Reverse Engineering Team Board

Reverse Engineering Team Board (http://www.reteam.org/board/index.php)
-   File Unpacking (http://www.reteam.org/board/forumdisplay.php?f=27)
-   -   Aspack OEP (simple) (http://www.reteam.org/board/showthread.php?t=7484)

CodeRipper 12-25-2020 05:42 AM

Aspack OEP (simple)
 
Aspack OEP (simple)
an simple Olly script I've created:
// NtdllDefWindowProc_W is actually user32.DefWindowProcW

CMP [eip], 60 , 1
jne Finish_Nopushad
// pushad instruction at eip is there,
// so execute that instruction by sti
sti
mov temp,esp
bphws esp,"r"
run

Break:
bphwc temp
rtr
// Executes "Run to return" in OllyDbg, [Ctrl+F9] operation.
sto
// Execute F8 in OllyDbg. STep Over.
cmt eip, "This is the OEP! Found by script"
ret

Finish_Nopushad:
log "Error: NO pushad instruction"


All times are GMT -4. The time now is 04:36 AM.

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.