Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #61  
Old 02-12-2004, 10:53
FEUERRADER FEUERRADER is offline
Friend
 
Join Date: Aug 2003
Location: Russian Federation
Posts: 52
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
FEUERRADER Reputation: 0
SHaG
You can publish on your website my scripts (if u want).
p.s. check your e-mail.
Reply With Quote
  #62  
Old 02-12-2004, 20:28
FEUERRADER FEUERRADER is offline
Friend
 
Join Date: Aug 2003
Location: Russian Federation
Posts: 52
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
FEUERRADER Reputation: 0
My scripts

Look attachment. There my:

Updated scripts:
- FSG 1.33 OEP Finder v0.1 !maybe unstable!
- PECompact 1.84 OEP Finder v0.1 !unstable edition!
- UPX 1.xx and UPX Protector 1.0 OEP Finder v0.1

New scripts:
- PeX 0.99 OEP Finder
IMPORTANT NOTE: before using this script, CHECK following option - Menu -> Options -> Debugging options -> Exceptions -> INT3 breaks. Script willnot work if u do not do that!
- PE Diminisher 0.1 OEP Finder
Attached Files
File Type: zip myscripts.zip (1.6 KB, 102 views)
Reply With Quote
  #63  
Old 02-14-2004, 22:54
britedream britedream is offline
Friend
 
Join Date: Jun 2002
Posts: 436
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 7 Times in 7 Posts
britedream Reputation: 0
this script finds Svkp Oep:
Attached Files
File Type: txt svkpoep.txt (608 Bytes, 103 views)

Last edited by britedream; 02-15-2004 at 01:13.
Reply With Quote
  #64  
Old 02-24-2004, 19:58
FEUERRADER FEUERRADER is offline
Friend
 
Join Date: Aug 2003
Location: Russian Federation
Posts: 52
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
FEUERRADER Reputation: 0
OEP Finder for EXEStealth 2.7
Attached Files
File Type: txt exestealth 2.7.txt (458 Bytes, 72 views)
Reply With Quote
  #65  
Old 02-24-2004, 20:20
R@dier
 
Posts: n/a
OEP Finder for petite2.2
Attached Files
File Type: txt petite 2.2.txt (434 Bytes, 64 views)
Reply With Quote
  #66  
Old 02-25-2004, 04:19
britedream britedream is offline
Friend
 
Join Date: Jun 2002
Posts: 436
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 7 Times in 7 Posts
britedream Reputation: 0
this script find oep for protection plus, it is only tested on one target. (I couldn't find more targets to test). (windows xp).
Attached Files
File Type: txt protection_plus_oep.txt (351 Bytes, 70 views)

Last edited by britedream; 02-25-2004 at 12:55.
Reply With Quote
  #67  
Old 02-25-2004, 13:06
FEUERRADER FEUERRADER is offline
Friend
 
Join Date: Aug 2003
Location: Russian Federation
Posts: 52
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
FEUERRADER Reputation: 0
Y0da Crypter 1.2 OEP Finder!
yeah...it's really works!

SHaG, put my scripts on your page.
Attached Files
File Type: txt y0da crypter 1.2.txt (507 Bytes, 64 views)
Reply With Quote
  #68  
Old 02-25-2004, 16:40
SHaG SHaG is offline
Friend
 
Join Date: Jan 2004
Posts: 51
Rept. Given: 1
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
SHaG Reputation: 0
Scripts added to site. Great work guys!

I suppose you know that OS v0.6 is out?
Reply With Quote
  #69  
Old 02-25-2004, 21:03
R@dier
 
Posts: n/a
OEP Finder for PKLITE32 1.1
Attached Files
File Type: txt pklite32 1.1.txt (218 Bytes, 66 views)
Reply With Quote
  #70  
Old 03-03-2004, 17:06
SHaG SHaG is offline
Friend
 
Join Date: Jan 2004
Posts: 51
Rept. Given: 1
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
SHaG Reputation: 0
Heh, just wanted to post this one here... It really makes use of all the capabilities of OllyScript. Requires OllyScript v0.6.
Attached Files
File Type: txt obsidium_1_0061.txt (1.7 KB, 66 views)
Reply With Quote
  #71  
Old 03-03-2004, 19:26
R@dier
 
Posts: n/a
Awesome script,



Many thanks

R@dier
Reply With Quote
  #72  
Old 03-05-2004, 00:15
SHaG SHaG is offline
Friend
 
Join Date: Jan 2004
Posts: 51
Rept. Given: 1
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
SHaG Reputation: 0
OllyScript v0.62 posted.

* Breakpoint bug fixed (again).
* EFLAGS can be changed.
Reply With Quote
  #73  
Old 03-28-2004, 04:50
Harding
 
Posts: n/a
Didn't really know where to post this, but here seems to be the best place.
I have written a PEShield v0.25 OEP finder.
Enjoy!


EDIT: The upload didn't seems to work? I'll post the whole script then:
---------COPY FROM HERE-----------------------------
/*
This script finds OEP for programs packed with PEShield v0.25 (I havn't tested for other versions)
IMPORTANT!
You have to hide OllyDbg from IsDebuggerPresent manually BEFORE you run this script (There is plugins that do that.)
You have to let OllyDbg handle all exceptions (options --> Debugging Options --> Exceptions --> Uncheck all except KERNEL32)
When the script is finished, dump and rebuild IAT for unpacked program.

If you find any bugs in my script, please let me know. You can reach me on Efnet (IRC) with nickname Harding

Have fun!
*/

msg "Have you read the IMPORTANT part in peshield.osc? If not, do so BEFORE you run peshield.osc. -Harding"

//Variables
var codeSize
var codeBase
var codeBaseAddCodeSize
var tempEIP
var i

//Execute on breakpoint (and exception)
eob breakHandler
eoe breakHandler

//Gets information about a module to which the specified address belongs.
//"info" can be MODULEBASE, MODULESIZE, CODEBASE or CODESIZE (if you want other info in the future versions plz tell me).
//Sets the reserved $RESULT variable (0 if data not found).
GMI eip, CODEBASE
mov codeBase, $RESULT

//Gets information about a module to which the specified address belongs.
//"info" can be MODULEBASE, MODULESIZE, CODEBASE or CODESIZE (if you want other info in the future versions plz tell me).
//Sets the reserved $RESULT variable (0 if data not found).
GMI eip, CODESIZE
mov codeSize, $RESULT

//Fix codeBaseAddCodeSize
mov codeBaseAddCodeSize, codeBase
add codeBaseAddCodeSize, codeSize

//Shift F9
esto

first:
//Shift F9
esto

second:
//Set memory breakpoint on write. Size is size of memory in bytes.
bpwm codeBase, codeSize
//Shift F9
esto

third:
//Shift F9
esto

fourth:
//Clear memory breakpoint.
bpmc
//Save current EIP
mov tempEIP,eip
//Set breakpoint on address addr with condition cond.
bpcnd eip,"ECX==1"
//Shift F9
esto

fifth:
//Clear unconditional breakpoint at addr. (And conditional)
bc tempEIP
//Set memory breakpoint on read. Size is size of memory in bytes.
bprm codeBase, codeSize

lastBreakHandler:
//Are we in CODE section? If yes, then we're at OEP, if not then Shift F9
cmp eip,codeBaseAddCodeSize
jb finish
esto

breakHandler:
add i,1
cmp i,1
je first

cmp i,2
je second

cmp i,3
je third

cmp i,4
je fourth

cmp i,5
je fifth

jmp lastBreakHandler

finish:
//Clear memory breakpoint.
bpmc

//Exit script
ret

//Written by Harding
---------STOP COPY HERE-----------------------------

Last edited by Harding; 03-28-2004 at 04:53.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 18:13.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )