loveboom
March 21st, 2004, 03:54
Unpacking Script-->ExECryptor1.53
/*
//////////////////////////////////////////////////
EXECryptor1.53 OEP Finder v0.1 for 2k/xp
Author: loveboom
Email : bmd2chen@tom.com
OS : Win2kADV sp2,OllyDbg 1.1b,OllyScript v0.62
Date : 2004-3-14
Config: Check All Exception!
Note :Especially Tank tDasm.If you have one or more question
email me please,thank you!
//////////////////////////////////////////////////
*/
var addr
run
mov [eip],#CC039090#
bphws 0012FF84,"r"
gpa "VirtualProtect","kernel32.dll"
mov addr,$RESULT
add addr,1
bphws addr,"x"
esto
eob lbl1
rtu
lbl1:
bphwc addr
mov addr,eip
add addr,7A
bphws addr,"x"
eob lbl2
run
lbl2:
bphwc addr
sti
sti
sti
sti
sti
mov addr,edx
log edx
log addr
bphws addr,"x"
eob lbl3
run
lbl3:
bphwc addr
bphwc 0012FF84
cmt eip,"OEP Found!please dumped it!"
msg "Script by loveboom[DFCG],Thank you for using my Script!"
ret
/*
//////////////////////////////////////////////////
EXECryptor1.53 OEP Finder v0.1 for 2k/xp
Author: loveboom
Email : bmd2chen@tom.com
OS : Win2kADV sp2,OllyDbg 1.1b,OllyScript v0.62
Date : 2004-3-14
Config: Check All Exception!
Note :Especially Tank tDasm.If you have one or more question
email me please,thank you!
//////////////////////////////////////////////////
*/
var addr
run
mov [eip],#CC039090#
bphws 0012FF84,"r"
gpa "VirtualProtect","kernel32.dll"
mov addr,$RESULT
add addr,1
bphws addr,"x"
esto
eob lbl1
rtu
lbl1:
bphwc addr
mov addr,eip
add addr,7A
bphws addr,"x"
eob lbl2
run
lbl2:
bphwc addr
sti
sti
sti
sti
sti
mov addr,edx
log edx
log addr
bphws addr,"x"
eob lbl3
run
lbl3:
bphwc addr
bphwc 0012FF84
cmt eip,"OEP Found!please dumped it!"
msg "Script by loveboom[DFCG],Thank you for using my Script!"
ret