/*
ID Application Protector 1.2 Unpacker
version : v1.01
Author : Playboysen
Date : 2008.11.21
Test Environment : OllyDbg 1.1, ODBGScript 1.65, WINXP SP2
Many thanks to hflywolf and wangshy in Pediy forum.
*/
var cbase
var csize
cmp $VERSION,"1.64"
jb newver
bphwcall //clear hardware breakpoint
find eip,#368B7D08368B750C368B4D1031C03EAC26AA# //search characteristic characters
cmp $RESULT,0
je quit
BPHWS $RESULT,"x" //set a hardware breakpoint
ESTO
BPHWC $RESULT
find eip,#C3#
cmp $RESULT,0
je quit
BPHWS $RESULT,"x"
ESTO
ESTO
BPHWC $RESULT
GMI eip,codebase //Get code segment base address
mov cbase,$RESULT
GMI eip,codesize //Get code segment size
mov csize,$RESULT
bprm cbase,csize
esto
bpmc
cmt eip,"OEP found by playboysen~~"
msg "I have finished,it's your turn,fix it~~"
jmp quit
newver:
msg "You'd better use ODbgscript 1.64 or above"
quit:
ret