/*
/////////////////////////////////////////////////////////////////////////////////////
EXE32Pack 1.38 -> SteelBytes OEP finder
Author : stasi[DCM][BCG][DFCG][FCG][OCN][CZG][D.4s]
Email : [email]stasi@163.com[/email]
Homepage: http://stasi.7169.com
OS : Win2kADV sp4,OllyDbg 1.1c,OllyScript v0.92
Date : 2004-11-20
Config : Exceptions:uncheck all. you don't need to hide the DeBugger,i'll do for u!
Note : If you have one or more question, email me please,thank you!
//////////////////////////////////////////////////////////////////////////////////////
*/
var stasi
lblset:
cmp $VERSION, "0.9"
ja start
msgyn "Your ollyscript is too old,maybe have something wrong,Continue?"
cmp $RESULT,0
je end
jmp start
start:
dbh
gpa "IsDebuggerPresent", "KERNEL32.dll"
bp $RESULT
run
bpmc
sto
sto
sto
sto
sto
sto
mov stasi, edi
bp stasi
run
jmp lblend
lblend:
cmt eip, "here is the OEP of EXE32Pack 1.38 -> SteelBytes!"
msg "Script by stasi[DCM][BCG][DFCG][FCG][OCN][CZG][D.4s],Thank you for using my Scripts!"
jmp end
/* EXE32Pack 1.38 -> SteelBytes OEP finder Author : stasi[DCM][BCG][DFCG][FCG][OCN][CZG][D.4s] Email : [email]stasi@163.com[/email] Homepage: http://stasi.7169.com OS : Win2kADV sp4,OllyDbg 1.1c,OllyMachine v0.15 Date : 2004-11-20 Config : Exceptions:uncheck all. you don't need to hide the DeBugger,i'll do for u! Note : If you have one or more question, email me please,thank you! */
hideod invoke GetProcAddress, "IsDebuggerPresent", "KERNEL32.dll" invoke bp, reg00 run bpmc invoke stepovers, 6 mov reg01, edi invoke bp, reg01 run jmp lblend
lblend: invoke comment, eip, "here is the OEP of PC PE Encryptor alpha preview!" invoke msg, "Script by stasi[DCM][BCG][DFCG][FCG][OCN][CZG][D.4s],Thank you for using my Scripts!"
龙族有下的这个壳应该到处都有的
