View Single Post
  #1  
Old 12-25-2020, 05:42 AM
CodeRipper CodeRipper is offline
Member
 
Join Date: Mar 2009
Location: Romania
Posts: 24
Default Aspack OEP (simple)

Aspack OEP (simple)
an simple Olly script I've created:
// NtdllDefWindowProc_W is actually user32.DefWindowProcW

CMP [eip], 60 , 1
jne Finish_Nopushad
// pushad instruction at eip is there,
// so execute that instruction by sti
sti
mov temp,esp
bphws esp,"r"
run

Break:
bphwc temp
rtr
// Executes "Run to return" in OllyDbg, [Ctrl+F9] operation.
sto
// Execute F8 in OllyDbg. STep Over.
cmt eip, "This is the OEP! Found by script"
ret

Finish_Nopushad:
log "Error: NO pushad instruction"
Reply With Quote