/*
//////////////////////////////////////////////////
PESpin v0.3 Stolen Code Finder v0.1
( for 'Remove OEP' mode)
Author: loveboom
Email : bmd2chen@tom.com
OS : Win2kADV sp2,OllyDbg 1.1b,OllyScript v0.62
Date : 2004-3-28
Config: Ignore other exceptions except 'Invalid or privileged instruction'
Note : If you have one or more question, email me please,thank you!
//////////////////////////////////////////////////
*/
var bpaddr //Break point address

start: //script start
run

lbl1:
esto
esto
gpa "LoadLibraryA","kernel32.dll" //GetProcAddress
mov bpaddr,$RESULT
bp bpaddr
eob lbl2
esto

lbl2:
bc bpaddr
eob lbl3
rtu

lbl3:
mov bpaddr,esp
add bpaddr,4
bphws bpaddr,"r"
eob lbl4
run

lbl4:
bphwc bpaddr

end:
cmt eip,"Stolen Code found,here start Stolen program's OEP Code.please patch OEP code and then dumped it!"
msg "Script by loveboom[DFCG],Thank you for using my Script!"
ret

but how to fix import table?

that too easy!pespin Stolen a few code before call a API
like this:
push ebp
mov ebp,esp
xxx
jmp xxxx
jmp addr(kernel32,system dll)

new version coming soon

where can i download it ?

I will put it on a friend websit:
www.crackmes.prv.pl ("http://www.crackmes.prv.pl") in tools section
soon, just must test it.

hoho,error message:"This page cann't display",because i am from china
can you email me? thank you!

loveboom
I wrote u on e-mail about script for PESpin.
Your script for PESpin 0.3 doesn't work!
Target terminates with error code 80.
I ignore other exceptions except 'Invalid or privileged instruction' but it has no effect.
What are you say?

FEUERRADER
unpack your program no problem
on my computer

test1 :win2kadv sp2+OD1.1b/OD1.1B(DIY)+OS0.62
test2:VmWare+winxp+od1.1b/od1.1b(Diy)+os0.62