📄 pespin 0.7 oep finder #2.txt
字号:
// Script for OllyScript plugin by SHaG - http://ollyscript.apsvans.com
/*
PESpin v0.7 OEP finder
Finds OEP for PESpinned file with maximum checked boxes in settings tab for sure
Didn't check for others :)
Author: Reverend^HTB+RAG
Contact: rev15@wp.pl
http://www.reverend.piwko.pl
*/
msgyn "Make sure no exceptions are passed to program. Uncheck all marks on exceptions tab. Ready to start ?"
cmp $RESULT,0
je cancel
var cbase
gmi eip,CODEBASE
mov cbase,$RESULT
log cbase
var csize
gmi eip,CODESIZE
mov csize,$RESULT
log csize
var count
mov count,0B
eob @1
eoe @1
var isoep
run
@1:
cob
coe
cmp count,0
je @2
esto
dec count
jmp @1
@2:
esti
bprm cbase, csize
eob @3
eoe @3
run
@3:
cob
coe
bpmc
mov isoep,[eip]
and isoep,000000FF
cmp isoep,000000E9
je oep_detected
var finder
mov finder,eip
and finder,FFFFF000
@4:
find finder,#817E10#
sub finder,1000
cmp $RESULT,0
je @4
eob @5
eoe @5
@5:
cmp eip,$RESULT
je @6
go $RESULT
@6:
cob
coe
find $RESULT,#3DFF0F00#
go $RESULT
mov eax,20
rtr
@7:
sti
mov isoep,[eip]
and isoep,000000FF
cmp isoep,000000E9
jne @7
oep_detected:
sti
cmt eip, "OEP"
msgyn "Do you want to analyze now ?"
cmp $RESULT,0
je cancel
an eip
cancel:
ret
// [BACK] ⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -