Enigma 4.xx to 5.xx OEP Finder and API Patch
Hello guys its my first script have tryIt can find the oep of any version of enigma and fix api calls. But it's can't fix VM api. Just fix VM api and dump and fix. Have try .
https://forum.tuts4you.com/topic/38281-enigma-4xx-to-5xx-oep-finder-and-api-patch/
//Created by ramjane
//Its my first script
//Just fix VM api
bphwc
var sec
var ENIGMA
var GetProcAddress
var RET
var EP
mov EP,eip
gpa "GetProcAddress" , "Kernel32.dll"
mov GetProcAddress, $RESULT
alloc 1000
mov sec,$RESULT
mov ,#606A006A00E8837AAA906190#
eval "call {GetProcAddress}"
asm sec+05, $RESULT
mov eip,sec
bp eip+0B
bp GetProcAddress
run
bc eip
rtr
mov RET, eip
run
bc
mov eip,EP
bphws RET
esto
free sec
mov ENIGMA, esi
bphwc
var OEPBP
var VABP
var APICALL
gpa "VirtualAlloc", "kernel32.dll"
mov VABP, $RESULT
bp VABP
run
bc
rtr
sti
find ENIGMA, #FF0081C2E0#
mov OEPBP,$RESULT
bphws OEPBP, "x"
find ENIGMA,#3D00F00000#
mov APICALL,$RESULT
eval "inc eax"
asm APICALL-15, $RESULT
eval "nop"
asm APICALL-14,$RESULT
run
bphwc
bphws ecx
run
sti
cmt eip, "OEP"
bphwc
msg "OEP found just fix VM OEP"
ret
前排。文化人
感谢楼主分享,非常感谢~~ 感谢楼主分享,吾愛有你更多彩 最近遇到这个壳学习谢谢 771764704 发表于 2016-5-6 15:14
前排。文化人
感谢楼主分享,非常感谢~~ 收藏备用谢谢大师
页:
[1]
2