└── vmpFindOEP.txt


/vmpFindOEP.txt:
--------------------------------------------------------------------------------
 1 | // bumo
 2 | 
 3 | mov $textSessionAddress, mem.base(mod.main())+mem.size(mem.base(mod.main()))
 4 | mov $textSessionAddressEnd,$textSessionAddress+ mem.size($textSessionAddress)
 5 | 
 6 | 
 7 | log {$textSessionAddress}
 8 | log {$textSessionAddressEnd}
 9 | 
10 | bp ZwProtectVirtualMemory+0xA
11 | bpcnd ZwProtectVirtualMemory+0xA,[[esp+8]] ==  $textSessionAddress
12 | 
13 | run
14 | step
15 | run
16 | step
17 | 
18 | bc ZwProtectVirtualMemory+0xA
19 | 
20 | loop:
21 | bpm $textSessionAddress,1,x
22 | run
23 | 
24 | cmp eip,$textSessionAddress
25 | jb next
26 | 
27 | cmp eip,$textSessionAddressEnd
28 | ja next
29 | 
30 | 
31 | cmp byte(eip),0xC3
32 | 
33 | bpmc $textSessionAddress
34 | jne over
35 | step
36 | jmp loop
37 | 
38 | 
39 | next:
40 | bpmc $textSessionAddress
41 | step
42 | jmp loop
43 | 
44 | 
45 | over:
46 | msg "over"
47 | 


--------------------------------------------------------------------------------