pespin 1.1 - 1.3 find encrypted markers.txt

来自「700个脱壳脚本, 可以放在在OD的ollyscript Plugin中.」· 文本 代码 · 共 50 行

TXT
50
字号 
/*
==================================================================
    PESpin marker founder script for SHaG's OllyScrip plugin
==================================================================

   This script will search for posible decrypt/encrypt
   markers in the unpacked target and it will place
   breakpoint on them. After that you have to manually
   fix code by copy-pasting it. Check results in bp
   window. Note: You need to edit search cryteria for
   every target manually! Read tutorial.

   haggar
==================================================================
*/

var x
var y
gmi eip,CODEBASE
mov x,$RESULT
mov y,x


//Searching for CLEAR_START and CLEAR_END markers:

ClearMarker:
find x,#9C60B9????????BF????????81E9????????B8????????05????????FF0D????????0011619D#
cmp $RESULT,0
je CryptMarker
bp $RESULT
mov x,$RESULT
add x,1
jmp ClearMarker


//Searching for CRYPT_START and CRYPT_END markers:

CryptMarker:
find y,#FF15????4100# //You need to edit this find cryteria!!!
cmp $RESULT,0
je done
bp $RESULT
mov y,$RESULT
add y,1
jmp CryptMarker


done:
ret

pespin 1.1 - 1.3 find encrypted markers.txt - 源码说明

本页面展示了「700个脱壳脚本, 可以放在在OD的ollyscript Plugin中.」中的 pespin 1.1 - 1.3 find encrypted markers.txt 源码文件,采用 文本 编程语言编写,共 50 行代码。您可以在线阅读完整代码内容,也可以返回资源详情页下载完整源码包进行本地学习和开发。

虫虫下载站收录了大量与ollyscript相关的技术资源,包括源代码、技术文档、电路图等,是电子工程师和嵌入式开发者的专业学习平台。

⌨️ 快捷键说明

复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?