PECompact 2.xx_Find_OEP_n_IAT_Fix_REA
script này dựa trên tuts tìm Magic point PEcompact 2.x của phongvucba./*
Script written by Computer Angel 26/May/2009
base on phongvucba(REAOnline.net) fixing IAT method using magic JMP
Usage:
+ Run script at PECompact Entrypoint with debugger hide plugins
History:
+ 26/May/2009: Draft version
*/
BC
BPHWC
mov tmp,,1
cmp tmp,B8
jne error
mov saveaddr0,,4
find_OEP_jmp:
findmem #FFE0#,saveaddr0
cmp $RESULT,0
je error
mov jmp_EAX,$RESULT
find_alloc:
gpa "VirtualAlloc", "kernel32.dll"
bp $RESULT
esto
bc eip
rtr
mov save_alloc,eax
hook_GetModule:
gpa "GetModuleHandleA", "kernel32.dll"
bp $RESULT
bpgoto $RESULT, find_magic
esto
find_magic:
mov find_addr,,4
gmemi find_addr,MEMORYBASE
cmp $RESULT,save_alloc
jne find_next
findmem #FFE0558BEC83C4FC#,save_alloc
cmp $RESULT,0
je find_next
mov find_addr2,$RESULT
findmem #75??33C0#, find_addr2
cmp $RESULT,0
je find_next
mov magic_addr,$RESULT
mov ,EB,1
bc eip
jmp to_OEP
find_next:
bc eip
to_OEP:
bp jmp_EAX
esto
bc eip
sti
cmt eip,"OEP found by Computer Angel, REATeam"
ret
error:
msg "Error!"
ret
谢谢你今天正好用的上 我看看啦啦 学习学习~~~~ 好的东西呀 谢谢 PECompact手脱就行,脚本更方便一些,谢谢分享
页:
[1]