pespin 1.1 stolen code finder v0.1.txt

来自「700个脱壳脚本, 可以放在在OD的ollyscript Plugin中.」· 文本代码 · 共 126 行

TXT

126 行

/*//////////////////////////////////////////////////	PESpin v1.1 Stolen Code Finder v0.1 	Author:	loveboom	Email : loveboom#163.com	OS    : WinXP sp1,Ollydbg 1.1,OllyScript v0.92	Date  : 2005-3-9        Action: 修复IAT，停在stolen code处.	Config: Ignore all exceptions	Note  : If you have one or more question, email me please,thank you!//////////////////////////////////////////////////*/var addrvar addr1  start:   Msgyn "Config:Ignore all exceptions,continue?"   cmp $RESULT,1   je lbl1   retlbl1:  gpa "LoadLibraryA","kernel32.dll"		//在LoadLibrarya+B处下断  mov addr,$RESULT  add addr,B  bp addr  esto  lbl2:  cmp eip,addr  jne lblabort  bc addr  mov addr,esp  add addr,c  mov addr,[addr]  bp addr  esto  bc addr  lbl3:  find eip,#0FBA67FF07#		//find command 'bt [edi-1],7'  cmp $RESULT,0  je lblabort  mov addr,$RESULT  fill addr,1,F8		//修改为clc清除CF  inc addr  mov [addr],90909090lblnext1:  find addr,#0F31#		//find command 'RDTSC'  cmp $RESULT,0  je lblabort  find $RESULT,#FF6424FC#		//find command 'JMP DWORD PTR SS:[ESP-4]'  cmp $RESULT,0  je lblabort  mov addr1,$RESULT  bp addr1lblfind1:  find addr,#FF6424FC#		//find command 'JMP DWORD PTR SS:[ESP-4]'  cmp $RESULT,0  je lblabort  go $RESULT  sto  stilblfind2:  find eip,#807FFFEA#		//find command'CMP BYTE PTR DS:[EDI-1],0EA'  cmp $RESULT,0  je lblabort  find $RESULT,#FE4FFF83C7042BC78947FC#  /*find commands:	FE4F FF         DEC BYTE PTR DS:[EDI-1]	83C7 04         ADD EDI,4	2BC7            SUB EAX,EDI	8947 FC         MOV DWORD PTR DS:[EDI-4],EAX*/  cmp $RESULT,0  je lblabort  fill $RESULT,b,90  mov addr,$RESULT  bp addr  lblloop1:  run  lblcheck:  cmp eip,addr  jne lbl4  exec				//fix iat    mov word ptr [edi-1],25FF    mov [edi+1],edx    mov [edx],eax  ende  jmp lblloop1  lbl4:  bc addr  bc addr1  find eip,#E801000000??83C404#		//find commands:'call $+1 add esp,4'  cmp $RESULT,0  je lblerrver  go $RESULT  find $RESULT,#61#  cmp $RESULT,0  je lblerrver  go $RESULT  sto  cmt eip,"Stolen code."  lblend:  msg "Script finished,script by loveboom[DFCG][FCG][US].Thank you for using my script!"  retlblabort:  msg "Error,script aborted.Maybe target is not protect by pespin 1.1 or you forgot ignore all exceptions."  retlblerrver:  msg "目标程序可能是用pespin 1.0或更低版本保护的!"  ret

pespin 1.1 stolen code finder v0.1.txt - 源码说明

本页面展示了「700个脱壳脚本, 可以放在在OD的ollyscript Plugin中.」中的 pespin 1.1 stolen code finder v0.1.txt 源码文件，采用文本编程语言编写，共 126 行代码。您可以在线阅读完整代码内容，也可以返回资源详情页下载完整源码包进行本地学习和开发。

虫虫下载站收录了大量与ollyscript相关的技术资源，包括源代码、技术文档、电路图等，是电子工程师和嵌入式开发者的专业学习平台。

⌨️ 快捷键说明

复制代码Ctrl + C

搜索代码Ctrl + F

全屏模式F11

增大字号Ctrl + =

减小字号Ctrl + -

显示快捷键?