OpenRCE: Blog http://www.openrce.org/rss/feeds/blog OpenRCE: The Open Reverse Code Engineering Community Good script for IAT resolving for HASP envelop(cracklab.ru) Fri, 18 Jul 2008 09:22:34 -0500 https://www.openrce.org/blog/view/1196/Good_script_for_IAT_resolving_for_HASP_envelop(cracklab.ru) ktoto <email-suppressed@example.com> /*<br /> /////////////////////////////////////////////////////////////////////////////////<br /> HASP_HL Envelop 1.2x/1.3x import resolver script v0.1a<br /> Author: s0cpy<br /> Email : s0cpy.store@gmail.com<br /> OS&nbsp;&nbsp;&nbsp;&nbsp;: WinXP SP2, Ollydbg 1.1, ODbgScript 1.65.4<br /> Date&nbsp;&nbsp;: 2008-01-12<br /> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Action: Fix IAT, but not fix emulated functions.<br /> Config: Ignore all exceptions, start from OEP.<br /> /////////////////////////////////////////////////////////////////////////////////<br /> */<br /> <br /> var prtc_sec<br /> var iat_cell<br /> var ss<br /> var es<br /> var gtc<br /> var endp<br /> var iatstart<br /> var iatend<br /> var gtc_c<br /> var sysmod<br /> <br /> gpa &quot;GetTickCount&quot;, &quot;kernel32.dll&quot;<br /> mov gtc, $RESULT<br /> ask &quot;Enter start code section address&quot;<br /> cmp $RESULT, 0<br /> je @halt<br /> mov ss, $RESULT<br /> mov es, $RESULT<br /> ask &quot;Enter start address of IAT&quot;<br /> cmp $RESULT, 0<br /> je @halt<br /> mov iatstart, $RESULT<br /> ask &quot;Enter end address of IAT&quot;<br /> cmp $RESULT, 0<br /> je @halt<br /> mov iatend, $RESULT<br /> ask &quot;Enter start address of `.protect` section&quot;<br /> cmp $RESULT, 0<br /> je @halt<br /> mov prtc_sec, $RESULT<br /> ask &quot;Enter start address of system modules memory&quot;<br /> cmp $RESULT, 0<br /> je @halt<br /> mov sysmod, $RESULT<br /> <br /> @end_point:<br /> find prtc_sec, #FFFF82D18BE55DC3#<br /> mov endp, $RESULT<br /> add endp, 4<br /> bphws endp, &quot;x&quot;<br /> <br /> @search:<br /> cmp iat_cell, iatend<br /> je @halt<br /> mov iat_cell, iatstart<br /> cmp [iatstart], 00000000<br /> add iatstart, 4<br /> je @search<br /> cmp [iat_cell], sysmod<br /> ja @search<br /> <br /> @scan:<br /> mov eip, [iat_cell]<br /> jmp @run<br /> <br /> @count:<br /> inc gtc_c<br /> cmp gtc_c, 2<br /> je @fix<br /> <br /> @run:<br /> run<br /> sti<br /> sti<br /> sti<br /> cmp eip, gtc<br /> je @count<br /> cmp gtc_c, 0<br /> je @search<br /> <br /> @zero_c:<br /> mov gtc_c, 0<br /> <br /> @fix:<br /> mov [iat_cell], eip<br /> cmp iat_cell, iatend<br /> je @halt<br /> jmp @search<br /> <br /> @halt:<br /> bphwc endp<br /> mov eip, oep<br /> an eip<br /> pause<br /> ret<br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br />