Armadillo.V4.0-V5.X.eXe.Standard.Protection.By.fly[CUG].oSc-加壳脱壳-看雪-安全社区|安全招聘|kanxue.com

Armadillo.V4.0-V5.X.eXe.Standard.Protection.By.fly[CUG].oSc

发表于: 2007-10-2 15:15 15160

Armadillo.V4.0-V5.X.eXe.Standard.Protection.By.fly[CUG].oSc

fly

2007-10-2 15:15

15160

///////////////////////////////////////////////////////////////
// FileName    :  Armadillo V4.0-V5.X.Standard.Protection.oSc
// Comment     :  Standard Only + Standard plus Debug Blocker
// Environment :  WinXP SP2,OllyDbg V1.10,OllyScript V1.65
// Author      :  fly [CUG]
// WebSite     :  http://unpack.cn
// Date        :  2007-09-22 00:00
///////////////////////////////////////////////////////////////
#log
dbh

var T0
var T1
var Temp
var bpcnt
var MagicJMP
var JmpAddress
var fiXedOver
var OpenMutexA 
var GetModuleHandleA
var VirtualProtect
var CreateFileMappingA
var CreateThread
var FindOEP


MSGYN "Plz Clear All BreakPoints + Set Debugging Option Ignore All Excepions Options + Add C000001D..C000001E in custom exceptions !"
cmp $RESULT, 0
je TryAgain

cmp $VERSION, "1.65" 
jb CheckODbgScripVersion 

BPHWC
BC


//OutputDebugStringA______________________________________

gpa "OutputDebugStringA", "KERNEL32.dll"
mov [$RESULT], #C20400#


//OpenMutexA______________________________________

gpa "VirtualProtect", "KERNEL32.dll"
find $RESULT,#5DC21000#
mov VirtualProtect,$RESULT
eob VirtualProtect
bp VirtualProtect

gpa "OpenMutexA", "KERNEL32.dll"
mov OpenMutexA,$RESULT
bp OpenMutexA

esto

OpenMutexA:
eob KillOpenMutexA
exec
mov eax,[ESP+0C]
pushad
push eax
push 0
push 0
CALL CreateMutexA
popad
jmp OpenMutexA
ende

KillOpenMutexA:
bc OpenMutexA
esti


//VirtualProtect______________________________________

eob VirtualProtect
GoOn0:
esto

VirtualProtect:
cmp eip,OpenMutexA
je OpenMutexA
cmp eip,VirtualProtect
jne GoOn0
bc VirtualProtect


//CreateFileMappingA______________________________________

gpa "CreateFileMappingA", "KERNEL32.dll"
find $RESULT,#C9C21800#
mov CreateFileMappingA,$RESULT
bp CreateFileMappingA
eob CreateFileMappingA

esto
GoOn1:
esto

CreateFileMappingA:
cmp eip,CreateFileMappingA
jne GoOn1
bc CreateFileMappingA


//GetModuleHandleA______________________________________

gpa "GetModuleHandleA", "KERNEL32.dll"
find $RESULT,#C20400#
mov GetModuleHandleA,$RESULT
bp GetModuleHandleA
eob GetModuleHandleA

esto
GoOn2:
esto

GetModuleHandleA:
cmp eip,GetModuleHandleA
jne GoOn2
cmp bpcnt,1
je  VirtualFree
cmp bpcnt,2
je  Third

	
/*
00129528   00BE6DF3  RETURN to 00BE6DF3 from kernel32.GetModuleHandleA
0012952C   00BFBC1C  ASCII "kernel32.dll"
00129530   00BFCEC4  ASCII "VirtualAlloc"
*/

VirtualAlloc:	
mov Temp,esp
add Temp,4
log Temp
mov T0,[Temp]
cmp [T0],6E72656B
log [T0]
jne GoOn2
add Temp,4
mov T1,[Temp]
cmp [T1],74726956
jne GoOn2
bc OpenMutexA
inc bpcnt
jmp GoOn2


/*
00129528   00BE6E10  RETURN to 00BE6E10 from kernel32.GetModuleHandleA
0012952C   00BFBC1C  ASCII "kernel32.dll"
00129530   00BFCEB8  ASCII "VirtualFree"
*/

VirtualFree:
mov Temp,esp
add Temp,4
mov T1,[Temp]
cmp [T1],6E72656B
jne GoOn2
add Temp,4
mov T1,[Temp]
add T1,7
cmp [T1],65657246
log [T1]
jne GoOn2
inc bpcnt
jmp GoOn2


/*
0012928C   00BD5CE1  RETURN to 00BD5CE1 from kernel32.GetModuleHandleA
00129290   001293DC  ASCII "kernel32.dll"
*/ 	

Third:
mov Temp,esp
add Temp,4
mov T1,[Temp]
cmp [T1],6E72656B
jne GoOn2
bc GetModuleHandleA
esti


//MagicJMP______________________________________

/*
->Armadillo V4.X
00BD5CDB     FF15 B860BF00      call dword ptr ds:[BF60B8]       ; kernel32.GetModuleHandleA
00BD5CE1     8B0D AC40C000      mov ecx,dword ptr ds:[C040AC]
00BD5CE7     89040E             mov dword ptr ds:[esi+ecx],eax
00BD5CEA     A1 AC40C000        mov eax,dword ptr ds:[C040AC]
00BD5CEF     391C06             cmp dword ptr ds:[esi+eax],ebx
00BD5CF2     75 16              jnz short 00BD5D0A
00BD5CF4     8D85 B4FEFFFF      lea eax,dword ptr ss:[ebp-14C]
00BD5CFA     50                 push eax
00BD5CFB     FF15 BC62BF00      call dword ptr ds:[BF62BC]       ; kernel32.LoadLibraryA
00BD5D01     8B0D AC40C000      mov ecx,dword ptr ds:[C040AC]
00BD5D07     89040E             mov dword ptr ds:[esi+ecx],eax
00BD5D0A     A1 AC40C000        mov eax,dword ptr ds:[C040AC]
00BD5D0F     391C06             cmp dword ptr ds:[esi+eax],ebx
00BD5D12     0F84 2F010000      je 00BD5E47

->Armadillo V5.X
00DE7F4E     FF15 C0E0E200      call dword ptr ds:[E2E0C0] ; kernel32.GetModuleHandleA
00DE7F54     8B55 F4            mov edx,dword ptr ss:[ebp-C]
00DE7F57     8B0D 7CDFE300      mov ecx,dword ptr ds:[E3DF7C]
00DE7F5D     890491             mov dword ptr ds:[ecx+edx*4],eax
00DE7F60     8B55 F4            mov edx,dword ptr ss:[ebp-C]
00DE7F63     A1 7CDFE300        mov eax,dword ptr ds:[E3DF7C]
00DE7F68     833C90 00          cmp dword ptr ds:[eax+edx*4],0
00DE7F6C     75 5C              jnz short 00DE7FCA
00DE7F6E     8B4D F8            mov ecx,dword ptr ss:[ebp-8]
00DE7F71     8B51 08            mov edx,dword ptr ds:[ecx+8]
00DE7F74     83E2 02            and edx,2
00DE7F77     74 38              je short 00DE7FB1
00DE7F79     B8 0B000000        mov eax,0B
00DE7F7E     C1E0 02            shl eax,2
00DE7F81     8B0D 04BBE300      mov ecx,dword ptr ds:[E3BB04]
00DE7F87     8B15 04BBE300      mov edx,dword ptr ds:[E3BB04]
00DE7F8D     8B35 04BBE300      mov esi,dword ptr ds:[E3BB04]
00DE7F93     8B5E 78            mov ebx,dword ptr ds:[esi+78]
00DE7F96     335A 34            xor ebx,dword ptr ds:[edx+34]
00DE7F99     331C01             xor ebx,dword ptr ds:[ecx+eax]
00DE7F9C     83E3 10            and ebx,10
00DE7F9F     F7DB               neg ebx
00DE7FA1     1BDB               sbb ebx,ebx
00DE7FA3     F7DB               neg ebx
00DE7FA5     0FB6C3             movzx eax,bl
00DE7FA8     85C0               test eax,eax
00DE7FAA     75 05              jnz short 00DE7FB1
00DE7FAC     E9 1BFFFFFF        jmp 00DE7ECC
00DE7FB1     8D8D C8FEFFFF      lea ecx,dword ptr ss:[ebp-138]
00DE7FB7     51                 push ecx
00DE7FB8     FF15 D4E1E200      call dword ptr ds:[E2E1D4] ; kernel32.LoadLibraryA
00DE7FBE     8B55 F4            mov edx,dword ptr ss:[ebp-C]
00DE7FC1     8B0D 7CDFE300      mov ecx,dword ptr ds:[E3DF7C]
00DE7FC7     890491             mov dword ptr ds:[ecx+edx*4],eax
00DE7FCA     8B55 F4            mov edx,dword ptr ss:[ebp-C]
00DE7FCD     A1 7CDFE300        mov eax,dword ptr ds:[E3DF7C]
00DE7FD2     833C90 00          cmp dword ptr ds:[eax+edx*4],0
00DE7FD6     75 05              jnz short 00DE7FDD
//MagicJmp ★  ->NOP
00E37FD8     E9 EFFEFFFF        jmp 00E37ECC
00E37FDD     C785 BCFEFFFF 0000>mov dword ptr ss:[ebp-144],0
00E37FE7     C785 C0FEFFFF 0000>mov dword ptr ss:[ebp-140],0
00E37FF1     8B4D F8            mov ecx,dword ptr ss:[ebp-8]
00E37FF4     8B51 04            mov edx,dword ptr ds:[ecx+4]
00E37FF7     8995 C4FEFFFF      mov dword ptr ss:[ebp-13C],edx
00E37FFD     EB 0F              jmp short 00E3800E
*/

find eip,#39????0F84??010000#,100
cmp $RESULT,0
je ArmadilloV5.X
add $RESULT,3
mov MagicJMP,$RESULT
log MagicJMP
mov T0,$RESULT
add T0,2
mov T1, [T0]
add T1,4
add T1,T0
mov JmpAddress,T1
log JmpAddress
eval "jmp {JmpAddress}"
asm MagicJMP,$RESULT


/*
00BD5C8C     391D F0B0BF00      cmp dword ptr ds:[BFB0F0],ebx
00BD5C92     0F84 C4010000      je 00BD5E5C
*/

mov Temp,MagicJMP
sub Temp,100
find Temp,#39??????????0F84????0000#,100
cmp $RESULT,0
je NoFind
add $RESULT,6
mov T0,$RESULT
add T0,2
mov T1, [T0]
add T1,4
add T1,T0
mov fiXedOver,T1
log fiXedOver
eob fiXedOver
bp fiXedOver

esto
GoOn3:
esto

fiXedOver:
cmp eip,fiXedOver    
jne GoOn3
bc fiXedOver
eval "je {JmpAddress}"
asm MagicJMP,$RESULT
jmp Thread


ArmadilloV5.X:
find eip,#833C90007505E9??FEFFFF#
cmp $RESULT,0
je NoFind
add $RESULT,4
mov MagicJMP,$RESULT
log MagicJMP
mov [MagicJMP],#9090#

/*
->Standard.Protection
00E38255     E9 72FCFFFF        jmp 00E37ECC
00E3825A     EB 03              jmp short 00E3825F
00E3825C     D6                 salc
00E3825D     D6                 salc

->Minimum Protection
00D4754E     E9 72FCFFFF        jmp 00D471C5
00D47553     E9 03010000        jmp 00D4765B
00D47558     0FB615 3C3FD900    movzx edx,byte ptr ds:[D93F3C]
00D4755F     85D2               test edx,edx
00D47561     74 05              je short 00D47568
00D47563     E9 F3000000        jmp 00D4765B
00D47568     C785 DCFDFFFF 0000>mov dword ptr ss:[ebp-224],0
00D47572     C785 DCFDFFFF 0000>mov dword ptr ss:[ebp-224],0
00D4757C     EB 0F              jmp short 00D4758D
*/

find MagicJMP,#E9????????EB03D6D6#
cmp $RESULT,0
jne FindfiXedOver
find MagicJMP,#E9????????E9????00000F????????????85D2#
cmp $RESULT,0
je NoFind

FindfiXedOver:
add $RESULT,5
mov fiXedOver,$RESULT
log fiXedOver
eob fiXedOver
bp fiXedOver

esto
GoOn4:
esto

fiXedOver:
cmp eip,fiXedOver    
jne GoOn4
bc fiXedOver
mov [MagicJMP],#7505#


//CreateThread______________________________________

Thread:
gpa "CreateThread", "KERNEL32.dll"
find $RESULT,#C21800#
mov CreateThread,$RESULT
eob CreateThread
bphws CreateThread, "x"

esto
GoOn5:
esto

CreateThread:
cmp eip,CreateThread
jne GoOn5
bphwc CreateThread
esti


//FindOEP______________________________________

/*
00F9F9B3     2BCA               sub ecx,edx
00F9F9B5     FFD1               call ecx     ; Armadill.004436E0
*/

mov Temp,eip
sub Temp,400
find Temp,#2BCAFFD18BD8#
cmp $RESULT,0
jne BP
find Temp,#2BCAFFD189#
cmp $RESULT,0
jne BP
find Temp,#2BF9FFD7#
cmp $RESULT,0
jne BP
find Temp,#FFD18945FC8B45FC#
cmp $RESULT,0
je NoFind
jmp BPV5

BP:
add $RESULT,2
BPV5:
mov FindOEP,$RESULT
log FindOEP
eob FindOEP
bp FindOEP

esto
GoOn6:
esto

FindOEP:
cmp eip,FindOEP
jne GoOn6
bc FindOEP
sti


//GameOver______________________________________ 

log eip
cmt eip, "This is the OEP!  Found By: fly[CUG] "                              
MSG "Just : OEP !  Dump and Fix IAT.  Good Luck   "
ret                       

NoFind:
MSG "Error! Don't find.     "
ret

CheckODbgScripVersion:
msg  "ODBGScript Version Need 1.65 or higher!"
ret

TryAgain:
MSG " Plz  Try  Again   !   "
ret

         ,     _/ 
        /| _.-~/            \_     ,        青春都一晌
       ( /~   /              \~-._ |\
       `\\  _/                \   ~\ )          忍把浮名 
   _-~~~-.)  )__/;;,.          \_  //'
  /'_,\   --~   \ ~~~-  ,;;\___(  (.-~~~-.        换了破解轻狂
`~ _( ,_..--\ (     ,;'' /    ~--   /._`\ 
  /~~//'   /' `~\         ) /--.._, )_  `~
  "  `~"  "      `"      /~'`\    `\\~~\   
                         "     "   "~'  ""

      fly[CUG]
  http://unpack.cn
http://www.unpack.cn
  2007.09.22 00:00

[培训]《安卓高级研修班(网课)》月薪三万计划，掌握调试、分析还原ollvm、vmp的方法，定制art虚拟机自动化脱壳的方法

上传的附件：

Armadillo.V4.0-V5.X.eXe.Standard.Protection.By.fly[CUG].oSc.rar （0.00kb，290次下载）

收藏・2

免费・0

支持

最新回复 (28) 1 2 ▶
limee 雪币： 1540 活跃值： (2807) 能力值： ( LV2，RANK：10 ) 在线值：发帖 456 回帖 976 粉丝 1 关注私信	limee 2 楼终于抢到沙发了 2007-10-2 15:17 0
fly 雪币： 898 活跃值： (4039) 能力值： ( LV9，RANK：3410 ) 在线值：发帖 294 回帖 7686 粉丝 32 关注私信	fly 85 3 楼如果大家脱标准壳时出现问题，欢迎反馈详细信息请注意运行脚本前删除原来的所有断点并设置OllyDBG忽略所有异常选项 2007-10-2 15:19 0
tzl 雪币： 219 活跃值： (1634) 能力值： ( LV9，RANK：410 ) 在线值：发帖 21 回帖 532 粉丝 0 关注私信	tzl 10 4 楼感谢fly提供这么好的脚本~~ 2007-10-2 15:38 0
【BiNg】雪币： 201 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 67 粉丝 1 关注私信	【BiNg】 5 楼 hoho fly出货的高兴高兴 2007-10-2 21:21 0
basuo 雪币： 235 活跃值： (11) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 13 粉丝 0 关注私信	basuo 6 楼如何知道是不是 Standard Only 的版本，我用peid 查为 Armadillo V5.00 -> Silicon Realms Toolworks * Sign.By.fly * 然后用这个脚本脱不了 log window: Script Log Window Address Message 7C80B6C1 Temp: 0012947C 7C80B6C1 [T0]: 6E72656B 7C80B6C1 [T1]: 65657246 1127E44 MagicJMP: 01127EC6 1127E44 fiXedOver: 01128149 script window: 脚本运行窗口行号命令返回值 EIP 计算结果 <--- D:\tools\OllyICE\Scripts\Armadillo.V4.0-V5.X.eXe.Standard.Protection.By.fly[CUG].oSc__ 1 dbh 007274F2 2 var T0 j 3 var T1 j 4 var Temp j 5 var bpcnt j 6 var MagicJMP j 7 var JmpAddress j 8 var fiXedOver j 9 var OpenMutexA j 10 var GetModuleHandleA j 11 var VirtualProtect j 12 var CreateFileMappingA j 13 var CreateThread j 14 var FindOEP j 15 MSGYN "Plz Clear All BreakPoints + Set Debugging Option Ignore All Excepions Options 1 j "Plz Clear All BreakPoints + Set Debugging Option Ignore All Excepions Options + Add C000001D..C0000 16 cmp $RESULT, 0 j j 1 17 je TryAgain j j 18 cmp $VERSION, "1.65" j j "1.65" 19 jb CheckODbgScripVersion j j 20 BPHWC j j 21 BC j j 22 gpa "OutputDebugStringA", "KERNEL32.dll" 7C859D78 j 23 mov [$RESULT], #C20400# j j 7C859D78 24 gpa "VirtualProtect", "KERNEL32.dll" 7C801AD0 j 25 find $RESULT,#5DC21000# 7C801AE8 j 7C801AD0 26 mov VirtualProtect,$RESULT j j 7C801AE8 27 eob VirtualProtect j j 28 bp VirtualProtect j j 7C801AE8 29 gpa "OpenMutexA", "KERNEL32.dll" 7C80EA1B j 30 mov OpenMutexA,$RESULT j j 7C80EA1B 31 bp OpenMutexA j j 7C80EA1B 32 esto j 007274F2 33 OpenMutexA:___________________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 34 eob KillOpenMutexA 7C80EA1B 7C80EA1B 35 exec j j 36 mov eax,[ESP+0C] j j 37 pushad j j 38 push eax j j 39 push 0 j j 40 push 0 j j 41 CALL CreateMutexA j j 42 popad j j 43 jmp OpenMutexA j j 44 ende j 7C80EA1B 45 KillOpenMutexA:_______________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 46 bc OpenMutexA 7C80EA1B 7C80EA1B 7C80EA1B 47 esti j 7C80EA1B 48 eob VirtualProtect j 7C80EA1D 49 GoOn0:________________________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 50 esto 7C80EA1B 7C80EA1D 51 VirtualProtect:_______________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 52 cmp eip,OpenMutexA 7C80EA1B 7C801AE8 7C80EA1B 7C801AE8,7C80EA1B 7C80EA1B 53 Uje OpenMutexA j j 54 cmp eip,VirtualProtect j j 7C801AE8 7C801AE8 55 jne GoOn0 j j 56 bc VirtualProtect j j 7C801AE8 57 gpa "CreateFileMappingA", "KERNEL32.dll" 7C80945C j 58 find $RESULT,#C9C21800# 7C8094B2 j 7C80945C 59 mov CreateFileMappingA,$RESULT j j 7C8094B2 60 bp CreateFileMappingA j j 7C8094B2 61 eob CreateFileMappingA j j 62 esto j 7C801AE8 63 GoOn1:________________________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 64 esto 65 CreateFileMappingA:___________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 66 cmp eip,CreateFileMappingA 7C8094B2 7C8094B2 7C8094B2 7C8094B2 67 jne GoOn1 j j 68 bc CreateFileMappingA j j 7C8094B2 69 gpa "GetModuleHandleA", "KERNEL32.dll" 7C80B6A1 j 70 find $RESULT,#C20400# 7C80B6C1 j 7C80B6A1 71 mov GetModuleHandleA,$RESULT j j 7C80B6C1 72 bp GetModuleHandleA j j 7C80B6C1 73 eob GetModuleHandleA j j 74 esto j 7C8094B2 75 GoOn2:________________________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 76 esto 7C80B6C1 7C80B6C1 77 GetModuleHandleA:_____________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 78 cmp eip,GetModuleHandleA 7C80B6C1 7C80B6C1 7C80B6C1 7C80B6C1,7C80B6C1 7C80B6C1,7C80B6C1 7C80B6C1 79 jne GoOn2 j j 80 cmp bpcnt,1 j j 2,1,0 81 Dje VirtualFree j j 82 cmp bpcnt,2 j j 2,0 83 Dje Third j 7C80B6C1 84 VirtualAlloc:_________________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 85 mov Temp,esp 7C80B6C1 7C80B6C1 129478 86 add Temp,4 j j 129478 87 log Temp j j 12947C 88 mov T0,[Temp] j j 1170B98 ?12947C 89 cmp [T0],6E72656B j j 6E72656B ?1170B98 90 log [T0] j j 6E72656B ?1170B98 91 jne GoOn2 j j 92 add Temp,4 j j 12947C 93 mov T1,[Temp] j j 1171A64 ?129480 94 cmp [T1],74726956 j j 74726956 ?1171A64 95 jne GoOn2 j j 96 bc OpenMutexA j j 7C80EA1B 97 inc bpcnt j j 0 98 Ujmp GoOn2 7C80B6C1 99 VirtualFree:__________________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 100 mov Temp,esp 7C80B6C1 7C80B6C1 129478 101 add Temp,4 j j 129478 102 mov T1,[Temp] j j 1170B98 ?12947C 103 cmp [T1],6E72656B j j 6E72656B ?1170B98 104 jne GoOn2 j j 105 add Temp,4 j j 12947C 106 mov T1,[Temp] j j 1171A58 ?129480 107 add T1,7 j j 1171A58 108 cmp [T1],65657246 j j 65657246 ?1171A5F 109 log [T1] j j 65657246 ?1171A5F 110 jne GoOn2 j j 111 inc bpcnt j j 1 112 Ujmp GoOn2 7C80B6C1 113 Third:________________________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 114 mov Temp,esp 7C80B6C1 7C80B6C1 1291C4 115 add Temp,4 j j 1291C4 116 mov T1,[Temp] j j 129340 ?1291C8 117 cmp [T1],6E72656B j j 6E72656B ?129340 118 jne GoOn2 j j 119 bc GetModuleHandleA j j 7C80B6C1 120 esti j 7C80B6C1 121 find eip,#39????0F84??010000#,100 0 01127E44 1127E44 122 cmp $RESULT,0 j j 0 123 Dje ArmadilloV5.X 01127E44 124 add $RESULT,3 125 mov MagicJMP,$RESULT 126 log MagicJMP 127 mov T0,$RESULT 128 add T0,2 129 mov T1, [T0] 130 add T1,4 131 add T1,T0 132 mov JmpAddress,T1 133 log JmpAddress 134 eval "jmp {JmpAddress}" 135 asm MagicJMP,$RESULT 136 mov Temp,MagicJMP 137 sub Temp,100 138 find Temp,#39??????????0F84????0000#,100 139 cmp $RESULT,0 140 je NoFind 141 add $RESULT,6 142 mov T0,$RESULT 143 add T0,2 144 mov T1, [T0] 145 add T1,4 146 add T1,T0 147 mov fiXedOver,T1 148 log fiXedOver 149 eob fiXedOver 150 bp fiXedOver 151 esto 152 GoOn3:________________________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 153 esto 154 fiXedOver:____________________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 155 cmp eip,fiXedOver 1128149 01128149 1128149 1128149 156 jne GoOn3 j j 157 bc fiXedOver j j 1128149 158 eval "je {JmpAddress}" "je 0" j 0 159 asm MagicJMP,$RESULT 6 j "je 0" 1127EC6 160 Djmp Thread 01128149 161 ArmadilloV5.X:________________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 162 find eip,#833C90007505E9EFFEFFFF# 1127EC2 01127E44 1127E44 163 cmp $RESULT,0 j j 1127EC2 164 je NoFind j j 165 add $RESULT,4 1127EC6 j 1127EC2 166 mov MagicJMP,$RESULT j j 1127EC6 167 log MagicJMP j j 1127EC6 168 mov [MagicJMP],#9090# j j 1127EC6 169 find MagicJMP,#E9????????EB03D6D6# 1128144 j 1127EC6 170 cmp $RESULT,0 j j 1128144 171 Djne FindfiXedOver 01127E44 172 find MagicJMP,#E9????????E9????00000F????????????85D2# 173 cmp $RESULT,0 174 je NoFind 175 FindfiXedOver:________________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 176 add $RESULT,5 1128149 01127E44 1128144 177 mov fiXedOver,$RESULT j j 1128149 178 log fiXedOver j j 1128149 179 eob fiXedOver j j 180 bp fiXedOver j j 1128149 181 esto j 01127E44 182 GoOn4:________________________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 183 esto 184 fiXedOver:____________________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 185 cmp eip,fiXedOver 186 jne GoOn4 187 bc fiXedOver 188 mov [MagicJMP],#7505# 189 Thread:_______________________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 190 gpa "CreateThread", "KERNEL32.dll" 7C810637 01128149 191 find $RESULT,#C21800# 7C810656 j 7C810637 192 mov CreateThread,$RESULT j j 7C810656 193 eob CreateThread j j 194 bphws CreateThread, "x" j j 7C810656 195 esto j 01128149 196 GoOn5:________________________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 197 esto 198 CreateThread:_________________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 199 cmp eip,CreateThread 200 jne GoOn5 201 bphwc CreateThread 202 esti 203 mov Temp,eip 204 sub Temp,400 205 find Temp,#2BCAFFD18BD8# 206 cmp $RESULT,0 207 jne BP 208 find Temp,#2BCAFFD189# 209 cmp $RESULT,0 210 jne BP 211 find Temp,#2BF9FFD7# 212 cmp $RESULT,0 213 jne BP 214 find Temp,#FFD18945FC8B45FC# 215 cmp $RESULT,0 216 je NoFind 217 jmp BPV5 218 BP:___________________________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 219 add $RESULT,2 220 BPV5:_________________________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 221 mov FindOEP,$RESULT 222 log FindOEP 223 eob FindOEP 224 bp FindOEP 225 esto 226 GoOn6:________________________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 227 esto 228 FindOEP:______________________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 229 cmp eip,FindOEP 230 jne GoOn6 231 bc FindOEP 232 sti 233 log eip 234 cmt eip, "This is the OEP! Found By: fly[CUG] " 235 MSG "Just : OEP ! Dump and Fix IAT. Good Luck " 236 ret 237 NoFind:_______________________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 238 MSG "Error! Don't find. " 239 ret 240 CheckODbgScripVersion:________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 241 msg "ODBGScript Version Need 1.65 or higher!" 242 ret 243 TryAgain:_____________________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 244 MSG " Plz Try Again ! " 245 ret 2007-10-2 23:56 0
fly 雪币： 898 活跃值： (4039) 能力值： ( LV9，RANK：3410 ) 在线值：发帖 294 回帖 7686 粉丝 32 关注私信	fly 85 7 楼 Armadillo Find Protected 2007-10-3 09:43 0
basuo 雪币： 235 活跃值： (11) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 13 粉丝 0 关注私信	basuo 8 楼 fly: 谢谢了，用Armadillo Find Protected1.6看了是 !- Protected Armadillo Protection system (Professional) !- <Protection Options> Debug-Blocker CopyMem-II Enable Import Table Elimination Enable Nanomites Processing Enable Memory-Patching Protections !- <Backup Key Options> No Registry Keys at All !- <Compression Options> Better/Slower Compression !- <Other Options> Store Environment Vars Externally Allow Only One Copy Use Digital River Edition Keys ?- Signature 46941D80 11-07-2007 2007-10-3 16:03 0
cyto 雪币： 417 活跃值： (475) 能力值： ( LV9，RANK：1250 ) 在线值：发帖 41 回帖 624 粉丝 0 关注私信	cyto 31 9 楼明显不是Standard。 2007-10-4 09:18 0
panwenlong 雪币： 200 活跃值： (11) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 19 粉丝 0 关注私信	panwenlong 10 楼怎么我的提示要1.65版本插件,谁有下的呀,上传一个,谢谢 2007-10-11 09:18 0
wopasi 雪币： 184 活跃值： (47) 能力值： ( LV4，RANK：50 ) 在线值：发帖 40 回帖 229 粉丝 0 关注私信	wopasi 1 11 楼 1.65的用右键那个运行脚本是1.65以上的 2007-10-14 13:17 0
fly 雪币： 898 活跃值： (4039) 能力值： ( LV9，RANK：3410 ) 在线值：发帖 294 回帖 7686 粉丝 32 关注私信	fly 85 12 楼 http://bbs.pediy.com/showthread.php?t=51112&viewgoodnees=1 2007-10-15 11:32 0
ahappyboy 雪币： 1534 活跃值： (312) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 182 粉丝 0 关注私信	ahappyboy 13 楼支持一下！！ 2007-10-15 17:53 0
panwenlong 雪币： 200 活跃值： (11) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 19 粉丝 0 关注私信	panwenlong 14 楼感谢FLY大侠,不过我的运行结果是:Error! Don't find. 原程序下载:****** 2007-10-15 18:04 0
fly 雪币： 898 活跃值： (4039) 能力值： ( LV9，RANK：3410 ) 在线值：发帖 294 回帖 7686 粉丝 32 关注私信	fly 85 15 楼 [QUOTE=panwenlong;371180]感谢FLY大侠,不过我的运行结果是:Error! Don't find. 原程序下载:******[/QUOTE] JXT你试试这个脚本 Armadillo.V5.X.eXe.Standard.Protection.By.fly[CUG].oSc http://bbs.pediy.com/showthread.php?t=51797 2007-10-16 09:31 0
fly 雪币： 898 活跃值： (4039) 能力值： ( LV9，RANK：3410 ) 在线值：发帖 294 回帖 7686 粉丝 32 关注私信	fly 85 16 楼 ArmadilloV5.X: find eip,#833C90007505E9EFFEFFFF# cmp $RESULT,0 修改为： find eip,#833C90007505E9??FEFFFF# 这个脚本也可以跑到OEP了欢迎再测试 2007-10-16 09:52 0
panwenlong 雪币： 200 活跃值： (11) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 19 粉丝 0 关注私信	panwenlong 18 楼 [QUOTE=;]...[/QUOTE] 感谢FLY大侠,我的Import 点"自动查找IAT"时提示在"此OEP处示能找到任何有用信息",我用ArmInline.exe修复后可以找到RAV,但修复后还是不能运行,提示出错.还需要做其他修复方面的工作吗?谢谢!!!! 2007-10-16 11:46 0
fly 雪币： 898 活跃值： (4039) 能力值： ( LV9，RANK：3410 ) 在线值：发帖 294 回帖 7686 粉丝 32 关注私信	fly 85 19 楼有输入表乱序，ArmInline应该可以处理，注意是否处理完全其他代码有没有远程处理等等就没细看了，只跑到OEP就删了 2007-10-16 14:49 0
panwenlong 雪币： 200 活跃值： (11) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 19 粉丝 0 关注私信	panwenlong 20 楼也非常感谢了,学了很多东西.应该是没有处理完,以前脱出来的进行调试很多函数都没有,现在有一部分了,都是在不能调用的地方出现出错.可能还有加密的地方吗? 2007-10-16 14:56 0
张峰雪币： 202 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 12 粉丝 0 关注私信	张峰 21 楼请教一下有输入表乱序，ArmInline应该可以处理，注意是否处理完全其他代码有没有远程处理等等就没细看了，只跑到OEP就删了如何处理"远程处理的问题,能否指教? 2007-10-28 23:12 0
fly 雪币： 898 活跃值： (4039) 能力值： ( LV9，RANK：3410 ) 在线值：发帖 294 回帖 7686 粉丝 32 关注私信	fly 85 22 楼 [QUOTE=张峰;375859]请教一下有输入表乱序，ArmInline应该可以处理，注意是否处理完全其他代码有没有远程处理等等就没细看了，只跑到OEP就删了如何处理"远程处理的问题,能否指教?[/QUOTE] 用ArmInline也可以或者补区段修复 2007-10-29 09:46 0
cxyxjp 雪币： 195 活跃值： (443) 能力值： ( LV2，RANK：10 ) 在线值：发帖 4 回帖 100 粉丝 0 关注私信	cxyxjp 23 楼如果大家脱标准壳时出现问题，欢迎反馈详细信息请注意运行脚本前删除原来的所有断点并设置OllyDBG忽略所有异常选项 2007-11-12 20:36 0
thezenpe 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 5 回帖 15 粉丝 0 关注私信	thezenpe 24 楼 !- Protected Armadillo Protection system (Professional) !- <Protection Options> Standard protection or Minimum protection CopyMem-II Enable Memory-Patching Protections !- <Backup Key Options> No Registry Keys at All !- <Compression Options> Minimal/Fastest Compression !- <Other Options> Store Environment Vars Externally Disable Monitoring Thread Use eSellerate Edition Keys Don't Fall Back to Stand-Alone Mode 用脚本是出错！ 2007-11-19 14:46 0
thezenpe 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 5 回帖 15 粉丝 0 关注私信	thezenpe 25 楼代码: ArmadilloV5.X: find eip,#833C90007505E9EFFEFFFF# cmp $RESULT,0 修改为：代码: find eip,#833C90007505E9??FEFFFF# 运行时出错： --------------------------- OllyScript error! --------------------------- Error on line 123 Text: je ArmadilloV5.X 2007-11-19 15:00 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

fly

294

发帖

7686

回帖

3410

RANK

关注

私信

他的文章

关于我们

联系我们

企业服务

看雪公众号

最新回复 (28) 1 2 ▶
limee 雪币： 1540 活跃值： (2807) 能力值： ( LV2，RANK：10 ) 在线值：发帖 456 回帖 976 粉丝 1 关注私信	limee 2 楼终于抢到沙发了 2007-10-2 15:17 0
fly 雪币： 898 活跃值： (4039) 能力值： ( LV9，RANK：3410 ) 在线值：发帖 294 回帖 7686 粉丝 32 关注私信	fly 85 3 楼如果大家脱标准壳时出现问题，欢迎反馈详细信息请注意运行脚本前删除原来的所有断点并设置OllyDBG忽略所有异常选项 2007-10-2 15:19 0
tzl 雪币： 219 活跃值： (1634) 能力值： ( LV9，RANK：410 ) 在线值：发帖 21 回帖 532 粉丝 0 关注私信	tzl 10 4 楼感谢fly提供这么好的脚本~~ 2007-10-2 15:38 0
【BiNg】雪币： 201 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 67 粉丝 1 关注私信	【BiNg】 5 楼 hoho fly出货的高兴高兴 2007-10-2 21:21 0
basuo 雪币： 235 活跃值： (11) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 13 粉丝 0 关注私信	basuo 6 楼如何知道是不是 Standard Only 的版本，我用peid 查为 Armadillo V5.00 -> Silicon Realms Toolworks * Sign.By.fly * 然后用这个脚本脱不了 log window: Script Log Window Address Message 7C80B6C1 Temp: 0012947C 7C80B6C1 [T0]: 6E72656B 7C80B6C1 [T1]: 65657246 1127E44 MagicJMP: 01127EC6 1127E44 fiXedOver: 01128149 script window: 脚本运行窗口行号命令返回值 EIP 计算结果 <--- D:\tools\OllyICE\Scripts\Armadillo.V4.0-V5.X.eXe.Standard.Protection.By.fly[CUG].oSc__ 1 dbh 007274F2 2 var T0 j 3 var T1 j 4 var Temp j 5 var bpcnt j 6 var MagicJMP j 7 var JmpAddress j 8 var fiXedOver j 9 var OpenMutexA j 10 var GetModuleHandleA j 11 var VirtualProtect j 12 var CreateFileMappingA j 13 var CreateThread j 14 var FindOEP j 15 MSGYN "Plz Clear All BreakPoints + Set Debugging Option Ignore All Excepions Options 1 j "Plz Clear All BreakPoints + Set Debugging Option Ignore All Excepions Options + Add C000001D..C0000 16 cmp $RESULT, 0 j j 1 17 je TryAgain j j 18 cmp $VERSION, "1.65" j j "1.65" 19 jb CheckODbgScripVersion j j 20 BPHWC j j 21 BC j j 22 gpa "OutputDebugStringA", "KERNEL32.dll" 7C859D78 j 23 mov [$RESULT], #C20400# j j 7C859D78 24 gpa "VirtualProtect", "KERNEL32.dll" 7C801AD0 j 25 find $RESULT,#5DC21000# 7C801AE8 j 7C801AD0 26 mov VirtualProtect,$RESULT j j 7C801AE8 27 eob VirtualProtect j j 28 bp VirtualProtect j j 7C801AE8 29 gpa "OpenMutexA", "KERNEL32.dll" 7C80EA1B j 30 mov OpenMutexA,$RESULT j j 7C80EA1B 31 bp OpenMutexA j j 7C80EA1B 32 esto j 007274F2 33 OpenMutexA:___________________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 34 eob KillOpenMutexA 7C80EA1B 7C80EA1B 35 exec j j 36 mov eax,[ESP+0C] j j 37 pushad j j 38 push eax j j 39 push 0 j j 40 push 0 j j 41 CALL CreateMutexA j j 42 popad j j 43 jmp OpenMutexA j j 44 ende j 7C80EA1B 45 KillOpenMutexA:_______________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 46 bc OpenMutexA 7C80EA1B 7C80EA1B 7C80EA1B 47 esti j 7C80EA1B 48 eob VirtualProtect j 7C80EA1D 49 GoOn0:________________________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 50 esto 7C80EA1B 7C80EA1D 51 VirtualProtect:_______________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 52 cmp eip,OpenMutexA 7C80EA1B 7C801AE8 7C80EA1B 7C801AE8,7C80EA1B 7C80EA1B 53 Uje OpenMutexA j j 54 cmp eip,VirtualProtect j j 7C801AE8 7C801AE8 55 jne GoOn0 j j 56 bc VirtualProtect j j 7C801AE8 57 gpa "CreateFileMappingA", "KERNEL32.dll" 7C80945C j 58 find $RESULT,#C9C21800# 7C8094B2 j 7C80945C 59 mov CreateFileMappingA,$RESULT j j 7C8094B2 60 bp CreateFileMappingA j j 7C8094B2 61 eob CreateFileMappingA j j 62 esto j 7C801AE8 63 GoOn1:________________________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 64 esto 65 CreateFileMappingA:___________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 66 cmp eip,CreateFileMappingA 7C8094B2 7C8094B2 7C8094B2 7C8094B2 67 jne GoOn1 j j 68 bc CreateFileMappingA j j 7C8094B2 69 gpa "GetModuleHandleA", "KERNEL32.dll" 7C80B6A1 j 70 find $RESULT,#C20400# 7C80B6C1 j 7C80B6A1 71 mov GetModuleHandleA,$RESULT j j 7C80B6C1 72 bp GetModuleHandleA j j 7C80B6C1 73 eob GetModuleHandleA j j 74 esto j 7C8094B2 75 GoOn2:________________________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 76 esto 7C80B6C1 7C80B6C1 77 GetModuleHandleA:_____________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 78 cmp eip,GetModuleHandleA 7C80B6C1 7C80B6C1 7C80B6C1 7C80B6C1,7C80B6C1 7C80B6C1,7C80B6C1 7C80B6C1 79 jne GoOn2 j j 80 cmp bpcnt,1 j j 2,1,0 81 Dje VirtualFree j j 82 cmp bpcnt,2 j j 2,0 83 Dje Third j 7C80B6C1 84 VirtualAlloc:_________________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 85 mov Temp,esp 7C80B6C1 7C80B6C1 129478 86 add Temp,4 j j 129478 87 log Temp j j 12947C 88 mov T0,[Temp] j j 1170B98 ?12947C 89 cmp [T0],6E72656B j j 6E72656B ?1170B98 90 log [T0] j j 6E72656B ?1170B98 91 jne GoOn2 j j 92 add Temp,4 j j 12947C 93 mov T1,[Temp] j j 1171A64 ?129480 94 cmp [T1],74726956 j j 74726956 ?1171A64 95 jne GoOn2 j j 96 bc OpenMutexA j j 7C80EA1B 97 inc bpcnt j j 0 98 Ujmp GoOn2 7C80B6C1 99 VirtualFree:__________________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 100 mov Temp,esp 7C80B6C1 7C80B6C1 129478 101 add Temp,4 j j 129478 102 mov T1,[Temp] j j 1170B98 ?12947C 103 cmp [T1],6E72656B j j 6E72656B ?1170B98 104 jne GoOn2 j j 105 add Temp,4 j j 12947C 106 mov T1,[Temp] j j 1171A58 ?129480 107 add T1,7 j j 1171A58 108 cmp [T1],65657246 j j 65657246 ?1171A5F 109 log [T1] j j 65657246 ?1171A5F 110 jne GoOn2 j j 111 inc bpcnt j j 1 112 Ujmp GoOn2 7C80B6C1 113 Third:________________________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 114 mov Temp,esp 7C80B6C1 7C80B6C1 1291C4 115 add Temp,4 j j 1291C4 116 mov T1,[Temp] j j 129340 ?1291C8 117 cmp [T1],6E72656B j j 6E72656B ?129340 118 jne GoOn2 j j 119 bc GetModuleHandleA j j 7C80B6C1 120 esti j 7C80B6C1 121 find eip,#39????0F84??010000#,100 0 01127E44 1127E44 122 cmp $RESULT,0 j j 0 123 Dje ArmadilloV5.X 01127E44 124 add $RESULT,3 125 mov MagicJMP,$RESULT 126 log MagicJMP 127 mov T0,$RESULT 128 add T0,2 129 mov T1, [T0] 130 add T1,4 131 add T1,T0 132 mov JmpAddress,T1 133 log JmpAddress 134 eval "jmp {JmpAddress}" 135 asm MagicJMP,$RESULT 136 mov Temp,MagicJMP 137 sub Temp,100 138 find Temp,#39??????????0F84????0000#,100 139 cmp $RESULT,0 140 je NoFind 141 add $RESULT,6 142 mov T0,$RESULT 143 add T0,2 144 mov T1, [T0] 145 add T1,4 146 add T1,T0 147 mov fiXedOver,T1 148 log fiXedOver 149 eob fiXedOver 150 bp fiXedOver 151 esto 152 GoOn3:________________________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 153 esto 154 fiXedOver:____________________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 155 cmp eip,fiXedOver 1128149 01128149 1128149 1128149 156 jne GoOn3 j j 157 bc fiXedOver j j 1128149 158 eval "je {JmpAddress}" "je 0" j 0 159 asm MagicJMP,$RESULT 6 j "je 0" 1127EC6 160 Djmp Thread 01128149 161 ArmadilloV5.X:________________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 162 find eip,#833C90007505E9EFFEFFFF# 1127EC2 01127E44 1127E44 163 cmp $RESULT,0 j j 1127EC2 164 je NoFind j j 165 add $RESULT,4 1127EC6 j 1127EC2 166 mov MagicJMP,$RESULT j j 1127EC6 167 log MagicJMP j j 1127EC6 168 mov [MagicJMP],#9090# j j 1127EC6 169 find MagicJMP,#E9????????EB03D6D6# 1128144 j 1127EC6 170 cmp $RESULT,0 j j 1128144 171 Djne FindfiXedOver 01127E44 172 find MagicJMP,#E9????????E9????00000F????????????85D2# 173 cmp $RESULT,0 174 je NoFind 175 FindfiXedOver:________________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 176 add $RESULT,5 1128149 01127E44 1128144 177 mov fiXedOver,$RESULT j j 1128149 178 log fiXedOver j j 1128149 179 eob fiXedOver j j 180 bp fiXedOver j j 1128149 181 esto j 01127E44 182 GoOn4:________________________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 183 esto 184 fiXedOver:____________________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 185 cmp eip,fiXedOver 186 jne GoOn4 187 bc fiXedOver 188 mov [MagicJMP],#7505# 189 Thread:_______________________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 190 gpa "CreateThread", "KERNEL32.dll" 7C810637 01128149 191 find $RESULT,#C21800# 7C810656 j 7C810637 192 mov CreateThread,$RESULT j j 7C810656 193 eob CreateThread j j 194 bphws CreateThread, "x" j j 7C810656 195 esto j 01128149 196 GoOn5:________________________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 197 esto 198 CreateThread:_________________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 199 cmp eip,CreateThread 200 jne GoOn5 201 bphwc CreateThread 202 esti 203 mov Temp,eip 204 sub Temp,400 205 find Temp,#2BCAFFD18BD8# 206 cmp $RESULT,0 207 jne BP 208 find Temp,#2BCAFFD189# 209 cmp $RESULT,0 210 jne BP 211 find Temp,#2BF9FFD7# 212 cmp $RESULT,0 213 jne BP 214 find Temp,#FFD18945FC8B45FC# 215 cmp $RESULT,0 216 je NoFind 217 jmp BPV5 218 BP:___________________________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 219 add $RESULT,2 220 BPV5:_________________________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 221 mov FindOEP,$RESULT 222 log FindOEP 223 eob FindOEP 224 bp FindOEP 225 esto 226 GoOn6:________________________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 227 esto 228 FindOEP:______________________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 229 cmp eip,FindOEP 230 jne GoOn6 231 bc FindOEP 232 sti 233 log eip 234 cmt eip, "This is the OEP! Found By: fly[CUG] " 235 MSG "Just : OEP ! Dump and Fix IAT. Good Luck " 236 ret 237 NoFind:_______________________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 238 MSG "Error! Don't find. " 239 ret 240 CheckODbgScripVersion:________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 241 msg "ODBGScript Version Need 1.65 or higher!" 242 ret 243 TryAgain:_____________________________________________________________________________ _______________ _________ ____________________________________________________________________________________________________ 244 MSG " Plz Try Again ! " 245 ret 2007-10-2 23:56 0
fly 雪币： 898 活跃值： (4039) 能力值： ( LV9，RANK：3410 ) 在线值：发帖 294 回帖 7686 粉丝 32 关注私信	fly 85 7 楼 Armadillo Find Protected 2007-10-3 09:43 0
basuo 雪币： 235 活跃值： (11) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 13 粉丝 0 关注私信	basuo 8 楼 fly: 谢谢了，用Armadillo Find Protected1.6看了是 !- Protected Armadillo Protection system (Professional) !- <Protection Options> Debug-Blocker CopyMem-II Enable Import Table Elimination Enable Nanomites Processing Enable Memory-Patching Protections !- <Backup Key Options> No Registry Keys at All !- <Compression Options> Better/Slower Compression !- <Other Options> Store Environment Vars Externally Allow Only One Copy Use Digital River Edition Keys ?- Signature 46941D80 11-07-2007 2007-10-3 16:03 0
cyto 雪币： 417 活跃值： (475) 能力值： ( LV9，RANK：1250 ) 在线值：发帖 41 回帖 624 粉丝 0 关注私信	cyto 31 9 楼明显不是Standard。 2007-10-4 09:18 0
panwenlong 雪币： 200 活跃值： (11) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 19 粉丝 0 关注私信	panwenlong 10 楼怎么我的提示要1.65版本插件,谁有下的呀,上传一个,谢谢 2007-10-11 09:18 0
wopasi 雪币： 184 活跃值： (47) 能力值： ( LV4，RANK：50 ) 在线值：发帖 40 回帖 229 粉丝 0 关注私信	wopasi 1 11 楼 1.65的用右键那个运行脚本是1.65以上的 2007-10-14 13:17 0
fly 雪币： 898 活跃值： (4039) 能力值： ( LV9，RANK：3410 ) 在线值：发帖 294 回帖 7686 粉丝 32 关注私信	fly 85 12 楼 http://bbs.pediy.com/showthread.php?t=51112&viewgoodnees=1 2007-10-15 11:32 0
ahappyboy 雪币： 1534 活跃值： (312) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 182 粉丝 0 关注私信	ahappyboy 13 楼支持一下！！ 2007-10-15 17:53 0
panwenlong 雪币： 200 活跃值： (11) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 19 粉丝 0 关注私信	panwenlong 14 楼感谢FLY大侠,不过我的运行结果是:Error! Don't find. 原程序下载:****** 2007-10-15 18:04 0
fly 雪币： 898 活跃值： (4039) 能力值： ( LV9，RANK：3410 ) 在线值：发帖 294 回帖 7686 粉丝 32 关注私信	fly 85 15 楼 [QUOTE=panwenlong;371180]感谢FLY大侠,不过我的运行结果是:Error! Don't find. 原程序下载:******[/QUOTE] JXT你试试这个脚本 Armadillo.V5.X.eXe.Standard.Protection.By.fly[CUG].oSc http://bbs.pediy.com/showthread.php?t=51797 2007-10-16 09:31 0
fly 雪币： 898 活跃值： (4039) 能力值： ( LV9，RANK：3410 ) 在线值：发帖 294 回帖 7686 粉丝 32 关注私信	fly 85 16 楼 ArmadilloV5.X: find eip,#833C90007505E9EFFEFFFF# cmp $RESULT,0 修改为： find eip,#833C90007505E9??FEFFFF# 这个脚本也可以跑到OEP了欢迎再测试 2007-10-16 09:52 0
panwenlong 雪币： 200 活跃值： (11) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 19 粉丝 0 关注私信	panwenlong 18 楼 [QUOTE=;]...[/QUOTE] 感谢FLY大侠,我的Import 点"自动查找IAT"时提示在"此OEP处示能找到任何有用信息",我用ArmInline.exe修复后可以找到RAV,但修复后还是不能运行,提示出错.还需要做其他修复方面的工作吗?谢谢!!!! 2007-10-16 11:46 0
fly 雪币： 898 活跃值： (4039) 能力值： ( LV9，RANK：3410 ) 在线值：发帖 294 回帖 7686 粉丝 32 关注私信	fly 85 19 楼有输入表乱序，ArmInline应该可以处理，注意是否处理完全其他代码有没有远程处理等等就没细看了，只跑到OEP就删了 2007-10-16 14:49 0
panwenlong 雪币： 200 活跃值： (11) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 19 粉丝 0 关注私信	panwenlong 20 楼也非常感谢了,学了很多东西.应该是没有处理完,以前脱出来的进行调试很多函数都没有,现在有一部分了,都是在不能调用的地方出现出错.可能还有加密的地方吗? 2007-10-16 14:56 0
张峰雪币： 202 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 12 粉丝 0 关注私信	张峰 21 楼请教一下有输入表乱序，ArmInline应该可以处理，注意是否处理完全其他代码有没有远程处理等等就没细看了，只跑到OEP就删了如何处理"远程处理的问题,能否指教? 2007-10-28 23:12 0
fly 雪币： 898 活跃值： (4039) 能力值： ( LV9，RANK：3410 ) 在线值：发帖 294 回帖 7686 粉丝 32 关注私信	fly 85 22 楼 [QUOTE=张峰;375859]请教一下有输入表乱序，ArmInline应该可以处理，注意是否处理完全其他代码有没有远程处理等等就没细看了，只跑到OEP就删了如何处理"远程处理的问题,能否指教?[/QUOTE] 用ArmInline也可以或者补区段修复 2007-10-29 09:46 0
cxyxjp 雪币： 195 活跃值： (443) 能力值： ( LV2，RANK：10 ) 在线值：发帖 4 回帖 100 粉丝 0 关注私信	cxyxjp 23 楼如果大家脱标准壳时出现问题，欢迎反馈详细信息请注意运行脚本前删除原来的所有断点并设置OllyDBG忽略所有异常选项 2007-11-12 20:36 0
thezenpe 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 5 回帖 15 粉丝 0 关注私信	thezenpe 24 楼 !- Protected Armadillo Protection system (Professional) !- <Protection Options> Standard protection or Minimum protection CopyMem-II Enable Memory-Patching Protections !- <Backup Key Options> No Registry Keys at All !- <Compression Options> Minimal/Fastest Compression !- <Other Options> Store Environment Vars Externally Disable Monitoring Thread Use eSellerate Edition Keys Don't Fall Back to Stand-Alone Mode 用脚本是出错！ 2007-11-19 14:46 0
thezenpe 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 5 回帖 15 粉丝 0 关注私信	thezenpe 25 楼代码: ArmadilloV5.X: find eip,#833C90007505E9EFFEFFFF# cmp $RESULT,0 修改为：代码: find eip,#833C90007505E9??FEFFFF# 运行时出错： --------------------------- OllyScript error! --------------------------- Error on line 123 Text: je ArmadilloV5.X 2007-11-19 15:00 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复