OpenRCE

About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New

Customize Theme

Flag: Tornado! Hurricane!

Created: Friday, July 18 2008 09:22.34 CDT

Modified: Friday, July 18 2008 09:24.12 CDT

Printer Friendly ...

Good script for IAT resolving for HASP envelop(cracklab.ru)

Author: ktoto

# Views: 3511

/*
/////////////////////////////////////////////////////////////////////////////////
HASP_HL Envelop 1.2x/1.3x import resolver script v0.1a
Author: s0cpy
Email : s0cpy.store@gmail.com
OS    : WinXP SP2, Ollydbg 1.1, ODbgScript 1.65.4
Date  : 2008-01-12
                Action: Fix IAT, but not fix emulated functions.
Config: Ignore all exceptions, start from OEP.
/////////////////////////////////////////////////////////////////////////////////
*/

var prtc_sec
var iat_cell
var ss
var es
var gtc
var endp
var iatstart
var iatend
var gtc_c
var sysmod

gpa "GetTickCount", "kernel32.dll"
mov gtc, $RESULT
ask "Enter start code section address"
cmp $RESULT, 0
je @halt
mov ss, $RESULT
mov es, $RESULT
ask "Enter start address of IAT"
cmp $RESULT, 0
je @halt
mov iatstart, $RESULT
ask "Enter end address of IAT"
cmp $RESULT, 0
je @halt
mov iatend, $RESULT
ask "Enter start address of `.protect` section"
cmp $RESULT, 0
je @halt
mov prtc_sec, $RESULT
ask "Enter start address of system modules memory"
cmp $RESULT, 0
je @halt
mov sysmod, $RESULT

@end_point:
find prtc_sec, #FFFF82D18BE55DC3#
mov endp, $RESULT
add endp, 4
bphws endp, "x"

@search:
cmp iat_cell, iatend
je @halt
mov iat_cell, iatstart
cmp [iatstart], 00000000
add iatstart, 4
je @search
cmp [iat_cell], sysmod
ja @search

@scan:
mov eip, [iat_cell]
jmp @run

@count:
inc gtc_c
cmp gtc_c, 2
je @fix

@run:
run
sti
sti
sti
cmp eip, gtc
je @count
cmp gtc_c, 0
je @search

@zero_c:
mov gtc_c, 0

@fix:
mov [iat_cell], eip
cmp iat_cell, iatend
je @halt
jmp @search

@halt:
bphwc endp
mov eip, oep
an eip
pause
ret

Active in Last 5 Minutes
	kitochou

There are 29,956 total registered users.

Recently Created Topics
pydbg load vs attach	Jun/19
pydbg bp_set_mem	Jun/18
Disassembling Motoro...	Jun/13
ida plugin writing f...	Jun/02
New version of RE-Go...	May/29
Decompiling raw bina...	May/22
Incorrect bitness wh...	May/20
PaiMei stalker modul...	May/19
Attach to program us...	May/13
IDA PRO how to make ...	May/12

Recent Forum Posts
pydbg load vs attach	kitochou
pydbg bp_set_mem	kitochou
pydbg, memory breakp...	kitochou
Good Binary Code Pro...	alton
Int 3 anti debug?	SteveIRQL
Attach to program us...	SteveIRQL
Ollydbg 2.0 - Plugin...	openrce...
IDA PRO how to make ...	codeinject
FACT: OpenRCE is dead.	codeinject
IDA Resource Viewer ...	r2x64

Recent Blog Entries
	26yyg1kf	Jun/19
your muscles get larger Men...
	26yyg1kf	Jun/19
Mens 2011 Vibram Classic fo...
	26yyg1kf	Jun/19
Vivo Barefoots up to Discou...
	kitochou	Jun/18
pydbg
	lowpriority	Apr/13
OllyMigrate Plugin for Olly...
More ...

Recent Blog Comments
	capadleman on:	Jun/19
Using NtCreateThreadEx for ...
	newlulu on:	Jun/10
Branch tracing and LBR acce...
	newlulu on:	Jun/10
Advanced debugging techniques
	newlulu on:	Jun/10
2 anti-trace mechanisms spe...
	newlulu on:	Jun/10
OllyMigrate Plugin for Olly...
More ...

Imagery

SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit