#1
|
|||
|
|||
nice olly plugin
thanks to ShaG
ollyscript is a nice plugin eventhough still at the start. in this example(aimpr) I will show you how you can find the last exception in asprotect, I am not that familiar with it yet, but it is very easy to understand.(please use the latest version: .3) Last edited by britedream; 01-20-2004 at 19:13. |
#2
|
|||
|
|||
I didn't take into acount the programs with int 3 but you can easly correct that,
just add after eoe lab3: eob lab3 , and delete the code before ret;(ubp eip) the above attachment is now corrected for int 3 Last edited by britedream; 01-20-2004 at 18:45. |
#3
|
|||
|
|||
Very, very nice.
|
#4
|
|||
|
|||
@britedream
Thanks I tested your script on a couple of targets and it works great. R@dier |
#5
|
|||
|
|||
my pleasure!
|
#6
|
|||
|
|||
Terrific script britedream!
Nice to see that my plugin is indeed being used for something!! =) If anyone has any improvement suggestions please feel free to post them to OllyDbg users forum (hxxp://ollydbg.win32asmcommunity.net ) or msg me on EFnet (nick: SHaG). |
#7
|
||||
|
||||
Nice plugin
__________________
k3dT |
#8
|
|||
|
|||
for those of us who need to set the breakpoint in the right place, and for simplicity
I didn't check for the signature of the retn I assumed it to be in the same place which makes it less perfect, but it works. for those can add under" lab4:" the following code: lab4: eob lab5 mov k,eip add k,3d ubp k esto lab5: ret I hope someone will give a feed back on this. regards. [note] from the above breakpoint you can set memory breakpoint on the code section to find the oep, and also trace for your stolen .. etc, so it is very important breakpoint. Last edited by britedream; 01-22-2004 at 15:18. |
#9
|
|||
|
|||
Nice work
Tested your modified script on severall asprotected programs and it works Great
|
#10
|
|||
|
|||
To lownoise
I am truely grateful for your respond. Thanks. |
#11
|
|||
|
|||
Hardware Breakpoint
Hopefully in the next version of the plugin there's support for hardware breakpoints
|
#12
|
|||
|
|||
I agree!
Also stack breakpoint is very important it will save alot of trace and avoid some loops plus other things. ollyscript should follow at least the bps in olly. Last edited by britedream; 01-22-2004 at 20:00. |
#13
|
|||
|
|||
the good thing about script is that you see how things are done and you learn each time you see one, it is a live tutorial.
|
#14
|
|||
|
|||
Quote:
Special thanks goes to you britedream for the work you're doing to make a live without asprotect easily |
#15
|
|||
|
|||
Thank you Lowoise for the gentle consideration, wishing you the success in anything you do.
Regards britedream |
Thread Tools | |
Display Modes | |
|
|