📄 armadillo checkflags v2.txt
字号:
var textvar NanoDWvar RegECXvar RegEDXvar RegEBXvar RegESPvar RegEBPvar RegESIvar RegEDIvar HBPEipvar HBPEip2var ActEipvar EipBytesvar VAContvar VACont2var VANanTypTabvar VAFlagsTabvar NanoCountvar LogBPvar LogBP2var LogBP3var LogBP4dbhmov NanoDW, 0eoe LABELeob BABELrunBABEL:cobbphwc eipmov RegECX, ecxmov RegEDX, edxmov RegEBX, ebxmov RegESP, espmov RegEBP, ebpmov RegESI, esimov RegEDI, edimsgyn "Nanotypes DWORD = SI || Nanotypes BYTE = NO"cmp $RESULT, 0je NanB00mov NanoDW, 1mov HBPEip, eipsub HBPEip, 0E7fill HBPEip, 0E7, 90sub eip, 0E4mov HBPEip2, eipjmp NanDW00NanB00:mov HBPEip, eipsub HBPEip, 0E1fill HBPEip, 0E1, 90sub eip, 0DEmov HBPEip2, eipNanDW00:asm eip, "push 0"add eip, $RESULTasm eip, "push 80"add eip, $RESULTasm eip, "push 3"add eip, $RESULTasm eip, "push 0"add eip, $RESULTasm eip, "push 0"add eip, $RESULTasm eip, "push 80000000"add eip, $RESULTask "VA base?"cmp $RESULT, 0je NoVAmov text, $RESULTsub eip, 80mov ActEip, eipmov EipBytes, [eip]add eip, 80execpushadpushfdpush {ActEip}push 40push 20000push {text}call VirtualProtectpopfdpopadendemov [ActEip], EipBytesmov VACont, textmov VANanTypTab, VAContadd VANanTypTab, 20log VANanTypTabmov [VANanTypTab], "C:\Documents and Settings\tenketsu\Escritorio\nano_tpor.hex"eval "push {VANanTypTab}"asm eip, $RESULTadd eip, $RESULTasm eip, "call CreateFileA"add eip, $RESULTmov text, VANanTypTabadd text, 300eval "mov [{text}], eax"asm eip, $RESULTadd eip, $RESULTadd text, 0Aeval "push {text}"asm eip, $RESULTadd eip, $RESULTasm eip, "push eax"add eip, $RESULTasm eip, "call GetFileSize"add eip, $RESULTeval "mov [{VACont}], eax"asm eip, $RESULTadd eip, $RESULTasm eip, "push 0"add eip, $RESULTasm eip, "push 0"add eip, $RESULTasm eip, "push 0"add eip, $RESULTasm eip, "push 2"add eip, $RESULTasm eip, "push 0"add eip, $RESULTsub text, 0Aeval "push [{text}]"asm eip, $RESULTadd eip, $RESULTasm eip, "call CreateFileMappingA"add eip, $RESULTasm eip, "push 0"add eip, $RESULTasm eip, "push 0"add eip, $RESULTasm eip, "push 0"add eip, $RESULTasm eip, "push 4"add eip, $RESULTasm eip, "push eax"add eip, $RESULTasm eip, "call MapViewOfFile"add eip, $RESULTeval "push [{VACont}]"asm eip, $RESULTadd eip, $RESULTasm eip, "push eax"add eip, $RESULTeval "push {VANanTypTab}"asm eip, $RESULTadd eip, $RESULTasm eip, "call RtlMoveMemory"add eip, $RESULTcmp NanoDW, 0je NanB01eval "shr dword [{VACont}], 2"asm eip, $RESULTadd eip, $RESULTNanB01:asm eip, "nop"add eip, $RESULTmov HBPEip, eipadd VACont, 10mov VACont2, VAContadd VACont2, 4eval "mov ecx, [{VACont}]"asm eip, $RESULTadd eip, $RESULTcmp NanoDW, 1je NanDW01asm eip, "xor eax, eax"add eip, $RESULTNanDW01:mov eax, VAContadd eax, 10mov VANanTypTab, eaxcmp NanoDW, 0je NanB02eval "mov eax, [ecx*4+{VANanTypTab}]"jmp NanDW02NanB02:eval "mov al, byte [ecx+{VANanTypTab}]"NanDW02:asm eip, $RESULTadd eip, $RESULTasm eip, "nop"add eip, $RESULTeval "mov ecx, [{VACont2}]"asm eip, $RESULTadd eip, $RESULTmov VAFlagsTab, VANanTypTabadd VAFlagsTab, 3000eval "mov edx, [ecx*4+{VAFlagsTab}]"asm eip, $RESULTadd eip, $RESULTmov [VAFlagsTab], #02020000#add VAFlagsTab, 4mov [VAFlagsTab], #03020000#add VAFlagsTab, 4mov [VAFlagsTab], #06020000#add VAFlagsTab, 4mov [VAFlagsTab], #42020000#add VAFlagsTab, 4mov [VAFlagsTab], #82020000#add VAFlagsTab, 4mov [VAFlagsTab], #D7070000#add VAFlagsTab, 4mov [VAFlagsTab], #020A0000#add VAFlagsTab, 4mov [VAFlagsTab], #820A0000#add VAFlagsTab, 4mov [VAFlagsTab], #570F0000#add VAFlagsTab, 4mov [VAFlagsTab], #960F0000#add VAFlagsTab, 4mov [VAFlagsTab], #970F0000#add VAFlagsTab, 4mov [VAFlagsTab], #D30F0000#add VAFlagsTab, 4mov [VAFlagsTab], #D60F0000#mov NanoCount, eipcmp NanoDW, 0je NanB03add NanoCount, 03Bjmp NanDW03NanB03:add NanoCount, 0BFNanDW03:mov NanoCount, [NanoCount]add NanoCount, RegEBPeval "mov [{NanoCount}], edx"asm eip, $RESULTadd eip, $RESULTasm eip, "nop"add eip, $RESULTeval "mov ecx, {RegECX}"asm eip, $RESULTadd eip, $RESULTeval "mov edx, {RegEDX}"asm eip, $RESULTadd eip, $RESULTeval "mov ebx, {RegEBX}"asm eip, $RESULTadd eip, $RESULTeval "mov esp, {RegESP}"asm eip, $RESULTadd eip, $RESULTeval "mov ebp, {RegEBP}"asm eip, $RESULTadd eip, $RESULTeval "mov esi, {RegESI}"asm eip, $RESULTadd eip, $RESULTeval "mov edi, {RegEDI}"asm eip, $RESULTadd eip, $RESULTcmp NanoDW, 0je NanB04add eip, 74jmp NanDW04NanB04:add eip, 0F6NanDW04:asm eip, "nop"add eip, $RESULTasm eip, "nop"add eip, $RESULTeval "mov ecx, [{VACont2}]"asm eip, $RESULTadd eip, $RESULTasm eip, "inc ecx"add eip, $RESULTeval "mov [{VACont2}], ecx"asm eip, $RESULTadd eip, $RESULTasm eip, "cmp ecx, 0D"add eip, $RESULTeval "jnz {HBPEip}"asm eip, $RESULTadd eip, $RESULTeval "mov dword [{VACont2}], 0"asm eip, $RESULTadd eip, $RESULTeval "mov ecx, [{VACont}]"asm eip, $RESULTadd eip, $RESULTasm eip, "inc ecx"add eip, $RESULTeval "mov [{VACont}], ecx"asm eip, $RESULTadd eip, $RESULTmov text, VAContsub text, 10eval "mov eax, [{text}]"asm eip, $RESULTadd eip, $RESULTasm eip, "cmp ecx, eax"add eip, $RESULTeval "jnz {HBPEip}"asm eip, $RESULTadd eip, $RESULTasm eip, "nop"add eip, $RESULTasm eip, "nop"add eip, $RESULTasm eip, "nop"bphws eip, "x"sub eip, 41mov LogBP, eipcmp NanoDW, 0je NanB05bpl eip, "edx"sub eip, 61mov LogBP2, eipbpl eip, "ecx"jmp NanDW05NanB05:bpl eip, "eax"sub eip, 1mov LogBP2, eipbpl eip, "eax"sub eip, 5Emov LogBP3, eipbpl eip, "edx"NanDW05:sub eip, 6asm eip, "nop"add eip, $RESULTasm eip, "nop"add eip, $RESULTasm eip, "nop"add eip, $RESULTasm eip, "nop"add eip, $RESULTasm eip, "nop"add eip, $RESULTasm eip, "nop"add eip, $RESULTcmp NanoDW, 0je NanB06sub eip, 12mov LogBP3, eipjmp NanDW06NanB06:sub eip, 96mov LogBP4, eipNanDW06:bpl eip, "eax"mov eip, HBPEip2eob BABEL2runjmp BABELBABEL2:bphwc eipbc LogBPbc LogBP2bc LogBP3cmp NanoDW, 1je NanDW07bc LogBP4NanDW07:msg "Comprobaci髇 de nanotypes terminada, guarda el Log y cierra el Olly."retLABEL:estojmp LABELNoVA:msg "No se ha especificado una VA base para las tablas, script terminado."ret⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -