Now Quick Unpack uses new module Force.dll for detect OEP of most popular packers.
Force OEP finder for packers by FEUERRADER [AHTeam] supports UPX 1.xx, ASPack 2.12, FSG 1.33/2.0, MEW10, MEW11, PECompact 1.x/2.x'.
szExtPe db 'PE Files',0,'*.exe;*.dll;*.scr;*.fon;*.drv',0
.data
szStart db " Please select a PE file to find its OEP ", 0
szForceDll db "Force.dll", 0
szErForceDll db "Force.dll加载错误!", 0
szGetOEPNow db "GetOEPNow", 0
stOF OPENFILENAME <>
szFilePath db MAX_PATH dup (?)
szErrOep db "Get Oep Error!", 0
OEPOK db "OEP is :", 0
.data?
lhWnd dd ?
_GetOEPNow db ?
szString1 db 16 dup(?)
szString2 db 16 dup(?)
xor ecx, ecx
mov esi, offset szString1
@@: ;这个小循环用来把句柄数值转换成字符串,存放在szString1,不过存放的数值是倒的
test eax, eax
jz @lExit
xor edx, edx
mov edi, 10h
idiv edi
.if dl > 9
add dl, 37h
.else
add dl, 30h
.endif
mov byte ptr [esi], dl
inc esi
inc ecx
test eax, eax
jnz @B
@lExit:
mov edi, offset szString2
dec esi
@@: ;把倒过来的字符串再修正回来,放在szString2
mov al, BYTE ptr [esi]
mov BYTE ptr [edi], al
dec ecx
dec esi
inc edi
test ecx, ecx
jnz @B