// Script for OllyScript plugin by SHaG - http://ollyscript.apsvans.com /* ////////////////////////////////////////////////// DBPE 2.x OEP finder v0.3 Author: loveboom Email : bmd2chen@tom.com OS : Winxp sp1,OllyDbg 1.1,OllyScript v0.85(latest) Date : 2004-8-22 Config: Ignore all Exceptions. Note : If you have one or more question, email me please,thank you! ////////////////////////////////////////////////// */ var cbase var csize var addr var count gmi eip,CODEBASE mov cbase,$RESULT gmi eip,CODESIZE mov csize,$RESULT lblset: msgyn "Setting:Ignore all exceptions,require:Ollydbg1.1,ollyscript v0.85(latest),Continue?" cmp $RESULT,0 je end start: mov count,2 bprm cbase,csize run lbl1: bpmc lblfd: find eip, #39BD????????76# //Found 'CMP DWORD PTR SS:[EBP+XXXX],EDI' cmp $RESULT,0 //If not found go to abort je lblabort mov addr,$RESULT loopfix: find addr,#89BD# cmp $RESULT,0 je lblabort mov addr,$RESULT fill addr,6,90 dec count cmp count,0 je lbljmpoep jmp loopfix lbljmpoep: find eip,#890F# //Found 'MOV DWORD PTR DS:[EDI],ECX' mov addr,$RESULT mov [addr],#8907# //Replace to 'MOV DWORD PTR DS:[EDI],EAX' find eip,#C20C00FFE0# //Found 'jmp eax' mov addr,$RESULT add addr,3 bprm addr,FF run lblsto: bpmc sto lblask: msgyn "FIX IAT(very slow)?" cmp $RESULT,0 je lblend lblfixapi: cmt eip,"Scaning,Please wait!" //Fix IAT repl cbase,#FF25??????80#,#FF25??????00#,csize repl cbase,#FF15??????80#,#FF15??????00#,csize lblend: cmt eip,"OEP,Please dumped it,Enjoy!" msg "Script by loveboom[DFCG],[FCG],Thank you for using my Scripts!" jmp end lblabort: msg "Error!Script aborted,Maybe target is not protect by DBPE or you forgot Ignore all Exceptions." end: ret // [BACK]