📄 sdprotect 1.12 oep finder.txt
字号:
/*
//////////////////////////////////////////////////
SDProtect 1.12 ????
Author: loveboom
Email : loveboom...163.com
OS : Winxp sp2,OllyDbg 1.1,OllyScript v0.92
Date : N/A
Config: ????????????????
Note : ????????????,?????????,??????????^_^
????1.12????;????????????????????,??????
????????????????
//////////////////////////////////////////////////
*/
var apigetver
var count
var apiaddr
var val
var addr
var oep
var packerbase
var epaddr
var crcaddr
var apisysinfo
var IMGBASE
start:
dbh
mov epaddr,eip
gpa "LoadLibraryA","kernel32.dll"
cmp $RESULT,0
JE lblend
MOV apigetver,$RESULT
BPRM apigetver,0F
eoe lblexcept
eob l1
esto
l1:
cob
bpmc
mov val,[esp] //?esp??
mov addr,val
/*
$+30 85F6 TEST ESI,ESI
$+32 8BD8 MOV EBX,EAX
*/
add addr,30
mov val,[addr] //????
cmp val,D88BF685
jne lblinver
bp addr
eoe lblexcept
run
l2:
bc addr
mov packerbase,eax //Packer base
mov addr,eax
add addr,18
mov oep,[addr]
l3:
bprm epaddr,FF
eob l4
eoe lblexcept
run
l4:
cob
bpmc
findop eip,#C3# //????
go $RESULT
mov addr,$RESULT
add addr,153 //8B4C24 04 MOV ECX,DWORD PTR SS:[ESP+4]
mov val,[addr]
cmp val,04244C8B
jne lblinver
mov crcaddr,addr //??CRC????
l5:
gpa "GetVersion","kernel32.dll"
mov apiaddr,$RESULT
findop apiaddr,#C3#
mov apiaddr,$RESULT
bp apiaddr
mov count,0
l6loop:
eoe lblexcept
eob l7
esto
l7:
cob
mov addr,[esp]
add addr,2
mov val,[addr]
cmp val,73800000 //????????win9x??,??Winnt???Anti-debug
jne l6loop
mov eax,80000000
cmp count,1
je l8
inc count
jmp l6loop
l8:
bc apiaddr
sto
rtr
sto
l9:
eob l10
eoe lblexcept
findop eip,#2DFA121DBC# // 2D FA121DBC SUB EAX,BC1D12FA
cmp $RESULT,0
JE lblinver
bp $RESULT
esto
l10:
cob
bc $RESULT
mov eax,BC1D12FA
l11:
eob l12
eoe lblexcept
gpa "GetSystemInfo","kernel32.dll"
mov apisysinfo,$RESULT
add apisysinfo,8
bp apisysinfo
esto
l12:
cob
bc apisysinfo
rtu
mov addr,esp
sub addr,4
mov addr,[addr] //????????CPU
add addr,14
mov [addr],0
cob
l13:
eob lblbperr
eoe l14
esto
l14:
coe
gpa "GetModuleHandleA","kernel32.dll"
mov apiaddr,$RESULT
findop apiaddr,#C20400# //??GetModuleHandleA????RET4
mov apiaddr,$RESULT
bp apiaddr
l15:
eob l16
eoe lblexcept
esto
l16:
cob
mov addr,esp
add addr,4
mov val,[addr] //mov val,[esp+4]
cmp val,0
jne l15
sto
l17:
bc apiaddr
mov IMGBASE,eax
mov [crcaddr],08244c8b //MOV ECX,DWORD PTR SS:[ESP+4]
mov addr,eip
add addr,12c
log addr
mov val,[addr]
log val
cmp val,282444c7 //$+121 > C74424 28 01>MOV DWORD PTR SS:[ESP+28],1
jne lblinver
add addr,4
mov [addr],0
findop addr,#C20400#
bp $RESULT
l18:
eob l19
eoe lblexcept
esto
l19:
cob
bc $RESULT
mov [addr],1 //????,??xxxx:-)
mov [crcaddr],04244C8B
ldone:
eval "Done!target OEP(RVA):{oep},now please dump target." //??????????,?????????
log $RESULT //????,??????:-)
cmt eip,$RESULT
msg "Script by loveboom[DFCG],[FCG][CUG],Thank you for using my Scripts!"
lblend:
ret
lblexcept:
msg "????,?????????,??????SDProtect 1.12???"
ret
lblinver:
msg "??????SDPROTECT 1.12???."
ret
lblbperr:
eval "???????:{eip}"
msg $RESULT
ret⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -