/*
.:TEAM RESURRECTiON:.
Armadillo Standard+Strategic Code Splicing Script by AvAtAr
Tested on WinXP Pro SP2, OllyDbg v1.10, OllyScript v0.92
NOTES:
- Remove all hardware breakpoints before run the script.
- Add the following custom exceptions on OllyDbg:
C0000005(ACCESS VIOLATION), C000001D(ILLEGAL INSTRUCTION)
C000001E(INVALID LOCK SEQUENCE), C0000096(PRIVILEGED INSTRUCTION)
*/
var CreateMutexA
var CreateThread
var GetModuleHandleA
var OpenMutexA
var VirtualAlloc
var JumpLocation
var JumpLength
var adata
var regESP
var OEP
msgyn "Resolve Strategic Code Splicing?"
cmp $RESULT,0
je label3
bphws VirtualAlloc, "x"
label2:
esto
mov regESP,esp
add regESP,0C
cmp [regESP],1000
jne label2
add regESP,4
cmp [regESP],40
jne label2
rtu
mov eax,adata
bphwc VirtualAlloc
label3:
bp CreateThread
run
cob
bc CreateThread
rtu
rtr
sti
find eip, #2B??FF??8?#
mov OEP, $RESULT
add OEP, 2
bp OEP
run
bc OEP
sti
cmt eip, "<- OEP"
msg "You're at the OEP, now dump with LordPE and fix the IAT with ImpRec. =)"
ret