我最喜欢写脚本了:
//molebox 2.x ,by skylly
msg "忽略所有异常"
sto
sto
var cool
mov cool,esp
bphws cool,"r" //esp定律,用来找OEP
var VirtualProtect
gpa "VirtualProtect","kernel32.dll"
cmp $RESULT,0
je err
mov VirtualProtect,$RESULT
bp VirtualProtect //下VP的断点为了找IAT加密的地方
eob check
eoe check //发生中断则执行check
esto
ret
check:
cmp eip,VirtualProtect //检查是否是断在VP
je VirtualProtect
esto
ret
VirtualProtect:
rtu
var a
mov a,eip
mov a,[a]
cmp a,A75C085 //看用户代码处是否test eax,eax;jnz
je iat //如果是则到了关键地点
esto
ret
cool: //所有要做的都做完了,很快到OEP了
cob
coe
run
bphwc cool
zou: //自动走路的代码
mov a,eip
mov a,[a]
shl a,8
shl a,8
shl a,8
cmp a,58000000 //直到指令不是pop eax为止
jne cool2
sto
jmp zou
cool2:
sti //进入call eax就到OEP了
jmp oep
ret
iat: //对IAT加密的代码进行PATCH
find eip,#8901#
cmp $RESULT,0
je err
mov [$RESULT],#9090#
msg "绕开输入表加密!"
bc VirtualProtect
jmp cool
ret