为装yoda's Protector V1.0X OEP Find Script
手脱OD载入停在此处:0040F000 cscg->E8 03000000 call cscg-cra.0040F008 //F7
0040F005 EB 01 jmp short cscg-cra.0040F008
0040F007 90 nop
0040F008 90 nop //F8
0040F009 68 39B14000 push cscg-cra.0040B139 //F8
0040F00E C3 retn //F8 跳到:
0040B139 9C pushfd //F8hr esp 运行,跳到:
0040B13A 60 pushad
0040B13B E8 00000000 call cscg-cra.0040B140
0040B140 5D pop ebp
0040B3AB - E9 51ACFFFF jmp cscg-cra.00406001 //F8 跳到:
0040B3B0 8BB5 6BFEFFFF mov esi,dword ptr ss:
00406001 33C0 xor eax,eax //F8
00406003 64:8B20 mov esp,dword ptr fs:
00406006 64:8F00 pop dword ptr fs:
00406009 EB 02 jmp short cscg-cra.0040600D
0040600B 78 69 js short cscg-cra.00406076
0040600D 60 pushad //一直F8到这里,继续ESP定律,来到:
0040600E E8 00000000 call cscg-cra.00406013
004063B0 /75 08 jnz short cscg-cra.004063BA //F8
004063B2 |B8 01000000 mov eax,1
004063B7 |C2 0C00 retn 0C
004063BA \68 74104000 push cscg-cra.00401074 //F8
004063BF C3 retn //飞向OEP
00401074 68 501F4000 push cscg-cra.00401F50 ; OEP! Dump吧~~~
00401079 E8 EEFFFFFF call cscg-cra.0040106C ; jmp 到
脚本:
//============================================================
//FileName :yoda's Protector V1.0X OEP Find Script
//Environment :WinXP SP2 + PSPad
//Author :黑夜彩虹
//WebSite :http://bbs.eastrise.net
//============================================================
var addr
STI
sto
sto
sto
sto
mov addr,esp
bphws addr,"r"
run
BPHWC addr
sto
sto
sto
sto
sto
sto
mov addr,esp
bphws addr,"r"
run
BPHWC addr
sto
sto
sto
cmt eip, "This is the OEP! Found by 黑夜彩虹!"
MSG "Script by 黑夜彩虹,Thank you for using my Scripts!"
ret
BTW:最烦你这种为装的,一点技术含量都没有~~;P 呵呵,努力发贴中。。。。。。。。。。 唉,看不懂要是有师傅就好了.
页:
[1]