Enigma Protector V1.55 - V2.05 OEP Finder + IAT Repair By Ronar22
///////////////////////////////////////////////////////////////////////// Enigma Protector V1.55 - V2.05 OEP Finder + IAT Repair By Ronar22 /
/////////////////////////////////////////////////////////////////////
Var X
Var Y
GPA "VirtualAlloc", "Kernel32.dll"
BP $RESULT
RUN
RUN
FINDMEM #8D047F8B55FC8B4DF0894C820447FF4DD0#
BPHWS $RESULT,"x"
Bp $RESULT
Mov X,$RESULT
FINDMEM #89431083C31C4E75B7#
Cmp $RESULT,0
Je Old
ASM $RESULT,"MOV DWORD PTR DS:,EAX"
Jmp Os
Old:
FINDMEM #894C820483C304668B3B83C3026685FF#
FILL $RESULT,4,90
Os:
GPA "VirtualAlloc", "Kernel32.dll"
BC $RESULT
RUN
ADD eip,17
FINDMEM #????000000000000000000008C000000250000000000000000200000000000008D0000002A0000000000000000202000FCFFFFFF0000000000000000000000000000000000000000??00000000000000000000008C0000002500000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000#
Cmp $RESULT,0
Je NoVm
BPHWS $RESULT,"r"
Run
Call Check
Done:
FINDMEM #E904000000????????E904000000????????FFE0E904000000#
Bp $RESULT+12
BPHWC
Run
STO
RET
NoVm:
FINDMEM #8BC6E8????????8B45FCFFE0#
Mov Y,$RESULT+A
BPHWS $RESULT+A
GPA "VirtualQuery", "Kernel32.dll"
BP $RESULT+2
Run
Nex:
Call Check
Run
Cmp eip,Y
Jne Nex
Jmp Done
Check:
Cmp eip,X
Je As
Ret
As:
Add eip,17
Run
Ret 测试下脚本 问个傻瓜问题脚本怎么用 ?也就是放在哪个目录下啊?还有有的脚本是TXT格式记事本,那怎么用啊 回复 1# Hmily
这个真是个好东西啊 这个真是个好东西啊:victory: 好东西 看看好不好用 -.- 到2.05了哦 好东西 看看好不好用 非常有用,收下了 非常有用的谢谢分享、、、、、、
页:
[1]
2