View Single Post
  #1  
Old 12-25-2020, 17:41
CodeCracker CodeCracker is offline
Family
 
Join Date: Jun 2011
Posts: 303
Rept. Given: 18
Rept. Rcvd 248 Times in 71 Posts
Thanks Given: 12
Thanks Rcvd at 1,030 Times in 227 Posts
CodeCracker Reputation: 200-299 CodeCracker Reputation: 200-299 CodeCracker Reputation: 200-299
Aspack OEP (simple)

Aspack OEP (simple)
an simple Olly script I've created:
// NtdllDefWindowProc_W is actually user32.DefWindowProcW

CMP [eip], 60 , 1
jne Finish_Nopushad
// pushad instruction at eip is there,
// so execute that instruction by sti
sti
mov temp,esp
bphws esp,"r"
run

Break:
bphwc temp
rtr
// Executes "Run to return" in OllyDbg, [Ctrl+F9] operation.
sto
// Execute F8 in OllyDbg. STep Over.
cmt eip, "This is the OEP! Found by script"
ret

Finish_Nopushad:
log "Error: NO pushad instruction"
Attached Files
File Type: txt AspackOEP.txt (459 Bytes, 10 views)
Reply With Quote
The Following User Gave Reputation+1 to CodeCracker For This Useful Post:
user1 (12-25-2020)
The Following 4 Users Say Thank You to CodeCracker For This Useful Post:
niculaita (12-25-2020), p4r4d0x (12-26-2020), user1 (12-25-2020), Youtoo (02-01-2021)