📄 fsg 2.00 oep finder #3.txt
字号:
//Anyone has studied the unpacking algo?
//so as for me I did it the following way:
//look for 95 8B 07 40 78 bytes
//-------
//XCHG EAX,EBP
//MOV EAX,DWORD PTR DS:[EDI]
//INC EAX
//-------
//look down 8 bytes for
//JMP DWORD PTR DS:[EBX+C]
//set bp after break step into oep
//tested on many executables - works fine.
//here is amy script for ollydbg
// FSG 2.0 OEP Finder
// by cooper @ http://www.woodmann.net
var x
findop eip, #958B0740#
mov x, $RESULT
add x,8
bp x
run
sto
bc x
cmt eip, "This is the entry point"
ret
also add to userdb.txt of peid if you use it:
[FSG v2.0->bart/xt]
signature = 87 25 ?? ?? ?? 00 61 94 55 A4 B6 80 FF 13
ep_only=true⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -