!EP Exe Pack (Software Compress) 1.2
//////////////////////////////////////////////////////////// !EP Exe Pack (Software Compress) 1.2
// Get Thunk Table Addresses, Keep Original Thunk Table,
// Calculate Thunk Table Size, Find OEP
// Written by Fungus
// Date: 2006-31-10
//////////////////////////////////////////////////////////
var addr1 // temp variable for thunk table origin
var addr2 // temp variable for think table end
var org // variable for thunk table origin
var end // variable for thunk table end
var size // variable for thunk table size
var oep // variable for OEP
var temp
eob getthunk
findop eip,#61#
bphws $RESULT,"x"
mov temp,$RESULT
run
getthunk: // get thunk table origin, end, and size
eob dothunk
bphwc temp
findop eip,#0305#
bphws $RESULT,"x"
mov temp,$RESULT
run
dothunk:
eob findoep
bphwc temp
sto
mov addr1,eax // get thunk table origin
mov org,eax
sto
sto
sto
sto
sto
sto
sto
sto
sto
mov addr2,ebx // get thunk table end
mov end,ebx
sub addr2,addr1 // calculate size
mov size,addr2
find eip,#8907#
fill $RESULT,2,90 // keep original thunk table
find eip,#61#
bphws $RESULT,"x"
mov temp,$RESULT
run
findoep: // find OEP
bphwc temp
sto
sto
sti
mov oep,eip
eval "OEP = {oep}"
msg $RESULT
eval "Start of Thunk Table = {org}"
msg $RESULT
eval "End of Thunk Table = {end}"
msg $RESULT
eval "Size of Thunk Table = {size}"
msg $RESULT
ret
/end
耐人寻味,经典中的经典
页:
[1]