Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #46  
Old 02-08-2004, 16:55
britedream britedream is offline
Friend
 
Join Date: Jun 2002
Posts: 436
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 7 Times in 7 Posts
britedream Reputation: 0
Hi ShaG,

using GMI eip,CODEBASE
freezes olly and produces an error in ollyscript.dll at
44dc8de with error code C0000005.

Please note this is caused by asprotect protected target, it runs ok on non protected targets.

Regards.

Last edited by britedream; 02-08-2004 at 17:41.
Reply With Quote
  #47  
Old 02-08-2004, 19:55
SHaG SHaG is offline
Friend
 
Join Date: Jan 2004
Posts: 51
Rept. Given: 1
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
SHaG Reputation: 0
Not good... maybe you can pm me the url so I can have a look?
Sounds like an serious error, so maybe v0.51 will come soon...

Tried GPA yet? I think this approach is more flexible then just API breakpoints...
Reply With Quote
  #48  
Old 02-09-2004, 19:43
SHaG SHaG is offline
Friend
 
Join Date: Jan 2004
Posts: 51
Rept. Given: 1
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
SHaG Reputation: 0
My errorhandling sucked... v0.51 uploaded, with bugfixes and better errorhandling...Still the GMI problem remains in brites case.. Will look into it more... If someone else has similar problems plz msg me.

GMI now returns 0 in $RESULT if no data is found.
Reply With Quote
  #49  
Old 02-09-2004, 19:56
britedream britedream is offline
Friend
 
Join Date: Jun 2002
Posts: 436
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 7 Times in 7 Posts
britedream Reputation: 0
Thumbs up

thanks Shag for the msg. , and your intuition for my intention is on the target
Reply With Quote
  #50  
Old 02-10-2004, 18:26
SHaG SHaG is offline
Friend
 
Join Date: Jan 2004
Posts: 51
Rept. Given: 1
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
SHaG Reputation: 0
Umm... Another bugfix done. =/

v0.52 available.
Reply With Quote
  #51  
Old 02-10-2004, 19:35
Nilrem
 
Posts: n/a
Shag, would it be possible for you to post these scripts written for certain protections be put on your website? I suggest this because eventually it's going to get too complicated to follow in this thread.

<edit>
I also heavily suggest starting a mailing list to inform devout followers of your plugin, e.g. improvements, updates etc.
Reply With Quote
  #52  
Old 02-10-2004, 22:28
FEUERRADER FEUERRADER is offline
Friend
 
Join Date: Aug 2003
Location: Russian Federation
Posts: 52
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
FEUERRADER Reputation: 0
pec oep finder

Guys, today I wrote oep finder for PECompact 1.84.
I think, it's unstable, but plz try it.
Attached Files
File Type: txt pecompact 1.84.txt (318 Bytes, 76 views)
Reply With Quote
  #53  
Old 02-10-2004, 23:14
FEUERRADER FEUERRADER is offline
Friend
 
Join Date: Aug 2003
Location: Russian Federation
Posts: 52
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
FEUERRADER Reputation: 0
UPX 1.xx and UPX Protector 1.0 OEP Finder v0.1

This script based on SHaG for UPX oep finding.
Now this script support oep finding in UPX 1.xx and UPX Protector 1.0 -> Blind Angel.
Attached Files
File Type: txt upx+upxprot.txt (293 Bytes, 78 views)
Reply With Quote
  #54  
Old 02-11-2004, 17:37
britedream britedream is offline
Friend
 
Join Date: Jun 2002
Posts: 436
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 7 Times in 7 Posts
britedream Reputation: 0
here is a script that will find asprotect oep
that has stolen bytes, it willn't work on old asprotect with loops,or the expired targets. (You will enjoy the scenery of asprotect deleting the stolen bytes).

note: I used shr x, 74 because shr x,14
didn't work first time, now it did work, and I uploaded the ajusted attachment.

Note2:there is log y code I used it to test and I forgot to remove, you can delete this code if you want to.

britedream.
Attached Files
File Type: txt asprsoep.txt (748 Bytes, 93 views)

Last edited by britedream; 02-12-2004 at 13:20.
Reply With Quote
  #55  
Old 02-11-2004, 19:32
FEUERRADER FEUERRADER is offline
Friend
 
Join Date: Aug 2003
Location: Russian Federation
Posts: 52
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
FEUERRADER Reputation: 0
FSG 1.33 OEP Finder v0.1 !maybe unstable!

OEP finder for FSG 1.33. It work very quickly.
try it.
Attached Files
File Type: txt fsg 1.33.txt (210 Bytes, 71 views)
Reply With Quote
  #56  
Old 02-11-2004, 20:15
SHaG SHaG is offline
Friend
 
Join Date: Jan 2004
Posts: 51
Rept. Given: 1
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
SHaG Reputation: 0
A maillist is now available. Check hxxp://ollyscript.apsvans.com .

What is the general opinion, should I publish scripts on the site? Dunno if that can mean legal trouble? And do you script authors want your scripts published?

BTW, I recommend marking OEP by using this command:
cmt "OEP"

This way its easier to see then going to the log.

[Edit by JMI: I've asked you before to please stop making your link clickable. We need to stop the newbies from making clickable links to software vendors.]

Last edited by SHaG; 02-11-2004 at 20:39.
Reply With Quote
  #57  
Old 02-12-2004, 01:00
britedream britedream is offline
Friend
 
Join Date: Jun 2002
Posts: 436
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 7 Times in 7 Posts
britedream Reputation: 0
To ShaG
it will be nice if you can include in the next release jl and jg. Thanks.
Reply With Quote
  #58  
Old 02-12-2004, 04:10
SHaG SHaG is offline
Friend
 
Join Date: Jan 2004
Posts: 51
Rept. Given: 1
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
SHaG Reputation: 0
britedream : Consider it done =)

BTW, do you want your scripts to be published on OllyScript site?

JM1 : Sorry, will not happen again.

Last edited by SHaG; 02-12-2004 at 04:13.
Reply With Quote
  #59  
Old 02-12-2004, 04:59
JMI JMI is offline
Leader
 
Join Date: Jan 2002
Posts: 1,627
Rept. Given: 5
Rept. Rcvd 199 Times in 99 Posts
Thanks Given: 0
Thanks Rcvd at 96 Times in 94 Posts
JMI Reputation: 100-199 JMI Reputation: 100-199
That's all anyone is asking.

Yours is a very useful site and "should" have clickable links, except for the problem with the newbies going crazy and "linking" this site to software vendors while they are discussing cracks or warez copies of that vendors software.

Regards,
__________________
JMI
Reply With Quote
  #60  
Old 02-12-2004, 10:52
britedream britedream is offline
Friend
 
Join Date: Jun 2002
Posts: 436
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 7 Times in 7 Posts
britedream Reputation: 0
Thanks for the positive response.

For my scripts , it is all yours.
regards.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 09:49.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )