📄 pespin 0.b - 0.3 oep finder.txt
字号:
/*
2h15 PM Tuesday 11 January 2005
PESpin 0.b - 0.3 OEP Finder without Method "Remove OEP"
Tested with PESpin 0.b & PESpin 0.3
Author : dqtln
Email : dqtlncrk@gmail.com
OS : WinXP Pro SP1 , OllyDbg 1.10 , OllyScript 0.92
Website : www.phudu.com
For opinions & bugreport send me a email
Thank you very much
*/
msgyn "Please check Options/Exceptions/INT3 breaks"
cmp $RESULT,0
je dqtln3
var x
sto
sto
bphws esp,"r"
mov x,esp
run
dqtln1:
esto
cmp eax,FF
jne dqtln1
je dqtln2
dqtln2:
esto
sto
bphwc x
msg "Please press No if have a question"
an eip
cmt eip,"This is the OEP - Found by dqtln"
msg "Dump and fix IAT now - Good day"
ret
dqtln3:
msg "Script Abort"
ret⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -