Results 1 to 6 of 6

Thread: Post two script for new version ollyscript(oscv0.7

  1. #1
    loveboom
    Guest

    Post two script for new version ollyscript(oscv0.7

    Thank psycko,now post two script.Enjoy it!

    My script for svkp 1.3x can fix stolen code,If target is delphi's program.
    /*
    //////////////////////////////////////////////////
    SVKP 1.3x -> Pavol Cerven stolen code Finder v0.1
    Author: loveboom
    Email : bmd2chen@tom.com
    OS : Win2kADV sp2,OllyDbg 1.1b,OllyScript v0.7
    Date : 2004-4-13
    Config: Ignore all exceptions.hide your debug.
    Note : If you have one or more question, email me please,thank you!
    //////////////////////////////////////////////////
    */
    var addr
    var espval //esp
    var espval1
    var esptmp
    var cbase
    var csize

    gmi eip,CODEBASE
    mov cbase,$RESULT
    gmi eip,CODESIZE
    mov csize,$RESULT
    mov espval,esp

    start:
    run

    lbl1:
    bprm cbase,csize
    eob lbl2
    esto

    lbl2:
    bpmc
    mov espval1,esp
    add espval1,58
    cmp [espval1],espval
    jne lblabort
    eob lbl3
    bphws espval1,"r"
    run

    lbl3:
    run
    bphwc espval1

    lbl4:
    mov esptmp,espval
    sub esptmp,4
    cmp esptmp,ebp
    je lbl5
    sti
    jmp lbl4

    lbl5:
    cmt eip,"Now run trace,please waite!"
    find eip,#FF6424FC# //find command JMP DWORD PTR SS:[ESP-4]
    cmp $RESULT,0
    je lblabort
    eob lbl6
    bp $RESULT
    ti

    lbl6:
    bc $RESULT
    sto
    msgyn "Do you want fix stolen code(for Delphi only)?"
    log $RESULT
    cmp $RESULT,1
    jne lblend
    mov addr,eip
    sub addr,b
    asm addr,"push ebp"
    add addr,1
    asm addr,"mov ebp,esp"
    add addr,2
    mov [addr],#83EC#
    mov esptmp,ebp
    sub esptmp,esp
    add addr,2
    mov [addr],esptmp
    add addr,1
    mov [addr],#B8#
    add addr,1
    mov [addr],eax

    lblend:
    cmt eip,"Script finished!"
    msg "Script by loveboom[DFCG][FCG],Thank you for using my script!"
    ret

    lblabort:
    msg "Error,script abort.Maybe target is not protect by SVKP1.3x or your forgot Ignore all exceptions."
    ret

    /*
    //////////////////////////////////////////////////
    MoleBox 2.x.x Fix IAT+OEP Finder v0.1
    Author:loveboom
    Email : bmd2chen@tom.com
    OS : Win2kADV sp2,OllyDbg 1.1b,OllyScript v0.7
    Date : 2004-4-13
    Config: N/A
    Note : If you have one or more question, email me please,thank you!
    //////////////////////////////////////////////////
    */

    start:
    gpa "LoadLibraryA","kernel32.dll"
    bp $RESULT
    cmp $RESULT,0
    je lblabort
    run

    lbl1:
    bc $RESULT
    rtu

    lbl2:
    find eip,#E8DB050000#
    cmp $RESULT,0
    je lblabort
    go $RESULT
    eob lbl3
    sti

    lbl3:
    asm eip,"ret"
    find eip,#FFE0#
    cmp $RESULT,0
    je lblabort
    eob lbl4
    bp $RESULT
    run

    lbl4:
    sto

    lblend:
    cmt eip,"OEP found!please dumped it!"
    msg "Script by loveboom[DFCG][FCG],Thank you for using my script!"
    ret

    lblabort:
    msg "Error,maybe target is not packed by MoleBox 2.x.x.Script abort!"
    ret
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    psyCK0
    Guest

    Post two script for new version ollyscript(oscv0.7

    loveboom: as usually, your scripts are amazing! =)
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    loveboom
    Guest

    Post two script for new version ollyscript(oscv0.7

    I think i am a unpack fans(Not cracker).^_^
    my script for molebox 2.0 fix a bug,and post a new script for pc-guard v5.0
    /*
    //////////////////////////////////////////////////
    MoleBox 2.x.x fix IAT+OEP Finder v0.11
    Author: loveboom
    Email : bmd2chen@tom.com
    OS : Win2kADV sp2,OllyDbg 1.1b,OllyScript v0.7
    Date : 2004-3-29
    Config: N/A
    Note : Thank David!If you have one or more question, email me please,thank you!
    //////////////////////////////////////////////////
    */
    var addr

    start:
    gpa "LoadLibraryA","kernel32.dll"
    bp $RESULT
    cmp $RESULT,0
    je lblabort
    run

    lbl1:
    bc $RESULT
    rtu

    lbl2:
    find eip,#05000083C408E9#
    cmp $RESULT,0
    je lblabort
    mov addr,$RESULT
    sub addr,2
    go addr
    eob lbl3
    sti

    lbl3:
    asm eip,"ret"
    find eip,#FFE0#
    cmp $RESULT,0
    je lblabort
    eob lbl4
    bp $RESULT
    run

    lbl4:
    sto

    lblend:
    cmt eip,"OEP found!please dumped it!"
    msg "Script by loveboom[DFCG][FCG],Thank you for using my script!"
    ret

    lblabort:
    msg "Error,maybe target is not packed by MoleBox 2.x.x.Script abort!"
    ret
    ---------------------------------------
    PC-GUARD V5.0

    /*
    //////////////////////////////////////////////////
    PC-Guard v5.0 OEP Finder v0.1
    Author: loveboom
    Email : bmd2chen@tom.com
    OS : Win2kADV sp2,OllyDbg 1.1b,OllyScript v0.7
    Date : 2004-4-15
    Config: Ignore all Exceptions,hide your OllyDbg.
    Action: Fix import function,found target's OEP
    Note : If you have one or more question, email me please,thank you!
    //////////////////////////////////////////////////
    */

    var espval //esp value
    var cbase
    var csize
    var addr

    mov espval,esp
    sub espval,4
    gmi eip,CODEBASE
    mov cbase,$RESULT
    gmi eip,CODESIZE
    mov csize,$RESULT
    start:
    gpa "LoadLibraryA","Kernel32.dll"
    bp $RESULT
    run

    lbl1:
    bc $RESULT
    rtu
    find eip,#8918#
    cmp $RESULT,0
    je lblabort
    mov addr,$RESULT
    mov [addr],#9090#
    eob lbl2
    go addr

    lbl2:
    bphws espval,"r"
    eob lbl3
    run

    lbl3:
    bphwc espval
    eob lbl4
    eoe lbl4
    bprm cbase,csize
    run

    lbl4:
    bpmc

    lblend:
    cmt eip,"OEP found,please dumped it and then use importrec Get import functions,cut a invliad function."
    msg "Script by loveboom[DFCG][FCG],Thank you for using my script!"
    ret

    lblabort:
    msg "Error,Script abort!Maybe target is not protect by PC-Guard v5.0."
    ret
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    loveboom
    Guest

    Post two script for new version ollyscript(oscv0.7

    script for PC-Guard v0.5 has a bug
    lbl1:
    bc $RESULT
    rtu //here
    rtu //if system is winxp,add it.
    find eip,#8918#
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    psyCK0
    Guest

    Post two script for new version ollyscript(oscv0.7

    My god, Anonymous, you should really consider joining some kind of anti-Mensa - your IQ can't be higher than that of a mentally chalenged maggot. Have you ever heard about "board rules"? Then READ THEM BEFORE POSTING.
    Let me rephraze a scene from Pulp Fiction:
    psyCK0: Did you see a sign on this board saying "We crack on request"?
    Anonymous: Duh...
    psYCK0: I said, did you see a sign on this board saying "We crack on request"?
    Anonymous: No...
    psyCK0: Do you know why?
    Anonymous: *looks stupid*
    psyCK0: BECAUSE CRACKING ON REQUEST AIN'T OUR FUCKING BUSINESS!!!
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    Anonymous
    Guest

    Post two script for new version ollyscript(oscv0.7

    msg "Script by loveboom[DFCG][FCG],Thank you for using my script!"
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. PHPScriptExec & CloneDll script & TASM exports generator script
    By roxaz in forum Tools of Our Trade (TOT) Messageboard
    Replies: 1
    Last Post: July 18th, 2008, 17:36
  2. ollyscript.dll ???
    By Dogit in forum OllyDbg Support Forums
    Replies: 4
    Last Post: January 16th, 2005, 15:54
  3. ollyscript gathering iat info script.
    By lucian in forum OllyScript Plugin
    Replies: 2
    Last Post: January 10th, 2005, 00:08
  4. can't crack newer version using older version tuts.
    By bas in forum Malware Analysis and Unpacking Forum
    Replies: 2
    Last Post: February 12th, 2001, 21:40
  5. Problems with version 3 InstallShield script
    By Mr Smith in forum Tools of Our Trade (TOT) Messageboard
    Replies: 0
    Last Post: October 29th, 2000, 08:18

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •