Multiline Ultimate Assembler v2.3 is out.
x64_dbg support
Starting from version 2.3, the Multiline Ultimate Assembler plugin supports the x64_dbg debugger in addition to OllyDbg and Immunity Debugger.
x64_dbg is a relatively new project, and thus not all features could be implemented for it. For example, the option to disassemble external code is not available, as the debugger doesn’t expose this information.
Despite of the limitations, x64_dbg evolves quickly, and is already usable for many tasks. It can be extremely useful for 64-bit targets, as the more mature OllyDbg can only handle 32-bit executables at the moment.
Multiline comments
It’s possible to use the COMMENT directive to define a comment which consists of multiple lines, using the MASM syntax:
COMMENT delimiter [[text]]
[[text]]
[[text]] delimiter [[text]]
Other changes
In addition to the above, v2.3 adds drag and drop support to the editor, and fixes a couple of minor bugs.
P.S. The text editor component, RAEdit, was originally written in 32-bit x86 assembly. If you’re wondering how it was ported to 64-bit, refer to the post C as a portable assembly: porting RAEdit to 64-bit.
Posted in
Software,
Updates on September 4th, 2014.
No Comments.
Multiline Ultimate Assembler v2.2 is out.
What’s new:
Added the ability to specify block end address
You can now specify the end address of a block, which the code shouldn’t exceed.
Read More…
Posted in
Software,
Updates on March 16th, 2014.
4 Comments.
This article was written by Mr. eXoDia about the usefulness of the Multiline Ultimate Assembler Library, which is a (dis)assembler library with similar functionality to the Multiline Ultimate Assembler OllyDbg plugin.
Kudos to him!
The Multiline Ultimate Assembler Library
Multiline Ultimate Assembler library.zip (525.6 kB)
Article files (with the library included)
multi_asm_lib_test.zip (116.81 kB)
Alright, so what’s the use of the Multiline Ultimate Assembler Library? In my case it was useful as backend for a ‘generic’ API hooking tool. The tool was used to hook various APIs to prevent CRC checks and then the idea was to hook an API (VirtualProtect for example) that was accessed just before the OEP of the protected file was reached.
In our case we will not deal with a real protector, but just with a simple file that mimics a protector. Our protected file must have VirtualProtect in the import table.
Read More…
Posted in
Reverse Engineering on September 26th, 2013.
10 Comments.
Multiline Ultimate Assembler v2.1 extends the syntax of RVA addresses:
-
Explicit base address.
e.g.: PUSH $(00400000).1000
-
Short syntax for block addresses.
e.g.: <$$1000>
-
Fix: Module names are no longer case-sensitive.
Read More…
Posted in
Software,
Updates on October 24th, 2012.
1 Comment.
Multiline Ultimate Assembler (previously known as MUltimate Assembler) v2.0 is out.
A new name
The plugin is called Multiline Ultimate Assembler now. I never liked the old name, MUltimate Assembler. It could easily be misread as Multi-Mate, while the intention is Multiline-Ultimate.
Note: if you update from an older version, change the section name in ollydbg.ini from “MUltimate Assembler” to “Multiline Ultimate Assembler” to keep the plugin’s optiosn.
An OllyDbg v2 port
The plugin was ported to OllyDbg v2.
Currently there’s one known issue: the data commands (DB, DW, DD, etc.) aren’t supported by the new OllyDbg’s assembler, so you cannot use them.
A help file
I’ve written a help file, which explains the assembler syntax, the editor interface, and the plugin’s options. It should make it easier to get started with the plugin.
Posted in
Software,
Updates on October 17th, 2012.
No Comments.
Meet MUltimate Assembler v1.7!
New in this version:
RVA (relative virtual) addresses
Read More…
Posted in
Software,
Updates on August 9th, 2012.
1 Comment.
MUltimate Assembler (the OllyDbg plugin) v1.6 is out.
A small release with basically one new option: You can choose how the plugin generates new labels.
Also, this release includes a version for Immunity Debugger.
Posted in
Software,
Updates on December 3rd, 2011.
2 Comments.
MUltimate Assembler (the OllyDbg plugin) v1.5 is out!
New in this release:
Anonymous labels
You can now use anonymous labels, which are defined as ‘@@’ and are referenced to as @b (or @r) for the preceding label and @f for the following label.
Example:
JMP SHORT @f
NOP ; skip it
@@:
JMP SHORT @b ; (or @r) an infinite loop
Saving to and loading from files
Read More…
Posted in
Software,
Updates on September 28th, 2011.
No Comments.
MUltimate Assembler (the OllyDbg plugin) v1.4 is available!
This version adds some useful features to the tab control.
Read More…
Posted in
Software,
Updates on May 22nd, 2011.
No Comments.
MUltimate Assembler (the OllyDbg plugin) is updated to version 1.3, with a new option of choosing how to disassemble hexadecimal numbers:
Also in this version:
– Fixed a crash when writing labels and comments.
– The asm files path can be set in the configuration file.
Posted in
Software,
Updates on January 27th, 2011.
No Comments.