler v2.3 is out.

x64_dbg support

Starting from version 2.3, the Multiline Ultimate Assembler plugin supports the x64_dbg debugger in addition to OllyDbg and Immunity Debugger.

x64_dbg is a relatively new project, and thus not all features could be implemented for it. For example, the option to disassemble external code is not available, as the debugger doesn’t expose this information.

Despite of the limitations, x64_dbg evolves quickly, and is already usable for many tasks. It can be extremely useful for 64-bit targets, as the more mature OllyDbg can only handle 32-bit executables at the moment.

Multiline comments

It’s possible to use the COMMENT directive to define a comment which consists of multiple lines, using the MASM syntax:

COMMENT delimiter [[text]]
[[text]]
[[text]] delimiter [[text]]

Other changes

In addition to the above, v2.3 adds drag and drop support to the editor, and fixes a couple of minor bugs.

P.S. The text editor component, RAEdit, was originally written in 32-bit x86 assembly. If you’re wondering how it was ported to 64-bit, refer to the post C as a portable assembly: porting RAEdit to 64-bit.

Posted in Software, Updates on September 4th, 2014. No Comments.

Multiline Ultimate Assembler v2.2

Multiline Ultimate Assembler v2.2 is out.
What’s new:

Added the ability to specify block end address

You can now specify the end address of a block, which the code shouldn’t exceed.
Read More…

Posted in Software, Updates on March 16th, 2014. 4 Comments.

Multiline Ultimate Assembler Library

This article was written by Mr. eXoDia about the usefulness of the Multiline Ultimate Assembler Library, which is a (dis)assembler library with similar functionality to the Multiline Ultimate Assembler OllyDbg plugin.
Kudos to him!

The Multiline Ultimate Assembler Library
zip Multiline Ultimate Assembler library.zip (525.6 kB)

Article files (with the library included)
zip multi_asm_lib_test.zip (116.81 kB)

Alright, so what’s the use of the Multiline Ultimate Assembler Library? In my case it was useful as backend for a ‘generic’ API hooking tool. The tool was used to hook various APIs to prevent CRC checks and then the idea was to hook an API (VirtualProtect for example) that was accessed just before the OEP of the protected file was reached.
In our case we will not deal with a real protector, but just with a simple file that mimics a protector. Our protected file must have VirtualProtect in the import table.
Read More…

Posted in Reverse Engineering on September 26th, 2013. 10 Comments.

Multiline Ultimate Assembler v2.1

Multiline Ultimate Assembler v2.1 extends the syntax of RVA addresses:

  • Explicit base address.
    e.g.: PUSH $(00400000).1000
  • Short syntax for block addresses.
    e.g.: <$$1000>
  • Fix: Module names are no longer case-sensitive.

Read More…

Posted in Software, Updates on October 24th, 2012. 1 Comment.

Multiline Ultimate Assembler v2.0

Multiline Ultimate Assembler (previously known as MUltimate Assembler) v2.0 is out.

A new name
The plugin is called Multiline Ultimate Assembler now. I never liked the old name, MUltimate Assembler. It could easily be misread as Multi-Mate, while the intention is Multiline-Ultimate.

Note: if you update from an older version, change the section name in ollydbg.ini from “MUltimate Assembler” to “Multiline Ultimate Assembler” to keep the plugin’s optiosn.

An OllyDbg v2 port
The plugin was ported to OllyDbg v2.
Currently there’s one known issue: the data commands (DB, DW, DD, etc.) aren’t supported by the new OllyDbg’s assembler, so you cannot use them.

A help file
I’ve written a help file, which explains the assembler syntax, the editor interface, and the plugin’s options. It should make it easier to get started with the plugin.

Posted in Software, Updates on October 17th, 2012. No Comments.

MUltimate Assembler v1.7

Meet MUltimate Assembler v1.7!
New in this version:

RVA (relative virtual) addresses
Read More…

Posted in Software, Updates on August 9th, 2012. 1 Comment.

MUltimate Assembler v1.6

MUltimate Assembler (the OllyDbg plugin) v1.6 is out.

A small release with basically one new option: You can choose how the plugin generates new labels.

Also, this release includes a version for Immunity Debugger.

Posted in Software, Updates on December 3rd, 2011. 2 Comments.

MUltimate Assembler v1.5

MUltimate Assembler (the OllyDbg plugin) v1.5 is out!
New in this release:

Anonymous labels
You can now use anonymous labels, which are defined as ‘@@’ and are referenced to as @b (or @r) for the preceding label and @f for the following label.

Example:

	JMP SHORT @f
	NOP ; skip it

@@:
	JMP SHORT @b ; (or @r) an infinite loop

Saving to and loading from files
Read More…

Posted in Software, Updates on September 28th, 2011. No Comments.

MUltimate Assembler v1.4

MUltimate Assembler (the OllyDbg plugin) v1.4 is available!
This version adds some useful features to the tab control.
Read More…

Posted in Software, Updates on May 22nd, 2011. No Comments.

MUltimate Assembler v1.3

MUltimate Assembler (the OllyDbg plugin) is updated to version 1.3, with a new option of choosing how to disassemble hexadecimal numbers:

Also in this version:
– Fixed a crash when writing labels and comments.
– The asm files path can be set in the configuration file.

Posted in Software, Updates on January 27th, 2011. No Comments.