loveboom
March 11th, 2004, 04:41
1、
Unpack Script-->ExE stealth 2.74
/*
////////////////////////////////////////////
ExE Stealth 2.74 OEP Finder v0.1
Author:loveboom
Email :bmd2chen@tom.com
OS :Win2k ADV sp2、OllyDbg1.1B.OllyScript v0.61
Date :2004-3-9
Config:Uncheck"Memory access violation" and
"IsDebuggerPresent->Hide"
Other :If you have one or more question
email me please,Thank you!
/////////////////////////////////////////////
*/
var csize
var cbase
gmi eip,CODEBASE
mov cbase,$RESULT
gmi eip,CODESIZE
mov csize,$RESULT
run
lbl1:
esto
eob lbl2
bprm cbase,csize
esto
lbl2:
bpmc
cmt eip,"OEP!Please dump it :>"
msg "Script by loveboom[DFCG],Thank you for using my script!"
ret
2.
UnPack Script-->FSG v1.33
/*
////////////////////////////////////////////
FSG V1.33 OEP Finder v0.1
Author:loveboom
Email :bmd2chen@tom.com
OS :Win2k ADV sp2、OllyDbg1.1B.OllyScript v0.6
Date :2004-2-27
Config:N/A
Other :If you have one or more question
email me please,Thank you!
/////////////////////////////////////////////
*/
var baddr
var aeip
gpa "GetModuleHandleA","kernel32.dll"
bphws $RESULT,"x"
run
lbl1:
eob lbl2
bphwc $RESULT
rtu
lbl2:
eob lbl3
gpa "GetProcAddress","kernel32.dll" //GetProcAddress
bphws $RESULT,"x"
run
lbl3:
eob lbl4
bphwc $RESULT
rtu
lbl4:
eob lbl5
mov baddr,eip
sub baddr,B
bphws,baddr,"x"
run
lbl5:
sto
mov aeip,eip
sub aeip,6
cmp aeip,baddr
je lbl6
bphwc baddr
cmt eip,"OEP,please dump it :>"
msg "Script by loveboom[DFCG],Thank you for using my script!"
ret
lbl6:
run
jmp lbl5
3.
UnPack Script-->Krypton v0.5
/*
////////////////////////////////////////////
Krypton v0.5 OEP Finder v0.1(Default mode)
Author:loveboom
Email :bmd2chen@tom.com
OS :Win2k ADV sp2、OllyDbg1.1B.OllyScript v0.6
Date :2004-2-27
Config:Uncheck"Memory access violation"
Other :If you have one or more question
email me please,Thank you!
/////////////////////////////////////////////
*/
var cbase
var csize
gmi eip,CODEBASE
mov cbase,$RESULT
gmi eip,CODESIZE
mov bsize,$RESULT
eob lbl1
eoe lbl1
run
lbl1:
eob lbl2
esto
lbl2:
eoe lbl3
bprm cbase,csize
esto
lbl3:
bpmc
cmt eip,"OEP,please dump it"
msg "Script by loveboom[DFCG],Thank you for using my script!"
ret
Unpack Script-->ExE stealth 2.74
/*
////////////////////////////////////////////
ExE Stealth 2.74 OEP Finder v0.1
Author:loveboom
Email :bmd2chen@tom.com
OS :Win2k ADV sp2、OllyDbg1.1B.OllyScript v0.61
Date :2004-3-9
Config:Uncheck"Memory access violation" and
"IsDebuggerPresent->Hide"
Other :If you have one or more question
email me please,Thank you!
/////////////////////////////////////////////
*/
var csize
var cbase
gmi eip,CODEBASE
mov cbase,$RESULT
gmi eip,CODESIZE
mov csize,$RESULT
run
lbl1:
esto
eob lbl2
bprm cbase,csize
esto
lbl2:
bpmc
cmt eip,"OEP!Please dump it :>"
msg "Script by loveboom[DFCG],Thank you for using my script!"
ret
2.
UnPack Script-->FSG v1.33
/*
////////////////////////////////////////////
FSG V1.33 OEP Finder v0.1
Author:loveboom
Email :bmd2chen@tom.com
OS :Win2k ADV sp2、OllyDbg1.1B.OllyScript v0.6
Date :2004-2-27
Config:N/A
Other :If you have one or more question
email me please,Thank you!
/////////////////////////////////////////////
*/
var baddr
var aeip
gpa "GetModuleHandleA","kernel32.dll"
bphws $RESULT,"x"
run
lbl1:
eob lbl2
bphwc $RESULT
rtu
lbl2:
eob lbl3
gpa "GetProcAddress","kernel32.dll" //GetProcAddress
bphws $RESULT,"x"
run
lbl3:
eob lbl4
bphwc $RESULT
rtu
lbl4:
eob lbl5
mov baddr,eip
sub baddr,B
bphws,baddr,"x"
run
lbl5:
sto
mov aeip,eip
sub aeip,6
cmp aeip,baddr
je lbl6
bphwc baddr
cmt eip,"OEP,please dump it :>"
msg "Script by loveboom[DFCG],Thank you for using my script!"
ret
lbl6:
run
jmp lbl5
3.
UnPack Script-->Krypton v0.5
/*
////////////////////////////////////////////
Krypton v0.5 OEP Finder v0.1(Default mode)
Author:loveboom
Email :bmd2chen@tom.com
OS :Win2k ADV sp2、OllyDbg1.1B.OllyScript v0.6
Date :2004-2-27
Config:Uncheck"Memory access violation"
Other :If you have one or more question
email me please,Thank you!
/////////////////////////////////////////////
*/
var cbase
var csize
gmi eip,CODEBASE
mov cbase,$RESULT
gmi eip,CODESIZE
mov bsize,$RESULT
eob lbl1
eoe lbl1
run
lbl1:
eob lbl2
esto
lbl2:
eoe lbl3
bprm cbase,csize
esto
lbl3:
bpmc
cmt eip,"OEP,please dump it"
msg "Script by loveboom[DFCG],Thank you for using my script!"
ret