Hi psyCKO,

i'm facing an error using the different ollyscript plugin versions again.

This is script, for unpacking ASPack 2.000:


var oki

findop eip, #6175#
mov oki, $RESULT
bp oki
run
sto
sto
sto
sto

msg "OEP Reached!"


Ollyscript v0.7 leads me to OEP, as it should. Latest v0.85 gives error message: "Unable to read memory of debugged process. Breakpoint at 00000000 is deleted."

This is caused due to the fact that the findop command cannot search for more than 1 byte! if i'd replace 'findop eip, #6175#' with 'findop eip, #61#' the script works fine!

/Scarabee

If the 6175 you are looking for is something like

00401034 61 POPAD
00401035 75 6A JNZ SHORT xxx.004010A1

then 61 and 75 are in different opcodes.
Therefore OSC correctly returns 0 in $RESULT.

To find bytes in different opcodes you should use FIND:
FIND eip, #6175#
which will give you the correct result, in this case 00401034.

You should also check for this kind of errors in the script, ie:
FIND eip, #6175#
CMP $RESULT, 0
JE nothing_found
bp $RESULT
....

nothing_found:
msg "Nothing found!"
ret

thanx a lot.

i was confused as it worked in v0.7 that way.
Learned something again today

Hi psyCKO,

I also have a question concerning this. In Ollyscript 0.81 i used
findop eip, #C3# and it worked fine.
However when i'm trying to use the same script in 0.85 I break on #EBC3#. Is there a possibility to search only for #C3#? It seems there's a difference between 0.85 and 0.81.

Thanks in advance.

Regards,

tonyxxy

Hey... That's a bug (or maybe an unwanted feature) that was fixed a couple of days ago. Please redownload the plugin. =)

Ok thats solved my problem :-)

Thanks psyCKO


tonyxxy