├── spinano └── release │ ├── run.bat │ ├── AT4RE.nfo │ ├── spinano.exe │ └── ollydisasm.dll ├── FSG ├── FSG.osc ├── 普通fsg1.33.osc ├── 普通变形 fsg1.33.osc ├── FSG 1.x - 2.x OEP Finder.txt ├── FSG 2.00 OEP Finder v0.1.txt ├── fsg_2_0.txt ├── FSG 2.0 OEP Finder.txt ├── FSG 1.00 OEP Finder.txt ├── FSG 2.0 OEP-FINDER.txt ├── fsg_1.33.txt ├── 变形fsg1.33.osc └── FSG 1.33 OEP Finder v0.1.txt ├── 幻影 └── 幻影脱壳.osc ├── 普通脱壳脚本 ├── 查花指令.osc ├── UPX.osc └── AsPack v2.12.osc ├── NsPack ├── nspack.txt ├── NsPack 3.5 OEP Finder.txt ├── NsPack 1.x - 2.0 OEP Finder.txt ├── NsPack 1.x - 3.5 OEP Finder.txt ├── NsPack 3.4 OEP Finder.txt ├── NsPack 2.4 - 2.6 OEP Finder.txt ├── Nspack 2.3.txt ├── NSpack2.3.txt ├── NsPack 1.3 OEP Finder.txt ├── NsPack 2.9 OEP Finder.txt ├── NsPack + Anti 007 OEP Finder.txt └── NPack 1.1 OEP Finder.txt ├── PeSpin ├── AT4RE.nfo ├── pespin v1.1.txt ├── PeSpin 1.3 Beta2.txt ├── PeSpin 0.1 - 1.1 Unpacker.txt ├── PESpin v1.1 Stolen Code Finder.txt ├── PESPIN 1.1 STOLEN CODE FINDER 0.1.txt ├── PeSpin 1.1 Stolen Code Finder v0.1.txt ├── PeSpin 1.3 Beta 2 (Private) Debug.txt ├── PeSpin 1.32 UnPacker (No DebugBlocker).txt ├── PEspin 0.1 stolen OEP and Patch IAT v0.1.txt └── PeSpin 1.3 Beta 2 (Private) Detach From Client + Fix Code + Fix Nanomites.txt ├── ZProtect ├── zp3.txt ├── zpunpacker.txt ├── 修复anti-hook.txt └── ZProtect 1.4.x HWID + Inline Patcher v1.0.txt ├── Enigma ├── Enigmavm.bin ├── Readme2.xx.txt ├── Enigmapatch2.bin ├── Enigma_unpacker_v0.92.osc └── Enigma 1.12 Remove AVW Exceptions.txt ├── KByS └── KByS V0.28.osc ├── PePack ├── PePack1.0.txt ├── PEPACK 1.0 OEP-FINDER.txt ├── PePack 1.0 OEP Finder v0.1.txt ├── PEPACK10.TXT ├── PePack 1.0 OEP Finder.txt └── PEPACK 1.0 OEP-FINDER II.txt ├── Themida ├── Script1.txt ├── Themida 1.9.x Unpacker v1.0.txt ├── Themida 1.9.5.0 Unpacker v0.2.txt ├── Themida + WinLicence OEP Finder.txt ├── Themida 1.8.x - 1.9.10 OEP Finder v0.4.txt ├── Themida + WinLicence 1.1.x - 1.8.x OEP Finder.txt ├── Themida + WinLicence 1.9.1 - 1.9.5 OEP Finder + IAT Repair.txt ├── CD01.TXT └── Script2.txt ├── ollyDBG脱壳脚本编辑器.exe ├── 各语言按钮事件 ├── VC 按钮事件.osc ├── 易语言查找按钮事件.osc ├── 易语言黑月按钮事件.txt └── Delphi & VB事件断点查找脚本.osc ├── ASProtect ├── Asprvm8s.bin ├── ASProtect_API.txt ├── ASProtect 2_AIP2.txt ├── ASProtect 2.0x Fix IAT.txt ├── AsprUnpacker_history_sc.txt ├── Asprotect2.3 Build4.26.osc ├── Acpr1.41-2.0_unpacker全自动脱壳.osc ├── Aspr2.XX_unpacker_v1.13SC.osc ├── Aspr2.XX_unpacker_v1.14aSC.osc ├── Aspr2.XX_unpacker_v1.15SC.osc ├── ASProtect 2.0 Stop Stolen Code.txt ├── ASProtect 2.x Stop stolen code.txt ├── Aspr2.XX_unpacker_v1.13SC跳过注册框.osc ├── 脚本 │ ├── Unpacker_v1[1].14aE │ │ ├── Asprvm8s.bin │ │ └── readme.txt │ └── Unpacker_v1[1].14aSC │ │ ├── readme.txt │ │ ├── Asprvm8s.bin │ │ ├── AsprUnpacker_history_sc.txt │ │ └── Aspr2.XX_unpacker_v1.14aSC.osc ├── ASProtect 1.22 - 1.23 BETA 21-RC1.txt ├── ASProtect 2.0x Patch JMP or CALL.txt ├── olly script ot TIMaASProtect_2.0x.osc ├── ASProtect 1.2-1.2C OEP FINDER V.0.1.txt ├── Aspr2.XX_unpacker_v1.13SC跳过重定位和CRC校验.osc ├── ASProtect 1.0 OEP Finder + IAT Repair.txt ├── ASProtect 1.3x - 2.xx Unpacker v1.12SC.txt ├── ASProtect TEST SCRIPT V2.0 [loveboom].txt ├── ASProtect 2.xx Virtual Machine Rebuilder.txt ├── ASProtect 1.22 - 1.23 Beta 21 OEP Finder v0.1b.txt ├── ASProtect 2.0x Resolve API's to HIGHMEM Calls.txt ├── ASProtect 2.xx Virtual Machine Jump Redirector.txt ├── ASProtect 2.0 Clear Junk Code + Stop Stolen Code.txt ├── ASProtect 2.0x Clear Junk Code + Stop Stolen Code.txt ├── ASProtect 1.3x OEP Finder + IAT Rebuilder (Call to Call).txt ├── ASProtect 1.3x OEP Finder + IAT Rebuilder (Call to JMP).txt ├── ASProtect 2.0x Fix IAT with Import Elimination Optimized.txt ├── ASProtect 2.0x Fix IAT with Import Elimination Optimized v1.1.txt ├── ASProtect 1.3x - 2.xx Unpacker v1.13SC (Skip Registration Box).txt ├── ASPR 1.23RC4.osc ├── ASProtect BP.txt ├── ASProtect 2.1 OEP Finder.txt ├── ASPRSTO.TXT ├── ASProtect Stolen Code Finder.txt ├── ASProtect 1.3 Lite OEP Finder.txt ├── ASProtect_OEP_1.3.txt ├── ASProtect 1.22 - 1.23 Beta 21.txt ├── ASProtect 1.22 - 1.23 Beta 21 OEP Finder.txt ├── ASProtect 1.22 - 1.23 Beta 21 - Find target's OEP.txt └── ASProtect 1.22 - 1.23 BETA 21 Hellsp@wN.txt ├── Armadillo ├── ARImpRec.dll ├── VAFinder.txt ├── Arm 转单进程脚本.osc ├── Armadillo_3x_dll.txt ├── Armadillo_anti_dump.txt ├── Armadillo_magic_jump.txt ├── Armadillo_va_finder.txt ├── Armadillo CheckFlags v2.txt ├── Armadillo V4.0-V4.4 DLL.osc ├── Armadillo IAT Elimination.txt ├── Armadillo IAT Eliminator.txt ├── Armadillo 3.xx DLL Unpack v0.1.txt ├── Armadillo 4.0 - 4.4 DLL Unpack.txt ├── Armadillo 4.xx CopyMem2 (Fix IAT).txt ├── armatools │ └── armatools │ │ ├── NanomiteFixer.zip │ │ ├── DistanceDecryptor.zip │ │ ├── ArmadilloFindProtected13.zip │ │ ├── Armadillo_Dillo_Die_1[1].4.zip │ │ ├── Armadillo_Dillo_Die_1[1].5.zip │ │ ├── ArmaDetach[1].v1.1_RES_tool.zip │ │ ├── Armadillo_ArmInline_0[1].95.zip │ │ ├── Armadillo_CRC_Finder_1[1].3.zip │ │ ├── Armadillo_HWID_Patcher_v1[1].2.zip │ │ ├── Armadillo_Key_Generator_1[1].5.zip │ │ └── ArmaDetach[1].Plugin.v1.01_RES_tool.zip ├── Armadillo 3.xx - 5.xx Fingerprint Patcher v0.2.txt ├── Armadillo 3.xx - 6.xx HardwareID Patcher v1.0.txt ├── Armadillo 4.42 CopyMem2 Child Process Decode.txt ├── Armadillo 4.42 CopyMem2 Decrypt Code Sections.txt ├── Armadillo 4.xx CopyMem2 (DebugActiveProcess).txt ├── Armadillo_3.xx_-_5.xx_Fingerprint_Patcher_v0.1.txt ├── Armadillo_v3.x_v5.x_Finger_Print_Patcher_0.1.txt ├── Armadillo 3.xx - 5.xx Finger Print Patcher v0.1.ocs ├── Armadillo 3.xx - 5.xx Finger Print Patcher v0.1.txt ├── Armadillo 3.X DLL UNPACKING SCRIPT 0.1 [loveboom].txt ├── Armadillo 4.0 - 4.4 Standard Unpack + Debug Blocker.txt ├── Armadillo V4.0-V4.4.Standard.Protection OEP Finder.txt ├── Armadillo 3.xx - 4.00 Nanomites VA Finder v1.0 [Tk-Bf].txt ├── Armadillo OEP Finder + Fix Magic Jumps + Fix Anti-Dump.txt ├── Armadillo.V4.0-V5.X.eXe.Standard.Protection.By.fly[CUG].oSc ├── Armadillo 3.6x - 4.xx OEP Finder + Fix Magic Jumps [hnhuqiong].txt ├── Armadillo 4.0 - 4.4 OEP Finder + Debug Blocker (Standard Protection).txt ├── Armadillo 4.0 - 4.40 OEP Finder + Debug Blocker (Standard Protection).txt ├── Armadillo 4.0 - 5.xx OEP Finder + Debug Blocker (Standard Protection).txt ├── Armadillo Magic Jump Finder.txt ├── Armadillo 4.30a.txt ├── Armadillo ArmVar.txt ├── Armadillo_script_rica.txt ├── Armadillo IAT Script v2.txt ├── Armadillo OpenMutexA.txt └── Armadillo_open_mutexa.txt ├── Krypton └── Krypton0.5.txt ├── Nanomite └── VAFinder.txt ├── tElock ├── Telock0.98x.osc ├── tElock-forgot.txt ├── tELock V0.8X-V0.9X.osc ├── tElock 0.80 - 0.9x OEP Finder.txt └── tElock 0.98 OEP Finder v1.0.txt ├── !EPack ├── !EPack 1.4 OEP Finder.txt ├── !EPack all version 脚本.osc └── !EPack Lite 1.4 Final OEP Finder.txt ├── MoleBox ├── MoleBox脱壳脚本.osc ├── MoleBox 2.3 Pro OEP Finder v0.1.txt ├── MoleBox Pro 2.6.4.2534 OEP Finder.txt ├── MoleBox Pro 2.6.4.2534 Extract Dependencies.txt ├── MoleBox 2.xx Auto-Unpacker diy by:heiketian10 │ ├── filelen.exe │ ├── mbunpack.dll │ └── Molebox 2.x unpacker script diy by heiketian10【chinese xiuzheng 】 .txt ├── Molebox 2.x ver 1.1.osc ├── MoleBox 2.57 OEP finder .txt ├── MOLEBOX 2.X.X.X OEP FINDER.txt ├── MoleBox 2.5.7 OEP Finder.txt └── MoleBox 2.xx OEP Finder.txt ├── PEncrypt ├── PEncrypt 4.0.osc └── PEncrypt 4.0 Find Oep 0.1b.TXT ├── Pet i t e ├── PETITE2.2.txt ├── Petite 2.2 OEP finder ├── Petite 1.2 - 2.3 OEP Finder.txt ├── Petite 2.3 OEP Finder ├── PETITE 2.3 UNPACKING SCRIPT.txt ├── PETITE22.TXT ├── PETITE 2.2 OEP-FINDER.txt ├── Petite 2.2 OEP Finder.txt └── PEtite 2.x.txt ├── ThemidaScript ├── TMD版本查询.osc ├── tmd_iat.osc ├── TMDScript-1.9.1+_1.0final.osc ├── TMDScript-1.9.1+_private_0.7.osc ├── TMDScript-1.9.1+_1.0 final_修正集成版.osc ├── Themida & WinLicen 1.1.X - 1.8.X 系列脱壳脚本.osc ├── Themida & WinLicen 1.9.1 - 1.9.5 系列脱壳脚本.osc ├── ThemidaScript.for.V1.9.10+.0.4.By.fxyang.oSc └── Themida&WinLicense.V1.9.1-V2.0.X.UnPacKScript.Public.By.fxyang[CUG].osc ├── PECompact ├── PECompact 2.x.osc ├── PECompact 2.ax.osc ├── PECompact V2.X 完美脱壳脚.osc ├── PECompact_V2.X_完美脱壳脚本.osc ├── PECompact 2.xx Unpacker.txt ├── PeCompact 2.78 OEP Finder.txt ├── pecompact_1_76.txt ├── PeCompact 1.76 OEP Finder.txt ├── PECOMPACT V.1.X OEP FINDER.txt ├── Pecompact 1.x OEP Finder v0.1.txt ├── PeCompackt2.5 Oep finder.txt ├── Pecompact.txt ├── pecompact_1_84.txt ├── PeCompact 1.84 OEP Finder.txt ├── PeCompact 2.40 OEP Finder.txt ├── PeCompact 2.00 to 2.38 OEP Finder.txt ├── PeCompact 2.40 OEP Finder v0.1.txt ├── PECompact 0.9x.txt ├── PE COMPACT 0.9x OEP-FINDER.txt ├── Pe Compackt neuste version.txt └── PeCompact 0.9x OEP Finder.txt ├── Pe123 └── Pe123 Jmp to Jmp.txt ├── Upx ├── UPX 3.00 OEP Finder.txt ├── UPX.TXT ├── UPX OEP Finder v2.0.txt └── UPX All or UPX All + UPX Mutanter 0.2.osc ├── FishPE └── FishPE 1.12 Dumper.txt ├── RLPack ├── RLPack 1.9 Unpacker.txt ├── RLPack1.9 pre Heavy Weapon.txt └── RLPack 1.14 (Basic Edition) OEP Finder.txt ├── Aspack ├── ASPACK 2.12 [dOsKey].txt ├── ASPACK 2.12 [DeAtH HaS cOMe].txt ├── ASPACK 2.12x [DeAtH HaS cOMe].txt ├── ASPACK.TXT ├── ASPack (b).txt ├── aspack.212.oep.txt ├── aspack_1.08.02.txt ├── ASPACK 2.12 [Reverend].txt ├── ASPACK 1.X-2.X OEP FINDER V.0.1.txt ├── ASPack (a).txt ├── ASPack 2.xx.txt ├── ASPack v1.xx.txt ├── aspack_212.txt ├── ASPACK 2.12 [hacnho[VCT2k4]].txt └── ASPack 2.11 OEP Finder.txt ├── At4re Asm Protecter └── At4re Asm Protecter 1.0 OEP Finder.txt ├── CDS SS ├── CDS SS 1.0 OEP Finder.txt └── Cds ss 1.0beta winunpack.txt ├── Crunch ├── Crunch v1.0 Heuristic.txt ├── CrunchPE Heuristic OEP Finder v0.1.txt ├── CRUNCHPE HEURISTIC OEP FINDER V.0.1.txt └── Crunch 5.0.txt ├── Get Executable PE Information.txt ├── OTHER SCRIPTS ├── Punto magico VC++.txt ├── Get Last Exception.txt ├── Get Executable PE Information.txt └── Magic Jump Finder Script.txt ├── alex protector └── alex protector.osc ├── eXPressor ├── expressor 1.5x ~ 1.6x.osc ├── eXPressor 1.x OEP Finder.txt ├── eXPressor 1.5.0.1 OEP Finder + IAT Repair.txt ├── eXPressor 1.3.0.1 OEP Finder.txt └── eXPressor 1.6.0.1 OEP Finder v0.1.txt ├── Escargot └── Escargot 0.1 OEP Finder.txt ├── KByS Packer ├── KByS 0.28 OEP Finder.txt └── KByS Packer 0.28 Beta OEP Finder.txt ├── PE-Armor └── PE-Armor 0.46 OEP Finder.txt ├── Softwrap └── Softwrap 1.xx OEP Finder.txt ├── WWPack32 ├── WWPack32 1.xx OEP Finder.txt ├── WWPACK32 1.20 DEMO OEP-FINDER.txt ├── WWPack32 1.20 OEP Finder v0.1.txt ├── WWPACK32 1.x OEP-FINDER V.0.1B.txt ├── WWPack32 1.20 Demo OEP Finder v0.1.txt └── WWPack32 1.20 OEP Finder.txt ├── WinKripT ├── WinKripT 1.0 OEP Finder.txt └── WINKRIPT 1.0 OEP FINDER 0.1.txt ├── ANDpakk ├── ANDpakk2 0.18 OEP Finder 1.txt └── ANDpakk2 0.18 OEP Finder 2.txt ├── Alawar Games └── Alawar Games OEP Finder.txt ├── Exe32Pack ├── Exe32Pack 1.3X OEP Finder.txt └── exe32pack 1.42 - OEP Finder & Unpacker.txt ├── ExeCryptor ├── EXECryptor 2.x OEP+IAT 脚本.osc ├── ExeCryptor 2.xx IAT Rebuilder v1.9.txt └── ExeCrypt 1.0 OEP Finder + IAT Repair.txt ├── LAMECRYPT └── LameCrypt v1.0 OEP Finder.txt ├── MEW ├── MEW 11 SE 1.2 [DeAtH HaS cOMe].txt ├── MEW 11 SE v1.2 OEP Finder v0.1.txt ├── Mew11 SE v1.2 - OEP Finder.txt ├── MEW 11 SE 1.2 [Darus].txt ├── MEW 11 SE v1.2b OEP Finder.txt ├── MEW 11 SE vb1.2 OEP Finder.txt ├── MEW 11 SE v1.2 OEP Finder.txt ├── mew10_1_0.txt ├── MEW 1.0 OEP Finder.txt ├── MEW 10 SE v1.0 OEP Finder.txt └── MEW 10 EXE-CODER 1.0 OEP-FINDER.txt ├── NTkrnl Packer ├── NTKrnl 0.1 OEP Finder.txt ├── NTkrnl Packer 0.15 OEP Finder + IAT Repair.txt └── NTkrnl Protector 0.15 OEP Finder + IAT Repair.txt ├── NeoLite ├── NEOLITE 2.0 [DeAtH HaS cOMe].txt ├── neolite20.txt ├── Neolite v2.0 - oep finder.txt └── NEOLITE 2.0 [DarK_m00n[CiM]].txt ├── Orien └── Orien 2.11 - 2.12 OEP Finder.txt ├── Thinstall ├── Thinstall 2.5x OEP Finder.txt ├── Thinstall 2.5x OEP Finder + Unpack.txt ├── Thinstall 2.5x Extract Dependencies Part2.txt ├── Thinstall 2.7xx Unpacker (Single Process).txt ├── Thinstall 2.5unpack&Extract dll │ ├── Thinstall 2.5.txt │ ├── Thinstall 2.5 extract_part1.txt │ └── Thinstall 2.5 extract_part2.txt ├── Thinstall.Virtualization.Suite.V3.0X.Single.Main.eXe.UnPacK.oSc ├── Thinstall Virtualization Suite 3.0x Unpacker (Single Main Exe).txt └── Thinstall.Virtualization.Suite.V3.0X.Single.Main.eXe.UnPacK.Script.osc ├── eXcalibur └── eXcalibur 1.03 OEP Finder.txt ├── ExeStealth ├── ExeStealth 2.72 OEP Finder.txt ├── ExeStealth 2.76a oep finder.txt ├── EXESTEALTH 2.7 OEP-FINDER.txt └── ExeStealth 2.7 OEP Finder v0.1.txt ├── GHF Protector └── GHF Protector OEP Finder.txt ├── PeShield └── PeShield 0.25 OEP Finder v0.1.txt ├── Yodas Crypter ├── YODA'S CRYPTER V.1.2-1.3.txt ├── YODA'S CRYPTER V.1.X MODIFIED.txt ├── Yodas Crypter 1.2 - 1.3 OEP Finder.txt ├── Yodas Crypter 1.2 OEP + Patch IAT v0.1.txt ├── Yodas cryptor 1.x modified OEP and Patch IAT v0.1b.txt ├── Yodas Crypter 1.x (Modified) OEP Finder + Patch IAT v0.1b.txt ├── y0da_crypter_1.2.txt └── YODA'S CRYPTER 1.2 OEP-FINDER.txt ├── acprotect_unpacke ├── acp_unpacker_ok_v1.2.osc └── Acpr1.41-2.0_unpacker全自动脱壳.osc ├── AHpack ├── AHpack 0.1 OEP Finder [Goldocrack].txt └── AHpack 0.1 OEP Finder #2.txt ├── C.I. Crypt ├── C.I. Crypt Generic Unwrapper.txt └── C.I. Crypt 0.2 OEP Finder.txt ├── PC-Guard ├── PC-Guard 5.0 IAT Repair (MSVC).txt ├── PC-Guard 5.0 OEP and Patch IAT v0.1b.txt └── PC-Guard 5.0 IAT Repair.txt ├── PolyCrypt └── PolyCrypt PE 2.1.5 OEP Finder.txt ├── SafeDics └── SafeDisc 4.xx AntiDbg OEP Finder.txt ├── VirProtector └── VirProtector 0.1 OEP Finder.txt ├── yoda's cryptor └── yoda's cryptor V1.2-V1.3.osc ├── ActiveMark ├── ActiveMark 6.xx OEP Finder v0.1.txt ├── ActiveMark Patching Script.txt ├── ActiveMark Patching Script [GaBoR].txt ├── ActiveMark 5.xx Level 2 EP Finder.txt └── ActiveMark 5.xx Level 2 EP Finder [GaBoR].txt ├── G!X Protector ├── G!X Protector 1.2 OEP Finder.txt ├── Gie-Protector 0.2 Unpacker.txt └── G!X Protector 1.2.txt ├── Hmimys Packer ├── Hmimys Packer 1.xx OEP Finder.txt └── Hmimys Packer 1.2 And 1.3 Oep.txt ├── Acprotect ├── ACProtect 2.0 (Standard) IAT Repair.txt ├── ACProtect OEP Finder + Find Stolen Code.txt ├── ACProtect 1.41 - 2%2e0 OEP Finder + IAT Repair.txt └── ACProtect 2.0 (Standard) OEP Finder + IAT Repair.txt ├── Bastards Tools └── Bastards Tools 1.1 OEP Finder.txt ├── JDPack - JDProtect ├── JDPack 1.01 OEP Finder v0.1.txt ├── JDPack 0.9 - 1.01 OEP Finder.txt └── JDPack 1.x JDProtect 0.9 OEP Finder + IAT Repair.txt ├── JExeCompressor └── JExeCompressor 1.0 OEP Finder.txt ├── Mr Undectetable └── Mr Undectetable 1.0 OEP Finder.txt ├── PEBundle ├── PeBundle 2.3 OEP Finder + Patch IAT.txt ├── PEBundle 2.0x.txt ├── pebundle_2x.txt └── PeBundle 2.0x to 2.4x OEP Finder.txt ├── Yodas Protector ├── Yodas Protector 1.03.x Unpack.txt ├── Yodas Protector 1.03 OEP Finder + IAT Fixer.txt ├── Yodas Protector 1.0b OEP Finder.txt └── YODA'S PROTECTOR 1.0b OEP-FINDER.txt ├── nProtect GameGuard └── nProtect GameGuard Script.txt ├── DotFix NiceProtect ├── dotFix FakeSigner OEP Finder.txt └── DotFix NiceProtect 2.xx - 3.xx Auxiliary Script.txt ├── Polycrypt_PE_2.1.5_脱壳脚本 └── Polycrypt PE 2.1.5 脱壳脚本.oSc ├── MPress ├── MPress 0.71a - 0.77b OEP Finder + IAT Repair.txt ├── MPress 0.7x OEP Finder.txt └── mpress.osc ├── SoftSentry └── STONE'S PE ENCRYPTER 1.13 OEP FINDER 0.1.txt ├── EncryptPE V2.2007.4.11 ├── EncryptPE V2.2007.4.11with recode.osc ├── EncryptPE V2.2007.4.11without rpcode.osc └── EncryptPE V2.2007.4.11 │ ├── EncryptPE V2.2007.4.11with recode.osc │ └── EncryptPE V2.2007.4.11without rpcode.osc ├── EncryptPE ├── EncryptPE 2.2007.4.11 OEP Finder + IAT Repair.txt ├── EncryptPE 2.2007.12.1 OEP Finder + IAT Repair v0.2.txt ├── EncryptPE 2.2007.4.11 OEP Finder + IAT Repair v0.1.txt └── EncryptPE 2.2007.4.11 OEP Finder + IAT Repair v0.2.txt ├── Protection Plus ├── Protection Plus 4.2 OEP Finder + Fix IAT.txt ├── protection_plus_oep.txt ├── Protection Plus 4.xx OEP Finder + Import Fixer.txt └── Protection Plus OEP Finder.txt ├── Undetector ├── Undetector 1.2 OEP Finder + Detach Processes.txt └── Undetector 1.2 Unpacker.txt ├── VGCrypt PE Encryptor ├── VGCRYPT 0.75 BETA - OEP FINDER 0.1.txt └── VGCrypt PE Encryptor 0.75 OEP Finder v0.1.txt ├── Wind of Crypt └── Wind of Crypt 1.0 OEP Finder + EBFE Patch.txt ├── AHTeam EP Protector ├── AHTeam EP Protector 0.3a [Goldocrack].txt └── AHTeam EP Protector 0.3b [Goldocrack].txt ├── 穿山甲替换KEY专用 ├── Armadillo 3.xx - 5.xx Fingerprint Patcher v0.2.txt └── Armadillo_3.xx_-_5.xx_Fingerprint_Patcher_v0.1.txt ├── CSDSJKK Protector └── CSDSJKK Protector OEP Finder + Fix Imports.txt ├── SVKP └── SVKP 1.3x - 1.4x OEP Finder + Fix Imports + Stolen Code.txt ├── vmp_iat └── VMProtect_1.7_-_2.0_OEP_Finder_+_Unpack_Helper_v1.2.txt ├── CrypToCrack Pe Protector ├── CrypToCrack Pe Protector 0.9.2 OEP Finder.txt └── CrypToCrack Pe Protector 0.9.2 OEP Finder + IAT Repair.txt ├── Obsidium ├── Obsidium 1.3.0.x OEP Finder + Find Stolen Code + Fix IAT .txt └── Obsidium 1.3.4.2 OEP Finder.txt ├── DalKrypt └── DalKrypt 1.0 OEP Finder.txt ├── ID Application Protector └── ID Application Protector 1.2 OEP Finder + IAT Repair.txt ├── YZPack ├── YZPack 1.0 OEP Finder.txt └── YZPack 2.0 OEP Finder.txt ├── visual protect ├── Visual Protect 3.xx OEP Finder + Repair IAT + Name and Project Finder.txt ├── Visual Protect 3.xx OEP Finder + IAT Repair.txt └── Visual Protect 3.xx OEP Finder + IAT Repair(2).txt ├── BamBam ├── BamBam 0.01 OEP Finder.txt └── BamBam 0.04 OEP Finder + Dumper.txt ├── nPack └── nPack 1.1.800.2008 OEP Finder.txt ├── French Layor └── French Layor 1.81 OEP Finder.txt ├── Pohernah └── Pohernah 1.0.3 OEP Finder.txt ├── PKLite32 ├── PKLite32 1.1 OEP Finder v0.1.txt ├── PKLite32 1.1 OEP Finder.txt └── PKLITE32 v1.1.osc ├── Morphnah └── Morphnah 0.2 OEP Finder 2.txt ├── DXPack ├── DXPACK 0.86.txt └── Dxpack 0.86 OEP Finder v0.1.txt ├── PE Diminisher ├── PE Diminisher 0.1 OEP Finder.txt └── PE Diminisher v0.1.osc ├── Pestil ├── Pestil 1.0 OEP Finder 2.txt └── Pestil 1.0 OEP Finder 1.txt ├── Upx s h i t ├── UPXShit 0.x OEP Finder.txt ├── upxshit006.txt ├── UPX (Protector) Shit.txt ├── UPX & UPXShit 0.6 OEP Finder.txt └── UPXSHIT 0.06 AND UPX OEP-FINDER.txt ├── 32Lite └── 32Lite 0.03a OEP V0.1 [Mr.David].txt ├── Ezip ├── Ezip 1.0.osc ├── E_ZIP v1.0 - oep finder and Unpacker.txt ├── EZIP 1.0 OEP FINDER.txt └── Ezip 1.0.txt ├── UnDo Crypter └── UnDo Crypter 1.0 OEP Finder.txt ├── KaOs PE-DLL eXecutable Undetecter └── KaOs PE-DLL eXecutable Undetecter OEP Finder 2.txt ├── NakedPacker └── Nakedpack 1.0.osc ├── ASDPack └── ASDPack 2.0 OEP Finder 2.txt ├── PC PeSHRINKER ├── PC Shrinker v0.71 OEP Finder.txt └── PC Shrinker 0.71 OEP Finder v0.1.txt ├── CRYPT └── crypt.1.0.txt ├── Code Cave Finder └── Code Cave Finder.txt ├── WinUpack ├── WinUpack 0.30 OEP Finder.txt ├── WinUpack 0.38 OEP Finder.txt └── WinUpack 0.31 - 0.32 OEP Finder.txt ├── Backdoor PE Compress Protector └── Backdoor PE Compress Protector 1.0 OEP Finder.txt ├── Private Personal Packer └── Private Personal Packer 1.0.2 OEP Finder.txt ├── DragonArmor ├── Dragon Armor.osc └── DragonArmor 0.0.4.1 OEP Finder.txt ├── README.md ├── Packman └── Packman 0.0.0.1 OEP Finder.txt ├── PeStub ├── PeStubOEP 1.7 OEP recover(VC++ 6.0).osc └── PeStubOEP 1.7 OEP recover(Delphi).osc ├── UPX Protector ├── UPX Protector 1.0 OEP Finder v0.1 [FEUERRADER].txt └── UPX Protector 1.0x OEP Finder.txt ├── ExeShield ├── exeshield_0x.txt ├── EXE Shield 0.5 to 0.8 OEP Finder.txt ├── EXESHIELD 0.5 - 0.8 (ARM PROTECTOR 0.1).txt ├── ExeShield 0.5 to 0.8 OEP Finder.txt ├── Exe Shield 0.8 OEP Finder.txt └── ExeShield 0.8 OEP Finder.txt ├── Mimoza └── Mimoza 0.86 Unpacker.txt ├── SecuROM ├── SecuROM 7.xx CPUID Fixer.txt └── SecuROM 7.xx Jump Bridge & Crypted Code Fixer.txt ├── PeX ├── PEX_0_99.TXT └── PeX 0.99 OEP Finder.txt ├── mPack └── mPack 0.0.3 OEP Finder.txt ├── USSR └── USSR OEP Finder.txt ├── Virogen Crypt ├── virogen_075.txt ├── VIROGEN CRYPT 0.75 OEP-FINDER.txt └── Virogen Crypt 0.75 OEP Finder.txt ├── Software Compress └── Software Compress 1.x Unpacker.txt ├── VBox └── VBox 4.3 OEP Finder + IAT Repair.txt ├── VPacker └── VPacker 0.02.10 - Pack 4.0 OEP Finder + Dumper.txt ├── LARP └── LARP 2.0 IAT Repair.txt ├── Simple pack ├── SimplePack 1.2 OEP Finder.txt └── SimplePack 1.21 OEP Finder #1.txt ├── winunpack └── Cds ss 1.0beta winunpack.txt ├── FatMike └── FatMike IAT Resolver Script.txt ├── NOmeR1 └── NOmeR1 OEP Finder.txt ├── PeCancer └── PeCancer 2007.07.23 IAT Repair.txt ├── ExeSax └── ExeSax 0.9.1 OEP Finder.txt ├── Morphine ├── morphine_13.txt └── MORPHINE 1.3 OEP-FINDER.txt ├── PE Lock NT └── PE Lock NT 2.04 OEP Finder.txt └── QuickPack └── QuickPack Unpacker.txt /spinano/release/run.bat: -------------------------------------------------------------------------------- 1 | spinano -------------------------------------------------------------------------------- /FSG/FSG.osc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/FSG/FSG.osc -------------------------------------------------------------------------------- /幻影/幻影脱壳.osc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/幻影/幻影脱壳.osc -------------------------------------------------------------------------------- /普通脱壳脚本/查花指令.osc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/普通脱壳脚本/查花指令.osc -------------------------------------------------------------------------------- /FSG/普通fsg1.33.osc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/FSG/普通fsg1.33.osc -------------------------------------------------------------------------------- /NsPack/nspack.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/NsPack/nspack.txt -------------------------------------------------------------------------------- /PeSpin/AT4RE.nfo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/PeSpin/AT4RE.nfo -------------------------------------------------------------------------------- /ZProtect/zp3.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ZProtect/zp3.txt -------------------------------------------------------------------------------- /Enigma/Enigmavm.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Enigma/Enigmavm.bin -------------------------------------------------------------------------------- /FSG/普通变形 fsg1.33.osc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/FSG/普通变形 fsg1.33.osc -------------------------------------------------------------------------------- /KByS/KByS V0.28.osc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/KByS/KByS V0.28.osc -------------------------------------------------------------------------------- /PePack/PePack1.0.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/PePack/PePack1.0.txt -------------------------------------------------------------------------------- /Themida/Script1.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Themida/Script1.txt -------------------------------------------------------------------------------- /ollyDBG脱壳脚本编辑器.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ollyDBG脱壳脚本编辑器.exe -------------------------------------------------------------------------------- /各语言按钮事件/VC 按钮事件.osc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/各语言按钮事件/VC 按钮事件.osc -------------------------------------------------------------------------------- /ASProtect/Asprvm8s.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ASProtect/Asprvm8s.bin -------------------------------------------------------------------------------- /Armadillo/ARImpRec.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Armadillo/ARImpRec.dll -------------------------------------------------------------------------------- /Armadillo/VAFinder.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Armadillo/VAFinder.txt -------------------------------------------------------------------------------- /Enigma/Readme2.xx.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Enigma/Readme2.xx.txt -------------------------------------------------------------------------------- /Krypton/Krypton0.5.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Krypton/Krypton0.5.txt -------------------------------------------------------------------------------- /Nanomite/VAFinder.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Nanomite/VAFinder.txt -------------------------------------------------------------------------------- /PeSpin/pespin v1.1.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/PeSpin/pespin v1.1.txt -------------------------------------------------------------------------------- /tElock/Telock0.98x.osc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/tElock/Telock0.98x.osc -------------------------------------------------------------------------------- /各语言按钮事件/易语言查找按钮事件.osc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/各语言按钮事件/易语言查找按钮事件.osc -------------------------------------------------------------------------------- /各语言按钮事件/易语言黑月按钮事件.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/各语言按钮事件/易语言黑月按钮事件.txt -------------------------------------------------------------------------------- /!EPack/!EPack 1.4 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | 2 | find eip,#61B8# 3 | go $RESULT 4 | sto 5 | sto 6 | sto 7 | ret 8 | 9 | -------------------------------------------------------------------------------- /Armadillo/Arm 转单进程脚本.osc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Armadillo/Arm 转单进程脚本.osc -------------------------------------------------------------------------------- /Enigma/Enigmapatch2.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Enigma/Enigmapatch2.bin -------------------------------------------------------------------------------- /MoleBox/MoleBox脱壳脚本.osc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/MoleBox/MoleBox脱壳脚本.osc -------------------------------------------------------------------------------- /PEncrypt/PEncrypt 4.0.osc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/PEncrypt/PEncrypt 4.0.osc -------------------------------------------------------------------------------- /Pet i t e/PETITE2.2.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Pet i t e/PETITE2.2.txt -------------------------------------------------------------------------------- /ThemidaScript/TMD版本查询.osc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ThemidaScript/TMD版本查询.osc -------------------------------------------------------------------------------- /ThemidaScript/tmd_iat.osc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ThemidaScript/tmd_iat.osc -------------------------------------------------------------------------------- /ZProtect/zpunpacker.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ZProtect/zpunpacker.txt -------------------------------------------------------------------------------- /ZProtect/修复anti-hook.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ZProtect/修复anti-hook.txt -------------------------------------------------------------------------------- /spinano/release/AT4RE.nfo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/spinano/release/AT4RE.nfo -------------------------------------------------------------------------------- /tElock/tElock-forgot.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/tElock/tElock-forgot.txt -------------------------------------------------------------------------------- /ASProtect/ASProtect_API.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ASProtect/ASProtect_API.txt -------------------------------------------------------------------------------- /PECompact/PECompact 2.x.osc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/PECompact/PECompact 2.x.osc -------------------------------------------------------------------------------- /Pe123/Pe123 Jmp to Jmp.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Pe123/Pe123 Jmp to Jmp.txt -------------------------------------------------------------------------------- /PeSpin/PeSpin 1.3 Beta2.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/PeSpin/PeSpin 1.3 Beta2.txt -------------------------------------------------------------------------------- /Upx/UPX 3.00 OEP Finder.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Upx/UPX 3.00 OEP Finder.txt -------------------------------------------------------------------------------- /spinano/release/spinano.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/spinano/release/spinano.exe -------------------------------------------------------------------------------- /ASProtect/ASProtect 2_AIP2.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ASProtect/ASProtect 2_AIP2.txt -------------------------------------------------------------------------------- /Armadillo/Armadillo_3x_dll.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Armadillo/Armadillo_3x_dll.txt -------------------------------------------------------------------------------- /FishPE/FishPE 1.12 Dumper.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/FishPE/FishPE 1.12 Dumper.txt -------------------------------------------------------------------------------- /PECompact/PECompact 2.ax.osc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/PECompact/PECompact 2.ax.osc -------------------------------------------------------------------------------- /RLPack/RLPack 1.9 Unpacker.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/RLPack/RLPack 1.9 Unpacker.txt -------------------------------------------------------------------------------- /spinano/release/ollydisasm.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/spinano/release/ollydisasm.dll -------------------------------------------------------------------------------- /tElock/tELock V0.8X-V0.9X.osc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/tElock/tELock V0.8X-V0.9X.osc -------------------------------------------------------------------------------- /!EPack/!EPack all version 脚本.osc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/!EPack/!EPack all version 脚本.osc -------------------------------------------------------------------------------- /Aspack/ASPACK 2.12 [dOsKey].txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Aspack/ASPACK 2.12 [dOsKey].txt -------------------------------------------------------------------------------- /At4re Asm Protecter/At4re Asm Protecter 1.0 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | findop eip, #FFE0# 2 | bp $RESULT 3 | run 4 | sti 5 | msg "OEP Found!" -------------------------------------------------------------------------------- /CDS SS/CDS SS 1.0 OEP Finder.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/CDS SS/CDS SS 1.0 OEP Finder.txt -------------------------------------------------------------------------------- /Crunch/Crunch v1.0 Heuristic.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Crunch/Crunch v1.0 Heuristic.txt -------------------------------------------------------------------------------- /Enigma/Enigma_unpacker_v0.92.osc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Enigma/Enigma_unpacker_v0.92.osc -------------------------------------------------------------------------------- /FSG/FSG 1.x - 2.x OEP Finder.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/FSG/FSG 1.x - 2.x OEP Finder.txt -------------------------------------------------------------------------------- /FSG/FSG 2.00 OEP Finder v0.1.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/FSG/FSG 2.00 OEP Finder v0.1.txt -------------------------------------------------------------------------------- /NsPack/NsPack 3.5 OEP Finder.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/NsPack/NsPack 3.5 OEP Finder.txt -------------------------------------------------------------------------------- /PePack/PEPACK 1.0 OEP-FINDER.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/PePack/PEPACK 1.0 OEP-FINDER.txt -------------------------------------------------------------------------------- /Pet i t e/Petite 2.2 OEP finder: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Pet i t e/Petite 2.2 OEP finder -------------------------------------------------------------------------------- /各语言按钮事件/Delphi & VB事件断点查找脚本.osc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/各语言按钮事件/Delphi & VB事件断点查找脚本.osc -------------------------------------------------------------------------------- /Armadillo/Armadillo_anti_dump.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Armadillo/Armadillo_anti_dump.txt -------------------------------------------------------------------------------- /Armadillo/Armadillo_magic_jump.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Armadillo/Armadillo_magic_jump.txt -------------------------------------------------------------------------------- /Armadillo/Armadillo_va_finder.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Armadillo/Armadillo_va_finder.txt -------------------------------------------------------------------------------- /Get Executable PE Information.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Get Executable PE Information.txt -------------------------------------------------------------------------------- /OTHER SCRIPTS/Punto magico VC++.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/OTHER SCRIPTS/Punto magico VC++.txt -------------------------------------------------------------------------------- /PECompact/PECompact V2.X 完美脱壳脚.osc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/PECompact/PECompact V2.X 完美脱壳脚.osc -------------------------------------------------------------------------------- /PECompact/PECompact_V2.X_完美脱壳脚本.osc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/PECompact/PECompact_V2.X_完美脱壳脚本.osc -------------------------------------------------------------------------------- /alex protector/alex protector.osc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/alex protector/alex protector.osc -------------------------------------------------------------------------------- /eXPressor/expressor 1.5x ~ 1.6x.osc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/eXPressor/expressor 1.5x ~ 1.6x.osc -------------------------------------------------------------------------------- /ASProtect/ASProtect 2.0x Fix IAT.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ASProtect/ASProtect 2.0x Fix IAT.txt -------------------------------------------------------------------------------- /ASProtect/AsprUnpacker_history_sc.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ASProtect/AsprUnpacker_history_sc.txt -------------------------------------------------------------------------------- /ASProtect/Asprotect2.3 Build4.26.osc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ASProtect/Asprotect2.3 Build4.26.osc -------------------------------------------------------------------------------- /Armadillo/Armadillo CheckFlags v2.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Armadillo/Armadillo CheckFlags v2.txt -------------------------------------------------------------------------------- /Armadillo/Armadillo V4.0-V4.4 DLL.osc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Armadillo/Armadillo V4.0-V4.4 DLL.osc -------------------------------------------------------------------------------- /Escargot/Escargot 0.1 OEP Finder.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Escargot/Escargot 0.1 OEP Finder.txt -------------------------------------------------------------------------------- /KByS Packer/KByS 0.28 OEP Finder.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/KByS Packer/KByS 0.28 OEP Finder.txt -------------------------------------------------------------------------------- /OTHER SCRIPTS/Get Last Exception.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/OTHER SCRIPTS/Get Last Exception.txt -------------------------------------------------------------------------------- /PE-Armor/PE-Armor 0.46 OEP Finder.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/PE-Armor/PE-Armor 0.46 OEP Finder.txt -------------------------------------------------------------------------------- /PECompact/PECompact 2.xx Unpacker.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/PECompact/PECompact 2.xx Unpacker.txt -------------------------------------------------------------------------------- /PePack/PePack 1.0 OEP Finder v0.1.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/PePack/PePack 1.0 OEP Finder v0.1.txt -------------------------------------------------------------------------------- /PeSpin/PeSpin 0.1 - 1.1 Unpacker.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/PeSpin/PeSpin 0.1 - 1.1 Unpacker.txt -------------------------------------------------------------------------------- /RLPack/RLPack1.9 pre Heavy Weapon.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/RLPack/RLPack1.9 pre Heavy Weapon.txt -------------------------------------------------------------------------------- /Softwrap/Softwrap 1.xx OEP Finder.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Softwrap/Softwrap 1.xx OEP Finder.txt -------------------------------------------------------------------------------- /WWPack32/WWPack32 1.xx OEP Finder.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/WWPack32/WWPack32 1.xx OEP Finder.txt -------------------------------------------------------------------------------- /WinKripT/WinKripT 1.0 OEP Finder.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/WinKripT/WinKripT 1.0 OEP Finder.txt -------------------------------------------------------------------------------- /ANDpakk/ANDpakk2 0.18 OEP Finder 1.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ANDpakk/ANDpakk2 0.18 OEP Finder 1.txt -------------------------------------------------------------------------------- /ASProtect/Acpr1.41-2.0_unpacker全自动脱壳.osc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ASProtect/Acpr1.41-2.0_unpacker全自动脱壳.osc -------------------------------------------------------------------------------- /ASProtect/Aspr2.XX_unpacker_v1.13SC.osc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ASProtect/Aspr2.XX_unpacker_v1.13SC.osc -------------------------------------------------------------------------------- /ASProtect/Aspr2.XX_unpacker_v1.14aSC.osc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ASProtect/Aspr2.XX_unpacker_v1.14aSC.osc -------------------------------------------------------------------------------- /ASProtect/Aspr2.XX_unpacker_v1.15SC.osc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ASProtect/Aspr2.XX_unpacker_v1.15SC.osc -------------------------------------------------------------------------------- /Alawar Games/Alawar Games OEP Finder.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Alawar Games/Alawar Games OEP Finder.txt -------------------------------------------------------------------------------- /Armadillo/Armadillo IAT Elimination.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Armadillo/Armadillo IAT Elimination.txt -------------------------------------------------------------------------------- /Armadillo/Armadillo IAT Eliminator.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Armadillo/Armadillo IAT Eliminator.txt -------------------------------------------------------------------------------- /Aspack/ASPACK 2.12 [DeAtH HaS cOMe].txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Aspack/ASPACK 2.12 [DeAtH HaS cOMe].txt -------------------------------------------------------------------------------- /Aspack/ASPACK 2.12x [DeAtH HaS cOMe].txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Aspack/ASPACK 2.12x [DeAtH HaS cOMe].txt -------------------------------------------------------------------------------- /Exe32Pack/Exe32Pack 1.3X OEP Finder.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Exe32Pack/Exe32Pack 1.3X OEP Finder.txt -------------------------------------------------------------------------------- /ExeCryptor/EXECryptor 2.x OEP+IAT 脚本.osc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ExeCryptor/EXECryptor 2.x OEP+IAT 脚本.osc -------------------------------------------------------------------------------- /LAMECRYPT/LameCrypt v1.0 OEP Finder.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/LAMECRYPT/LameCrypt v1.0 OEP Finder.txt -------------------------------------------------------------------------------- /MEW/MEW 11 SE 1.2 [DeAtH HaS cOMe].txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/MEW/MEW 11 SE 1.2 [DeAtH HaS cOMe].txt -------------------------------------------------------------------------------- /MEW/MEW 11 SE v1.2 OEP Finder v0.1.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/MEW/MEW 11 SE v1.2 OEP Finder v0.1.txt -------------------------------------------------------------------------------- /NTkrnl Packer/NTKrnl 0.1 OEP Finder.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/NTkrnl Packer/NTKrnl 0.1 OEP Finder.txt -------------------------------------------------------------------------------- /NeoLite/NEOLITE 2.0 [DeAtH HaS cOMe].txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/NeoLite/NEOLITE 2.0 [DeAtH HaS cOMe].txt -------------------------------------------------------------------------------- /NsPack/NsPack 1.x - 2.0 OEP Finder.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/NsPack/NsPack 1.x - 2.0 OEP Finder.txt -------------------------------------------------------------------------------- /NsPack/NsPack 1.x - 3.5 OEP Finder.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/NsPack/NsPack 1.x - 3.5 OEP Finder.txt -------------------------------------------------------------------------------- /Orien/Orien 2.11 - 2.12 OEP Finder.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Orien/Orien 2.11 - 2.12 OEP Finder.txt -------------------------------------------------------------------------------- /PECompact/PeCompact 2.78 OEP Finder.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/PECompact/PeCompact 2.78 OEP Finder.txt -------------------------------------------------------------------------------- /PEncrypt/PEncrypt 4.0 Find Oep 0.1b.TXT: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/PEncrypt/PEncrypt 4.0 Find Oep 0.1b.TXT -------------------------------------------------------------------------------- /Themida/Themida 1.9.x Unpacker v1.0.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Themida/Themida 1.9.x Unpacker v1.0.txt -------------------------------------------------------------------------------- /Thinstall/Thinstall 2.5x OEP Finder.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Thinstall/Thinstall 2.5x OEP Finder.txt -------------------------------------------------------------------------------- /WinKripT/WINKRIPT 1.0 OEP FINDER 0.1.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/WinKripT/WINKRIPT 1.0 OEP FINDER 0.1.txt -------------------------------------------------------------------------------- /eXPressor/eXPressor 1.x OEP Finder.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/eXPressor/eXPressor 1.x OEP Finder.txt -------------------------------------------------------------------------------- /eXcalibur/eXcalibur 1.03 OEP Finder.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/eXcalibur/eXcalibur 1.03 OEP Finder.txt -------------------------------------------------------------------------------- /tElock/tElock 0.80 - 0.9x OEP Finder.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/tElock/tElock 0.80 - 0.9x OEP Finder.txt -------------------------------------------------------------------------------- /ExeStealth/ExeStealth 2.72 OEP Finder.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ExeStealth/ExeStealth 2.72 OEP Finder.txt -------------------------------------------------------------------------------- /GHF Protector/GHF Protector OEP Finder.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/GHF Protector/GHF Protector OEP Finder.txt -------------------------------------------------------------------------------- /PeShield/PeShield 0.25 OEP Finder v0.1.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/PeShield/PeShield 0.25 OEP Finder v0.1.txt -------------------------------------------------------------------------------- /PeSpin/PESpin v1.1 Stolen Code Finder.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/PeSpin/PESpin v1.1 Stolen Code Finder.txt -------------------------------------------------------------------------------- /Pet i t e/Petite 1.2 - 2.3 OEP Finder.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Pet i t e/Petite 1.2 - 2.3 OEP Finder.txt -------------------------------------------------------------------------------- /Themida/Themida 1.9.5.0 Unpacker v0.2.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Themida/Themida 1.9.5.0 Unpacker v0.2.txt -------------------------------------------------------------------------------- /WWPack32/WWPACK32 1.20 DEMO OEP-FINDER.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/WWPack32/WWPACK32 1.20 DEMO OEP-FINDER.txt -------------------------------------------------------------------------------- /WWPack32/WWPack32 1.20 OEP Finder v0.1.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/WWPack32/WWPack32 1.20 OEP Finder v0.1.txt -------------------------------------------------------------------------------- /Yodas Crypter/YODA'S CRYPTER V.1.2-1.3.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Yodas Crypter/YODA'S CRYPTER V.1.2-1.3.txt -------------------------------------------------------------------------------- /acprotect_unpacke/acp_unpacker_ok_v1.2.osc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/acprotect_unpacke/acp_unpacker_ok_v1.2.osc -------------------------------------------------------------------------------- /!EPack/!EPack Lite 1.4 Final OEP Finder.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/!EPack/!EPack Lite 1.4 Final OEP Finder.txt -------------------------------------------------------------------------------- /AHpack/AHpack 0.1 OEP Finder [Goldocrack].txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/AHpack/AHpack 0.1 OEP Finder [Goldocrack].txt -------------------------------------------------------------------------------- /ASProtect/ASProtect 2.0 Stop Stolen Code.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ASProtect/ASProtect 2.0 Stop Stolen Code.txt -------------------------------------------------------------------------------- /ASProtect/ASProtect 2.x Stop stolen code.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ASProtect/ASProtect 2.x Stop stolen code.txt -------------------------------------------------------------------------------- /ASProtect/Aspr2.XX_unpacker_v1.13SC跳过注册框.osc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ASProtect/Aspr2.XX_unpacker_v1.13SC跳过注册框.osc -------------------------------------------------------------------------------- /ASProtect/脚本/Unpacker_v1[1].14aE/Asprvm8s.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ASProtect/脚本/Unpacker_v1[1].14aE/Asprvm8s.bin -------------------------------------------------------------------------------- /ASProtect/脚本/Unpacker_v1[1].14aE/readme.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ASProtect/脚本/Unpacker_v1[1].14aE/readme.txt -------------------------------------------------------------------------------- /ASProtect/脚本/Unpacker_v1[1].14aSC/readme.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ASProtect/脚本/Unpacker_v1[1].14aSC/readme.txt -------------------------------------------------------------------------------- /Armadillo/Armadillo 3.xx DLL Unpack v0.1.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Armadillo/Armadillo 3.xx DLL Unpack v0.1.txt -------------------------------------------------------------------------------- /Armadillo/Armadillo 4.0 - 4.4 DLL Unpack.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Armadillo/Armadillo 4.0 - 4.4 DLL Unpack.txt -------------------------------------------------------------------------------- /C.I. Crypt/C.I. Crypt Generic Unwrapper.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/C.I. Crypt/C.I. Crypt Generic Unwrapper.txt -------------------------------------------------------------------------------- /Crunch/CrunchPE Heuristic OEP Finder v0.1.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Crunch/CrunchPE Heuristic OEP Finder v0.1.txt -------------------------------------------------------------------------------- /MoleBox/MoleBox 2.3 Pro OEP Finder v0.1.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/MoleBox/MoleBox 2.3 Pro OEP Finder v0.1.txt -------------------------------------------------------------------------------- /MoleBox/MoleBox Pro 2.6.4.2534 OEP Finder.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/MoleBox/MoleBox Pro 2.6.4.2534 OEP Finder.txt -------------------------------------------------------------------------------- /PC-Guard/PC-Guard 5.0 IAT Repair (MSVC).txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/PC-Guard/PC-Guard 5.0 IAT Repair (MSVC).txt -------------------------------------------------------------------------------- /PeSpin/PESPIN 1.1 STOLEN CODE FINDER 0.1.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/PeSpin/PESPIN 1.1 STOLEN CODE FINDER 0.1.txt -------------------------------------------------------------------------------- /PeSpin/PeSpin 1.1 Stolen Code Finder v0.1.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/PeSpin/PeSpin 1.1 Stolen Code Finder v0.1.txt -------------------------------------------------------------------------------- /PeSpin/PeSpin 1.3 Beta 2 (Private) Debug.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/PeSpin/PeSpin 1.3 Beta 2 (Private) Debug.txt -------------------------------------------------------------------------------- /PolyCrypt/PolyCrypt PE 2.1.5 OEP Finder.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/PolyCrypt/PolyCrypt PE 2.1.5 OEP Finder.txt -------------------------------------------------------------------------------- /SafeDics/SafeDisc 4.xx AntiDbg OEP Finder.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/SafeDics/SafeDisc 4.xx AntiDbg OEP Finder.txt -------------------------------------------------------------------------------- /Themida/Themida + WinLicence OEP Finder.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Themida/Themida + WinLicence OEP Finder.txt -------------------------------------------------------------------------------- /ThemidaScript/TMDScript-1.9.1+_1.0final.osc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ThemidaScript/TMDScript-1.9.1+_1.0final.osc -------------------------------------------------------------------------------- /VirProtector/VirProtector 0.1 OEP Finder.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/VirProtector/VirProtector 0.1 OEP Finder.txt -------------------------------------------------------------------------------- /WWPack32/WWPACK32 1.x OEP-FINDER V.0.1B.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/WWPack32/WWPACK32 1.x OEP-FINDER V.0.1B.txt -------------------------------------------------------------------------------- /yoda's cryptor/yoda's cryptor V1.2-V1.3.osc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/yoda's cryptor/yoda's cryptor V1.2-V1.3.osc -------------------------------------------------------------------------------- /ASProtect/ASProtect 1.22 - 1.23 BETA 21-RC1.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ASProtect/ASProtect 1.22 - 1.23 BETA 21-RC1.txt -------------------------------------------------------------------------------- /ASProtect/ASProtect 2.0x Patch JMP or CALL.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ASProtect/ASProtect 2.0x Patch JMP or CALL.txt -------------------------------------------------------------------------------- /ASProtect/olly script ot TIMaASProtect_2.0x.osc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ASProtect/olly script ot TIMaASProtect_2.0x.osc -------------------------------------------------------------------------------- /ASProtect/脚本/Unpacker_v1[1].14aSC/Asprvm8s.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ASProtect/脚本/Unpacker_v1[1].14aSC/Asprvm8s.bin -------------------------------------------------------------------------------- /ActiveMark/ActiveMark 6.xx OEP Finder v0.1.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ActiveMark/ActiveMark 6.xx OEP Finder v0.1.txt -------------------------------------------------------------------------------- /Armadillo/Armadillo 4.xx CopyMem2 (Fix IAT).txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Armadillo/Armadillo 4.xx CopyMem2 (Fix IAT).txt -------------------------------------------------------------------------------- /Armadillo/armatools/armatools/NanomiteFixer.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Armadillo/armatools/armatools/NanomiteFixer.zip -------------------------------------------------------------------------------- /Crunch/CRUNCHPE HEURISTIC OEP FINDER V.0.1.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Crunch/CRUNCHPE HEURISTIC OEP FINDER V.0.1.txt -------------------------------------------------------------------------------- /G!X Protector/G!X Protector 1.2 OEP Finder.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/G!X Protector/G!X Protector 1.2 OEP Finder.txt -------------------------------------------------------------------------------- /Hmimys Packer/Hmimys Packer 1.xx OEP Finder.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Hmimys Packer/Hmimys Packer 1.xx OEP Finder.txt -------------------------------------------------------------------------------- /OTHER SCRIPTS/Get Executable PE Information.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/OTHER SCRIPTS/Get Executable PE Information.txt -------------------------------------------------------------------------------- /ThemidaScript/TMDScript-1.9.1+_private_0.7.osc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ThemidaScript/TMDScript-1.9.1+_private_0.7.osc -------------------------------------------------------------------------------- /WWPack32/WWPack32 1.20 Demo OEP Finder v0.1.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/WWPack32/WWPack32 1.20 Demo OEP Finder v0.1.txt -------------------------------------------------------------------------------- /Yodas Crypter/YODA'S CRYPTER V.1.X MODIFIED.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Yodas Crypter/YODA'S CRYPTER V.1.X MODIFIED.txt -------------------------------------------------------------------------------- /ASProtect/ASProtect 1.2-1.2C OEP FINDER V.0.1.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ASProtect/ASProtect 1.2-1.2C OEP FINDER V.0.1.txt -------------------------------------------------------------------------------- /ASProtect/Aspr2.XX_unpacker_v1.13SC跳过重定位和CRC校验.osc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ASProtect/Aspr2.XX_unpacker_v1.13SC跳过重定位和CRC校验.osc -------------------------------------------------------------------------------- /Acprotect/ACProtect 2.0 (Standard) IAT Repair.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Acprotect/ACProtect 2.0 (Standard) IAT Repair.txt -------------------------------------------------------------------------------- /Bastards Tools/Bastards Tools 1.1 OEP Finder.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Bastards Tools/Bastards Tools 1.1 OEP Finder.txt -------------------------------------------------------------------------------- /ExeCryptor/ExeCryptor 2.xx IAT Rebuilder v1.9.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ExeCryptor/ExeCryptor 2.xx IAT Rebuilder v1.9.txt -------------------------------------------------------------------------------- /JDPack - JDProtect/JDPack 1.01 OEP Finder v0.1.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/JDPack - JDProtect/JDPack 1.01 OEP Finder v0.1.txt -------------------------------------------------------------------------------- /JExeCompressor/JExeCompressor 1.0 OEP Finder.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/JExeCompressor/JExeCompressor 1.0 OEP Finder.txt -------------------------------------------------------------------------------- /KByS Packer/KByS Packer 0.28 Beta OEP Finder.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/KByS Packer/KByS Packer 0.28 Beta OEP Finder.txt -------------------------------------------------------------------------------- /Mr Undectetable/Mr Undectetable 1.0 OEP Finder.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Mr Undectetable/Mr Undectetable 1.0 OEP Finder.txt -------------------------------------------------------------------------------- /PC-Guard/PC-Guard 5.0 OEP and Patch IAT v0.1b.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/PC-Guard/PC-Guard 5.0 OEP and Patch IAT v0.1b.txt -------------------------------------------------------------------------------- /PEBundle/PeBundle 2.3 OEP Finder + Patch IAT.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/PEBundle/PeBundle 2.3 OEP Finder + Patch IAT.txt -------------------------------------------------------------------------------- /PeSpin/PeSpin 1.32 UnPacker (No DebugBlocker).txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/PeSpin/PeSpin 1.32 UnPacker (No DebugBlocker).txt -------------------------------------------------------------------------------- /Themida/Themida 1.8.x - 1.9.10 OEP Finder v0.4.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Themida/Themida 1.8.x - 1.9.10 OEP Finder v0.4.txt -------------------------------------------------------------------------------- /ThemidaScript/TMDScript-1.9.1+_1.0 final_修正集成版.osc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ThemidaScript/TMDScript-1.9.1+_1.0 final_修正集成版.osc -------------------------------------------------------------------------------- /Thinstall/Thinstall 2.5x OEP Finder + Unpack.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Thinstall/Thinstall 2.5x OEP Finder + Unpack.txt -------------------------------------------------------------------------------- /Yodas Protector/Yodas Protector 1.03.x Unpack.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Yodas Protector/Yodas Protector 1.03.x Unpack.txt -------------------------------------------------------------------------------- /acprotect_unpacke/Acpr1.41-2.0_unpacker全自动脱壳.osc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/acprotect_unpacke/Acpr1.41-2.0_unpacker全自动脱壳.osc -------------------------------------------------------------------------------- /nProtect GameGuard/nProtect GameGuard Script.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/nProtect GameGuard/nProtect GameGuard Script.txt -------------------------------------------------------------------------------- /ASProtect/ASProtect 1.0 OEP Finder + IAT Repair.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ASProtect/ASProtect 1.0 OEP Finder + IAT Repair.txt -------------------------------------------------------------------------------- /ASProtect/ASProtect 1.3x - 2.xx Unpacker v1.12SC.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ASProtect/ASProtect 1.3x - 2.xx Unpacker v1.12SC.txt -------------------------------------------------------------------------------- /ASProtect/ASProtect TEST SCRIPT V2.0 [loveboom].txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ASProtect/ASProtect TEST SCRIPT V2.0 [loveboom].txt -------------------------------------------------------------------------------- /Armadillo/armatools/armatools/DistanceDecryptor.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Armadillo/armatools/armatools/DistanceDecryptor.zip -------------------------------------------------------------------------------- /DotFix NiceProtect/dotFix FakeSigner OEP Finder.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/DotFix NiceProtect/dotFix FakeSigner OEP Finder.txt -------------------------------------------------------------------------------- /ExeCryptor/ExeCrypt 1.0 OEP Finder + IAT Repair.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ExeCryptor/ExeCrypt 1.0 OEP Finder + IAT Repair.txt -------------------------------------------------------------------------------- /JDPack - JDProtect/JDPack 0.9 - 1.01 OEP Finder.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/JDPack - JDProtect/JDPack 0.9 - 1.01 OEP Finder.txt -------------------------------------------------------------------------------- /PeSpin/PEspin 0.1 stolen OEP and Patch IAT v0.1.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/PeSpin/PEspin 0.1 stolen OEP and Patch IAT v0.1.txt -------------------------------------------------------------------------------- /Polycrypt_PE_2.1.5_脱壳脚本/Polycrypt PE 2.1.5 脱壳脚本.oSc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Polycrypt_PE_2.1.5_脱壳脚本/Polycrypt PE 2.1.5 脱壳脚本.oSc -------------------------------------------------------------------------------- /Yodas Crypter/Yodas Crypter 1.2 - 1.3 OEP Finder.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Yodas Crypter/Yodas Crypter 1.2 - 1.3 OEP Finder.txt -------------------------------------------------------------------------------- /ASProtect/ASProtect 2.xx Virtual Machine Rebuilder.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ASProtect/ASProtect 2.xx Virtual Machine Rebuilder.txt -------------------------------------------------------------------------------- /Acprotect/ACProtect OEP Finder + Find Stolen Code.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Acprotect/ACProtect OEP Finder + Find Stolen Code.txt -------------------------------------------------------------------------------- /MPress/MPress 0.71a - 0.77b OEP Finder + IAT Repair.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/MPress/MPress 0.71a - 0.77b OEP Finder + IAT Repair.txt -------------------------------------------------------------------------------- /MoleBox/MoleBox Pro 2.6.4.2534 Extract Dependencies.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/MoleBox/MoleBox Pro 2.6.4.2534 Extract Dependencies.txt -------------------------------------------------------------------------------- /NeoLite/neolite20.txt: -------------------------------------------------------------------------------- 1 | eob Break 2 | findop eip, #FFE0# 3 | bphws $RESULT, "x" 4 | run 5 | 6 | Break: 7 | bphwc $RESULT 8 | sti 9 | log eip 10 | ret 11 | -------------------------------------------------------------------------------- /SoftSentry/STONE'S PE ENCRYPTER 1.13 OEP FINDER 0.1.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/SoftSentry/STONE'S PE ENCRYPTER 1.13 OEP FINDER 0.1.txt -------------------------------------------------------------------------------- /Thinstall/Thinstall 2.5x Extract Dependencies Part2.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Thinstall/Thinstall 2.5x Extract Dependencies Part2.txt -------------------------------------------------------------------------------- /Thinstall/Thinstall 2.7xx Unpacker (Single Process).txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Thinstall/Thinstall 2.7xx Unpacker (Single Process).txt -------------------------------------------------------------------------------- /ZProtect/ZProtect 1.4.x HWID + Inline Patcher v1.0.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ZProtect/ZProtect 1.4.x HWID + Inline Patcher v1.0.txt -------------------------------------------------------------------------------- /eXPressor/eXPressor 1.5.0.1 OEP Finder + IAT Repair.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/eXPressor/eXPressor 1.5.0.1 OEP Finder + IAT Repair.txt -------------------------------------------------------------------------------- /Themida/Themida + WinLicence 1.1.x - 1.8.x OEP Finder.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Themida/Themida + WinLicence 1.1.x - 1.8.x OEP Finder.txt -------------------------------------------------------------------------------- /ThemidaScript/Themida & WinLicen 1.1.X - 1.8.X 系列脱壳脚本.osc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ThemidaScript/Themida & WinLicen 1.1.X - 1.8.X 系列脱壳脚本.osc -------------------------------------------------------------------------------- /ThemidaScript/Themida & WinLicen 1.9.1 - 1.9.5 系列脱壳脚本.osc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ThemidaScript/Themida & WinLicen 1.9.1 - 1.9.5 系列脱壳脚本.osc -------------------------------------------------------------------------------- /Yodas Crypter/Yodas Crypter 1.2 OEP + Patch IAT v0.1.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Yodas Crypter/Yodas Crypter 1.2 OEP + Patch IAT v0.1.txt -------------------------------------------------------------------------------- /ASProtect/ASProtect 1.22 - 1.23 Beta 21 OEP Finder v0.1b.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ASProtect/ASProtect 1.22 - 1.23 Beta 21 OEP Finder v0.1b.txt -------------------------------------------------------------------------------- /ASProtect/ASProtect 2.0x Resolve API's to HIGHMEM Calls.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ASProtect/ASProtect 2.0x Resolve API's to HIGHMEM Calls.txt -------------------------------------------------------------------------------- /ASProtect/ASProtect 2.xx Virtual Machine Jump Redirector.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ASProtect/ASProtect 2.xx Virtual Machine Jump Redirector.txt -------------------------------------------------------------------------------- /Acprotect/ACProtect 1.41 - 2%2e0 OEP Finder + IAT Repair.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Acprotect/ACProtect 1.41 - 2%2e0 OEP Finder + IAT Repair.txt -------------------------------------------------------------------------------- /Armadillo/Armadillo 3.xx - 5.xx Fingerprint Patcher v0.2.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Armadillo/Armadillo 3.xx - 5.xx Fingerprint Patcher v0.2.txt -------------------------------------------------------------------------------- /Armadillo/Armadillo 3.xx - 6.xx HardwareID Patcher v1.0.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Armadillo/Armadillo 3.xx - 6.xx HardwareID Patcher v1.0.txt -------------------------------------------------------------------------------- /Armadillo/Armadillo 4.42 CopyMem2 Child Process Decode.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Armadillo/Armadillo 4.42 CopyMem2 Child Process Decode.txt -------------------------------------------------------------------------------- /Armadillo/Armadillo 4.42 CopyMem2 Decrypt Code Sections.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Armadillo/Armadillo 4.42 CopyMem2 Decrypt Code Sections.txt -------------------------------------------------------------------------------- /Armadillo/Armadillo 4.xx CopyMem2 (DebugActiveProcess).txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Armadillo/Armadillo 4.xx CopyMem2 (DebugActiveProcess).txt -------------------------------------------------------------------------------- /Armadillo/Armadillo_3.xx_-_5.xx_Fingerprint_Patcher_v0.1.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Armadillo/Armadillo_3.xx_-_5.xx_Fingerprint_Patcher_v0.1.txt -------------------------------------------------------------------------------- /Armadillo/Armadillo_v3.x_v5.x_Finger_Print_Patcher_0.1.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Armadillo/Armadillo_v3.x_v5.x_Finger_Print_Patcher_0.1.txt -------------------------------------------------------------------------------- /Armadillo/armatools/armatools/ArmadilloFindProtected13.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Armadillo/armatools/armatools/ArmadilloFindProtected13.zip -------------------------------------------------------------------------------- /Armadillo/armatools/armatools/Armadillo_Dillo_Die_1[1].4.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Armadillo/armatools/armatools/Armadillo_Dillo_Die_1[1].4.zip -------------------------------------------------------------------------------- /Armadillo/armatools/armatools/Armadillo_Dillo_Die_1[1].5.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Armadillo/armatools/armatools/Armadillo_Dillo_Die_1[1].5.zip -------------------------------------------------------------------------------- /EncryptPE V2.2007.4.11/EncryptPE V2.2007.4.11with recode.osc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/EncryptPE V2.2007.4.11/EncryptPE V2.2007.4.11with recode.osc -------------------------------------------------------------------------------- /EncryptPE/EncryptPE 2.2007.4.11 OEP Finder + IAT Repair.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/EncryptPE/EncryptPE 2.2007.4.11 OEP Finder + IAT Repair.txt -------------------------------------------------------------------------------- /Protection Plus/Protection Plus 4.2 OEP Finder + Fix IAT.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Protection Plus/Protection Plus 4.2 OEP Finder + Fix IAT.txt -------------------------------------------------------------------------------- /ThemidaScript/ThemidaScript.for.V1.9.10+.0.4.By.fxyang.oSc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ThemidaScript/ThemidaScript.for.V1.9.10+.0.4.By.fxyang.oSc -------------------------------------------------------------------------------- /Thinstall/Thinstall 2.5unpack&Extract dll/Thinstall 2.5.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Thinstall/Thinstall 2.5unpack&Extract dll/Thinstall 2.5.txt -------------------------------------------------------------------------------- /Undetector/Undetector 1.2 OEP Finder + Detach Processes.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Undetector/Undetector 1.2 OEP Finder + Detach Processes.txt -------------------------------------------------------------------------------- /VGCrypt PE Encryptor/VGCRYPT 0.75 BETA - OEP FINDER 0.1.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/VGCrypt PE Encryptor/VGCRYPT 0.75 BETA - OEP FINDER 0.1.txt -------------------------------------------------------------------------------- /Wind of Crypt/Wind of Crypt 1.0 OEP Finder + EBFE Patch.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Wind of Crypt/Wind of Crypt 1.0 OEP Finder + EBFE Patch.txt -------------------------------------------------------------------------------- /AHTeam EP Protector/AHTeam EP Protector 0.3a [Goldocrack].txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/AHTeam EP Protector/AHTeam EP Protector 0.3a [Goldocrack].txt -------------------------------------------------------------------------------- /AHTeam EP Protector/AHTeam EP Protector 0.3b [Goldocrack].txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/AHTeam EP Protector/AHTeam EP Protector 0.3b [Goldocrack].txt -------------------------------------------------------------------------------- /ASProtect/ASProtect 2.0 Clear Junk Code + Stop Stolen Code.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ASProtect/ASProtect 2.0 Clear Junk Code + Stop Stolen Code.txt -------------------------------------------------------------------------------- /ASProtect/脚本/Unpacker_v1[1].14aSC/AsprUnpacker_history_sc.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ASProtect/脚本/Unpacker_v1[1].14aSC/AsprUnpacker_history_sc.txt -------------------------------------------------------------------------------- /Acprotect/ACProtect 2.0 (Standard) OEP Finder + IAT Repair.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Acprotect/ACProtect 2.0 (Standard) OEP Finder + IAT Repair.txt -------------------------------------------------------------------------------- /Armadillo/Armadillo 3.xx - 5.xx Finger Print Patcher v0.1.ocs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Armadillo/Armadillo 3.xx - 5.xx Finger Print Patcher v0.1.ocs -------------------------------------------------------------------------------- /Armadillo/Armadillo 3.xx - 5.xx Finger Print Patcher v0.1.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Armadillo/Armadillo 3.xx - 5.xx Finger Print Patcher v0.1.txt -------------------------------------------------------------------------------- /Armadillo/armatools/armatools/ArmaDetach[1].v1.1_RES_tool.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Armadillo/armatools/armatools/ArmaDetach[1].v1.1_RES_tool.zip -------------------------------------------------------------------------------- /Armadillo/armatools/armatools/Armadillo_ArmInline_0[1].95.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Armadillo/armatools/armatools/Armadillo_ArmInline_0[1].95.zip -------------------------------------------------------------------------------- /Armadillo/armatools/armatools/Armadillo_CRC_Finder_1[1].3.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Armadillo/armatools/armatools/Armadillo_CRC_Finder_1[1].3.zip -------------------------------------------------------------------------------- /穿山甲替换KEY专用/Armadillo 3.xx - 5.xx Fingerprint Patcher v0.2.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/穿山甲替换KEY专用/Armadillo 3.xx - 5.xx Fingerprint Patcher v0.2.txt -------------------------------------------------------------------------------- /穿山甲替换KEY专用/Armadillo_3.xx_-_5.xx_Fingerprint_Patcher_v0.1.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/穿山甲替换KEY专用/Armadillo_3.xx_-_5.xx_Fingerprint_Patcher_v0.1.txt -------------------------------------------------------------------------------- /AHpack/AHpack 0.1 OEP Finder #2.txt: -------------------------------------------------------------------------------- 1 | find eip,#FFE2# 2 | cmp $RESULT,0 3 | je err 4 | go $RESULT 5 | sto 6 | 7 | OEP: 8 | cmt eip,"OEP" 9 | ret 10 | 11 | err: 12 | msg "error" 13 | ret -------------------------------------------------------------------------------- /ASProtect/ASProtect 2.0x Clear Junk Code + Stop Stolen Code.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ASProtect/ASProtect 2.0x Clear Junk Code + Stop Stolen Code.txt -------------------------------------------------------------------------------- /ASProtect/脚本/Unpacker_v1[1].14aSC/Aspr2.XX_unpacker_v1.14aSC.osc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ASProtect/脚本/Unpacker_v1[1].14aSC/Aspr2.XX_unpacker_v1.14aSC.osc -------------------------------------------------------------------------------- /Armadillo/Armadillo 3.X DLL UNPACKING SCRIPT 0.1 [loveboom].txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Armadillo/Armadillo 3.X DLL UNPACKING SCRIPT 0.1 [loveboom].txt -------------------------------------------------------------------------------- /Armadillo/Armadillo 4.0 - 4.4 Standard Unpack + Debug Blocker.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Armadillo/Armadillo 4.0 - 4.4 Standard Unpack + Debug Blocker.txt -------------------------------------------------------------------------------- /Armadillo/Armadillo V4.0-V4.4.Standard.Protection OEP Finder.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Armadillo/Armadillo V4.0-V4.4.Standard.Protection OEP Finder.txt -------------------------------------------------------------------------------- /Armadillo/armatools/armatools/Armadillo_HWID_Patcher_v1[1].2.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Armadillo/armatools/armatools/Armadillo_HWID_Patcher_v1[1].2.zip -------------------------------------------------------------------------------- /Armadillo/armatools/armatools/Armadillo_Key_Generator_1[1].5.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Armadillo/armatools/armatools/Armadillo_Key_Generator_1[1].5.zip -------------------------------------------------------------------------------- /CSDSJKK Protector/CSDSJKK Protector OEP Finder + Fix Imports.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/CSDSJKK Protector/CSDSJKK Protector OEP Finder + Fix Imports.txt -------------------------------------------------------------------------------- /EncryptPE V2.2007.4.11/EncryptPE V2.2007.4.11without rpcode.osc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/EncryptPE V2.2007.4.11/EncryptPE V2.2007.4.11without rpcode.osc -------------------------------------------------------------------------------- /EncryptPE/EncryptPE 2.2007.12.1 OEP Finder + IAT Repair v0.2.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/EncryptPE/EncryptPE 2.2007.12.1 OEP Finder + IAT Repair v0.2.txt -------------------------------------------------------------------------------- /EncryptPE/EncryptPE 2.2007.4.11 OEP Finder + IAT Repair v0.1.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/EncryptPE/EncryptPE 2.2007.4.11 OEP Finder + IAT Repair v0.1.txt -------------------------------------------------------------------------------- /EncryptPE/EncryptPE 2.2007.4.11 OEP Finder + IAT Repair v0.2.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/EncryptPE/EncryptPE 2.2007.4.11 OEP Finder + IAT Repair v0.2.txt -------------------------------------------------------------------------------- /SVKP/SVKP 1.3x - 1.4x OEP Finder + Fix Imports + Stolen Code.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/SVKP/SVKP 1.3x - 1.4x OEP Finder + Fix Imports + Stolen Code.txt -------------------------------------------------------------------------------- /Yodas Protector/Yodas Protector 1.03 OEP Finder + IAT Fixer.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Yodas Protector/Yodas Protector 1.03 OEP Finder + IAT Fixer.txt -------------------------------------------------------------------------------- /vmp_iat/VMProtect_1.7_-_2.0_OEP_Finder_+_Unpack_Helper_v1.2.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/vmp_iat/VMProtect_1.7_-_2.0_OEP_Finder_+_Unpack_Helper_v1.2.txt -------------------------------------------------------------------------------- /Aspack/ASPACK.TXT: -------------------------------------------------------------------------------- 1 | eob Break 2 | findop eip, #6175# 3 | bphws $RESULT, "x" 4 | run 5 | 6 | Break: 7 | bphwc $RESULT 8 | sto 9 | sto 10 | sto 11 | sto 12 | log eip 13 | 14 | ret -------------------------------------------------------------------------------- /MoleBox/MoleBox 2.xx Auto-Unpacker diy by:heiketian10/filelen.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/MoleBox/MoleBox 2.xx Auto-Unpacker diy by:heiketian10/filelen.exe -------------------------------------------------------------------------------- /MoleBox/MoleBox 2.xx Auto-Unpacker diy by:heiketian10/mbunpack.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/MoleBox/MoleBox 2.xx Auto-Unpacker diy by:heiketian10/mbunpack.dll -------------------------------------------------------------------------------- /VGCrypt PE Encryptor/VGCrypt PE Encryptor 0.75 OEP Finder v0.1.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/VGCrypt PE Encryptor/VGCrypt PE Encryptor 0.75 OEP Finder v0.1.txt -------------------------------------------------------------------------------- /ASProtect/ASProtect 1.3x OEP Finder + IAT Rebuilder (Call to Call).txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ASProtect/ASProtect 1.3x OEP Finder + IAT Rebuilder (Call to Call).txt -------------------------------------------------------------------------------- /ASProtect/ASProtect 1.3x OEP Finder + IAT Rebuilder (Call to JMP).txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ASProtect/ASProtect 1.3x OEP Finder + IAT Rebuilder (Call to JMP).txt -------------------------------------------------------------------------------- /ASProtect/ASProtect 2.0x Fix IAT with Import Elimination Optimized.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ASProtect/ASProtect 2.0x Fix IAT with Import Elimination Optimized.txt -------------------------------------------------------------------------------- /Armadillo/Armadillo 3.xx - 4.00 Nanomites VA Finder v1.0 [Tk-Bf].txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Armadillo/Armadillo 3.xx - 4.00 Nanomites VA Finder v1.0 [Tk-Bf].txt -------------------------------------------------------------------------------- /Armadillo/Armadillo OEP Finder + Fix Magic Jumps + Fix Anti-Dump.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Armadillo/Armadillo OEP Finder + Fix Magic Jumps + Fix Anti-Dump.txt -------------------------------------------------------------------------------- /Armadillo/Armadillo.V4.0-V5.X.eXe.Standard.Protection.By.fly[CUG].oSc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Armadillo/Armadillo.V4.0-V5.X.eXe.Standard.Protection.By.fly[CUG].oSc -------------------------------------------------------------------------------- /Armadillo/armatools/armatools/ArmaDetach[1].Plugin.v1.01_RES_tool.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Armadillo/armatools/armatools/ArmaDetach[1].Plugin.v1.01_RES_tool.zip -------------------------------------------------------------------------------- /CrypToCrack Pe Protector/CrypToCrack Pe Protector 0.9.2 OEP Finder.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/CrypToCrack Pe Protector/CrypToCrack Pe Protector 0.9.2 OEP Finder.txt -------------------------------------------------------------------------------- /DotFix NiceProtect/DotFix NiceProtect 2.xx - 3.xx Auxiliary Script.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/DotFix NiceProtect/DotFix NiceProtect 2.xx - 3.xx Auxiliary Script.txt -------------------------------------------------------------------------------- /Obsidium/Obsidium 1.3.0.x OEP Finder + Find Stolen Code + Fix IAT .txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Obsidium/Obsidium 1.3.0.x OEP Finder + Find Stolen Code + Fix IAT .txt -------------------------------------------------------------------------------- /Themida/Themida + WinLicence 1.9.1 - 1.9.5 OEP Finder + IAT Repair.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Themida/Themida + WinLicence 1.9.1 - 1.9.5 OEP Finder + IAT Repair.txt -------------------------------------------------------------------------------- /Yodas Crypter/Yodas cryptor 1.x modified OEP and Patch IAT v0.1b.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Yodas Crypter/Yodas cryptor 1.x modified OEP and Patch IAT v0.1b.txt -------------------------------------------------------------------------------- /JDPack - JDProtect/JDPack 1.x JDProtect 0.9 OEP Finder + IAT Repair.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/JDPack - JDProtect/JDPack 1.x JDProtect 0.9 OEP Finder + IAT Repair.txt -------------------------------------------------------------------------------- /ASProtect/ASProtect 2.0x Fix IAT with Import Elimination Optimized v1.1.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ASProtect/ASProtect 2.0x Fix IAT with Import Elimination Optimized v1.1.txt -------------------------------------------------------------------------------- /Aspack/ASPack (b).txt: -------------------------------------------------------------------------------- 1 | eob Break 2 | findop eip, #6175# 3 | bphws $RESULT, "x" 4 | run 5 | 6 | Break: 7 | bphwc $RESULT 8 | sto 9 | sto 10 | sto 11 | sto 12 | log eip 13 | 14 | ret -------------------------------------------------------------------------------- /DalKrypt/DalKrypt 1.0 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | // DalKrypt v1.0 OEP Finder Script by LaFarge/ICU 2 | bp eip+25 3 | run 4 | bc eip 5 | sti 6 | cmt eip, "This is OEP" 7 | msg "OEP reached, dump here and fix imports!" 8 | ret -------------------------------------------------------------------------------- /Thinstall/Thinstall 2.5unpack&Extract dll/Thinstall 2.5 extract_part1.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Thinstall/Thinstall 2.5unpack&Extract dll/Thinstall 2.5 extract_part1.txt -------------------------------------------------------------------------------- /Thinstall/Thinstall 2.5unpack&Extract dll/Thinstall 2.5 extract_part2.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Thinstall/Thinstall 2.5unpack&Extract dll/Thinstall 2.5 extract_part2.txt -------------------------------------------------------------------------------- /Thinstall/Thinstall.Virtualization.Suite.V3.0X.Single.Main.eXe.UnPacK.oSc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Thinstall/Thinstall.Virtualization.Suite.V3.0X.Single.Main.eXe.UnPacK.oSc -------------------------------------------------------------------------------- /Yodas Crypter/Yodas Crypter 1.x (Modified) OEP Finder + Patch IAT v0.1b.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Yodas Crypter/Yodas Crypter 1.x (Modified) OEP Finder + Patch IAT v0.1b.txt -------------------------------------------------------------------------------- /ASProtect/ASProtect 1.3x - 2.xx Unpacker v1.13SC (Skip Registration Box).txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ASProtect/ASProtect 1.3x - 2.xx Unpacker v1.13SC (Skip Registration Box).txt -------------------------------------------------------------------------------- /Armadillo/Armadillo 3.6x - 4.xx OEP Finder + Fix Magic Jumps [hnhuqiong].txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Armadillo/Armadillo 3.6x - 4.xx OEP Finder + Fix Magic Jumps [hnhuqiong].txt -------------------------------------------------------------------------------- /PePack/PEPACK10.TXT: -------------------------------------------------------------------------------- 1 | // PEPack 1.0 OEP finder 2 | 3 | eob Break 4 | sto 5 | sto 6 | findop eip, #FFE0# 7 | bphws $RESULT, "x" 8 | run 9 | 10 | Break: 11 | bphwc $RESULT 12 | sto 13 | log eip 14 | ret -------------------------------------------------------------------------------- /Thinstall/Thinstall Virtualization Suite 3.0x Unpacker (Single Main Exe).txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Thinstall/Thinstall Virtualization Suite 3.0x Unpacker (Single Main Exe).txt -------------------------------------------------------------------------------- /NeoLite/Neolite v2.0 - oep finder.txt: -------------------------------------------------------------------------------- 1 | // Script for OllyScript plugin by DarK_m00n - http://www.cim-team.wb.st 2 | findop eip, #FFE0# 3 | go $RESULT 4 | cmt eip, "Jmp To OEP" 5 | sto 6 | an eip 7 | ret 8 | 9 | // -------------------------------------------------------------------------------- /Thinstall/Thinstall.Virtualization.Suite.V3.0X.Single.Main.eXe.UnPacK.Script.osc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Thinstall/Thinstall.Virtualization.Suite.V3.0X.Single.Main.eXe.UnPacK.Script.osc -------------------------------------------------------------------------------- /Armadillo/Armadillo 4.0 - 4.4 OEP Finder + Debug Blocker (Standard Protection).txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Armadillo/Armadillo 4.0 - 4.4 OEP Finder + Debug Blocker (Standard Protection).txt -------------------------------------------------------------------------------- /ID Application Protector/ID Application Protector 1.2 OEP Finder + IAT Repair.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ID Application Protector/ID Application Protector 1.2 OEP Finder + IAT Repair.txt -------------------------------------------------------------------------------- /eXPressor/eXPressor 1.3.0.1 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | sto 2 | var x 3 | mov x,esp 4 | bphws x,"r" 5 | run 6 | bphwc x 7 | sto 8 | an eip 9 | sti 10 | sti 11 | cmt eip, "Dump here and rebuild IAT with ImpRec." 12 | ret -------------------------------------------------------------------------------- /Armadillo/Armadillo 4.0 - 4.40 OEP Finder + Debug Blocker (Standard Protection).txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Armadillo/Armadillo 4.0 - 4.40 OEP Finder + Debug Blocker (Standard Protection).txt -------------------------------------------------------------------------------- /Armadillo/Armadillo 4.0 - 5.xx OEP Finder + Debug Blocker (Standard Protection).txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/Armadillo/Armadillo 4.0 - 5.xx OEP Finder + Debug Blocker (Standard Protection).txt -------------------------------------------------------------------------------- /CrypToCrack Pe Protector/CrypToCrack Pe Protector 0.9.2 OEP Finder + IAT Repair.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/CrypToCrack Pe Protector/CrypToCrack Pe Protector 0.9.2 OEP Finder + IAT Repair.txt -------------------------------------------------------------------------------- /EncryptPE V2.2007.4.11/EncryptPE V2.2007.4.11/EncryptPE V2.2007.4.11with recode.osc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/EncryptPE V2.2007.4.11/EncryptPE V2.2007.4.11/EncryptPE V2.2007.4.11with recode.osc -------------------------------------------------------------------------------- /NeoLite/NEOLITE 2.0 [DarK_m00n[CiM]].txt: -------------------------------------------------------------------------------- 1 | // Script for OllyScript plugin by SHaG - http://ollyscript.apsvans.com 2 | findop eip, #FFE0# 3 | go $RESULT 4 | cmt eip, "Jmp To OEP" 5 | sto 6 | an eip 7 | ret 8 | 9 | // [BACK] -------------------------------------------------------------------------------- /PePack/PePack 1.0 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | // PEPack 1.0 OEP finder 2 | 3 | eob Break 4 | sto 5 | sto 6 | findop eip, #FFE0# 7 | bphws $RESULT, "x" 8 | run 9 | 10 | Break: 11 | bphwc $RESULT 12 | sto 13 | log eip 14 | ret -------------------------------------------------------------------------------- /PeSpin/PeSpin 1.3 Beta 2 (Private) Detach From Client + Fix Code + Fix Nanomites.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/PeSpin/PeSpin 1.3 Beta 2 (Private) Detach From Client + Fix Code + Fix Nanomites.txt -------------------------------------------------------------------------------- /ThemidaScript/Themida&WinLicense.V1.9.1-V2.0.X.UnPacKScript.Public.By.fxyang[CUG].osc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/ThemidaScript/Themida&WinLicense.V1.9.1-V2.0.X.UnPacKScript.Public.By.fxyang[CUG].osc -------------------------------------------------------------------------------- /EncryptPE V2.2007.4.11/EncryptPE V2.2007.4.11/EncryptPE V2.2007.4.11without rpcode.osc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/EncryptPE V2.2007.4.11/EncryptPE V2.2007.4.11/EncryptPE V2.2007.4.11without rpcode.osc -------------------------------------------------------------------------------- /Enigma/Enigma 1.12 Remove AVW Exceptions.txt: -------------------------------------------------------------------------------- 1 | Loop: 2 | 3 | eob ExceptionBreak 4 | ESTO 5 | ExceptionBreak: 6 | 7 | cmp [eip],0089,2 8 | je RemoveException 9 | ret 10 | 11 | RemoveException: 12 | mov [eip],#EB01# 13 | jmp Loop -------------------------------------------------------------------------------- /YZPack/YZPack 1.0 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | // YZPack v1.0 OEP Finder Script by LaFarge/ICU 2 | 3 | var blah 4 | sto 5 | mov blah,esp 6 | bphws blah,"r" 7 | run 8 | sto 9 | sto 10 | bphwc blah 11 | cmt eip,"OEP Reached! Dump from here!" -------------------------------------------------------------------------------- /visual protect/Visual Protect 3.xx OEP Finder + Repair IAT + Name and Project Finder.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/visual protect/Visual Protect 3.xx OEP Finder + Repair IAT + Name and Project Finder.txt -------------------------------------------------------------------------------- /PePack/PEPACK 1.0 OEP-FINDER II.txt: -------------------------------------------------------------------------------- 1 | // PEPack 1.0 OEP finder 2 | 3 | eob Break 4 | sto 5 | sto 6 | findop eip, #FFE0# 7 | bphws $RESULT, "x" 8 | run 9 | 10 | Break: 11 | bphwc $RESULT 12 | sto 13 | log eip 14 | ret -------------------------------------------------------------------------------- /ASProtect/ASPR 1.23RC4.osc: -------------------------------------------------------------------------------- 1 | var k 2 | var l 3 | eoe lab3 4 | eob lab3 5 | lab3: 6 | 7 | mov k,esp 8 | add k,1c 9 | mov l,[k] 10 | 11 | cmp l,400000 12 | 13 | je lab4 14 | esto 15 | jmp lab3 16 | lab4: 17 | 18 | ret 19 | -------------------------------------------------------------------------------- /Themida/CD01.TXT: -------------------------------------------------------------------------------- 1 | 2 | mov x,THEMIDA 3 | N1: 4 | findop x,#CD01# 5 | cmp $RESULT,0 6 | mov z,$RESULT 7 | je N3 8 | cmp [z],00EB01CD 9 | jne N2 10 | and [z],ffff0000 11 | add [z],0C033 12 | N2: 13 | mov x,$RESULT 14 | jmp N1 15 | N3: 16 | -------------------------------------------------------------------------------- /NsPack/NsPack 3.4 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | //NsPack 3.4 OEP Finder 2 | //Made by: GaBoR {RES} 3 | var t 4 | sti 5 | sti 6 | mov t,esp 7 | bphws t,"r" 8 | run 9 | bphwc t 10 | sti 11 | sti 12 | cmt eip,"OEP" 13 | msg "Dump & fix IAT!" 14 | ret 15 | 16 | -------------------------------------------------------------------------------- /PECompact/pecompact_1_76.txt: -------------------------------------------------------------------------------- 1 | eob Break 2 | findop eip, #60# 3 | bphws $RESULT, "x" 4 | run 5 | 6 | Break: 7 | sto 8 | bphws esp,"r" 9 | jmp lab1 10 | 11 | lab1: 12 | eob lab2 13 | run 14 | lab2: 15 | sto 16 | sto 17 | sti 18 | ret 19 | 20 | 21 | 22 | -------------------------------------------------------------------------------- /Themida/Script2.txt: -------------------------------------------------------------------------------- 1 | var CODE 2 | var x 3 | var THEMIDA 4 | mov CODE,01001000 5 | mov THEMIDA,01018000 6 | P2: 7 | bprm CODE,217000 8 | run 9 | bpmc 10 | mov x,eip 11 | sub x,CODE 12 | cmp x,0 13 | jb P2 14 | cmp x,217000 15 | ja P2 16 | ret -------------------------------------------------------------------------------- /BamBam/BamBam 0.01 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | find eip,#558BEC# 2 | bp $RESULT 3 | run 4 | bc $RESULT 5 | sto 6 | sto 7 | sto 8 | sto 9 | sto 10 | sto 11 | sto 12 | sto 13 | sti 14 | cmt eip,"OEP found" 15 | msg "Dump & fix the IAT" 16 | ret 17 | 18 | 19 | -------------------------------------------------------------------------------- /WWPack32/WWPack32 1.20 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | // Script for OllyScript plugin by SHaG - http://ollyscript.apsvans.com 2 | var x 3 | findop eip, #5B# 4 | mov x,$RESULT 5 | inc x 6 | go x 7 | cmt eip, "Nice Jump!" 8 | sto 9 | an eip 10 | ret 11 | 12 | // [BACK] -------------------------------------------------------------------------------- /nPack/nPack 1.1.800.2008 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | var command_ 2 | 3 | find eip,#FF35????# 4 | mov command_,$RESULT 5 | cmp command_,0 6 | je fin 7 | add command_,6 8 | bphws command_,"x" 9 | run 10 | esti 11 | cmt eip,"This is the OEP" 12 | fin: 13 | msg "Done" 14 | ret -------------------------------------------------------------------------------- /French Layor/French Layor 1.81 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | // Script for OllyScript plugin by SHaG - http://ollyscript.apsvans.com 2 | var x 3 | findop eip, #FFE0# 4 | mov x,$RESULT 5 | add x,19 6 | Bp x 7 | go x 8 | cmt eip,"Jmp to OEP" 9 | sto 10 | an eip 11 | ret 12 | -------------------------------------------------------------------------------- /Pohernah/Pohernah 1.0.3 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | // Pohernah v1.0.3.b OEP Finder Script by LaFarge/ICU 2 | var blah 3 | sti 4 | mov blah, esp 5 | bphws blah,"r" 6 | run 7 | bphwc blah 8 | sti 9 | cmt eip, "This is OEP" 10 | msg "OEP reached, dump here and fix imports!" 11 | ret -------------------------------------------------------------------------------- /MEW/Mew11 SE v1.2 - OEP Finder.txt: -------------------------------------------------------------------------------- 1 | // Script for OllyScript plugin by DarK_m00n - http://www.cim-team.wb.st 2 | 3 | 4 | 5 | 6 | sto 7 | findop eip,#C3# 8 | go $RESULT 9 | sto 10 | cmt eip,"OEP found by DarK_m00n | CiM" 11 | an eip 12 | ret 13 | 14 | // -------------------------------------------------------------------------------- /NsPack/NsPack 2.4 - 2.6 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | sto 2 | sto 3 | findop eip, #9D# 4 | go $RESULT 5 | sto 6 | sto 7 | msg "Script finished! You are on the OEP! " 8 | msg "Dump it and rebuild the IAT " 9 | msg "Have fun! Generic OEP Finder {nSPack 2.4} by Max_Zero " 10 | 11 | 12 | -------------------------------------------------------------------------------- /PKLite32/PKLite32 1.1 OEP Finder v0.1.txt: -------------------------------------------------------------------------------- 1 | // PKLITE32 1.1 OEP V0.1 2 | // by Mr.David 3 | // http://www.chinadfcg.com 4 | 5 | sto 6 | sto 7 | sto 8 | sto 9 | sto 10 | cmt eip,"OEP To Get,Please dumped it,Enjoy!" 11 | 12 | 13 | -------------------------------------------------------------------------------- /FSG/fsg_2_0.txt: -------------------------------------------------------------------------------- 1 | /* 2 | // OEP FINDER FOR: FSG v2.0 by bart 3 | // AUTHOR : SMoKE (smoke@freenet.am) 4 | // OS : WinXP SP1, OllyDbg v1.10c, OllyScript v0.8 5 | */ 6 | 7 | findop eip, #FF630C# 8 | go $RESULT 9 | sto 10 | cmt eip, "OEP Reached !" 11 | ret -------------------------------------------------------------------------------- /FSG/FSG 2.0 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | /* 2 | // OEP FINDER FOR: FSG v2.0 by bart 3 | // AUTHOR : SMoKE (smoke@freenet.am) 4 | // OS : WinXP SP1, OllyDbg v1.10c, OllyScript v0.8 5 | */ 6 | 7 | findop eip, #FF630C# 8 | go $RESULT 9 | sto 10 | cmt eip, "OEP Reached !" 11 | ret -------------------------------------------------------------------------------- /PECompact/PeCompact 1.76 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | eob Break 2 | findop eip, #60# 3 | bphws $RESULT, "x" 4 | run 5 | 6 | Break: 7 | sto 8 | bphws esp,"r" 9 | jmp lab1 10 | 11 | lab1: 12 | eob lab2 13 | run 14 | lab2: 15 | sto 16 | sto 17 | sti 18 | ret 19 | 20 | 21 | 22 | -------------------------------------------------------------------------------- /ASProtect/ASProtect BP.txt: -------------------------------------------------------------------------------- 1 | var k 2 | var l 3 | eoe lab3 4 | eob lab3 5 | lab3: 6 | 7 | mov k,esp 8 | add k,1c 9 | mov l,[k] 10 | 11 | cmp l,400000 12 | 13 | je lab4 14 | esto 15 | jmp lab3 16 | lab4: 17 | 18 | eob lab5 19 | mov k,eip 20 | add k,3d 21 | bp k 22 | esto 23 | 24 | lab5: 25 | ret -------------------------------------------------------------------------------- /FSG/FSG 1.00 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | // Script for OllyScript plugin by SHaG - http://ollyscript.apsvans.com 2 | var x 3 | findop eip, #FE0F# 4 | mov x,$RESULT 5 | add x,10 6 | go x 7 | Bpcnd x,"BYTE PTR DS:[EDI]==0" 8 | cmt eip,"Jmp to OEP" 9 | run 10 | sto 11 | an eip 12 | ret 13 | 14 | // -------------------------------------------------------------------------------- /Morphnah/Morphnah 0.2 OEP Finder 2.txt: -------------------------------------------------------------------------------- 1 | // Morphnah 0.2 OEP Finder Script by LaFarge / Team ICU 2 | 3 | find eip, #6168????????C3# 4 | bp $RESULT 5 | run 6 | bc eip 7 | sti 8 | sti 9 | sti 10 | cmt eip, "This is OEP" 11 | msg "This is OEP! Dump and fix imports now!" 12 | ret 13 | -------------------------------------------------------------------------------- /DXPack/DXPACK 0.86.txt: -------------------------------------------------------------------------------- 1 | // Dxpack 0.86 -> ANAKiN OEP V0.1 2 | // by Mr.David 3 | // http://www.chinadfcg.com 4 | 5 | var addr 6 | sto 7 | mov addr,esp 8 | bphws addr,"r" 9 | run 10 | sto 11 | BPHWC addr 12 | cmt eip,"OEP To Get,Please dumped it,Enjoy!" 13 | 14 | -------------------------------------------------------------------------------- /MoleBox/MoleBox 2.xx Auto-Unpacker diy by:heiketian10/Molebox 2.x unpacker script diy by heiketian10【chinese xiuzheng 】 .txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dubuqingfeng/ollydbg-script/HEAD/MoleBox/MoleBox 2.xx Auto-Unpacker diy by:heiketian10/Molebox 2.x unpacker script diy by heiketian10【chinese xiuzheng 】 .txt -------------------------------------------------------------------------------- /PE Diminisher/PE Diminisher 0.1 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | // PE Diminisher 0.1 OEP Finder 2 | // by FEUERRADER [AHTeam] 3 | // http://ahteam.org 4 | 5 | eob Break 6 | findop eip, #5BFFE0# 7 | bphws $RESULT, "x" 8 | run 9 | 10 | Break: 11 | sto 12 | sto 13 | bphwc $RESULT 14 | cmt eip, "OEP" 15 | ret 16 | -------------------------------------------------------------------------------- /PKLite32/PKLite32 1.1 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | // PKLITE32 1.1 eop finder 2 | // By R@dier 2004 3 | // 4 | var a 5 | findop eip, #E955# 6 | bphws $RESULT, "x" 7 | mov a,$RESULT 8 | run 9 | bphwc a 10 | sti 11 | cmt eip, "This is the entry point" 12 | msg "Arrived at entry point dump anytime" 13 | ret 14 | -------------------------------------------------------------------------------- /Pestil/Pestil 1.0 OEP Finder 2.txt: -------------------------------------------------------------------------------- 1 | // Pestil v1.0 OEP Finder script by LaFarge / Team ICU 2 | 3 | find eip, #39C475FA83EC80E900ADFAFF# 4 | bp $RESULT 5 | run 6 | bc eip 7 | bp eip+7 8 | run 9 | bc eip 10 | sti 11 | an eip 12 | cmt eip, "This is OEP!" 13 | msg "This is OEP! Dump and rebuild imports now!." 14 | ret -------------------------------------------------------------------------------- /Upx s h i t/UPXShit 0.x OEP Finder.txt: -------------------------------------------------------------------------------- 1 | // UPXShit 0.x oep finder 2 | // by Mr.David 3 | // www.chinadfcg.com 4 | 5 | var a 6 | 7 | mov a, esp 8 | sub a, 20 9 | 10 | bphws a,"r" 11 | 12 | run 13 | run 14 | 15 | bphwc a 16 | sto 17 | 18 | cmt eip,"OEP To Get,Please dumped it,Enjoy!" -------------------------------------------------------------------------------- /32Lite/32Lite 0.03a OEP V0.1 [Mr.David].txt: -------------------------------------------------------------------------------- 1 | // 32Lite 0.03a OEP V0.1 2 | // by Mr.David 3 | // http://www.chinadfcg.com 4 | 5 | var addr 6 | sto 7 | mov addr,esp 8 | bphws addr,"r" 9 | run 10 | sto 11 | BPHWC addr 12 | cmt eip,"OEP To Get,Please dumped it,Enjoy!" 13 | 14 | -------------------------------------------------------------------------------- /Ezip/Ezip 1.0.osc: -------------------------------------------------------------------------------- 1 | //Ezip 1.0 OEP finder by Flashback/Team-X 2 | //Site: www.team-x.ru 3 | //Email: Flashback@mail15.com 4 | STO 5 | FIND eip, #FFE0# 6 | BP $RESULT 7 | RUN 8 | BC $RESULT 9 | STO 10 | cmt eip, "OEP" 11 | MSG "OEP! Script by Flashback/Team-X [www.team-x.ru/Flashback]" 12 | an eip 13 | ret -------------------------------------------------------------------------------- /UnDo Crypter/UnDo Crypter 1.0 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | // UnDo Crypter v1.0 OEP Finder script by LaFarge/ICU 2 | 3 | var blah 4 | 5 | find eip, #6A0039C475FA83EC80# 6 | mov blah, $RESULT 7 | bp blah+9 8 | run 9 | bc eip 10 | sti 11 | cmt eip, "This is the OEP!" 12 | msg "This is OEP! Dump and rebuild imports now!" 13 | 14 | -------------------------------------------------------------------------------- /DXPack/Dxpack 0.86 OEP Finder v0.1.txt: -------------------------------------------------------------------------------- 1 | // Dxpack 0.86 -> ANAKiN OEP V0.1 2 | // by Mr.David 3 | // http://www.chinadfcg.com 4 | 5 | var addr 6 | sto 7 | mov addr,esp 8 | bphws addr,"r" 9 | run 10 | sto 11 | BPHWC addr 12 | cmt eip,"OEP To Get,Please dumped it,Enjoy!" 13 | 14 | -------------------------------------------------------------------------------- /Aspack/aspack.212.oep.txt: -------------------------------------------------------------------------------- 1 | // Script for OllyScript plugin by SHaG - http://ollyscript.apsvans.com 2 | find eip, #68000000# 3 | go $RESULT 4 | sti 5 | sti 6 | cmt eip,"You're at OEP" 7 | msgyn "Do you want to analyze now ?" 8 | cmp $RESULT,0 9 | je cancel 10 | an eip 11 | 12 | cancel: 13 | ret 14 | 15 | // [BACK] -------------------------------------------------------------------------------- /ANDpakk/ANDpakk2 0.18 OEP Finder 2.txt: -------------------------------------------------------------------------------- 1 | var oep 2 | 3 | 4 | 5 | gpa "LoadLibraryA","kernel32.dll" 6 | bp $RESULT 7 | run 8 | bc eip 9 | rtu 10 | mov oep,eip 11 | sub oep,D 12 | bp oep 13 | run 14 | bc eip 15 | sti 16 | sti 17 | cmt eip,"OEP" 18 | MSG "Oep Faund" 19 | ret 20 | 21 | quit: 22 | MSG "Not apk2_v018" 23 | ret 24 | -------------------------------------------------------------------------------- /Aspack/aspack_1.08.02.txt: -------------------------------------------------------------------------------- 1 | //////////////////Aspack 1.08.02////////////////// 2 | // This script easely finds OEP for Aspack 1.08.02 3 | // Made by Sebby 4 | sto 5 | sto 6 | sto 7 | findop eip,#61# 8 | bp $RESULT 9 | run 10 | sto 11 | sto 12 | sto 13 | MSG "All done.Just dump the proces or press Ctrl+A to analyze the code." 14 | ret -------------------------------------------------------------------------------- /G!X Protector/Gie-Protector 0.2 Unpacker.txt: -------------------------------------------------------------------------------- 1 | var sz 2 | var rgn 3 | GPA "VirtualAlloc","kernel32.dll" 4 | bp $RESULT 5 | erun 6 | rtu 7 | mov sz,[esp] 8 | go eip+20 9 | mov rgn,esi 10 | dm rgn, sz, "dump.exe" 11 | Msg "File Unpacked!Если необходимо примените LordPe RebuildPe с Опциями Status Window & Validate Pe" 12 | ret -------------------------------------------------------------------------------- /MEW/MEW 11 SE 1.2 [Darus].txt: -------------------------------------------------------------------------------- 1 | // Script for OllyScript plugin by SHaG - http://ollyscript.apsvans.com 2 | //ollyscript by Darus 3 | //oep finder for 4 | //MEW11 SE b1.2 5 | var OEP 6 | sto 7 | sto 8 | sto 9 | sto 10 | sto 11 | mov OEP, eax 12 | bphws OEP, "x" 13 | run 14 | an eip 15 | bphwc eip 16 | 17 | // [BACK] -------------------------------------------------------------------------------- /Aspack/ASPACK 2.12 [Reverend].txt: -------------------------------------------------------------------------------- 1 | // Script for OllyScript plugin by SHaG - http://ollyscript.apsvans.com 2 | find eip, #68000000# 3 | go $RESULT 4 | sti 5 | sti 6 | cmt eip,"You're at OEP" 7 | msgyn "Do you want to analyze now ?" 8 | cmp $RESULT,0 9 | je cancel 10 | an eip 11 | 12 | cancel: 13 | ret 14 | 15 | // [BACK] -------------------------------------------------------------------------------- /FSG/FSG 2.0 OEP-FINDER.txt: -------------------------------------------------------------------------------- 1 | // Script for OllyScript plugin by SHaG - http://ollyscript.apsvans.com 2 | var x 3 | 4 | mov x,eip 5 | add x,7D 6 | go x 7 | sti 8 | cmt eip,"You're at OEP" 9 | msgyn "Do you want to analyze now ?" 10 | cmp $RESULT,0 11 | je cancel 12 | an eip 13 | 14 | cancel: 15 | ret 16 | 17 | // [BACK] -------------------------------------------------------------------------------- /MEW/MEW 11 SE v1.2b OEP Finder.txt: -------------------------------------------------------------------------------- 1 | // Script for OllyScript plugin by SHaG - http://ollyscript.apsvans.com 2 | //ollyscript by Darus 3 | //oep finder for 4 | //MEW11 SE b1.2 5 | var OEP 6 | sto 7 | sto 8 | sto 9 | sto 10 | sto 11 | mov OEP, eax 12 | bphws OEP, "x" 13 | run 14 | an eip 15 | bphwc eip 16 | 17 | // [BACK] -------------------------------------------------------------------------------- /MEW/MEW 11 SE vb1.2 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | // Script for OllyScript plugin by SHaG - http://ollyscript.apsvans.com 2 | //ollyscript by Darus 3 | //oep finder for 4 | //MEW11 SE b1.2 5 | var OEP 6 | sto 7 | sto 8 | sto 9 | sto 10 | sto 11 | mov OEP, eax 12 | bphws OEP, "x" 13 | run 14 | an eip 15 | bphwc eip 16 | 17 | // [BACK] -------------------------------------------------------------------------------- /Upx/UPX.TXT: -------------------------------------------------------------------------------- 1 | // The amazing UPX OEP finder v2 2 | // This script will quickly put you at the OEP of an UPX-packed EXE. 3 | // Just run it! 4 | // Implemented using hardware breakpoints (just for fun). 5 | 6 | eob Break 7 | findop eip, #61# 8 | bphws $RESULT, "x" 9 | run 10 | 11 | Break: 12 | sto 13 | sto 14 | bphwc $RESULT 15 | ret -------------------------------------------------------------------------------- /Aspack/ASPACK 1.X-2.X OEP FINDER V.0.1.txt: -------------------------------------------------------------------------------- 1 | // ASpack 1.x-2.x OEP Finder v0.1 2 | // by Mr.David 3 | // http://www.chinadfcg.com 4 | 5 | var addr 6 | sto 7 | mov addr,esp 8 | bphws addr,"r" 9 | run 10 | sto 11 | sto 12 | sto 13 | BPHWC addr 14 | cmt eip,"OEP To Get,Please dumped it,Enjoy!" -------------------------------------------------------------------------------- /ASProtect/ASProtect 2.1 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | gmi 401000,CODESIZE 2 | mov codes,$RESULT 3 | eoe chk 4 | eob chk 5 | esto 6 | chk: 7 | cmp eax,0 8 | je cnt 9 | cmp eax,ebx 10 | jne cnt 11 | cmp [esp],edx 12 | jne cnt 13 | bprm 401000,codes 14 | eob end 15 | cnt: 16 | esto 17 | end: 18 | bpmc 19 | ret 20 | best regards!; britedream 21 | -------------------------------------------------------------------------------- /普通脱壳脚本/UPX.osc: -------------------------------------------------------------------------------- 1 | // The amazing UPX OEP finder v2 2 | // This script will quickly put you at the OEP of an UPX-packed EXE. 3 | // Just run it! 4 | // Implemented using hardware breakpoints (just for fun). 5 | 6 | eob Break 7 | findop eip, #61# 8 | bphws $RESULT, "x" 9 | run 10 | 11 | Break: 12 | sto 13 | sto 14 | bphwc $RESULT 15 | ret -------------------------------------------------------------------------------- /KaOs PE-DLL eXecutable Undetecter/KaOs PE-DLL eXecutable Undetecter OEP Finder 2.txt: -------------------------------------------------------------------------------- 1 | // KaOs PE-DLL eXecutable Undetecter OEP Finder script by LaFarge / Team ICU 2 | 3 | find eip, #750761FF25# 4 | bp $RESULT 5 | run 6 | bc eip 7 | sti 8 | sti 9 | sti 10 | an eip 11 | cmt eip, "This is OEP!" 12 | msg "This is OEP! Dump and rebuild imports now!." 13 | ret -------------------------------------------------------------------------------- /PKLite32/PKLITE32 v1.1.osc: -------------------------------------------------------------------------------- 1 | //PKLITE32 v1.1 OEP finder by Flashback/Team-X 2 | //Site: www.team-x.ru 3 | //Email: Flashback@mail15.com 4 | //Date: 11.o5.2oo8 5 | FIND eip, #E9????????40# 6 | BP $RESULT 7 | RUN 8 | BC $RESULT 9 | STO 10 | CMT eip, "OEP" 11 | MSG "OEP! Script by Flashback/Team-X [www.team-x.ru/Flashback]" 12 | AN eip 13 | RET -------------------------------------------------------------------------------- /FSG/fsg_1.33.txt: -------------------------------------------------------------------------------- 1 | // FSG 1.33 OEP Finder v0.1 !maybe unstable! 2 | // by FEUERRADER [AHTeam] 3 | // http://ahteam.org 4 | 5 | var s 6 | var k 7 | 8 | eob Break 9 | findop eip, #FE0E0F84# 10 | mov s, $RESULT 11 | add s, 04 12 | mov k, [s] 13 | add s, 04 14 | add s, k 15 | bphws s, "x" 16 | run 17 | 18 | Break: 19 | bphwc s 20 | cmt eip, "OEP" 21 | ret 22 | -------------------------------------------------------------------------------- /FSG/变形fsg1.33.osc: -------------------------------------------------------------------------------- 1 | // FSG 1.33 OEP Finder v0.1 !maybe unstable! 2 | // by FEUERRADER [AHTeam] 3 | // http://ahteam.org 4 | 5 | var s 6 | var k 7 | 8 | eob Break 9 | findop eip, #FE0E0F84# 10 | mov s, $RESULT 11 | add s, 04 12 | mov k, [s] 13 | add s, 04 14 | add s, k 15 | bphws s, "x" 16 | run 17 | 18 | Break: 19 | bphwc s 20 | cmt eip, "OEP" 21 | ret 22 | -------------------------------------------------------------------------------- /NakedPacker/Nakedpack 1.0.osc: -------------------------------------------------------------------------------- 1 | //Nakedpack 1.0 OEP finder by Flashback/Team-X 2 | //Site: www.team-x.ru 3 | //Email: Flashback@mail15.com 4 | //Date: 11.o5.2oo8 5 | FIND eip, #61FF# 6 | BP $RESULT 7 | RUN 8 | BC $RESULT 9 | STO 10 | STO 11 | CMT eip, "OEP" 12 | MSG "OEP! Script by Flashback/Team-X [www.team-x.ru/Flashback]" 13 | AN eip 14 | RET -------------------------------------------------------------------------------- /ASDPack/ASDPack 2.0 OEP Finder 2.txt: -------------------------------------------------------------------------------- 1 | // ASDPack 2.0 OEP Finder Script by LaFarge / Team ICU 2 | 3 | bp eip+7 4 | run 5 | bc eip 6 | sti 7 | find eip, #595B5F5E50C3# 8 | bp $RESULT 9 | run 10 | bc eip 11 | bp eip+5 12 | run 13 | bc eip 14 | sti 15 | cmt eip, "This is OEP" 16 | msg "This is OEP! Dump and fix imports now!" 17 | ret 18 | -------------------------------------------------------------------------------- /Upx/UPX OEP Finder v2.0.txt: -------------------------------------------------------------------------------- 1 | // The amazing UPX OEP finder v2 2 | // This script will quickly put you at the OEP of an UPX-packed EXE. 3 | // Just run it! 4 | // Implemented using hardware breakpoints (just for fun). 5 | 6 | eob Break 7 | findop eip, #61# 8 | bphws $RESULT, "x" 9 | run 10 | 11 | Break: 12 | sto 13 | sto 14 | bphwc $RESULT 15 | ret -------------------------------------------------------------------------------- /YZPack/YZPack 2.0 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | // YZPack v2.0 OEP Finder Script by LaFarge/ICU 2 | 3 | find eip, #FF6528# 4 | bp $RESULT 5 | run 6 | bc eip 7 | sti 8 | find eip, #FF6510# 9 | bp $RESULT 10 | run 11 | bc eip 12 | sti 13 | an eip 14 | cmt eip,"OEP Reached!" 15 | dpe "dumped.exe", eip 16 | msg "OEP reached, executable has been dumped! Rebuild imports with ImpRec." -------------------------------------------------------------------------------- /MPress/MPress 0.7x OEP Finder.txt: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | mpress unpacking script 4 | Author: SnD 5 | 6 | */ 7 | 8 | var temp1 9 | 10 | find eip, #E9????????# 11 | mov temp1, $RESULT 12 | bp temp1 13 | run 14 | bc temp1 15 | sti 16 | sti 17 | find eip, #61E9????????# 18 | mov temp1, $RESULT 19 | inc temp1 20 | bp temp1 21 | run 22 | bc temp1 23 | sti 24 | cmt eip, "OEP" 25 | ret -------------------------------------------------------------------------------- /PC PeSHRINKER/PC Shrinker v0.71 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | // PC Shrinker 0.71 OEP V0.1 2 | // by Mr.David 3 | // http://www.chinadfcg.com 4 | 5 | var addr 6 | sto 7 | sto 8 | mov addr,esp 9 | bphws addr,"r" 10 | run 11 | sto 12 | sto 13 | sto 14 | BPHWC addr 15 | cmt eip,"OEP To Get,Please dumped it,Enjoy!" 16 | 17 | 18 | -------------------------------------------------------------------------------- /CRYPT/crypt.1.0.txt: -------------------------------------------------------------------------------- 1 | // Script for OllyScript plugin by SHaG - http://ollyscript.apsvans.com 2 | var a 3 | findop eip, #FFE0# 4 | go $RESULT 5 | sto 6 | an eip 7 | MSGYN "Do u wanna to Unpack it ?" 8 | cmp $RESULT,0 9 | je he_refuze 10 | mov a,"c:\D_file_unpacked.exe" 11 | dpe a,eip 12 | MSG a 13 | he_refuze: 14 | cmt eip, " l'OEP " 15 | ret 16 | 17 | // [BACK] -------------------------------------------------------------------------------- /PC PeSHRINKER/PC Shrinker 0.71 OEP Finder v0.1.txt: -------------------------------------------------------------------------------- 1 | // PC Shrinker 0.71 OEP V0.1 2 | // by Mr.David 3 | // http://www.chinadfcg.com 4 | 5 | var addr 6 | sto 7 | sto 8 | mov addr,esp 9 | bphws addr,"r" 10 | run 11 | sto 12 | sto 13 | sto 14 | BPHWC addr 15 | cmt eip,"OEP To Get,Please dumped it,Enjoy!" 16 | 17 | 18 | -------------------------------------------------------------------------------- /PECompact/PECOMPACT V.1.X OEP FINDER.txt: -------------------------------------------------------------------------------- 1 | // Pecompact 1.x OEP Finder v0.1 2 | // by Mr.David 3 | // http://www.chinadfcg.com 4 | 5 | var addr 6 | sto 7 | sto 8 | sto 9 | mov addr,esp 10 | bphws addr,"r" 11 | run 12 | sto 13 | sto 14 | sto 15 | sto 16 | BPHWC addr 17 | cmt eip,"OEP To Get,Please dumped it,Enjoy!" -------------------------------------------------------------------------------- /PECompact/Pecompact 1.x OEP Finder v0.1.txt: -------------------------------------------------------------------------------- 1 | // Pecompact 1.x OEP Finder v0.1 2 | // by Mr.David 3 | // http://www.chinadfcg.com 4 | 5 | var addr 6 | sto 7 | sto 8 | sto 9 | mov addr,esp 10 | bphws addr,"r" 11 | run 12 | sto 13 | sto 14 | sto 15 | sto 16 | BPHWC addr 17 | cmt eip,"OEP To Get,Please dumped it,Enjoy!" -------------------------------------------------------------------------------- /Crunch/Crunch 5.0.txt: -------------------------------------------------------------------------------- 1 | // Crunch 5.0 OEP Finder 2 | // Made by: GaBoR {RES} 3 | findop eip, #60# 4 | bphws $RESULT, "x" 5 | run 6 | bphwc $RESULT 7 | sto 8 | var t 9 | mov t,esp 10 | bphws t, "r" 11 | run 12 | bphwc t 13 | sto 14 | sto 15 | sto 16 | sto 17 | sto 18 | cmt eip,"This is the OEP! Found by GaBoR {RES}" 19 | MSG "Dump & fix IAT" 20 | ret 21 | 22 | 23 | -------------------------------------------------------------------------------- /FSG/FSG 1.33 OEP Finder v0.1.txt: -------------------------------------------------------------------------------- 1 | // FSG 1.33 OEP Finder v0.1 !maybe unstable! 2 | // by FEUERRADER [AHTeam] 3 | // http://ahteam.org 4 | 5 | var s 6 | var k 7 | 8 | eob Break 9 | findop eip, #FE0E0F84# 10 | mov s, $RESULT 11 | add s, 04 12 | mov k, [s] 13 | add s, 04 14 | add s, k 15 | bphws s, "x" 16 | run 17 | 18 | Break: 19 | bphwc s 20 | cmt eip, "OEP" 21 | ret 22 | -------------------------------------------------------------------------------- /Ezip/E_ZIP v1.0 - oep finder and Unpacker.txt: -------------------------------------------------------------------------------- 1 | // Script for OllyScript plugin by DarK_m00n - http://www.cim-team.wb.st 2 | var a 3 | findop eip, #FFE0# 4 | go $RESULT 5 | cmt eip, "Jmp To OEP" 6 | sto 7 | an eip 8 | MSGYN "Do u wanna to Unpack it ?" 9 | cmp $RESULT,0 10 | je he_refuze 11 | mov a,"c:\D_file_unpacked.exe" 12 | dpe a,eip 13 | MSG a 14 | he_refuze: 15 | ret 16 | 17 | // -------------------------------------------------------------------------------- /Code Cave Finder/Code Cave Finder.txt: -------------------------------------------------------------------------------- 1 | var x 2 | mov x , eip 3 | loop: 4 | find x, #0000000000000000000000000000000000000000000000000000000000000000# 5 | cmp $RESULT , 0 6 | je end 7 | mov x , $RESULT 8 | cmt x , "free space" 9 | msg "Right click 'Search for->User-defined comment' for free space address" 10 | MSGYN "Continue?" 11 | add x , 40 12 | cmp $RESULT , 1 13 | je loop 14 | end: 15 | ret 16 | 17 | -------------------------------------------------------------------------------- /Pestil/Pestil 1.0 OEP Finder 1.txt: -------------------------------------------------------------------------------- 1 | var rgn 2 | var sz 3 | var va 4 | GPA "CreateProcessA","kernel32.dll" 5 | mov va,$RESULT 6 | BP va 7 | run 8 | BC va 9 | rtu 10 | mov va,eip 11 | add va,76 12 | bp va 13 | run 14 | bc va 15 | sti 16 | mov rgn,eax 17 | mov va,eip 18 | add va,16 19 | go va 20 | mov sz,eax 21 | eval " damp partial in LordPe select IntelDump address:{rgn} , size:{sz}" 22 | msg $RESULT 23 | ret -------------------------------------------------------------------------------- /ASProtect/ASPRSTO.TXT: -------------------------------------------------------------------------------- 1 | var k 2 | var l 3 | var x 4 | var y 5 | 6 | sti 7 | bphws esp,"r" 8 | run 9 | sti 10 | eoe lab3 11 | eob lab3 12 | bphws esp,"r" 13 | esto 14 | 15 | 16 | 17 | lab3: 18 | 19 | mov k,esp 20 | add k,1c 21 | mov l,[k] 22 | cmp l,400000 23 | je lab4 24 | esto 25 | jmp lab3 26 | 27 | lab4: 28 | 29 | eob lab5 30 | mov k,eip 31 | add k,3d 32 | bp k 33 | esto 34 | 35 | lab5: 36 | esto 37 | ret -------------------------------------------------------------------------------- /C.I. Crypt/C.I. Crypt 0.2 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | // C.I. Crypt 0.2 OEP Finder Script by LaFarge/ICU 2 | 3 | msg "If u get any messages like "Bad executable..." just click on OK!" 4 | msg "If u get any messages about bytes being changed, just click on NO!" 5 | rtr 6 | rtu 7 | rtu 8 | find eip, #8B4DF45E5F5BC9C20C00# 9 | go $RESULT 10 | rtr 11 | sti 12 | bp eip+f 13 | run 14 | sti 15 | cmt eip, "This is OEP" 16 | 17 | 18 | -------------------------------------------------------------------------------- /Pet i t e/Petite 2.3 OEP Finder: -------------------------------------------------------------------------------- 1 | // Petite 2.3 UnPacking Script By : Magic_h2001 2 | // magic_h2001@yahoo.com - www.zahackers.20m.com 3 | 4 | // Please Active "Memory Access violation" 5 | // in : Debugging options/Exceptions then run script ;) 6 | 7 | var x 8 | eob L1 9 | mov x,eip 10 | bphws x, "x" 11 | esto 12 | L1: 13 | bphwc x 14 | sti 15 | msg "Now try to Dump ;) - Script By : Magic_h2001" -------------------------------------------------------------------------------- /WinUpack/WinUpack 0.30 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | //Packer is simple and I was bored :) Here is the script. 2 | 3 | //Start of script 4 | //Script for unpacking WinUpack 0.30beta - by haggar 5 | msg "Ignore ALL exceptions! " 6 | sto 7 | findop eip,#0F84???????F# 8 | bpcnd $RESULT,"EAX==0" 9 | run 10 | sto 11 | an eip 12 | cmt eip,"This is OEP! Dump now. Cheers ;-)" 13 | ret 14 | //End of script.. 15 | -------------------------------------------------------------------------------- /Armadillo/Armadillo Magic Jump Finder.txt: -------------------------------------------------------------------------------- 1 | /* 2 | Magic Jump Finder Script 3 | 4 | */ 5 | 6 | var GetModuleHandleA 7 | 8 | gpa "GetModuleHandleA", "kernel32.dll" 9 | mov GetModuleHandleA, $RESULT 10 | 11 | bphws GetModuleHandleA, "x" 12 | repeat: 13 | esto 14 | rtu 15 | find eip, #0F84????????????????????74??????????EB??# 16 | cmp $RESULT,0 17 | je repeat 18 | bphwc GetModuleHandleA 19 | ret 20 | -------------------------------------------------------------------------------- /OTHER SCRIPTS/Magic Jump Finder Script.txt: -------------------------------------------------------------------------------- 1 | /* 2 | Magic Jump Finder Script 3 | 4 | */ 5 | 6 | var GetModuleHandleA 7 | 8 | gpa "GetModuleHandleA", "kernel32.dll" 9 | mov GetModuleHandleA, $RESULT 10 | 11 | bphws GetModuleHandleA, "x" 12 | repeat: 13 | esto 14 | rtu 15 | find eip, #0F84????????????????????74??????????EB??# 16 | cmp $RESULT,0 17 | je repeat 18 | bphwc GetModuleHandleA 19 | ret 20 | -------------------------------------------------------------------------------- /Backdoor PE Compress Protector/Backdoor PE Compress Protector 1.0 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | var oep 2 | var mb 3 | 4 | GMI eip, MODULEBASE 5 | mov mb,$RESULT 6 | GMEMI eip, MEMORYBASE 7 | find $RESULT,#0?00000024000000# 8 | cmp $RESULT,0 9 | je quit 10 | mov oep,[$RESULT+10] 11 | add oep,mb 12 | eval " oep =={oep} Go,Wait " 13 | cmt eip,$RESULT 14 | bphws oep,"x" 15 | erun 16 | bphwc 17 | msg "OEP Found!" 18 | ret 19 | quit: 20 | ret -------------------------------------------------------------------------------- /Pet i t e/PETITE 2.3 UNPACKING SCRIPT.txt: -------------------------------------------------------------------------------- 1 | // Petite 2.3 UnPacking Script By : Magic_h2001 2 | // magic_h2001@yahoo.com - www.zahackers.20m.com 3 | 4 | // Please Active "Memory Access violation" 5 | // in : Debugging options/Exceptions then run script ;) 6 | 7 | var x 8 | eob L1 9 | mov x,eip 10 | bphws x, "x" 11 | esto 12 | L1: 13 | bphwc x 14 | sti 15 | msg "Now try to Dump ;) - Script By : Magic_h2001" -------------------------------------------------------------------------------- /Private Personal Packer/Private Personal Packer 1.0.2 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | var p 2 | var p1 3 | var sz 4 | var rgn 5 | 6 | mov p1,eip 7 | mov p,eip 8 | add p,60 9 | mov [p],#EB# 10 | add p,8E 11 | bp p 12 | run 13 | bc p 14 | mov sz,eax 15 | sto 16 | mov rgn,eax 17 | add p1,3F9 18 | bp p1 19 | run 20 | bc p1 21 | 22 | dm rgn, sz, "D:\CrackTools\Protector\PPP\PPP\dump.exe" // edit fo you 23 | 24 | Msg "File Unpacked!" 25 | ret -------------------------------------------------------------------------------- /DragonArmor/Dragon Armor.osc: -------------------------------------------------------------------------------- 1 | //Dragon Armor OEP finder by Flashback/Team-X 2 | //Site: www.team-x.ru 3 | //Email: Flashback@mail15.com 4 | //Date: 14.o4.2oo8 5 | MOV X, eip 6 | ADD X,-9 7 | BP X 8 | RUN 9 | RUN 10 | RUN 11 | RUN 12 | RUN 13 | STO 14 | findop eip,#C3# 15 | BP $RESULT 16 | RUN 17 | STO 18 | cmt eip, "OEP" 19 | MSG "OEP! Script by Flashback/Team-X [www.team-x.ru/Flashback]" 20 | an eip 21 | ret -------------------------------------------------------------------------------- /PECompact/PeCompackt2.5 Oep finder.txt: -------------------------------------------------------------------------------- 1 | /* 2 | PEComPact ver 2.55 OEP Finder 3 | by KingSuperFly (KingSuperFly@Gmail.com) 4 | www.BlackHeaf.de.vu 5 | */ 6 | var oep 7 | start: 8 | msg "Check ignore memory access violation in debug option before run this script." 9 | mov oep,eip 10 | sto 11 | bphws oep, "x" 12 | run 13 | cmt eip,"OEP found!now, dump it and fix IAT!" 14 | msg "Script by KingSuperFly from www.BlackHeaf.de.vu!" 15 | ret -------------------------------------------------------------------------------- /MoleBox/Molebox 2.x ver 1.1.osc: -------------------------------------------------------------------------------- 1 | //Molebox 2.x OEP finder by Flashback/Team-X 2 | //Site: www.team-x.ru 3 | //Email: Flashback@mail15.com 4 | //Date: o9.o4.2oo8 5 | sto 6 | findop eip,#E8# 7 | bp $RESULT 8 | run 9 | bc $RESULT 10 | sti 11 | sti 12 | sto 13 | findop eip,#FFD0# 14 | bp $RESULT 15 | run 16 | bc $RESULT 17 | sti 18 | cmt eip, "OEP" 19 | MSG "OEP! Script by Flashback/Team-X [www.team-x.ru/Flashback]" 20 | an eip 21 | ret -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # OllyDbg脱壳脚本 2 | ## 使用方法 3 | #### clone本仓库 4 | 5 | ``` 6 | git clone https://github.com/dubuqingfeng/ollydbg-script.git 7 | ``` 8 | 9 | #### 或者点击zip下载 10 | ## 截图 11 | ## 如何使用 12 | 忽略所有异常 13 | ## 如何贡献 14 | fork并提交PR 15 | 16 | ## 致谢 17 | [史上最全的脱壳脚本](http://www.52pojie.cn/thread-166108-1-1.html) 18 | 19 | ## 后记 20 | 原地址已经三年多没更新了,距离上次学习破解的时间也有两年多了,已不知壳现在发展如何了,为了以后做CTF也好,恶意软件分析脱壳也罢,只为了可以脱掉那一层壳,可以维护着一份脚本列表。 21 | 22 | 感谢所有为这些脚本付出过的人们。 23 | -------------------------------------------------------------------------------- /Aspack/ASPack (a).txt: -------------------------------------------------------------------------------- 1 | find eip,#60# // searches for pushad 2 | cmp eip,$RESULT // compares if we are already at pushad command 3 | je next // jumps sto if we are there 4 | go $RESULT // executes till pushad 5 | next: 6 | sto // step one command 7 | bphws esp,"r" // set hardware-breakpoint on ESP-value 8 | run // run target 9 | cob // wait till break occured 10 | sto // step 11 | sto // step 12 | sto // step -------------------------------------------------------------------------------- /ASProtect/ASProtect Stolen Code Finder.txt: -------------------------------------------------------------------------------- 1 | var k 2 | var l 3 | var x 4 | var y 5 | 6 | sti 7 | bphws esp,"r" 8 | run 9 | sti 10 | eoe lab3 11 | eob lab3 12 | bphws esp,"r" 13 | esto 14 | 15 | 16 | 17 | lab3: 18 | 19 | mov k,esp 20 | add k,1c 21 | mov l,[k] 22 | cmp l,400000 23 | je lab4 24 | esto 25 | jmp lab3 26 | 27 | lab4: 28 | 29 | eob lab5 30 | mov k,eip 31 | add k,3d 32 | bp k 33 | esto 34 | 35 | lab5: 36 | esto 37 | ret -------------------------------------------------------------------------------- /Armadillo/Armadillo 4.30a.txt: -------------------------------------------------------------------------------- 1 | var DebugString 2 | var TickCount 3 | var MagicJump 4 | 5 | gpa "GetTickCount","kernel32.dll" 6 | mov TickCount,$RESULT 7 | bp TickCount 8 | esto 9 | bc eip 10 | rtr 11 | bp eip 12 | mov TickCount,eip 13 | 14 | 15 | SearchingPlace: 16 | esto 17 | sti 18 | find eip,#75118B85??????FF8B40??8985??????FFEB02EB??8B85??????FF408985??????FFEB378D8D??????FFE8????????0FB6C0996A??59F7F9# 19 | cmp $RESULT,0 20 | je SearchingPlace -------------------------------------------------------------------------------- /ExeStealth/ExeStealth 2.76a oep finder.txt: -------------------------------------------------------------------------------- 1 | start: 2 | #log 3 | sto 4 | sto 5 | bphws esp, "r" 6 | run 7 | bphwc 8 | find eip, #50# 9 | cmp $RESULT,0 10 | je _error 11 | gmi eip,CODEBASE 12 | mov cbase,$RESULT 13 | log cbase 14 | gmi eip,CODESIZE 15 | mov csize,$RESULT 16 | log csize 17 | bprm cbase,csize 18 | run 19 | cmt eip, "This is the OEP! " 20 | msg "Dumped and fix IAT now! Thanx for using my Script...!" 21 | ret 22 | 23 | 24 | _error: 25 | msg "ERRORR!!!" 26 | ret 27 | end: -------------------------------------------------------------------------------- /WinUpack/WinUpack 0.38 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | //(Win)Upack 0.38 beta OEP finder 2 | //Made by GaBoR {RES} 3 | var t 4 | findop eip,#E8????????# 5 | mov t,eip 6 | add t,1 7 | cmp $RESULT,t 8 | je bpushad 9 | sto 10 | sto 11 | mov t,eax 12 | bphws t,"x" 13 | run 14 | bphwc t 15 | jmp end 16 | bpushad: 17 | sto 18 | mov t,esp 19 | bphws t,"r" 20 | run 21 | bphwc t 22 | sti 23 | end: 24 | cmt eip,"OEP found by GaBoR {RES}" 25 | msg "Dump & fix IAT now!" 26 | ret 27 | 28 | -------------------------------------------------------------------------------- /Armadillo/Armadillo ArmVar.txt: -------------------------------------------------------------------------------- 1 | var VarVal 2 | var VarName 3 | var ActEip 4 | 5 | dbh 6 | mov ActEip, eip 7 | ask "VA disponible?" 8 | cmp $RESULT, 0 9 | mov VarVal, $RESULT 10 | je FIN 11 | mov [VarVal], "60" 12 | mov VarName, VarVal 13 | add VarName, 40 14 | mov [VarName], "DAYSLEFT" 15 | exec 16 | pushad 17 | pushfd 18 | push {VarVal} 19 | push {VarName} 20 | call SetEnvironmentVariableA 21 | popfd 22 | popad 23 | jmp {ActEip} 24 | ende 25 | ret 26 | 27 | FIN: 28 | ret -------------------------------------------------------------------------------- /NsPack/Nspack 2.3.txt: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | Find target's OEP [ Nspack 2.3 ] 4 | --------------------------------------- 5 | Author: marcus 6 | Contacts : KingSuperFly@gmail.com 7 | OS : Win XP SP2,OllyDbg 1.10,OllyScript v0.92 8 | Date : 16 June 2005 9 | */ 10 | 11 | //Lame OEP finder 12 | 13 | sti 14 | sti 15 | findop eip, #61# 16 | findop eip, #9D# 17 | findop eip, #E9# 18 | go $RESULT 19 | sto 20 | cmt eip, "This is the OEP Fix the iat self pls Greetz KingSuperFly" 21 | an eip 22 | ret -------------------------------------------------------------------------------- /Packman/Packman 0.0.0.1 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | 2 | // Script for OllyScript plugin by SHaG - http://ollyscript.apsvans.com 3 | /////// Packman v0.0.0.1 /////// 4 | // Script finds OEP 5 | // by dzen 6 | var x 7 | 8 | eob Break 9 | findop eip,#C640FBE9# 10 | bp $RESULT 11 | run 12 | 13 | Break: 14 | bc $RESULT 15 | sti 16 | mov x, eax 17 | sub x, 05 18 | eob Break2 19 | bp x 20 | run 21 | 22 | Break2: 23 | bc x 24 | sti 25 | MSG "Yeah, OEP! =)" 26 | ret 27 | 28 | 29 | // [BACK] -------------------------------------------------------------------------------- /Protection Plus/protection_plus_oep.txt: -------------------------------------------------------------------------------- 1 | var x 2 | var y 3 | run 4 | eoe sig 5 | 6 | sig: 7 | findop eip,#29c0648f0061870424c3# 8 | bp $RESULT 9 | eoe pass 10 | eob oep 11 | 12 | pass: 13 | esti 14 | run 15 | 16 | oep: 17 | mov y, eip 18 | sub y,1 19 | mov x,[y] 20 | and x,000000ff 21 | cmp x,cc 22 | je pass 23 | findop eip,#c3# 24 | bp $RESULT 25 | eob end 26 | run 27 | 28 | end: 29 | sti 30 | cmt eip,"This is the entry point" 31 | msg " you are at the oep, Thank you for using my script" 32 | ret 33 | -------------------------------------------------------------------------------- /PECompact/Pecompact.txt: -------------------------------------------------------------------------------- 1 | // PECompact 1.84 OEP Finder v0.1 !unstable edition! 2 | 3 | eob Break1 4 | findop eip, #F3A58BFBC3# 5 | bphws $RESULT, "x" 6 | run 7 | 8 | Break1: 9 | bphwc $RESULT 10 | sto 11 | sto 12 | sto 13 | sto 14 | sto 15 | sto 16 | sto 17 | sto 18 | sto 19 | sto 20 | sto 21 | findop eip, #5068# 22 | bphws $RESULT, "x" 23 | eob endl 24 | run 25 | 26 | endl: 27 | sto 28 | bphwc $RESULT 29 | sto 30 | sto 31 | log eip 32 | 33 | ret 34 | -------------------------------------------------------------------------------- /Ezip/EZIP 1.0 OEP FINDER.txt: -------------------------------------------------------------------------------- 1 | /* 2 | 12h15 PM Sunday January 02 2005 3 | Ezip 1.0 OEP Finder 4 | Author : dqtln 5 | Email : dqtlncrk@gmail.com 6 | OS : WinXP Pro SP1 , OllyDbg 1.10 , OllyScript 0.85 7 | Website : www.phudu.com 8 | For opinions, bugreport and new features send me a email 9 | Thank you very much 10 | */ 11 | 12 | sto 13 | findop eip,#FFE0# 14 | bp $RESULT 15 | run 16 | bc eip 17 | sto 18 | cmt eip,"This is the OEP - Found by dqtln" 19 | msg "Dump and fix IAT now - Good day" 20 | ret -------------------------------------------------------------------------------- /PECompact/pecompact_1_84.txt: -------------------------------------------------------------------------------- 1 | // PECompact 1.84 OEP Finder v0.1 !unstable edition! 2 | // by FEUERRADER [AHTeam] 3 | // http://ahteam.org 4 | 5 | eob Break1 6 | findop eip, #F3A58BFBC3# 7 | bphws $RESULT, "x" 8 | run 9 | 10 | Break1: 11 | bphwc $RESULT 12 | sto 13 | sto 14 | sto 15 | sto 16 | sto 17 | sto 18 | sto 19 | sto 20 | sto 21 | sto 22 | sto 23 | findop eip, #5068# 24 | bphws $RESULT, "x" 25 | eob endl 26 | run 27 | 28 | endl: 29 | sto 30 | bphwc $RESULT 31 | sto 32 | sto 33 | cmt eip, "OEP" 34 | ret -------------------------------------------------------------------------------- /PeStub/PeStubOEP 1.7 OEP recover(VC++ 6.0).osc: -------------------------------------------------------------------------------- 1 | //PeStubOEP 1.7 OEP recover(VC++ 6.0) by Flashback/Team-X 2 | //Site: www.team-x.ru 3 | //Email: Flashback@mail15.com 4 | //Description: try script on modify OEP 5 | MSGYN "This modify OEP?" 6 | CMP $RESULT, 0 7 | je exmes0 8 | MOV X, eip 9 | FILL X, 1, 55 10 | ADD X, 1 11 | FILL X, 1, 8B 12 | ADD X, 1 13 | FILL X, 1, EC 14 | ADD X, 1 15 | FILL X, 1, 6A 16 | ADD X, 1 17 | FILL X, 1, FF 18 | MSG "VC++ 6.0 OEP recovered!" 19 | ret 20 | exmes0: 21 | ret -------------------------------------------------------------------------------- /Aspack/ASPack 2.xx.txt: -------------------------------------------------------------------------------- 1 | /* 2 | ////////////////////////////////////////////////// 3 | Author: ~Hellsp@wN~ 4 | Email : alt-fox@mail.ru 5 | OS : OllyDbg 1.10 with OllyScript plugin v0.7 6 | Date : 29.06.2004 7 | 8 | Support with: 9 | ASPack 2.x 10 | ////////////////////////////////////////////////// 11 | */ 12 | 13 | 14 | var t 15 | 16 | mov t,esp 17 | sub t,4 18 | 19 | bphws t, "r" 20 | esto 21 | bphwc t 22 | sto 23 | sto 24 | sto 25 | cmt eip, "This is the entry point (OEP)" 26 | ret 27 | -------------------------------------------------------------------------------- /Obsidium/Obsidium 1.3.4.2 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | 2 | var api 3 | var cont 4 | msg "Ejecuta este script con todas las excepciones tildadas" 5 | 6 | inicio: 7 | cmp cont, 2 8 | je fin 9 | 10 | dbh 11 | gpa "CreateThread", "kernel32.dll" 12 | mov api, $RESULT 13 | log api 14 | add api,01f 15 | log api 16 | bp api 17 | 18 | eob corre 19 | run 20 | 21 | corre: 22 | inc cont 23 | jmp inicio 24 | 25 | fin: 26 | sto 27 | bprm 401000, 06c000 28 | 29 | eob sigue 30 | run 31 | 32 | sigue: 33 | msg "Oep Found !!" 34 | 35 | ret 36 | 37 | -------------------------------------------------------------------------------- /PE Diminisher/PE Diminisher v0.1.osc: -------------------------------------------------------------------------------- 1 | //PE Diminisher v0.1 OEP finder by Flashback/Team-X 2 | //Site: www.team-x.ru 3 | //Email: Flashback@mail15.com 4 | //Date: 1o.o5.2oo8 5 | FIND eip, #61# 6 | BP $RESULT 7 | RUN 8 | BC $RESULT 9 | STO 10 | STO 11 | STO 12 | FIND eip, #C3# 13 | BP $RESULT 14 | RUN 15 | BC $RESULT 16 | STI 17 | FIND eip, #FFE0# 18 | BP $RESULT 19 | RUN 20 | BC $RESULT 21 | STO 22 | cmt eip, "OEP" 23 | MSG "OEP! Script by Flashback/Team-X [www.team-x.ru/Flashback]" 24 | an eip 25 | ret -------------------------------------------------------------------------------- /PeStub/PeStubOEP 1.7 OEP recover(Delphi).osc: -------------------------------------------------------------------------------- 1 | //PeStubOEP 1.7 OEP recover(Delphi) by Flashback/Team-X 2 | //Site: www.team-x.ru 3 | //Email: Flashback@mail15.com 4 | //Description: try script on modify OEP 5 | MSGYN "This modify OEP?" 6 | CMP $RESULT, 0 7 | je exmes0 8 | MOV X, eip 9 | FILL X, 1, 55 10 | ADD X, 1 11 | FILL X, 1, 8B 12 | ADD X, 1 13 | FILL X, 1, EC 14 | ADD X, 1 15 | FILL X, 1, 83 16 | ADD X, 1 17 | FILL X, 1, C4 18 | ADD X, 1 19 | FILL X, 1, F0 20 | MSG "Delphi OEP recovered!" 21 | ret 22 | exmes0: 23 | ret -------------------------------------------------------------------------------- /Protection Plus/Protection Plus 4.xx OEP Finder + Import Fixer.txt: -------------------------------------------------------------------------------- 1 | // Protection Plus 4.xx OEP Finder & Import Fixer by GaBoR {RES} 2 | var v 3 | var t 4 | sto 5 | sto 6 | mov t,esp 7 | bphws t,"r" 8 | find eip,#01E8FFD0# 9 | mov v,$RESULT 10 | add v,0D 11 | bphws v,"x" 12 | run 13 | bphwc v 14 | mov v,eax 15 | sto 16 | find v,#83F80377# 17 | mov v,$RESULT 18 | repl v,#83F80377#,#83F803EB#,4 19 | run 20 | bphwc t 21 | sto 22 | sto 23 | cmt eip," This is the OEP!" 24 | msg "Dump & fix IAT somehow!" 25 | 26 | 27 | -------------------------------------------------------------------------------- /Protection Plus/Protection Plus OEP Finder.txt: -------------------------------------------------------------------------------- 1 | var x 2 | var y 3 | run 4 | eoe sig 5 | 6 | sig: 7 | findop eip,#29c0648f0061870424c3# 8 | bp $RESULT 9 | eoe pass 10 | eob oep 11 | 12 | pass: 13 | esti 14 | run 15 | 16 | oep: 17 | mov y, eip 18 | sub y,1 19 | mov x,[y] 20 | and x,000000ff 21 | cmp x,cc 22 | je pass 23 | findop eip,#c3# 24 | bp $RESULT 25 | eob end 26 | run 27 | 28 | end: 29 | sti 30 | cmt eip,"This is the entry point" 31 | msg " you are at the oep, Thank you for using my script" 32 | ret 33 | -------------------------------------------------------------------------------- /UPX Protector/UPX Protector 1.0 OEP Finder v0.1 [FEUERRADER].txt: -------------------------------------------------------------------------------- 1 | // UPX 1.xx and UPX Protector 1.0 OEP Finder v0.1 2 | // by FEUERRADER [AHTeam] 3 | // http://ahteam.org 4 | 5 | eob Break 6 | findop eip, #61E9# 7 | cmp $RESULT, 0 8 | je upxprot 9 | bphws $RESULT, "x" 10 | run 11 | 12 | Break: 13 | sto 14 | sto 15 | bphwc $RESULT 16 | cmt eip, "OEP" 17 | ret 18 | 19 | upxprot: 20 | eob Break2 21 | findop eip, #61EB# 22 | bphws $RESULT, "x" 23 | run 24 | 25 | Break2: 26 | sto 27 | sto 28 | sto 29 | bphwc $RESULT 30 | cmt eip, "OEP" 31 | ret -------------------------------------------------------------------------------- /ActiveMark/ActiveMark Patching Script.txt: -------------------------------------------------------------------------------- 1 | /* 2 | Activemark "Everything OK!" patching script 3 | Made by: GaBoR {RES} 4 | Thanks to CONDZERO for the good tuts on Activemark! 5 | Note: run this script on the unpacked file! 6 | */ 7 | var x 8 | gpa "GetModuleHandleA","kernel32.dll" 9 | bp $RESULT 10 | run 11 | run 12 | bc $RESULT 13 | rtu 14 | sto 15 | sti 16 | find eip,#837DD800# 17 | mov x,$RESULT 18 | cmt x,"modified code" 19 | add x,3 20 | fill x,1,01 21 | msg "Right click on 'modified code' line & select 'Copy to executable->Selection'" 22 | ret 23 | 24 | -------------------------------------------------------------------------------- /PECompact/PeCompact 1.84 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | // PECompact 1.84 OEP Finder v0.1 !unstable edition! 2 | // by FEUERRADER [AHTeam] 3 | // http://ahteam.org 4 | 5 | eob Break1 6 | findop eip, #F3A58BFBC3# 7 | bphws $RESULT, "x" 8 | run 9 | 10 | Break1: 11 | bphwc $RESULT 12 | sto 13 | sto 14 | sto 15 | sto 16 | sto 17 | sto 18 | sto 19 | sto 20 | sto 21 | sto 22 | sto 23 | findop eip, #5068# 24 | bphws $RESULT, "x" 25 | eob endl 26 | run 27 | 28 | endl: 29 | sto 30 | bphwc $RESULT 31 | sto 32 | sto 33 | cmt eip, "OEP" 34 | ret -------------------------------------------------------------------------------- /Pet i t e/PETITE22.TXT: -------------------------------------------------------------------------------- 1 | // Petite2.2 eop finder 2 | // By R@dier 2004 3 | // 4 | MSG "please tick Memory Access Violation in options-> exceptions" 5 | eoe here 6 | var a 7 | var b 8 | var c 9 | findop eip, #60# 10 | bphws $RESULT, "x" 11 | mov a,$RESULT 12 | run 13 | bphwc a 14 | sti 15 | bphws esp, "r" 16 | mov b, esp 17 | run 18 | here: 19 | esto 20 | bphwc b 21 | eob exit 22 | 23 | jmp exit 24 | exit: 25 | 26 | sti 27 | sti 28 | log eip 29 | cmt eip, "This is the entry point" 30 | MSG "Arrived at entry point dump anytime and get imports" 31 | ret 32 | 33 | -------------------------------------------------------------------------------- /PECompact/PeCompact 2.40 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | // Script for OllyScript plugin by SHaG - http://ollyscript.apsvans.com 2 | //---------------------------------// 3 | // PECompact 2.40 OEP Finder v0.1 // 4 | // by DWord [dword@nm.ru] // 5 | // 06.09.2004 // 6 | //---------------------------------// 7 | sto 8 | sto 9 | sto 10 | sto 11 | sto 12 | sto 13 | esto 14 | find eip, #8BC65A5E5F595B5DFFE0# 15 | add $RESULT,08 16 | bp $RESULT 17 | run 18 | bc $RESULT 19 | sto 20 | cmt eip,"This is a OEP!" 21 | msg "OEP found, Dumped and fix IAT now!" 22 | ret 23 | -------------------------------------------------------------------------------- /PC-Guard/PC-Guard 5.0 IAT Repair.txt: -------------------------------------------------------------------------------- 1 | // ?????? ????????? ? ??? (Script to start being on OEP) 2 | 3 | Var oep 4 | var f1 5 | var p1 6 | var p2 7 | 8 | mov oep,eip 9 | mov eip,401000 10 | 11 | l1: 12 | find eip,#68????0000E8????5400# 13 | cmp $RESULT,0 14 | je end 15 | mov f1,$RESULT 16 | mov eip,f1 17 | mov p1,f1 18 | add f1,A 19 | bphws f1,"x" 20 | run 21 | bphwc f1 22 | fill p1,A,90 23 | find eip,#68????0000E8????5400# 24 | cmp $RESULT,0 25 | je end 26 | mov p2,$RESULT 27 | fill p2,A,90 28 | jmp l1 29 | 30 | end: 31 | mov eip,oep 32 | MSG "Decrypt Suseful" 33 | ret -------------------------------------------------------------------------------- /MPress/mpress.osc: -------------------------------------------------------------------------------- 1 | //MPRESS(Matcode comPRESSor) 0.X OEP finder by Flashback/Team-X 2 | //Site: www.team-x.ru 3 | //Email: Flashback@mail15.com 4 | //Date: 1o.o5.2oo8 5 | //Tested on 0.97 6 | FIND eip, #C3E9# 7 | BP $RESULT 8 | RUN 9 | BC $RESULT 10 | FIND eip, #E9# 11 | BP $RESULT 12 | RUN 13 | BC $RESULT 14 | STO 15 | STO 16 | STO 17 | STO 18 | STI 19 | FIND eip, #61# 20 | BP $RESULT 21 | RUN 22 | BC $RESULT 23 | STO 24 | STO 25 | cmt eip, "OEP" 26 | MSG "OEP! Script by Flashback/Team-X [www.team-x.ru/Flashback]" 27 | an eip 28 | ret -------------------------------------------------------------------------------- /PECompact/PeCompact 2.00 to 2.38 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | 2 | // Script for OllyScript plugin by SHaG - http://ollyscript.apsvans.com 3 | Please paste your script here... 4 | // PEcompact 2.00-2.38 OEP Finder 5 | // by fpx 6 | // http://fpx.yeah.net 7 | // Note: ignore all exceptions 8 | 9 | var a 10 | sto 11 | sto 12 | bphws esp,"r" 13 | mov a,esp 14 | run 15 | run 16 | run 17 | run 18 | sto 19 | bphwc a 20 | an eip 21 | log eip 22 | cmt eip, "OEP! Found by fpx" 23 | MSG "Dumped and fix IAT now! Thanks for using my Script...!" 24 | ret 25 | 26 | // [BACK] -------------------------------------------------------------------------------- /Armadillo/Armadillo_script_rica.txt: -------------------------------------------------------------------------------- 1 | dbh 2 | eoe LABEL 3 | eob BABEL 4 | run 5 | 6 | LABEL: 7 | esto 8 | jmp LABEL 9 | 10 | BABEL: 11 | cmp eip, 011F6A2E 12 | jne AIM 13 | cmp eax, 1 14 | jne SIGPAS 15 | msgyn "To continue" 16 | cmp $RESULT, 1 17 | je SIGPAS 18 | pause 19 | 20 | SIGPAS: 21 | mov !ZF, 1 22 | run 23 | jmp BABEL 24 | 25 | AIM: 26 | ret 27 | -------------------------------------------------------------------------------- /NsPack/NSpack2.3.txt: -------------------------------------------------------------------------------- 1 | // Script for OllyScript plugin by KingSuperFLy - http://ollyscript.apsvans.com 2 | /* 3 | Find target's OEP [ Nspack 2.3 ] 4 | --------------------------------------- 5 | Author: KingSuperFly 6 | Contacts : KingSuperFly@gmail.com 7 | OS : Win XP SP2,OllyDbg 1.10,OllyScript v0.92 8 | Date : 28 June 2005 9 | */ 10 | 11 | //Lame OEP finder 12 | 13 | sti 14 | sti 15 | findop eip, #61# 16 | findop eip, #9D# 17 | findop eip, #E9# 18 | go $RESULT 19 | sto 20 | cmt eip, "This is the OEP Thx for using My Script Bye KingSuperFLy" 21 | an eip 22 | ret -------------------------------------------------------------------------------- /PECompact/PeCompact 2.40 OEP Finder v0.1.txt: -------------------------------------------------------------------------------- 1 | // Script for OllyScript plugin by SHaG - http://ollyscript.apsvans.com 2 | //---------------------------------// 3 | // PECompact 2.40 OEP Finder v0.1 // 4 | // by DWord [dword@nm.ru] // 5 | // 06.09.2004 // 6 | //---------------------------------// 7 | sto 8 | sto 9 | sto 10 | sto 11 | sto 12 | sto 13 | esto 14 | find eip, #8BC65A5E5F595B5DFFE0# 15 | add $RESULT,08 16 | bp $RESULT 17 | run 18 | bc $RESULT 19 | sto 20 | cmt eip,"This is a OEP!" 21 | msg "OEP found, Dumped and fix IAT now!" 22 | ret 23 | 24 | // [BACK] -------------------------------------------------------------------------------- /ActiveMark/ActiveMark Patching Script [GaBoR].txt: -------------------------------------------------------------------------------- 1 | /* 2 | Activemark "Everything OK!" patching script 3 | Made by: GaBoR {RES} 4 | Thanks to CONDZERO for the good tuts on Activemark! 5 | Note: run this script on the unpacked file! 6 | */ 7 | var x 8 | gpa "GetModuleHandleA","kernel32.dll" 9 | bp $RESULT 10 | run 11 | run 12 | bc $RESULT 13 | rtu 14 | sto 15 | sti 16 | find eip,#837DD800# 17 | mov x,$RESULT 18 | cmt x,"modified code" 19 | add x,3 20 | fill x,1,01 21 | msg "Right click on 'modified code' line & select 'Copy to executable->Selection'" 22 | ret 23 | 24 | -------------------------------------------------------------------------------- /ExeShield/exeshield_0x.txt: -------------------------------------------------------------------------------- 1 | /* 2 | /////////////////////////////////////////////////////////// 3 | // EXE Shield v0.5-->0.8 (ARM Protector v0.1) OEP finder 4 | // Author: hacnho/VCT2k4 5 | // Email : hacnho@hotmail.com 6 | // Website: http://nhandan.info/hacnho 7 | // OS : WinXP Pro, OllyDbg 1.10 Final, OllyScript v0.85 8 | ///////////////////////////////////////////////////////// 9 | */ 10 | sti 11 | sti 12 | eob Break 13 | esto 14 | Break: 15 | run 16 | esto 17 | an eip 18 | log eip 19 | cmt eip, "This is the OEP!!!" 20 | MSG "Dumped and fix IAT now! Thanx for using my Script...!" 21 | ret -------------------------------------------------------------------------------- /Aspack/ASPack v1.xx.txt: -------------------------------------------------------------------------------- 1 | /* 2 | ////////////////////////////////////////////////// 3 | Author: ~Hellsp@wN~ 4 | Email : alt-fox@mail.ru 5 | OS : OllyDbg 1.10 with OllyScript plugin v0.7 6 | Date : 29.06.2004 7 | 8 | Support with: 9 | ASPack v1.xx 10 | ////////////////////////////////////////////////// 11 | */ 12 | 13 | 14 | var t 15 | 16 | mov t,esp 17 | sub t,4 18 | 19 | EOB Break 20 | bphws t, "w" 21 | esto 22 | 23 | Break: 24 | 25 | bphwc t 26 | bphws t, "w" 27 | esto 28 | bphwc t 29 | sto 30 | sto 31 | cmt eip, "This is the entry point (OEP)" 32 | ret -------------------------------------------------------------------------------- /NsPack/NsPack 1.3 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | /* 2 | ////////////////////////////////////////////////////////// 3 | // nSPack 1.3 OEP Finder 4 | // Author: Max_Zero 5 | // Email : max_zero130@yahoo.de 6 | // Website: www.max_zero.6x.to 7 | ///////////////////////////////////////////////////////// 8 | */ 9 | 10 | 11 | sto 12 | findop eip, #9D# 13 | go $RESULT 14 | sto 15 | sto 16 | msg "Script finished! You are on the OEP! " 17 | msg "Dump it and rebuild the IAT " 18 | msg "Have fun! Generic OEP Finder {nSPack 1.3} by Max_Zero " 19 | 20 | -------------------------------------------------------------------------------- /Pet i t e/PETITE 2.2 OEP-FINDER.txt: -------------------------------------------------------------------------------- 1 | // Petite2.2 eop finder 2 | // By R@dier 2004 3 | // 4 | MSG "please tick Memory Access Violation in options-> exceptions" 5 | eoe here 6 | var a 7 | var b 8 | var c 9 | findop eip, #60# 10 | bphws $RESULT, "x" 11 | mov a,$RESULT 12 | run 13 | bphwc a 14 | sti 15 | bphws esp, "r" 16 | mov b, esp 17 | run 18 | here: 19 | esto 20 | bphwc b 21 | eob exit 22 | 23 | jmp exit 24 | exit: 25 | 26 | sti 27 | sti 28 | log eip 29 | cmt eip, "This is the entry point" 30 | MSG "Arrived at entry point dump anytime and get imports" 31 | ret 32 | 33 | -------------------------------------------------------------------------------- /Pet i t e/Petite 2.2 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | // Petite2.2 eop finder 2 | // By R@dier 2004 3 | // 4 | MSG "please tick Memory Access Violation in options-> exceptions" 5 | eoe here 6 | var a 7 | var b 8 | var c 9 | findop eip, #60# 10 | bphws $RESULT, "x" 11 | mov a,$RESULT 12 | run 13 | bphwc a 14 | sti 15 | bphws esp, "r" 16 | mov b, esp 17 | run 18 | here: 19 | esto 20 | bphwc b 21 | eob exit 22 | 23 | jmp exit 24 | exit: 25 | 26 | sti 27 | sti 28 | log eip 29 | cmt eip, "This is the entry point" 30 | MSG "Arrived at entry point dump anytime and get imports" 31 | ret 32 | 33 | -------------------------------------------------------------------------------- /ExeShield/EXE Shield 0.5 to 0.8 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | /* 2 | /////////////////////////////////////////////////////////// 3 | // EXE Shield v0.5-->0.8 (ARM Protector v0.1) OEP finder 4 | // Author: hacnho/VCT2k4 5 | // Email : hacnho@hotmail.com 6 | // Website: http://nhandan.info/hacnho 7 | // OS : WinXP Pro, OllyDbg 1.10 Final, OllyScript v0.85 8 | ///////////////////////////////////////////////////////// 9 | */ 10 | sti 11 | sti 12 | eob Break 13 | esto 14 | Break: 15 | run 16 | esto 17 | an eip 18 | log eip 19 | cmt eip, "This is the OEP!!!" 20 | MSG "Dumped and fix IAT now! Thanx for using my Script...!" 21 | ret -------------------------------------------------------------------------------- /Mimoza/Mimoza 0.86 Unpacker.txt: -------------------------------------------------------------------------------- 1 | var v_alloc 2 | var rep_movs 3 | var addres_of_region 4 | var size_ 5 | gpa "VirtualAlloc","kernel32.dll" 6 | mov v_alloc,$RESULT 7 | cmp v_alloc,0 8 | je final_ 9 | bphws v_alloc,"x" 10 | run 11 | bphwc v_alloc 12 | mov addres_of_region,[esp+4] 13 | mov size_,[esp+8] 14 | rtr 15 | esti 16 | findop eip,#F3A4# 17 | mov rep_movs,$RESULT 18 | cmp rep_movs,0 19 | je final_ 20 | bphws rep_movs,"x" 21 | run 22 | mov ecx,size_ 23 | sto 24 | sto 25 | bphwc rep_movs 26 | DM addres_of_region,size_,"unpacked_exe.exe" 27 | msg "Done! Unpacked exe in unpacked_exe.exe file" 28 | final_: 29 | ret -------------------------------------------------------------------------------- /SecuROM/SecuROM 7.xx CPUID Fixer.txt: -------------------------------------------------------------------------------- 1 | //Securom 7.x Cpuid Fixer by Human/MiNT 2 | var mycpuid 3 | var scan 4 | var tmp 5 | 6 | mov eax,1 7 | exec 8 | cpuid 9 | ende 10 | and eax,FFFFFFDF 11 | mov mycpuid,eax 12 | 13 | mov scan,6130000 14 | 15 | scan_cpuid: 16 | find scan,#0FA2# 17 | cmp $RESULT,0 18 | je end_cpuid 19 | mov scan,$RESULT+2 20 | cmp [scan],EB,1 21 | jne do_cpuid 22 | mov tmp,[scan+1],1 23 | add scan,tmp+2 24 | 25 | do_cpuid: 26 | cmp [scan],25,1 27 | jne scan_cpuid 28 | mov [scan],B8,1 29 | mov [scan+1],mycpuid 30 | jmp scan_cpuid 31 | 32 | end_cpuid: 33 | tick 34 | log $RESULT 35 | ret 36 | -------------------------------------------------------------------------------- /Upx s h i t/upxshit006.txt: -------------------------------------------------------------------------------- 1 | /* 2 | EOP finder for upxshit 0.6 (snaker) & UPX 3 | It also works for a "standalone" UPX packed program 4 | 5 | Author : mimas 6 | */ 7 | 8 | var x 9 | 10 | loop: 11 | findop eip, #E9??# // find jump to next loop 12 | mov x, $RESULT 13 | sub x, eip 14 | cmp x, 10 // (@jmp - eip) use to be 10, 15 | // we can handle different loop size this way 16 | ja stub 17 | go $RESULT 18 | sto 19 | jmp loop 20 | 21 | stub: 22 | // the terrific UPX OEP finder 23 | eob end 24 | sto 25 | mov x, esp 26 | bphws x, "r" 27 | run 28 | 29 | end: 30 | bphwc x 31 | sto 32 | ret -------------------------------------------------------------------------------- /ExeShield/EXESHIELD 0.5 - 0.8 (ARM PROTECTOR 0.1).txt: -------------------------------------------------------------------------------- 1 | /* 2 | /////////////////////////////////////////////////////////// 3 | // EXE Shield v0.5-->0.8 (ARM Protector v0.1) OEP finder 4 | // Author: hacnho/VCT2k4 5 | // Email : hacnho@hotmail.com 6 | // Website: http://nhandan.info/hacnho 7 | // OS : WinXP Pro, OllyDbg 1.10 Final, OllyScript v0.85 8 | ///////////////////////////////////////////////////////// 9 | */ 10 | sti 11 | sti 12 | eob Break 13 | esto 14 | Break: 15 | run 16 | esto 17 | an eip 18 | log eip 19 | cmt eip, "This is the OEP!!!" 20 | MSG "Dumped and fix IAT now! Thanx for using my Script...!" 21 | ret -------------------------------------------------------------------------------- /MEW/MEW 11 SE v1.2 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | /* 2 | ////////////////////////////////////////////////////////// 3 | // MEW 11 v.1.2 SE OEP Finder 4 | // Author: Max_Zero 5 | // Email : max_zero130@yahoo.de 6 | // Website: www.max_zero.6x.to 7 | ///////////////////////////////////////////////////////// 8 | */ 9 | 10 | sto 11 | findop eip, #c3# 12 | go $RESULT 13 | sto 14 | msg "Script finished! You are on the OEP! " 15 | msg "Dump it and rebuild the IAT " 16 | msg "Have fun! Generic OEP Finder {MEW 11 v.1.2 SE} by Max_Zero " 17 | 18 | 19 | 20 | 21 | -------------------------------------------------------------------------------- /PECompact/PECompact 0.9x.txt: -------------------------------------------------------------------------------- 1 | /* 2 | ////////////////////////////////////////////////// 3 | Author: ~Hellsp@wN~ 4 | Email : alt-fox@mail.ru 5 | OS : OllyDbg 1.10 with OllyScript plugin v0.7 6 | Date : 29.06.2004 7 | 8 | Support with: 9 | PECompact 0.9x 10 | ////////////////////////////////////////////////// 11 | */ 12 | 13 | 14 | var t 15 | 16 | mov t,esp 17 | sub t,4 18 | 19 | EOB M1 20 | bphws t, "r" 21 | esto 22 | 23 | M1: 24 | EOB M2 25 | bphwc t 26 | bphws t, "r" 27 | esto 28 | 29 | M2: 30 | sto 31 | sto 32 | bphwc t 33 | cmt eip, "This is the entry point (OEP)" 34 | ret -------------------------------------------------------------------------------- /Pet i t e/PEtite 2.x.txt: -------------------------------------------------------------------------------- 1 | /* 2 | ////////////////////////////////////////////////// 3 | Author: ~Hellsp@wN~ 4 | Email : alt-fox@mail.ru 5 | OS : OllyDbg 1.10 with 6 | OllyScript plugin v0.92 7 | Date : 03.10.2004 8 | 9 | Support with: 10 | PEtite 2.x -> Ian Luck 11 | ////////////////////////////////////////////////// 12 | */ 13 | 14 | var t 15 | 16 | mov t,esp 17 | sub t,4 18 | 19 | EOB M1 20 | bphws t, "r" 21 | esto 22 | 23 | M1: 24 | EOB M2 25 | bphwc t 26 | bphws t, "r" 27 | esto 28 | 29 | M2: 30 | bphwc t 31 | sto 32 | sto 33 | cmt eip, "This is the entry point (OEP)" 34 | ret -------------------------------------------------------------------------------- /Undetector/Undetector 1.2 Unpacker.txt: -------------------------------------------------------------------------------- 1 | // code by sdy100 2 | // test : Ollydbg 1.10 Odbgscript 1.65.1 3 | 4 | mov tmp,1 5 | 6 | loop: 7 | gpa "CreateProcessA", "Kernel32.dll" 8 | mov CreateProcessA, $RESULT 9 | gpa "WriteProcessMemory", "Kernel32.dll" 10 | mov WriteProcessMemory, $RESULT 11 | bp CreateProcessA 12 | erun 13 | bp WriteProcessMemory 14 | erun 15 | bc 16 | mov addr, [esp+c] 17 | mov size, [esp+10] 18 | eval "dump{tmp}.exe" 19 | mov name, $RESULT 20 | dm addr, size, name 21 | eval "dumped dump{tmp}.exe" 22 | msg $RESULT 23 | inc tmp 24 | MSGYN "1 more ?" 25 | cmp $RESULT, 1 26 | je loop 27 | 28 | end: 29 | ret -------------------------------------------------------------------------------- /ExeShield/ExeShield 0.5 to 0.8 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | /* 2 | /////////////////////////////////////////////////////////// 3 | // EXE Shield v0.5-->0.8 (ARM Protector v0.1) OEP finder 4 | // Author: hacnho/VCT2k4 5 | // Email : hacnho@hotmail.com 6 | // Website: http://nhandan.info/hacnho 7 | // OS : WinXP Pro, OllyDbg 1.10 Final, OllyScript v0.85 8 | ///////////////////////////////////////////////////////// 9 | */ 10 | sti 11 | sti 12 | eob Break 13 | esto 14 | Break: 15 | run 16 | esto 17 | an eip 18 | log eip 19 | cmt eip, "This is the OEP!!!" 20 | MSG "Dumped and fix IAT now! Thanx for using my Script...!" 21 | ret -------------------------------------------------------------------------------- /NsPack/NsPack 2.9 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | /* 2 | ////////////////////////////////////////////////////////// 3 | // nSPack 2.9 OEP Finder 4 | // Author: Max_Zero 5 | // Email : max_zero130@yahoo.de 6 | // Website: www.max_zero.6x.to 7 | ///////////////////////////////////////////////////////// 8 | */ 9 | 10 | sto 11 | find eip, #619DE9# 12 | go $RESULT 13 | sto 14 | sto 15 | sto 16 | msg "Script finished! You are on the OEP! " 17 | msg "Dump it and rebuild the IAT " 18 | msg "Have fun! Generic OEP Finder {nSPack 2.9} by Max_Zero " 19 | 20 | 21 | -------------------------------------------------------------------------------- /Upx s h i t/UPX (Protector) Shit.txt: -------------------------------------------------------------------------------- 1 | /* 2 | ////////////////////////////////////////////////// 3 | Author: ~Hellsp@wN~ 4 | Email : alt-fox@mail.ru 5 | OS : OllyDbg 1.10 with OllyScript plugin v0.7 6 | Date : 29.06.2004 7 | 8 | Support with: 9 | UPXShit 0.0x UPX Protector v1.0x 10 | (and may be some Scramble UPX) 11 | ////////////////////////////////////////////////// 12 | */ 13 | 14 | var t 15 | 16 | mov t,esp 17 | sub t,4 18 | 19 | EOB Break 20 | bphws t, "r" 21 | esto 22 | 23 | Break: 24 | bphwc t 25 | bphws t, "r" 26 | esto 27 | bphwc t 28 | sto 29 | cmt eip, "This is the entry point (OEP)" 30 | ret -------------------------------------------------------------------------------- /ASProtect/ASProtect 1.3 Lite OEP Finder.txt: -------------------------------------------------------------------------------- 1 | var cbase 2 | gmi eip, CODEBASE 3 | mov cbase, $RESULT 4 | log cbase 5 | var csize 6 | gmi eip, CODESIZE 7 | mov csize, $RESULT 8 | log csize 9 | 10 | var k 11 | var l 12 | eoe lab1 13 | eob lab1 14 | run 15 | 16 | lab1: 17 | mov k,esp 18 | add k,40 19 | mov l,[k] 20 | cmp l,400000 21 | je lab2 22 | esto 23 | 24 | lab2: 25 | bprm cbase, csize 26 | eob end 27 | eoe end 28 | esto 29 | 30 | end: 31 | cmt eip,"OEP or tempOEP" 32 | bpmc 33 | ret -------------------------------------------------------------------------------- /MEW/mew10_1_0.txt: -------------------------------------------------------------------------------- 1 | /* 2 | // OEP FINDER FOR: Mew 10 exe-coder 1.0 by Northfox 3 | // AUTHOR : SMoKE (smoke@freenet.am) 4 | // OS : WinXP SP1, OllyDbg v1.10c, OllyScript v0.8 5 | // INFOZ : dump at OEP and simply fix import table by ImpRec 6 | */ 7 | 8 | 9 | var X 10 | gpa "LoadLibraryA", "kernel32.dll" 11 | bphws $RESULT, "x" 12 | eob label1 13 | run 14 | label1: 15 | bphwc $RESULT 16 | mov X, [esp] 17 | bp X 18 | eob label2 19 | run 20 | label2: 21 | bc X 22 | findop eip, #C3# 23 | bp $RESULT 24 | eob label3 25 | run 26 | label3: 27 | bc $RESULT 28 | sto 29 | cmt eip, "OEP Reached !" 30 | ret -------------------------------------------------------------------------------- /ASProtect/ASProtect_OEP_1.3.txt: -------------------------------------------------------------------------------- 1 | var cbase 2 | gmi eip, CODEBASE 3 | mov cbase, $RESULT 4 | log cbase 5 | var csize 6 | gmi eip, CODESIZE 7 | mov csize, $RESULT 8 | log csize 9 | 10 | var k 11 | var l 12 | eoe lab1 13 | eob lab1 14 | run 15 | 16 | lab1: 17 | mov k,esp 18 | add k,40 19 | mov l,[k] 20 | cmp l,400000 21 | je lab2 22 | esto 23 | 24 | lab2: 25 | bprm cbase, csize 26 | eob end 27 | eoe end 28 | esto 29 | 30 | end: 31 | cmt eip,"OEP or tempOEP" 32 | bpmc 33 | ret 34 | 35 | 36 | -------------------------------------------------------------------------------- /MEW/MEW 1.0 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | /* 2 | // OEP FINDER FOR: Mew 10 exe-coder 1.0 by Northfox 3 | // AUTHOR : SMoKE (smoke@freenet.am) 4 | // OS : WinXP SP1, OllyDbg v1.10c, OllyScript v0.8 5 | // INFOZ : dump at OEP and simply fix import table by ImpRec 6 | */ 7 | 8 | 9 | var X 10 | gpa "LoadLibraryA", "kernel32.dll" 11 | bphws $RESULT, "x" 12 | eob label1 13 | run 14 | label1: 15 | bphwc $RESULT 16 | mov X, [esp] 17 | bp X 18 | eob label2 19 | run 20 | label2: 21 | bc X 22 | findop eip, #C3# 23 | bp $RESULT 24 | eob label3 25 | run 26 | label3: 27 | bc $RESULT 28 | sto 29 | cmt eip, "OEP Reached !" 30 | ret -------------------------------------------------------------------------------- /Upx s h i t/UPX & UPXShit 0.6 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | /* 2 | EOP finder for upxshit 0.6 (snaker) & UPX 3 | It also works for a "standalone" UPX packed program 4 | 5 | Author : mimas 6 | */ 7 | 8 | var x 9 | 10 | loop: 11 | findop eip, #E9??# // find jump to next loop 12 | mov x, $RESULT 13 | sub x, eip 14 | cmp x, 10 // (@jmp - eip) use to be 10, 15 | // we can handle different loop size this way 16 | ja stub 17 | go $RESULT 18 | sto 19 | jmp loop 20 | 21 | stub: 22 | // the terrific UPX OEP finder 23 | eob end 24 | sto 25 | mov x, esp 26 | bphws x, "r" 27 | run 28 | 29 | end: 30 | bphwc x 31 | sto 32 | ret -------------------------------------------------------------------------------- /Upx s h i t/UPXSHIT 0.06 AND UPX OEP-FINDER.txt: -------------------------------------------------------------------------------- 1 | /* 2 | EOP finder for upxshit 0.6 (snaker) & UPX 3 | It also works for a "standalone" UPX packed program 4 | 5 | Author : mimas 6 | */ 7 | 8 | var x 9 | 10 | loop: 11 | findop eip, #E9??# // find jump to next loop 12 | mov x, $RESULT 13 | sub x, eip 14 | cmp x, 10 // (@jmp - eip) use to be 10, 15 | // we can handle different loop size this way 16 | ja stub 17 | go $RESULT 18 | sto 19 | jmp loop 20 | 21 | stub: 22 | // the terrific UPX OEP finder 23 | eob end 24 | sto 25 | mov x, esp 26 | bphws x, "r" 27 | run 28 | 29 | end: 30 | bphwc x 31 | sto 32 | ret -------------------------------------------------------------------------------- /MEW/MEW 10 SE v1.0 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | /* 2 | // OEP FINDER FOR: Mew 10 exe-coder 1.0 by Northfox 3 | // AUTHOR : SMoKE (smoke@freenet.am) 4 | // OS : WinXP SP1, OllyDbg v1.10c, OllyScript v0.8 5 | // INFOZ : dump at OEP and simply fix import table by ImpRec 6 | */ 7 | 8 | 9 | var X 10 | gpa "LoadLibraryA", "kernel32.dll" 11 | bphws $RESULT, "x" 12 | eob label1 13 | run 14 | label1: 15 | bphwc $RESULT 16 | mov X, [esp] 17 | bp X 18 | eob label2 19 | run 20 | label2: 21 | bc X 22 | findop eip, #C3# 23 | bp $RESULT 24 | eob label3 25 | run 26 | label3: 27 | bc $RESULT 28 | sto 29 | cmt eip, "OEP Reached !" 30 | ret -------------------------------------------------------------------------------- /PeX/PEX_0_99.TXT: -------------------------------------------------------------------------------- 1 | // PeX 0.99 OEP Finder 2 | // by FEUERRADER [AHTeam] 3 | // http://ahteam.org 4 | 5 | /* 6 | IMPORTANT NOTE: before using this script, CHECK following option - 7 | Menu -> Options -> Debugging options -> Exceptions -> INT3 breaks 8 | Script willnot work if u do not do that!!!! 9 | */ 10 | 11 | var s 12 | 13 | eob Break 14 | eoe exp1 15 | mov s, eip 16 | add s, 01 17 | bphws s, "x" 18 | run 19 | 20 | exp1: 21 | esto 22 | 23 | Break: 24 | eob Break2 25 | bphwc s 26 | findop eip, #EB01# 27 | bphws $RESULT, "x" 28 | run 29 | 30 | Break2: 31 | bphwc $RESULT 32 | sto 33 | sto 34 | sto 35 | sto 36 | sto 37 | cmt eip, "OEP" 38 | ret -------------------------------------------------------------------------------- /mPack/mPack 0.0.3 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | /* 2 | ////////////////////////////////////////////////////////////////////////////// 3 | mPack 0.0.3 Main OEP finder 4 | Author: KuNgBiM 5 | Email : kungbim@163.com 6 | OS : Winxp sp1,OllyDbg 1.1,ODbgScript1.53 7 | Date : 2007-06-12 8 | Config: N/A 9 | Note : If you have one or more question, email me please,thank you! 10 | ////////////////////////////////////////////////////////////////////////////// 11 | */ 12 | 13 | dbh 14 | sti 15 | sto 16 | mov addr,esp 17 | bphws addr,"r" 18 | run 19 | sti 20 | an eip 21 | cmt eip, "This is OEP! Find by KuNgBiM" 22 | msg "Script by KuNgBiM, Thank you for using my script!" 23 | ret -------------------------------------------------------------------------------- /Ezip/Ezip 1.0.txt: -------------------------------------------------------------------------------- 1 | /* 2 | ////////////////////////////////////////////////////////////// 3 | // EZip 1.0 OEP finder 4 | // Author: hacnho/VCT2k4 5 | // Email : hacnho@hotmail.com 6 | // Website: http://nhandan.info/hacnho 7 | // OS : WinXP Pro, OllyDbg 1.10 Final, OllyScript v0.85 8 | ///////////////////////////////////////////////////////// 9 | */ 10 | to 11 | sti 12 | eob Break 13 | findop eip, #60BE# 14 | run 15 | Break: 16 | bphws esp,"r" 17 | sto 18 | log eip 19 | cmt eip, "This is the OEP! Found by hacnho/VCT2k4" 20 | MSG "Dumped and fix IAT now! Thanx for using my Script...!" 21 | ret -------------------------------------------------------------------------------- /MEW/MEW 10 EXE-CODER 1.0 OEP-FINDER.txt: -------------------------------------------------------------------------------- 1 | /* 2 | // OEP FINDER FOR: Mew 10 exe-coder 1.0 by Northfox 3 | // AUTHOR : SMoKE (smoke@freenet.am) 4 | // OS : WinXP SP1, OllyDbg v1.10c, OllyScript v0.8 5 | // INFOZ : dump at OEP and simply fix import table by ImpRec 6 | */ 7 | 8 | 9 | var X 10 | gpa "LoadLibraryA", "kernel32.dll" 11 | bphws $RESULT, "x" 12 | eob label1 13 | run 14 | label1: 15 | bphwc $RESULT 16 | mov X, [esp] 17 | bp X 18 | eob label2 19 | run 20 | label2: 21 | bc X 22 | findop eip, #C3# 23 | bp $RESULT 24 | eob label3 25 | run 26 | label3: 27 | bc $RESULT 28 | sto 29 | cmt eip, "OEP Reached !" 30 | ret -------------------------------------------------------------------------------- /BamBam/BamBam 0.04 OEP Finder + Dumper.txt: -------------------------------------------------------------------------------- 1 | //////////////////////////////////////////////////////// 2 | // AORE TEAM 3 | // 4 | // script by TallfaZ 24/03/2007 5 | // This script unpacks BamBam 6 | // 7 | // www.alalme.com\vb 8 | ////////////////////////////////////////////////////////// 9 | var tmp1 10 | 11 | gmemi 401000, MEMORYSIZE 12 | mov tmp1, $RESULT 13 | 14 | bprm 401000, tmp1 15 | run 16 | sto 17 | an 18 | 19 | bprm 401000, tmp1 20 | run 21 | an eip 22 | 23 | cmt eip, "OEP" 24 | msg "File is already dumped to same dir, just fireup ImpRec 'n fix IAT" 25 | dpe "Dump.exe", eip 26 | 27 | abort: 28 | ret 29 | 30 | 31 | 32 | -------------------------------------------------------------------------------- /Exe32Pack/exe32pack 1.42 - OEP Finder & Unpacker.txt: -------------------------------------------------------------------------------- 1 | // Script for OllyScript plugin by DarK_m00n - http://www.cim-team.wb.st 2 | 3 | 4 | 5 | 6 | var a 7 | eob Break 8 | findop eip,#5B# 9 | bphws $RESULT,"x" 10 | run 11 | Break: 12 | bphwc $RESULT 13 | dbh 14 | eob Break2 15 | findop eip,#BFFFE0# 16 | mov a,$RESULT 17 | inc a 18 | bphws a,"x" 19 | run 20 | Break2: 21 | bphwc a 22 | dbs 23 | sto 24 | an eip 25 | cmt eip,"OEP found by DarK_m00n | CiM" 26 | MSGYN "Do u wanna to Unpack it ?" 27 | cmp $RESULT,0 28 | je he_refuze 29 | mov a,"c:\D_file_unpacked.exe" 30 | dpe a,eip 31 | MSG a 32 | he_refuze: 33 | ret 34 | 35 | 36 | 37 | // -------------------------------------------------------------------------------- /G!X Protector/G!X Protector 1.2.txt: -------------------------------------------------------------------------------- 1 | / The amazing [url="http://anonym.to/?http://www.tuts4you.com/download.php?view.1915"]http://www.tuts4you.com/download.php?view.1915[/url] 2 | // This script will quickly put you at the OEP of an packed EXE. 3 | // Just run it! 4 | // Implemented using hardware breakpoints (just for fun). 5 | 6 | eob Break 7 | findop eip, #6168# 8 | //search popad-calltooep 9 | bphws $RESULT, "x" 10 | run 11 | 12 | Break: 13 | sto 14 | sto 15 | bphwc $RESULT 16 | cmt eip, "<-- OEP found ! now dump and fix iat" 17 | msgyn "analize?? analizo?" 18 | cmp $RESULT,0 19 | je analiza 20 | analiza: 21 | log "analized!" 22 | an eip 23 | ret -------------------------------------------------------------------------------- /USSR/USSR OEP Finder.txt: -------------------------------------------------------------------------------- 1 | var espval 2 | var oep 3 | var g 4 | 5 | 6 | mov espval,esp 7 | sub espval,4 8 | bphws espval, "r" 9 | l1: 10 | run 11 | find eip, #64A1300000008B400C8B400C8D58208D48188333FF8B318B008B781889398D4424E0# 12 | cmp $RESULT,0 13 | je l1 14 | mov g,$RESULT 15 | bphws g,"x" 16 | bphwc espval 17 | run 18 | bphwc g 19 | fill eip,B1,90 20 | find eip, #68????????64FF350000000064892500000000CD03# 21 | cmp $RESULT,0 22 | je quit 23 | mov oep,$RESULT 24 | bphws oep,"x" 25 | run 26 | bphwc oep 27 | sti 28 | mov oep,[esp] 29 | bphws oep,"x" 30 | run 31 | bphwc oep 32 | MSG "OEP" 33 | ret 34 | quit 35 | MSG ":(" 36 | ret 37 | 38 | 39 | 40 | 41 | 42 | 43 | -------------------------------------------------------------------------------- /Virogen Crypt/virogen_075.txt: -------------------------------------------------------------------------------- 1 | /* 2 | //////////////////////////////////////////////////// 3 | // Virogen Crypt v0.75 OEP finder 4 | // Author: hacnho/VCT2k4 5 | // Email : hacnho@hotmail.com 6 | // Website: http://nhandan.info/hacnho 7 | // OS : WinXP Pro, OllyDbg 1.10 Final, OllyScript v0.85 8 | //////////////////////////////////////////////////// 9 | */ 10 | 11 | sti 12 | eob Break 13 | findop eip, #61# 14 | bphws esp,"r" 15 | run 16 | 17 | Break: 18 | sto 19 | sto 20 | sto 21 | sto 22 | sto 23 | sti 24 | sti 25 | sti 26 | an eip 27 | log eip 28 | cmt eip, "This is the OEP!!!" 29 | MSG "Dumped and fix IAT now! Thanx for using my Script...!" 30 | bphwc 408001 31 | ret 32 | -------------------------------------------------------------------------------- /WinUpack/WinUpack 0.31 - 0.32 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | //(Win)Upack 0.31-0.32 beta OEP finder 2 | //Made by GaBoR {RES} 3 | findop eip,#E8????????# 4 | cmp $RESULT,0 5 | jne bpushad 6 | sto 7 | find eip,#46AD# 8 | bphws $RESULT,"x" 9 | run 10 | bphwc $RESULT 11 | sto 12 | sto 13 | sto 14 | bp eip 15 | run 16 | eob test 17 | test: 18 | cmp eax,0 19 | je OEP 20 | run 21 | OEP: 22 | bc eip 23 | sti 24 | cmt eip,"OEP found by GaBoR {RES}" 25 | msg "Dump & fix IAT now!" 26 | ret 27 | bpushad: 28 | sto 29 | var t 30 | mov t,esp 31 | bphws t,"r" 32 | run 33 | bphwc t 34 | sti 35 | cmt eip,"OEP found by GaBoR {RES}" 36 | msg "Dump & fix IAT now!" 37 | ret -------------------------------------------------------------------------------- /ASProtect/ASProtect 1.22 - 1.23 Beta 21.txt: -------------------------------------------------------------------------------- 1 | /* 2 | ////////////////////////////////////////////////// 3 | Author: ~Hellsp@wN~ 4 | Email : alt-fox@mail.ru 5 | OS : OllyDbg 1.10 with OllyScript plugin v0.7 6 | Date : 29.06.2004 7 | 8 | Support with: 9 | ASProtect 1.22 - 1.23 Beta 21 (may be some bugs) 10 | ////////////////////////////////////////////////// 11 | */ 12 | 13 | var t 14 | mov t,esp 15 | sub t,4 16 | 17 | EOE Error 18 | EOB Break 19 | bphws t, "w" 20 | esto 21 | 22 | Error: 23 | esti 24 | bphwc t 25 | bphws t, "w" 26 | esto 27 | 28 | Break: 29 | bphwc t 30 | sto 31 | sto 32 | cmt eip, "This is the entry point (OEP)" 33 | ret -------------------------------------------------------------------------------- /Software Compress/Software Compress 1.x Unpacker.txt: -------------------------------------------------------------------------------- 1 | var iat_st 2 | var oep 3 | var imb 4 | rtr 5 | sti 6 | find eip,#8B8DA01C41008B85A41C4100# 7 | cmp $RESULT,0 8 | je quit 9 | bp $RESULT 10 | erun 11 | bc eip 12 | mov imb,[$RESULT+2] 13 | add imb,ebp 14 | mov iat_st,imb+4 15 | mov oep,iat_st+C 16 | mov imb,[imb] 17 | mov iat_st,[iat_st] 18 | mov oep,[oep] 19 | mov eip,oep+imb 20 | cmt eip,"This is the OEP" 21 | mov counter,imb 22 | add counter,3C 23 | mov counter,[counter] 24 | add counter,imb 25 | add counter,28 26 | mov [counter],oep 27 | add counter,58 28 | mov [counter],iat_st 29 | dpe "dump.exe", eip 30 | msg ""The file is completely unpacked!" 31 | ret 32 | quit: 33 | ret -------------------------------------------------------------------------------- /UPX Protector/UPX Protector 1.0x OEP Finder.txt: -------------------------------------------------------------------------------- 1 | /* 2 | //////////////////////////////////////////////////// 3 | // UPX Protector 1.0x OEP finder 4 | // Author: hacnho/VCT2k4 5 | // Email : hacnho@hotmail.com 6 | // Website: http://nhandan.info/hacnho 7 | // OS : WinXP Pro, OllyDbg 1.10 Final, OllyScript v0.85 8 | //////////////////////////////////////////////////// 9 | */ 10 | eob Break 11 | sti 12 | sti 13 | findop eip, #60# 14 | bphws $RESULT, "x" 15 | Break: 16 | run 17 | sto 18 | sti 19 | an eip 20 | log eip 21 | cmt eip, "This is the OEP! Found by hacnho/VCT2k4" 22 | MSG "Dumped and fix IAT now! Thanx for using my Script...!" 23 | bphwc $RESULT 24 | ret -------------------------------------------------------------------------------- /VBox/VBox 4.3 OEP Finder + IAT Repair.txt: -------------------------------------------------------------------------------- 1 | var oep 2 | var bdl 3 | var pth 4 | 5 | gpa "IsProcessorFeaturePresent","kernel32.dll" 6 | bp $RESULT 7 | erun 8 | bc eip 9 | rtu 10 | GMEMI eip, MEMORYBASE 11 | mov bdl,$RESULT 12 | find bdl,#FF7514FF7510FF750CFFD0# 13 | cmp $RESULT,0 14 | je quit 15 | mov oep,$RESULT+9 16 | find bdl,#8906EB02893E# 17 | cmp $RESULT,0 18 | je quit 19 | 20 | mov bdl,$RESULT 21 | bphws bdl,"x" 22 | cmt eip,"if Show Nag push try:)" 23 | erun 24 | 25 | mov [bdl+1],#3E# 26 | bphwc bdl 27 | 28 | bphws oep,"x" 29 | 30 | erun 31 | bphwc oep 32 | sti 33 | cmt eip,"<----OEP " 34 | MSG " OEP Faund! IAT fixed. Dump it" 35 | ret 36 | 37 | ret 38 | quit: 39 | ret -------------------------------------------------------------------------------- /Yodas Protector/Yodas Protector 1.0b OEP Finder.txt: -------------------------------------------------------------------------------- 1 | // yoda's Protector v1.0b goto oep script by sonkite 2 | // OllyDbg v1.10/XP, OllyScript v0.92, turn off all exceptions 3 | 4 | var bpx1 5 | var bpx2 6 | var bpx3 7 | var oep 8 | mov bpx1,eip 9 | mov bpx2,eip 10 | mov bpx3,eip 11 | add bpx1,4c4 12 | add bpx2,0dc8 13 | add bpx3,11e1 14 | dbh 15 | 16 | bphws bpx1, "x" 17 | run 18 | mov !zf,1 19 | run 20 | mov !zf,1 21 | bphwc bpx1 22 | 23 | bphws bpx2, "x" 24 | run 25 | mov !zf,1 26 | bphwc bpx2 27 | 28 | bphws bpx3, "x" 29 | run 30 | bphwc bpx3 31 | 32 | mov oep,edi 33 | bp oep 34 | run 35 | bc oep 36 | cmt oep, "This is the original entry point" -------------------------------------------------------------------------------- /ActiveMark/ActiveMark 5.xx Level 2 EP Finder.txt: -------------------------------------------------------------------------------- 1 | /* 2 | ActiveMark 5.xx 2nd layer EP finder 3 | Made by: GaBoR {RES} 4 | Thanks to: 5 | -CondZero for the great tuts on Activemark! 6 | -Lunar_Dust for the overlay method! 7 | Instructions: 8 | -hide Olly with OllyAdvanced plugin; 9 | */ 10 | 11 | var x 12 | gpa "GetModuleHandleA","kernel32.dll" 13 | mov x,$RESULT 14 | add x,9 15 | bpcnd x, "[ESP+08]==0" 16 | run 17 | run 18 | run 19 | run 20 | run 21 | run 22 | run 23 | run 24 | bc x 25 | mov x,esp 26 | add x,4 27 | bp [x] 28 | run 29 | bc [x] 30 | sto 31 | sto 32 | sto 33 | sto 34 | sto 35 | cmt eip,"2nd layer EP found by GaBoR {RES}" 36 | msg "Dump, fix IAT & add overlay!" 37 | ret 38 | -------------------------------------------------------------------------------- /ExeStealth/EXESTEALTH 2.7 OEP-FINDER.txt: -------------------------------------------------------------------------------- 1 | // EXEStealth v2.7 OEP Finder v0.1 2 | // by FEUERRADER [AHTeam] 3 | // http://ahteam.org 4 | 5 | var s 6 | var k 7 | 8 | eob Break 9 | mov s, esp 10 | sub s, 04 11 | bphws s, "r" 12 | run 13 | 14 | Break: 15 | eob Break2 16 | run 17 | 18 | Break2: 19 | eob B21 20 | eoe expp 21 | sto 22 | run 23 | 24 | expp: 25 | esto 26 | 27 | B21: 28 | bphwc s 29 | eob B3 30 | mov k, eax 31 | bp k 32 | run 33 | 34 | B3: 35 | bphwc k 36 | eob Br4 37 | findop eip, #C1C7# 38 | bphws $RESULT, "x" 39 | run 40 | 41 | Br4: 42 | bphwc $RESULT 43 | sto 44 | sto 45 | eob Br5 46 | mov k, edi 47 | bp k 48 | run 49 | 50 | Br5: 51 | bphwc k 52 | cmt eip, "OEP" 53 | ret -------------------------------------------------------------------------------- /ExeShield/Exe Shield 0.8 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | /* 2 | 11h21 PM Monday 10 January 2005 3 | ARM Protector 0.1 OEP Finder - EXE Shield 0.8 OEP Finder 4 | Author : dqtln 5 | Email : dqtlncrk@gmail.com 6 | OS : WinXP Pro SP1 , OllyDbg 1.10 , OllyScript 0.92 7 | Website : www.phudu.com 8 | For opinions & bugreport send me a email 9 | Thank you very much 10 | */ 11 | 12 | var x 13 | var y 14 | gmi eip,CODEBASE 15 | mov x,$RESULT 16 | gmi eip,CODESIZE 17 | mov y,$RESULT 18 | run 19 | esto 20 | bprm x,y 21 | esti 22 | run 23 | bpmc 24 | msg "Please press No if have a question" 25 | an eip 26 | cmt eip,"This is the OEP - Found by dqtln" 27 | msg "Dump and fix IAT now - Good day" 28 | ret -------------------------------------------------------------------------------- /ExeShield/ExeShield 0.8 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | /* 2 | 11h21 PM Monday 10 January 2005 3 | ARM Protector 0.1 OEP Finder - EXE Shield 0.8 OEP Finder 4 | Author : dqtln 5 | Email : dqtlncrk@gmail.com 6 | OS : WinXP Pro SP1 , OllyDbg 1.10 , OllyScript 0.92 7 | Website : www.phudu.com 8 | For opinions & bugreport send me a email 9 | Thank you very much 10 | */ 11 | 12 | var x 13 | var y 14 | gmi eip,CODEBASE 15 | mov x,$RESULT 16 | gmi eip,CODESIZE 17 | mov y,$RESULT 18 | run 19 | esto 20 | bprm x,y 21 | esti 22 | run 23 | bpmc 24 | msg "Please press No if have a question" 25 | an eip 26 | cmt eip,"This is the OEP - Found by dqtln" 27 | msg "Dump and fix IAT now - Good day" 28 | ret -------------------------------------------------------------------------------- /PEBundle/PEBundle 2.0x.txt: -------------------------------------------------------------------------------- 1 | /* 2 | ////////////////////////////////////////////////////////////// 3 | // PEBundle 2.0x - 2.4x OEP finder 4 | // Author: hacnho/VCT2k4 5 | // Email : hacnho@hotmail.com 6 | // Website: http://nhandan.info/hacnho 7 | // OS : WinXP Pro, OllyDbg 1.10 Final, OllyScript v0.85 8 | ///////////////////////////////////////////////////////// 9 | */ 10 | 11 | sti 12 | sti 13 | eob Break 14 | findop eip, #9D68# 15 | bphws esp,"r" 16 | run 17 | 18 | Break: 19 | sto 20 | sto 21 | sto 22 | an eip 23 | log eip 24 | cmt eip, "This is the OEP! Found by hacnho/VCT2k4" 25 | MSG "Dumped and fix IAT now! Thanx for using my Script...!" 26 | ret -------------------------------------------------------------------------------- /PECompact/PE COMPACT 0.9x OEP-FINDER.txt: -------------------------------------------------------------------------------- 1 | // Script for OllyScript plugin by SHaG - http://ollyscript.apsvans.com 2 | /* 3 | ////////////////////////////////////////////////// 4 | Author: ~Hellsp@wN~ 5 | Email : alt-fox@mail.ru 6 | OS : OllyDbg 1.10 with OllyScript plugin v0.7 7 | Date : 29.06.2004 8 | 9 | Support with: 10 | PECompact 0.9x 11 | ////////////////////////////////////////////////// 12 | */ 13 | 14 | 15 | var t 16 | 17 | mov t,esp 18 | sub t,4 19 | 20 | EOB Break 21 | bphws t, "r" 22 | run 23 | 24 | Break: 25 | bphwc t 26 | bphws t, "r" 27 | run 28 | bphwc t 29 | sto 30 | sto 31 | cmt eip, "This is the entry point (OEP)" 32 | ret 33 | 34 | // [BACK] -------------------------------------------------------------------------------- /Aspack/aspack_212.txt: -------------------------------------------------------------------------------- 1 | /* 2 | ////////////////////////////////////////////////////////////// 3 | // ASPack 2.12 OEP finder 4 | // Author: hacnho/VCT2k4 5 | // Email : hacnho@hotmail.com 6 | // Website: http://nhandan.info/hacnho 7 | // OS : WinXP Pro, OllyDbg 1.10 Final, OllyScript v0.85 8 | //////////////////////////////////////////////////////////// 9 | */ 10 | eob Break 11 | findop eip, #61# 12 | bphws $RESULT, "x" 13 | run 14 | Break: 15 | bphwc $RESULT 16 | sti 17 | sto 18 | sto 19 | sto 20 | log eip 21 | cmt eip, "This is the OEP! Found by hacnho/VCT2k4" 22 | MSG "Dumped and fix IAT now! Thanx for using my Script...!" 23 | ret -------------------------------------------------------------------------------- /NsPack/NsPack + Anti 007 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | //nspack && anti 007 ???? 2 | //code by skylly 3 | msg "??????" 4 | var VirtualProtect 5 | var VirtualFree 6 | gpa "VirtualFree","kernel32.dll" 7 | cmp $RESULT,0 8 | je err 9 | mov VirtualFree,$RESULT 10 | 11 | gpa "VirtualProtect","kernel32.dll" 12 | cmp $RESULT,0 13 | je err 14 | mov VirtualProtect,$RESULT 15 | 16 | bp VirtualFree 17 | esto 18 | esto 19 | bc VirtualFree 20 | var temp 21 | mov temp,[esp] 22 | bp temp 23 | esto 24 | bc temp //????? 25 | 26 | find eip,#9DE9# //popfd;jmp 27 | cmp $RESULT,0 28 | je err 29 | add $RESULT,1 30 | go $RESULT 31 | sto 32 | OEP: 33 | cmt eip,"OEP!" 34 | msg "OEP or Next Shell" 35 | ret 36 | err: 37 | msg "Error" 38 | ret -------------------------------------------------------------------------------- /PEBundle/pebundle_2x.txt: -------------------------------------------------------------------------------- 1 | /* 2 | ////////////////////////////////////////////////////////////// 3 | // PEBundle 2.0x - 2.4x OEP finder 4 | // Author: hacnho/VCT2k4 5 | // Email : hacnho@hotmail.com 6 | // Website: http://nhandan.info/hacnho 7 | // OS : WinXP Pro, OllyDbg 1.10 Final, OllyScript v0.85 8 | ///////////////////////////////////////////////////////// 9 | */ 10 | sti 11 | sti 12 | eob Break 13 | findop eip, #9D68# 14 | bphws esp,"r" 15 | run 16 | Break: 17 | sto 18 | sto 19 | sto 20 | an eip 21 | log eip 22 | cmt eip, "This is the OEP! Found by hacnho/VCT2k4" 23 | MSG "Dumped and fix IAT now! Thanx for using my Script...!" 24 | ret -------------------------------------------------------------------------------- /RLPack/RLPack 1.14 (Basic Edition) OEP Finder.txt: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // OEP Find Script for RLPack 1.14 Basic Edition 3 | // Coded by: PiONEER {RES} 4 | // Greetz to: {RES},ICU,ARTeam,SnD,B@S,CiM,AS.MS 5 | // Data: 00:01 26.03.2007 6 | // Environment : WinXP SP1,OllyDbg V1.10,ODbgScript V1.48 7 | // Contact: -http://www.appzclub.tk - or - admin@appzclub.tk 8 | ////////////////////////////////////////////////////////////////////////////// 9 | 10 | start: 11 | sto 12 | bphws esp, "r" 13 | run 14 | bphwc esp 15 | sto 16 | sto 17 | msg "OEP found! - Now dump and fix the IAT!" 18 | cmt eip, "<-- OEP found by PiO - TEAM {RES}!" 19 | ret 20 | end: -------------------------------------------------------------------------------- /PeX/PeX 0.99 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | // PeX 0.99 OEP Finder 2 | // by FEUERRADER [AHTeam] 3 | // http://ahteam.org 4 | 5 | /* 6 | IMPORTANT NOTE: before using this script, CHECK following option - 7 | Menu -> Options -> Debugging options -> Exceptions -> INT3 breaks 8 | Script willnot work if u do not do that!!!! 9 | */ 10 | 11 | var s 12 | 13 | eob Break 14 | eoe exp1 15 | mov s, eip 16 | add s, 01 17 | bphws s, "x" 18 | run 19 | 20 | exp1: 21 | esto 22 | 23 | Break: 24 | eob Break2 25 | bphwc s 26 | findop eip, #EB01# 27 | bphws $RESULT, "x" 28 | run 29 | 30 | Break2: 31 | bphwc $RESULT 32 | sto 33 | sto 34 | sto 35 | sto 36 | sto 37 | cmt eip, "OEP" 38 | ret -------------------------------------------------------------------------------- /visual protect/Visual Protect 3.xx OEP Finder + IAT Repair.txt: -------------------------------------------------------------------------------- 1 | var oep 2 | var gp 3 | ask "Enter address code section vp.dll" 4 | cmp $RESULT,0 5 | je quit 6 | 7 | mov bdl,$RESULT 8 | GMEMI bdl, MEMORYBASE 9 | mov bdl,$RESULT 10 | find bdl,#E8????????FF65FC# 11 | cmp $RESULT,0 12 | je quit 13 | mov oep,$RESULT+5 14 | 15 | /* 16 | 003C5FED E8 46BCFFFF CALL VP.003C1C38 17 | 003C5FF2 FF65 FC JMP DWORD PTR SS:[EBP-4] 18 | 19 | */ 20 | find bdl,#8A1A428BF381E6FF0000008BCE8D45F8# 21 | cmp $RESULT,0 22 | je quit 23 | mov gp,$RESULT+33 24 | asm gp, "Call GetProcAddress" 25 | bp oep 26 | erun 27 | sti 28 | cmt eip,"<--oep" 29 | msg " Oep Faund Iat fix" 30 | ret 31 | quit: 32 | msg "Not Visage" 33 | ret -------------------------------------------------------------------------------- /PECompact/Pe Compackt neuste version.txt: -------------------------------------------------------------------------------- 1 | // Script for OllyScript plugin by SHaG - http://ollyscript.apsvans.com 2 | /* 3 | 4:40 AM 11/12/2004 4 | PECompact 2.40 OEP Finder 5 | Author : dqtln 6 | Email : dqtlncrk@gmail.com 7 | OS : WinXP Pro SP1 , OllyDbg 1.10 , OllyScript 0.85 8 | Website : www.phudu.com 9 | */ 10 | 11 | sto 12 | sto 13 | sto 14 | sto 15 | sto 16 | sto 17 | esti 18 | sto 19 | sto 20 | sto 21 | sto 22 | sto 23 | sto 24 | sto 25 | sto 26 | sto 27 | sto 28 | sto 29 | findop eip,#FFE0# 30 | bp $RESULT 31 | run 32 | bc eip 33 | sto 34 | cmt eip,"This is the OEP - Found by dqtln" 35 | msg "Dump and fix IAT now - Thanks for using my script" 36 | ret 37 | 38 | // [BACK] -------------------------------------------------------------------------------- /visual protect/Visual Protect 3.xx OEP Finder + IAT Repair(2).txt: -------------------------------------------------------------------------------- 1 | var oep 2 | var gp 3 | ask "Enter address code section vp.dll" 4 | cmp $RESULT,0 5 | je quit 6 | 7 | mov bdl,$RESULT 8 | GMEMI bdl, MEMORYBASE 9 | mov bdl,$RESULT 10 | find bdl,#E8????????FF65FC# 11 | cmp $RESULT,0 12 | je quit 13 | mov oep,$RESULT+5 14 | 15 | /* 16 | 003C5FED E8 46BCFFFF CALL VP.003C1C38 17 | 003C5FF2 FF65 FC JMP DWORD PTR SS:[EBP-4] 18 | 19 | */ 20 | find bdl,#8A1A428BF381E6FF0000008BCE8D45F8# 21 | cmp $RESULT,0 22 | je quit 23 | mov gp,$RESULT+33 24 | asm gp, "Call GetProcAddress" 25 | bp oep 26 | erun 27 | sti 28 | cmt eip,"<--oep" 29 | msg " Oep Faund Iat fix" 30 | ret 31 | quit: 32 | msg "Not Visage" 33 | ret -------------------------------------------------------------------------------- /Virogen Crypt/VIROGEN CRYPT 0.75 OEP-FINDER.txt: -------------------------------------------------------------------------------- 1 | /* 2 | //////////////////////////////////////////////////// 3 | // Virogen Crypt v0.75 OEP finder 4 | // Author: hacnho/VCT2k4 5 | // Email : hacnho@hotmail.com 6 | // Website: http://nhandan.info/hacnho 7 | // OS : WinXP Pro, OllyDbg 1.10 Final, OllyScript v0.85 8 | //////////////////////////////////////////////////// 9 | */ 10 | 11 | sti 12 | eob Break 13 | findop eip, #61# 14 | bphws esp,"r" 15 | run 16 | 17 | Break: 18 | sto 19 | sto 20 | sto 21 | sto 22 | sto 23 | sti 24 | sti 25 | sti 26 | an eip 27 | log eip 28 | cmt eip, "This is the OEP!!!" 29 | MSG "Dumped and fix IAT now! Thanx for using my Script...!" 30 | bphwc 408001 31 | ret 32 | -------------------------------------------------------------------------------- /Virogen Crypt/Virogen Crypt 0.75 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | /* 2 | //////////////////////////////////////////////////// 3 | // Virogen Crypt v0.75 OEP finder 4 | // Author: hacnho/VCT2k4 5 | // Email : hacnho@hotmail.com 6 | // Website: http://nhandan.info/hacnho 7 | // OS : WinXP Pro, OllyDbg 1.10 Final, OllyScript v0.85 8 | //////////////////////////////////////////////////// 9 | */ 10 | 11 | sti 12 | eob Break 13 | findop eip, #61# 14 | bphws esp,"r" 15 | run 16 | 17 | Break: 18 | sto 19 | sto 20 | sto 21 | sto 22 | sto 23 | sti 24 | sti 25 | sti 26 | an eip 27 | log eip 28 | cmt eip, "This is the OEP!!!" 29 | MSG "Dumped and fix IAT now! Thanx for using my Script...!" 30 | bphwc 408001 31 | ret 32 | -------------------------------------------------------------------------------- /VPacker/VPacker 0.02.10 - Pack 4.0 OEP Finder + Dumper.txt: -------------------------------------------------------------------------------- 1 | //////////////////////////////////////////////////////// 2 | // AORE TEAM 3 | // 4 | // script by TallfaZ 24/03/2007 5 | // This script unpacks eiter VPacker_0.02.10 and Pack_4.0 6 | // 7 | // www.alalme.com\vb 8 | ////////////////////////////////////////////////////////// 9 | 10 | var tmp1 11 | 12 | msg "Please ignore the INT3 and all CUSTOM EXCEPTIONS then click OK" 13 | 14 | gmemi 401000, MEMORYSIZE 15 | mov tmp1, $RESULT 16 | 17 | run 18 | 19 | bprm 401000, tmp1 20 | 21 | esto 22 | an eip 23 | 24 | msg "File is already dumped to same dir, just fireup ImpRec 'n fix IAT" 25 | dpe "Dump.exe", eip 26 | 27 | abort: 28 | ret 29 | 30 | -------------------------------------------------------------------------------- /普通脱壳脚本/AsPack v2.12.osc: -------------------------------------------------------------------------------- 1 | /* 2 | ////////////////////////////////////////////////////////////// 3 | // ASPack 2.12 OEP finder 4 | // Author: hacnho/VCT2k4 5 | // Email : hacnho@hotmail.com 6 | // Website: http://nhandan.info/hacnho 7 | // OS : WinXP Pro, OllyDbg 1.10 Final, OllyScript v0.85 8 | //////////////////////////////////////////////////////////// 9 | */ 10 | eob Break 11 | findop eip, #61# 12 | bphws $RESULT, "x" 13 | run 14 | Break: 15 | bphwc $RESULT 16 | sti 17 | sto 18 | sto 19 | sto 20 | log eip 21 | cmt eip, "This is the OEP! Found by hacnho/VCT2k4" 22 | MSG "Dumped and fix IAT now! Thanx for using my Script...!" 23 | ret -------------------------------------------------------------------------------- /ActiveMark/ActiveMark 5.xx Level 2 EP Finder [GaBoR].txt: -------------------------------------------------------------------------------- 1 | /* 2 | ActiveMark 5.xx 2nd layer EP finder 3 | Made by: GaBoR {RES} 4 | Thanks to: 5 | -CondZero for the great tuts on Activemark! 6 | -Lunar_Dust for the overlay method! 7 | Instructions: 8 | -hide Olly with OllyAdvanced plugin; 9 | */ 10 | 11 | var x 12 | gpa "GetModuleHandleA","kernel32.dll" 13 | mov x,$RESULT 14 | add x,9 15 | bpcnd x, "[ESP+08]==0" 16 | run 17 | run 18 | run 19 | run 20 | run 21 | run 22 | run 23 | run 24 | bc x 25 | mov x,esp 26 | add x,4 27 | bp [x] 28 | run 29 | bc [x] 30 | sto 31 | sto 32 | sto 33 | sto 34 | sto 35 | cmt eip,"2nd layer EP found by GaBoR {RES}" 36 | msg "Dump, fix IAT & add overlay!" 37 | ret 38 | -------------------------------------------------------------------------------- /LARP/LARP 2.0 IAT Repair.txt: -------------------------------------------------------------------------------- 1 | /* 2 | LARP 2.0 IAT Repair 3 | 4 | Author: quosego 5 | */ 6 | 7 | var addr 8 | var addr2 9 | var addr3 10 | var addr7 11 | var oep 12 | 13 | 14 | mov addr,00401000 15 | mov oep,eip 16 | 17 | CALLS_01: 18 | find addr,#68????1600C3# 19 | cmp $RESULT,0 20 | je END_01 21 | mov eip, $RESULT 22 | mov addr, $RESULT 23 | sti 24 | sti 25 | mov addr2,eip 26 | add addr2,2 27 | mov addr3, [addr2] 28 | //mov addr7,[addr3] 29 | 30 | mov addr7, addr 31 | mov [addr7], 25ff 32 | add addr7,2 33 | mov [addr7], addr3 34 | 35 | LABEL_01: 36 | add addr,2 37 | jmp CALLS_01 38 | 39 | END_01: 40 | mov eip,oep 41 | ret -------------------------------------------------------------------------------- /MoleBox/MoleBox 2.57 OEP finder .txt: -------------------------------------------------------------------------------- 1 | /* 2 | //////////////////////////////////////////////////////////////////// 3 | // MoleBox 2.57 OEP finder // 4 | // Author: WaSt3d_ByTes // 5 | // Email : wast3dbytes@gmail.com // 6 | // OS : WinXP Pro + SP2, OllyDbg 1.10 Final, OllyScript v0.92 // 7 | /////////////////////////////////////////////////////////////// 8 | */ 9 | 10 | 11 | var x 12 | 13 | sti 14 | mov x,esp 15 | bphws x,"r" 16 | run 17 | sti 18 | sti 19 | bphwc x 20 | cmt eip,"OEP found by WaSt3d_ByTes" 21 | msg "Dump & fix the IAT.Thank you for using my script..." 22 | ret -------------------------------------------------------------------------------- /CDS SS/Cds ss 1.0beta winunpack.txt: -------------------------------------------------------------------------------- 1 | //by Apuromafo 2 | //two works in my pc with this script 3 | var dime 4 | var temp 5 | var addr 6 | mov addr,eax 7 | cmp addr,0 8 | je dime 9 | //if im in "retn" my eax not is 0 and think that is WinUpack 10 | gpa "LoadLibraryA","kernel32.dll" 11 | bp $RESULT 12 | run 13 | bc eip 14 | rtu //return to user ..etc 15 | find eip,#c3# 16 | mov temp, $RESULT 17 | bp temp 18 | run 19 | bc temp 20 | sti 21 | jmp dime 22 | //this get from pushad..to oep simple? 23 | dime: 24 | sti 25 | //call 26 | mov addr,esp 27 | bphws addr,"r" 28 | run 29 | bphwc addr 30 | //jmp eax 31 | sti 32 | //oep 33 | an eip 34 | cmt eip,"<- this is the OEP, dump and fix the iat" 35 | ret 36 | 37 | -------------------------------------------------------------------------------- /MoleBox/MOLEBOX 2.X.X.X OEP FINDER.txt: -------------------------------------------------------------------------------- 1 | // Script for OllyScript plugin by SHaG - http://ollyscript.apsvans.com 2 | /* 3 | ////////////////////////////////////////////////////////////////////////// 4 | // MoleBox v2.x.x.x OEP finder 5 | // Author: Newbie Cracker (MS) 6 | // Email : newbie_cracker_ms@yahoo.com 7 | // OS : WinXP Pro, OllyDbg 1.10 Final, OllyScript v0.85 8 | ////////////////////////////////////////////////////////////////////////// 9 | */ 10 | 11 | eob Break 12 | sti 13 | sti 14 | sti 15 | find eip, #61FFE0# 16 | bphws $RESULT, "x" 17 | run 18 | 19 | Break: 20 | bphwc $RESULT 21 | sti 22 | sti 23 | log eip 24 | cmt eip, "This is the OEP found by my sciprt!" 25 | MSG "Dump and fix IAT now!" 26 | ret -------------------------------------------------------------------------------- /SecuROM/SecuROM 7.xx Jump Bridge & Crypted Code Fixer.txt: -------------------------------------------------------------------------------- 1 | //Securom 7.x Jump Bridge & Crypted Code Fixer by Human/MiNT 2 | var oep 3 | var oldesp 4 | var scan 5 | var tmp 6 | 7 | mov oep,eip 8 | mov oldesp,esp 9 | mov scan,401000 10 | 11 | scan_bridge: 12 | find scan,#FF25??????06# 13 | cmp $RESULT,0 14 | je end_bridge 15 | mov eip,$RESULT 16 | mov scan,$RESULT+2 17 | mov tmp,[scan] 18 | eob do_bridge 19 | 20 | bphws tmp,"w" 21 | run 22 | 23 | do_bridge: 24 | bphwc tmp 25 | eob do_bridge2 26 | bphws [tmp],"x" 27 | do_crypted: 28 | run 29 | 30 | do_bridge2: 31 | cmp [eip],E8,1 32 | je do_crypted 33 | bphwc [tmp] 34 | mov esp,oldesp 35 | jmp scan_bridge 36 | 37 | end_bridge: 38 | mov eip,oep 39 | tick 40 | log $RESULT 41 | ret 42 | -------------------------------------------------------------------------------- /Aspack/ASPACK 2.12 [hacnho[VCT2k4]].txt: -------------------------------------------------------------------------------- 1 | /* 2 | ////////////////////////////////////////////////////////////// 3 | // ASPack 2.12 OEP finder 4 | // Author: hacnho/VCT2k4 5 | // Email : hacnho@hotmail.com 6 | // Website: http://nhandan.info/hacnho 7 | // OS : WinXP Pro, OllyDbg 1.10 Final, OllyScript v0.85 8 | //////////////////////////////////////////////////////////// 9 | */ 10 | eob Break 11 | findop eip, #61# 12 | bphws $RESULT, "x" 13 | run 14 | Break: 15 | bphwc $RESULT 16 | sti 17 | sto 18 | sto 19 | sto 20 | log eip 21 | cmt eip, "This is the OEP! Found by hacnho/VCT2k4" 22 | MSG "Dumped and fix IAT now! Thanx for using my Script...!" 23 | ret -------------------------------------------------------------------------------- /Hmimys Packer/Hmimys Packer 1.2 And 1.3 Oep.txt: -------------------------------------------------------------------------------- 1 | // Hmimys Packer 1.? 2 | // by Apuromafo 3 | var temp 4 | //01011CD8 > $ E8 95000000 CALL Hmimys_P.01011D72 5 | sti 6 | //01011D72 /$ 5E POP ESI 7 | //01011D73 |. AD LODS DWORD PTR DS:[ESI] 8 | //01011D74 |. 50 PUSH EAX 9 | find eip, #c3# 10 | //find 1rst ret 11 | mov temp, $RESULT 12 | bphws temp, "x" 13 | run 14 | bphwc temp 15 | //in "ret" 16 | sti 17 | //oep 18 | //01006420 . 55 PUSH EBP 19 | //01006421 . 8BEC MOV EBP,ESP 20 | //01006423 . 6A FF PUSH -1 21 | //01006425 . 68 88180001 PUSH Hmimys_P.01001888 22 | an eip 23 | cmt eip,"<- this is the OEP, dump and fix the iat" 24 | ret -------------------------------------------------------------------------------- /Simple pack/SimplePack 1.2 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | //simplepack 1.2 go to oep 2 | //code by skylly 3 | var codebase 4 | mov codebase,400000 5 | find codebase,#CD2E# //int 2E 6 | cmp $RESULT,0 7 | je start 8 | mov [$RESULT],#9090# 9 | start: 10 | gpa "VirtualProtect","kernel32.dll" 11 | cmp $RESULT,0 12 | je err 13 | bp $RESULT 14 | esto 15 | bc $RESULT 16 | rtu 17 | find eip,#61# //popad 18 | cmp $RESULT,0 19 | je method2 20 | log "method1" 21 | bp $RESULT 22 | esto 23 | bc $RESULT 24 | sti 25 | sti 26 | sti 27 | jmp oep 28 | method2: 29 | log "method2" 30 | find eip,#FFE0# //jmp eax 31 | cmp $RESULT,0 32 | je err 33 | bp $RESULT 34 | esto 35 | bc $RESULT 36 | sti 37 | oep: 38 | cmt eip,"oep" 39 | an eip 40 | ret 41 | err: 42 | msg "error" 43 | ret -------------------------------------------------------------------------------- /Simple pack/SimplePack 1.21 OEP Finder #1.txt: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // OEP Find Script for SimplePack 1.21 3 | // Coded by: PiONEER {RES} 4 | // Team RESURRECTiON 5 | // Greetz to: {RES},ICU,ARTeam,SnD,B@S,CiM,AS.MS 6 | // Data: 00:01 26.03.2007 7 | // Environment : WinXP SP1,OllyDbg V1.10,ODbgScript V1.48 8 | // Contact: http://www.appzclub.tk - or - admin@appzclub.tk 9 | ////////////////////////////////////////////////////////////////////////////// 10 | 11 | start: 12 | find eip, #60# 13 | sto 14 | bphws esp,"r" 15 | run 16 | bphwc esp 17 | sto 18 | sto 19 | msg "OEP found! - Now dump and fix the IAT!" 20 | cmt eip, "<-- OEP found by PiO - TEAM {RES}!" 21 | ret 22 | end: -------------------------------------------------------------------------------- /winunpack/Cds ss 1.0beta winunpack.txt: -------------------------------------------------------------------------------- 1 | //by Apuromafo 2 | //two works in my pc with this script 3 | var dime 4 | var temp 5 | var addr 6 | mov addr,eax 7 | cmp addr,0 8 | je dime 9 | //if im in "retn" my eax not is 0 and think that is WinUpack 10 | gpa "LoadLibraryA","kernel32.dll" 11 | bp $RESULT 12 | run 13 | bc eip 14 | rtu //return to user ..etc 15 | find eip,#c3# 16 | mov temp, $RESULT 17 | bp temp 18 | run 19 | bc temp 20 | sti 21 | jmp dime 22 | //this get from pushad..to oep simple? 23 | dime: 24 | sti 25 | //call 26 | mov addr,esp 27 | bphws addr,"r" 28 | run 29 | bphwc addr 30 | //jmp eax 31 | sti 32 | //oep 33 | an eip 34 | cmt eip,"<- this is the OEP, dump and fix the iat" 35 | ret 36 | 37 | -------------------------------------------------------------------------------- /ExeStealth/ExeStealth 2.7 OEP Finder v0.1.txt: -------------------------------------------------------------------------------- 1 | // EXEStealth v2.7 OEP Finder v0.1 2 | // by FEUERRADER [AHTeam] 3 | // http://ahteam.org 4 | 5 | var s 6 | var k 7 | 8 | eob Break 9 | mov s, esp 10 | sub s, 04 11 | bphws s, "r" 12 | run 13 | 14 | Break: 15 | eob Break2 16 | run 17 | 18 | Break2: 19 | eob B21 20 | eoe expp 21 | sto 22 | run 23 | 24 | expp: 25 | esto 26 | 27 | B21: 28 | bphwc s 29 | eob B3 30 | mov k, eax 31 | bp k 32 | run 33 | 34 | B3: 35 | bphwc k 36 | eob Br4 37 | findop eip, #C1C7# 38 | bphws $RESULT, "x" 39 | run 40 | 41 | Br4: 42 | bphwc $RESULT 43 | sto 44 | sto 45 | eob Br5 46 | mov k, edi 47 | bp k 48 | run 49 | 50 | Br5: 51 | bphwc k 52 | cmt eip, "OEP" 53 | ret -------------------------------------------------------------------------------- /FatMike/FatMike IAT Resolver Script.txt: -------------------------------------------------------------------------------- 1 | ============================ 2 | /* 3 | Fatmike MUPme IAT resolver script 4 | ******************** 5 | nick_name 6 | TEAM RESSURRECTiON 7 | ******************** 8 | */ 9 | 10 | DEFINE_BEFORE_EXECUTION: 11 | dbh 12 | mov iat_start,10010c0 13 | mov iat_end,10010c8 14 | mov bp_addr,901698 15 | 16 | lc 17 | lclr 18 | bp bp_addr 19 | 20 | LOOP: 21 | mov iat_entry,[iat_start] 22 | cmp iat_entry,00 23 | je INCR 24 | mov eip,iat_entry 25 | run 26 | mov [iat_start],edx 27 | gn edx 28 | eval "{iat_start} :: {edx}={$RESULT}" 29 | log $RESULT,"" 30 | 31 | INCR: 32 | add iat_start,4 33 | cmp iat_start,iat_end 34 | jbe LOOP 35 | 36 | FIN: 37 | ret 38 | ============================ -------------------------------------------------------------------------------- /PEBundle/PeBundle 2.0x to 2.4x OEP Finder.txt: -------------------------------------------------------------------------------- 1 | /* 2 | ////////////////////////////////////////////////////////////// 3 | // PEBundle 2.0x - 2.4x OEP finder 4 | // Author: hacnho/VCT2k4 5 | // Email : hacnho@hotmail.com 6 | // Website: http://nhandan.info/hacnho 7 | // OS : WinXP Pro, OllyDbg 1.10 Final, OllyScript v0.85 8 | ///////////////////////////////////////////////////////// 9 | */ 10 | sti 11 | sti 12 | eob Break 13 | findop eip, #9D68# 14 | bphws esp,"r" 15 | run 16 | Break: 17 | sto 18 | sto 19 | sto 20 | an eip 21 | log eip 22 | cmt eip, "This is the OEP! Found by hacnho/VCT2k4" 23 | MSG "Dumped and fix IAT now! Thanx for using my Script...!" 24 | ret -------------------------------------------------------------------------------- /NTkrnl Packer/NTkrnl Packer 0.15 OEP Finder + IAT Repair.txt: -------------------------------------------------------------------------------- 1 | // WinXP SP2,OllyDbg V1.10,ODbgScript 1.48xxx1.60,FantOm plugin0,58 2 | var br 3 | var pt 4 | var va 5 | 6 | run 7 | 8 | mov [eip],#CC# 9 | mov br,[esp+8] 10 | bp br 11 | run 12 | bc br 13 | gpa "LoadLibraryA","kernel32.dll" 14 | bp $RESULT 15 | run 16 | bc $RESULT 17 | rtr 18 | mov br,eip 19 | bpcnd br, "EDI==7C809A81"//--"VirtualAlloc","kernel32.dll" 20 | 21 | run 22 | bc br 23 | sti 24 | mov pt,eip 25 | add pt,A8 26 | mov [pt],#EB# 27 | 28 | find eip,#8944241C61FFE0# 29 | cmp $RESULT,0 30 | je quit 31 | mov br,$RESULT 32 | add br,5 33 | bp br 34 | run 35 | bc br 36 | sti 37 | cmt eip, "This is the entry point" 38 | MSG "OEP Faund ! IAT fixed! Dump it" 39 | ret 40 | 41 | quit: 42 | ret -------------------------------------------------------------------------------- /NTkrnl Packer/NTkrnl Protector 0.15 OEP Finder + IAT Repair.txt: -------------------------------------------------------------------------------- 1 | // WinXP SP2,OllyDbg V1.10,ODbgScript 1.48xxx1.60,FantOm plugin0,58 2 | var br 3 | var pt 4 | var va 5 | 6 | run 7 | 8 | mov [eip],#CC# 9 | mov br,[esp+8] 10 | bp br 11 | run 12 | bc br 13 | gpa "LoadLibraryA","kernel32.dll" 14 | bp $RESULT 15 | run 16 | bc $RESULT 17 | rtr 18 | mov br,eip 19 | bpcnd br, "EDI==7C809A81"//--"VirtualAlloc","kernel32.dll" 20 | 21 | run 22 | bc br 23 | sti 24 | mov pt,eip 25 | add pt,A8 26 | mov [pt],#EB# 27 | 28 | find eip,#8944241C61FFE0# 29 | cmp $RESULT,0 30 | je quit 31 | mov br,$RESULT 32 | add br,5 33 | bp br 34 | run 35 | bc br 36 | sti 37 | cmt eip, "This is the entry point" 38 | MSG "OEP Faund ! IAT fixed! Dump it" 39 | ret 40 | 41 | quit: 42 | ret -------------------------------------------------------------------------------- /NsPack/NPack 1.1 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | ////////////////////////////////////////////////////////////////////////////// 2 | // OEP Find Script for NPack 1.1 3 | // Coded by: PiONEER {RES} 4 | // Greetz to: {RES},ICU,ARTeam,SnD,B@S,CiM,AS.MS 5 | // Data: 00:01 26.03.2007 6 | // Environment : WinXP SP1,OllyDbg V1.10,ODbgScript V1.48 7 | // Contact: http://www.appzclub.tk - or - admin@appzclub.tk 8 | ////////////////////////////////////////////////////////////////////////////// 9 | 10 | start: 11 | sto 12 | sto 13 | sto 14 | sto 15 | sto 16 | sto 17 | sto 18 | sto 19 | sto 20 | sto 21 | sto 22 | sto 23 | sto 24 | sto 25 | sto 26 | sto 27 | sto 28 | msg "OEP found! - Now dump and fix the IAT!" 29 | cmt eip, "<-- OEP found by PiO - TEAM {RES}!" 30 | ret 31 | end: -------------------------------------------------------------------------------- /Yodas Crypter/y0da_crypter_1.2.txt: -------------------------------------------------------------------------------- 1 | // Y0da Crypter 1.2 OEP Finder v0.1 2 | // by FEUERRADER [AHTeam] 3 | // http://ahteam.org 4 | 5 | var s 6 | var k 7 | 8 | eob Break 9 | mov s, esp 10 | sub s, 04 11 | bphws s, "r" 12 | run 13 | 14 | Break: 15 | eob Break2 16 | eoe expp 17 | run 18 | 19 | Break2: 20 | eob B21 21 | eoe expp 22 | run 23 | 24 | expp: 25 | esto 26 | 27 | B21: 28 | eoe expp 29 | bphwc s 30 | eob B3 31 | eoe expp1 32 | mov k, eax 33 | bp k 34 | run 35 | 36 | expp1: 37 | esto 38 | esto 39 | 40 | B3: 41 | bphwc k 42 | eob Br4 43 | findop eip, #C1C7# 44 | bphws $RESULT, "x" 45 | run 46 | 47 | Br4: 48 | bphwc $RESULT 49 | sto 50 | sto 51 | eob Br5 52 | mov k, edi 53 | bp k 54 | run 55 | 56 | Br5: 57 | bphwc k 58 | cmt eip, "OEP" 59 | ret -------------------------------------------------------------------------------- /Armadillo/Armadillo IAT Script v2.txt: -------------------------------------------------------------------------------- 1 | var SalMag 2 | 3 | dbh 4 | eoe LABEL 5 | ask "Direccion del Salto Magico?" 6 | cmp $RESULT, 0 7 | je FIN 8 | mov SalMag, $RESULT 9 | msgyn "Preguntar = SI || No preguntar = NO" 10 | cmp $RESULT, 0 11 | je NoPreg 12 | eob BABEL 13 | jmp PregFin 14 | 15 | NoPreg: 16 | eob BABEL2 17 | 18 | PregFin: 19 | run 20 | 21 | BABEL: 22 | cmp eip, SalMag 23 | jne FIN 24 | cmp eax, 1 25 | jne SIGPAS 26 | msgyn "Continuar?" 27 | cmp $RESULT, 1 28 | je SIGPAS 29 | jmp FIN 30 | 31 | SIGPAS: 32 | mov !ZF, 1 33 | run 34 | jmp SIGPAS 35 | 36 | BABEL2: 37 | cmp eip, SalMag 38 | jne FIN 39 | mov !ZF, 1 40 | run 41 | jmp BABEL2 42 | 43 | FIN: 44 | ret 45 | 46 | LABEL: 47 | esto 48 | jmp LABEL -------------------------------------------------------------------------------- /tElock/tElock 0.98 OEP Finder v1.0.txt: -------------------------------------------------------------------------------- 1 | /* 2 | tElock 0.98 OEP finder v1.0 3 | --------------------------- 4 | Seems to work =) 5 | Please make sure no exceptions are passed to program 6 | i.e. uncheck all the boxes on the Exceptions tab 7 | in Debugging Options except the topmost one 8 | */ 9 | 10 | var count 11 | mov count, A 12 | eob lbl1 13 | eoe lbl1 14 | run 15 | 16 | lbl1: 17 | cmp count, 0 18 | je lbl2 19 | esto 20 | sub count, 1 21 | jmp lbl1 22 | 23 | lbl2: 24 | esti 25 | msg "Please set a memory breakpoint on the code section and then resume the script" 26 | pause 27 | eob end 28 | eoe end 29 | run 30 | 31 | end: 32 | log eip 33 | ret 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | -------------------------------------------------------------------------------- /ASProtect/ASProtect 1.22 - 1.23 Beta 21 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | // Script for OllyScript plugin by SHaG - http://ollyscript.apsvans.com 2 | /* 3 | ////////////////////////////////////////////////// 4 | Author: ~Hellsp@wN~ 5 | Email : alt-fox@mail.ru 6 | OS : OllyDbg 1.10 with OllyScript plugin v0.7 7 | Date : 29.06.2004 8 | 9 | Support with: 10 | ASProtect 1.22 - 1.23 Beta 21 (may be some bugs) 11 | ////////////////////////////////////////////////// 12 | */ 13 | 14 | var t 15 | mov t,esp 16 | sub t,4 17 | 18 | EOE Error 19 | EOB Break 20 | bphws t, "w" 21 | run 22 | 23 | Error: 24 | esti 25 | bphwc t 26 | bphws t, "w" 27 | run 28 | 29 | Break: 30 | bphwc t 31 | sto 32 | sto 33 | cmt eip, "This is the entry point (OEP)" 34 | ret 35 | -------------------------------------------------------------------------------- /MoleBox/MoleBox 2.5.7 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | /* 2 | ============================ 3 | .:[OllyScript Editor v2.0]:. 4 | Author: GaBoR RES 5 | Packer: Molebox 2.xx 6 | Script for: Molebox 2.xx 7 | Level: Simple 8 | Date: Thursday, November 17, 2005 9 | Tested on: MoleBox Pro 2.2.4,2.3,2.5.7 10 | ============================ 11 | */ 12 | var v 13 | find eip,#60# 14 | cmp $RESULT,eip 15 | je pushad 16 | bp $RESULT 17 | run 18 | bc $RESULT 19 | pushad: 20 | sto 21 | mov v,esp 22 | bphws v,"r" 23 | run 24 | bphwc v 25 | find eip,#FF?0# 26 | cmp $RESULT,eip 27 | je end 28 | bp $RESULT 29 | run 30 | bc $RESULT 31 | end: 32 | sti 33 | cmt eip,"OEP found" 34 | msg "Dump & fix the IAT" 35 | ret 36 | -------------------------------------------------------------------------------- /MoleBox/MoleBox 2.xx OEP Finder.txt: -------------------------------------------------------------------------------- 1 | /* 2 | ============================ 3 | .:[OllyScript Editor v2.0]:. 4 | Author: GaBoR RES 5 | Packer: Molebox 2.xx 6 | Script for: Molebox 2.xx 7 | Level: Simple 8 | Date: Thursday, November 17, 2005 9 | Tested on: MoleBox Pro 2.2.4,2.3,2.5.7 10 | ============================ 11 | */ 12 | var v 13 | find eip,#60# 14 | cmp $RESULT,eip 15 | je pushad 16 | bp $RESULT 17 | run 18 | bc $RESULT 19 | pushad: 20 | sto 21 | mov v,esp 22 | bphws v,"r" 23 | run 24 | bphwc v 25 | find eip,#FF?0# 26 | cmp $RESULT,eip 27 | je end 28 | bp $RESULT 29 | run 30 | bc $RESULT 31 | end: 32 | sti 33 | cmt eip,"OEP found" 34 | msg "Dump & fix the IAT" 35 | ret 36 | -------------------------------------------------------------------------------- /ASProtect/ASProtect 1.22 - 1.23 Beta 21 - Find target's OEP.txt: -------------------------------------------------------------------------------- 1 | // Script for OllyScript plugin by SHaG - http://ollyscript.apsvans.com 2 | /* 3 | ////////////////////////////////////////////////// 4 | Author: ~Hellsp@wN~ 5 | Email : alt-fox@mail.ru 6 | OS : OllyDbg 1.10 with OllyScript plugin v0.7 7 | Date : 29.06.2004 8 | 9 | Support with: 10 | ASProtect 1.22 - 1.23 Beta 21 (may be some bugs) 11 | ////////////////////////////////////////////////// 12 | */ 13 | 14 | var t 15 | mov t,esp 16 | sub t,4 17 | 18 | EOE Error 19 | EOB Break 20 | bphws t, "w" 21 | run 22 | 23 | Error: 24 | esti 25 | bphwc t 26 | bphws t, "w" 27 | run 28 | 29 | Break: 30 | bphwc t 31 | sto 32 | sto 33 | cmt eip, "This is the entry point (OEP)" 34 | ret 35 | -------------------------------------------------------------------------------- /PECompact/PeCompact 0.9x OEP Finder.txt: -------------------------------------------------------------------------------- 1 | - PECompact 0.9x - Find target's OEP (by ~Hellsp@wN~, 11 Sep 2004) 2 | // Script for OllyScript plugin by SHaG - http://ollyscript.apsvans.com 3 | /* 4 | ////////////////////////////////////////////////// 5 | Author: ~Hellsp@wN~ 6 | Email : alt-fox@mail.ru 7 | OS : OllyDbg 1.10 with OllyScript plugin v0.7 8 | Date : 29.06.2004 9 | 10 | Support with: 11 | PECompact 0.9x 12 | ////////////////////////////////////////////////// 13 | */ 14 | 15 | 16 | var t 17 | 18 | mov t,esp 19 | sub t,4 20 | 21 | EOB Break 22 | bphws t, "r" 23 | run 24 | 25 | Break: 26 | bphwc t 27 | bphws t, "r" 28 | run 29 | bphwc t 30 | sto 31 | sto 32 | cmt eip, "This is the entry point (OEP)" 33 | ret 34 | 35 | // [BACK] -------------------------------------------------------------------------------- /ASProtect/ASProtect 1.22 - 1.23 BETA 21 Hellsp@wN.txt: -------------------------------------------------------------------------------- 1 | // Script for OllyScript plugin by SHaG - http://ollyscript.apsvans.com 2 | /* 3 | ////////////////////////////////////////////////// 4 | Author: ~Hellsp@wN~ 5 | Email : alt-fox@mail.ru 6 | OS : OllyDbg 1.10 with OllyScript plugin v0.7 7 | Date : 29.06.2004 8 | 9 | Support with: 10 | ASProtect 1.22 - 1.23 Beta 21 (may be some bugs) 11 | ////////////////////////////////////////////////// 12 | */ 13 | 14 | var t 15 | mov t,esp 16 | sub t,4 17 | 18 | EOE Error 19 | EOB Break 20 | bphws t, "w" 21 | run 22 | 23 | Error: 24 | esti 25 | bphwc t 26 | bphws t, "w" 27 | run 28 | 29 | Break: 30 | bphwc t 31 | sto 32 | sto 33 | cmt eip, "This is the entry point (OEP)" 34 | ret 35 | 36 | // [BACK] -------------------------------------------------------------------------------- /NOmeR1/NOmeR1 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | inicio: 2 | 3 | 4 | gpa "GetProcAddress", "kernel32.dll" //find GetProcAddress address 5 | bp $RESULT //set a bp on GetProcAddress 6 | 7 | 8 | empieza: 9 | eob corre //run untill reach a bp 10 | run 11 | 12 | corre: 13 | cmp [esp], 46b929 //if [esp] is not our value, repeat it 14 | jne empieza 15 | 16 | bc $RESULT //remove BP 17 | find eip, #c20800# //find API ret 18 | 19 | bp $RESULT //set a BP on api ret 20 | eob sigue 21 | run 22 | sigue: 23 | 24 | bc $RESULT //remove bp 25 | sti //f7 26 | 27 | findop eip, #C3# //FIND LAST RET WHO JUMP TO OEP 28 | log $RESULT 29 | bp $RESULT //SET A BP ON RET (JUMP TO OEP) 30 | eob final 31 | run 32 | 33 | final: 34 | 35 | sti //F7 36 | msg "OEP FOUND !" 37 | 38 | ret 39 | 40 | 41 | 42 | 43 | -------------------------------------------------------------------------------- /PeCancer/PeCancer 2007.07.23 IAT Repair.txt: -------------------------------------------------------------------------------- 1 | var iat_start 2 | var iat_end 3 | var func 4 | var chek 5 | var chj 6 | var oep 7 | var jf 8 | var pf 9 | mov pf,007EC435 10 | 11 | mov oep,eip 12 | ask "Enter start IAT" 13 | cmp $RESULT,0 14 | je quit 15 | mov iat_start,$RESULT 16 | ask "Enter end IAT" 17 | cmp $RESULT,0 18 | je quit 19 | mov iat_end,$RESULT 20 | loop: 21 | cmp iat_end,iat_start 22 | je quit 23 | cmp iat_start,1001110 24 | je nextf 25 | cmp [iat_start],0 26 | je nextf 27 | mov chj,[iat_start] 28 | and chj,F0000000 29 | cmp chj,70000000 30 | je nextf 31 | mov eip,[iat_start] 32 | bp pf 33 | erun 34 | bc pf 35 | mov [iat_start],eax 36 | add iat_start,4 37 | jmp loop 38 | 39 | nextf: 40 | 41 | add iat_start,4 42 | jmp loop 43 | 44 | 45 | 46 | quit: 47 | mov eip,oep 48 | ret -------------------------------------------------------------------------------- /Yodas Protector/YODA'S PROTECTOR 1.0b OEP-FINDER.txt: -------------------------------------------------------------------------------- 1 | // Script for OllyScript plugin by SHaG - http://ollyscript.apsvans.com 2 | // yoda's Protector v1.0b goto oep script by sonkite 3 | // OllyDbg v1.10/XP, OllyScript v0.92, turn off all exceptions 4 | 5 | var bpx1 6 | var bpx2 7 | var bpx3 8 | var oep 9 | mov bpx1,eip 10 | mov bpx2,eip 11 | mov bpx3,eip 12 | add bpx1,4c4 13 | add bpx2,0dc8 14 | add bpx3,11e1 15 | dbh 16 | 17 | bphws bpx1, "x" 18 | run 19 | mov !zf,1 20 | run 21 | mov !zf,1 22 | bphwc bpx1 23 | 24 | bphws bpx2, "x" 25 | run 26 | mov !zf,1 27 | bphwc bpx2 28 | 29 | bphws bpx3, "x" 30 | run 31 | bphwc bpx3 32 | 33 | mov oep,edi 34 | bp oep 35 | run 36 | bc oep 37 | cmt oep, "This is the original entry point" 38 | 39 | // [BACK] -------------------------------------------------------------------------------- /eXPressor/eXPressor 1.6.0.1 OEP Finder v0.1.txt: -------------------------------------------------------------------------------- 1 | var break 2 | var dire 3 | var anti 4 | 5 | start: 6 | msg "ASEGURATE DE TILDAR TODAS LAS EXCEPCIONES" 7 | bprm 401000,06a000 8 | eob corre 9 | run 10 | 11 | corre: 12 | mov anti,eip 13 | cmp [anti],0c3 14 | je pasa 15 | 16 | bpmc 17 | find eip, #8B4424048A4C240880C1508B10880AFF00# 18 | cmp $RESULT,0 19 | je fin 20 | 21 | mov anti,eip 22 | cmp [anti],0c3 23 | je pasa 24 | 25 | mov break, $RESULT 26 | bp break 27 | eob sigue 28 | run 29 | 30 | sigue: 31 | mov anti,eip 32 | cmp [anti],0c3 33 | je pasa 34 | 35 | bc break 36 | bprm 401000,06a000 37 | eob termina 38 | run 39 | 40 | termina: 41 | bpmc 42 | msg "OEP ALCANZADO !" 43 | ret 44 | 45 | fin: 46 | msg "direccion no encontrada" 47 | ret 48 | 49 | pasa: 50 | mov [anti],090 51 | run -------------------------------------------------------------------------------- /Upx/UPX All or UPX All + UPX Mutanter 0.2.osc: -------------------------------------------------------------------------------- 1 | //UPX + UPX Mutanter 0.2 OEP finder by Flashback/Team-X 2 | //script version: 1.1 3 | //Site: www.team-x.ru 4 | //Email: Flashback@mail15.com 5 | //Date: 1o.o5.2oo8 6 | //Tested on UPX 1.25w 7 | MSGYN "This UPX + UPX Mutanter 0.2?('No' if simple UPX)" 8 | CMP $RESULT, 0 9 | je upx 10 | 11 | FIND eip, #FFE0# 12 | BP $RESULT 13 | RUN 14 | BC $RESULT 15 | STO 16 | FIND eip, #FFE0# 17 | BP $RESULT 18 | RUN 19 | BC $RESULT 20 | STO 21 | jmp upx 22 | 23 | upx: 24 | FIND eip, #61# 25 | BP $RESULT 26 | RUN 27 | BC $RESULT 28 | FIND eip, #E9# 29 | BP $RESULT 30 | RUN 31 | BC $RESULT 32 | STO 33 | cmt eip, "OEP" 34 | MSG "OEP! Script by Flashback/Team-X [www.team-x.ru/Flashback]" 35 | an eip 36 | ret -------------------------------------------------------------------------------- /ExeSax/ExeSax 0.9.1 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | /////////////////////////////////////////////////////////////////////// 2 | // OEP Finder Script for ExeSax 0.9.1 3 | // Coded by: Sonny27 {TeaM SnD} 4 | // My greetz and thanks to everyone at: 5 | // SnD, gRn, RfN, iCU, CiP, ARTeam, eXeTools and UnPacKcN 6 | // Data: 2007-03-30 7 | // Environment : WinXP SP2,OllyDbg V1.10,ODbgScript V1.51 8 | // Contact: http://tuts4you.com/forum/ or http://snd.astalavista.ms/ 9 | /////////////////////////////////////////////////////////////////////// 10 | 11 | MSGYN "Are all set breakpoints deleted? Otherwise script will fail!" 12 | cmp $RESULT,0 13 | je breakpoint 14 | find eip, #FF??0000000000# 15 | bp $RESULT 16 | run 17 | bc $RESULT 18 | sto 19 | msg "This should be OEP :-)" 20 | ret 21 | 22 | breakpoint: 23 | ret -------------------------------------------------------------------------------- /Morphine/morphine_13.txt: -------------------------------------------------------------------------------- 1 | /* 2 | ////////////////////////////////////////////////////////////// 3 | // Morphine v1.3 OEP finder 4 | // Author: hacnho/VCT2k4 5 | // Email : hacnho@hotmail.com 6 | // Website: http://nhandan.info/hacnho 7 | // OS : WinXP Pro, OllyDbg 1.10 Final, OllyScript v0.85 8 | //////////////////////////////////////////////////////////////// 9 | */ 10 | 11 | eob Still1 12 | gpa "GetProcAddress","kernel32.dll" 13 | bp $RESULT 14 | run 15 | 16 | Still1: 17 | eob Still2 18 | bc $RESULT 19 | rtu 20 | findop eip,#FFD7# 21 | bphws $RESULT,"x" 22 | run 23 | 24 | Still2: 25 | bphwc $RESULT 26 | sti 27 | cmt eip, "This is the OEP! Found by hacnho/VCT2k4" 28 | MSG "Dumped and fix IAT now! Thanx for using my Script...!" 29 | ret -------------------------------------------------------------------------------- /PE Lock NT/PE Lock NT 2.04 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | /* 2 | ////////////////////////////////////////////////////////////// 3 | // PE Lock NT 2.04 OEP finder 4 | // Author: hacnho/VCT2k4 5 | // Email : hacnho@hotmail.com 6 | // Website: http://nhandan.info/hacnho 7 | // OS : WinXP Pro, OllyDbg 1.10 Final, OllyScript v0.85 8 | ///////////////////////////////////////////////////////// 9 | */ 10 | 11 | sti 12 | sti 13 | sti 14 | sti 15 | sti 16 | sti 17 | sti 18 | eob Break 19 | findop eip, #9DC3# 20 | bphws esp,"r" 21 | run 22 | 23 | Break: 24 | sto 25 | sto 26 | sto 27 | an eip 28 | log eip 29 | cmt eip, "This is the OEP! Found by hacnho/VCT2k4" 30 | MSG "Dumped and fix IAT now! Thanx for using my Script...!" 31 | ret -------------------------------------------------------------------------------- /Aspack/ASPack 2.11 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | /* 2 | ////////////////////////////////////////////////////////////// 3 | // ASPack 2000 -ASPack 2.11 OEP finder 4 | // Author: hacnho/VCT2k4 5 | // Email : hacnho@hotmail.com 6 | // Website: http://nhandan.info/hacnho 7 | // OS : WinXP Pro, OllyDbg 1.10 Final, OllyScript v0.85 8 | //////////////////////////////////////////////////////////// 9 | */ 10 | var temp 11 | sti 12 | eob Break 13 | findop eip, #C3# 14 | bphws esp,"r" 15 | mov temp,esp 16 | run 17 | 18 | Break: 19 | sto 20 | sto 21 | sto 22 | log eip 23 | bphwc esp 24 | cmt eip, "This is the OEP! Found by hacnho/VCT2k4" 25 | MSG "Dumped and fix IAT now! Thanx for using my Script...!" 26 | bphwc temp 27 | ret -------------------------------------------------------------------------------- /Morphine/MORPHINE 1.3 OEP-FINDER.txt: -------------------------------------------------------------------------------- 1 | /* 2 | ////////////////////////////////////////////////////////////// 3 | // Morphine v1.3 OEP finder 4 | // Author: hacnho/VCT2k4 5 | // Email : hacnho@hotmail.com 6 | // Website: http://nhandan.info/hacnho 7 | // OS : WinXP Pro, OllyDbg 1.10 Final, OllyScript v0.85 8 | //////////////////////////////////////////////////////////////// 9 | */ 10 | 11 | eob Still1 12 | gpa "GetProcAddress","kernel32.dll" 13 | bp $RESULT 14 | run 15 | 16 | Still1: 17 | eob Still2 18 | bc $RESULT 19 | rtu 20 | findop eip,#FFD7# 21 | bphws $RESULT,"x" 22 | run 23 | 24 | Still2: 25 | bphwc $RESULT 26 | sti 27 | cmt eip, "This is the OEP! Found by hacnho/VCT2k4" 28 | MSG "Dumped and fix IAT now! Thanx for using my Script...!" 29 | ret -------------------------------------------------------------------------------- /QuickPack/QuickPack Unpacker.txt: -------------------------------------------------------------------------------- 1 | var counter 2 | var ImageBase 3 | var OEP 4 | var iat_start 5 | var p 6 | mov counter,0 7 | 8 | 9 | gpa "GetProcAddress","kernel32.dll" 10 | bp $RESULT 11 | run 12 | bc eip 13 | rtu 14 | gmi eip,MODULEBASE 15 | mov ImageBase,$RESULT 16 | gmi eip,CODEBASE 17 | mov iat_start,esi 18 | mov p,eip 19 | add p,6 20 | fill p,2,90 21 | findop eip,#FFE0# 22 | cmp $RESULT,0 23 | je quit 24 | bp $RESULT 25 | run 26 | sti 27 | cmt eip,"OEP" 28 | mov OEP,eip 29 | sub OEP,ImageBase 30 | sub iat_start,ImageBase 31 | mov counter,ImageBase 32 | add counter,3C 33 | mov counter,[counter] 34 | add counter,ImageBase 35 | add counter,28 36 | mov [counter],OEP 37 | add counter,58 38 | mov [counter],iat_start 39 | dpe "dump.exe",eip 40 | msg "File Unpacked" 41 | ret 42 | quit: 43 | msg "No QuickPack" 44 | ret 45 | -------------------------------------------------------------------------------- /DragonArmor/DragonArmor 0.0.4.1 OEP Finder.txt: -------------------------------------------------------------------------------- 1 | /////////////////////////////////////////////////////////////////////// 2 | // OEP Finder Script for DragonArmor 0.0.4.1 --> Orient 3 | // Coded by: Sonny27 {TeaM SnD} 4 | // My greetz and thanks to everyone at: 5 | // SnD, gRn, RfN, iCU, CiP, ARTeam, eXeTools and UnPacKcN 6 | // Data: 2007-03-29 7 | // Environment : WinXP SP2,OllyDbg V1.10,ODbgScript V1.51 8 | // Contact: http://tuts4you.com/forum/ or http://snd.astalavista.ms/ 9 | /////////////////////////////////////////////////////////////////////// 10 | 11 | MSGYN "Are all set breakpoints deleted? Otherwise script will fail!" 12 | cmp $RESULT,0 13 | je breakpoint 14 | find eip, #F3ABC3# 15 | bp $RESULT 16 | run 17 | bc $RESULT 18 | sto 19 | sto 20 | msg "This should be OEP :-)" 21 | ret 22 | 23 | breakpoint: 24 | ret -------------------------------------------------------------------------------- /Yodas Crypter/YODA'S CRYPTER 1.2 OEP-FINDER.txt: -------------------------------------------------------------------------------- 1 | // Y0da Crypter 1.2 OEP Finder v0.1 2 | // by FEUERRADER [AHTeam] 3 | // http://ahteam.org 4 | 5 | var s 6 | var k 7 | 8 | eob Break 9 | mov s, esp 10 | sub s, 04 11 | bphws s, "r" 12 | run 13 | 14 | Break: 15 | eob Break2 16 | eoe expp 17 | run 18 | 19 | Break2: 20 | eob B21 21 | eoe expp 22 | run 23 | 24 | expp: 25 | esto 26 | 27 | B21: 28 | eoe expp 29 | bphwc s 30 | eob B3 31 | eoe expp1 32 | mov k, eax 33 | bp k 34 | run 35 | 36 | expp1: 37 | esto 38 | esto 39 | 40 | B3: 41 | bphwc k 42 | eob Br4 43 | findop eip, #C1C7# 44 | bphws $RESULT, "x" 45 | run 46 | 47 | Br4: 48 | bphwc $RESULT 49 | sto 50 | sto 51 | eob Br5 52 | mov k, edi 53 | bp k 54 | run 55 | 56 | Br5: 57 | bphwc k 58 | cmt eip, "OEP" 59 | ret -------------------------------------------------------------------------------- /Armadillo/Armadillo OpenMutexA.txt: -------------------------------------------------------------------------------- 1 | /* 2 | Armadillo script OpenMutexA 3 | Exceptions c000001e 4 | invalid or privileged instruction 5 | */ 6 | 7 | dbh 8 | 9 | var pBuffer 10 | var OpenMutexA 11 | var VirtualProtect 12 | 13 | gpa "OpenMutexA", "kernel32.dll" 14 | mov OpenMutexA, $RESULT 15 | bp OpenMutexA 16 | run 17 | 18 | 19 | //Breakpoint 20 | bc OpenMutexA 21 | mov pBuffer, esp 22 | log pBuffer 23 | add pBuffer, 0c 24 | mov pBuffer, [pBuffer] 25 | log [pBuffer] 26 | 27 | exec 28 | PUSHAD 29 | push {pBuffer} 30 | push 0 31 | push 0 32 | CALL kernel32.CreateMutexA 33 | POPAD 34 | jmp kernel32.OpenMutexA 35 | ende 36 | 37 | gpa "VirtualProtect", "kernel32.dll" 38 | mov VirtualProtect, $RESULT 39 | log VirtualProtect 40 | bp VirtualProtect 41 | run 42 | bc VirtualProtect 43 | -------------------------------------------------------------------------------- /Armadillo/Armadillo_open_mutexa.txt: -------------------------------------------------------------------------------- 1 | /* 2 | Armadillo script OpenMutexA 3 | Exceptions c000001e 4 | invalid or privileged instruction 5 | */ 6 | 7 | dbh 8 | 9 | var pBuffer 10 | var OpenMutexA 11 | var VirtualProtect 12 | 13 | gpa "OpenMutexA", "kernel32.dll" 14 | mov OpenMutexA, $RESULT 15 | bp OpenMutexA 16 | run 17 | 18 | 19 | //Breakpoint 20 | bc OpenMutexA 21 | mov pBuffer, esp 22 | log pBuffer 23 | add pBuffer, 0c 24 | mov pBuffer, [pBuffer] 25 | log [pBuffer] 26 | 27 | exec 28 | PUSHAD 29 | push {pBuffer} 30 | push 0 31 | push 0 32 | CALL kernel32.CreateMutexA 33 | POPAD 34 | jmp kernel32.OpenMutexA 35 | ende 36 | 37 | gpa "VirtualProtect", "kernel32.dll" 38 | mov VirtualProtect, $RESULT 39 | log VirtualProtect 40 | bp VirtualProtect 41 | run 42 | bc VirtualProtect 43 | --------------------------------------------------------------------------------