📄 mslrh v0.31a unpack script v0.1.txt
字号:
/*
//////////////////////////////////////////////////
MSLRH v0.31A unpack script v0.1
Author: loveboom
Email : loveboom%163.com
OS : WinXP sp2,Ollydbg 1.1,OllyScript v0.92
Date : 2005-03-07
Action: Auto fix IAT,find oep
Config: Ignore all exceptions and ingnore exception: 'C000001E (INVALID LOCK SEQUENCE)'
Note : If you have one or more question, email me please,thank you!
//////////////////////////////////////////////////
*/
var addr
var espval
var cbase
var csize
var peheader
var mbase
start:
msgyn "Setting:Ignore all exceptions.continue?"
cmp $RESULT,1
je lbl1
ret
lbl1:
dbh
mov espval,esp //Get esp value
sub espval,4
gmi eip,MODULEBASE //Get code section information
mov mbase,$RESULT
mov peheader,mbase
add peheader,3c
mov addr,[peheader]
add addr,mbase
mov peheader,addr //Get pe header
add peheader,100 //Get section size
mov csize,[peheader]
add peheader,4 //Get section VirutalAddress
mov cbase,[peheader]
add cbase,mbase
lbl2:
gpa "OutputDebugStringA","kernel32.dll"
cmp $RESULT,0
je lbl3
mov addr,$RESULT
asm addr,"xor eax,eax" //Patch api function
add addr,2
asm addr, "ret 4"
lbl3:
gpa "CreateFileA","kernel32.dll"
bp $RESULT
esto
bc $RESULT
rtu
lbl4: //clear anti-ImportREC
mov addr,eax
exec
push {addr}
Call CloseHandle
ende
lbl5:
gpa "ZwQueryInformationProcess","ntdll.dll" //Clear Anti-Ring3 debug
cmp $RESULT,0
je lbl6
bp $RESULT
esto
bc $RESULT
rtu
sto
mov eax,0
lbl6:
bprm cbase,csize
esto
bpmc
bphws espval,"r"
esto
bphwc espval
sto
lblend:
dbs
cmt eip,"OEP"
msg "Script by loveboom[DFCG][FCG][US],thank you for using my script!"
ret
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -