Results 1 to 7 of 7

Thread: PECompact 2.01a script

  1. #1
    Anonymous
    Guest

    PECompact 2.01a script

    My final scrip for this packer..


    /*

    PECompact 2.01a (27-04-04 release) OEP Finder by Scarabee

    Make sure you Select NO on 'Compressed code message' when loading application in Olly.
    When at OEP, just dump and fix with IMPREC.

    */

    var cbase
    var csize
    var lbl1
    var oki

    sto
    findop eax, #c3#
    bp $RESULT
    esto
    esto
    GMI eip, CODEBASE
    mov cbase, $RESULT
    GMI eip, CODESIZE
    mov csize, $RESULT
    bpwm cbase, csize
    esto
    sto
    bpmc
    findop eip, #FFE0#
    mov oki, $RESULT
    bp $RESULT
    esto

    cmp eip, oki
    jne lbl1
    sto
    MSG "This is OEP, now dump and fix!"
    ret

    lbl1:
    MSG "Press SHIFT-F9 till break at 'JMP EAX'. Then F8 and you're on OEP!"


    /Scarabee
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Anonymous
    Guest

    PECompact 2.01a script

    I managed to solve my problem, so this should be final :

    /*

    PECompact 2.01a (27-04-04 release) OEP Finder by Scarabee

    Make sure you Select NO on 'Compressed code message' when loading application in Olly.
    When at OEP, just dump and fix with IMPREC.

    */

    var cbase
    var csize
    var lbl2
    var lbl1
    var oki

    sto
    findop eax, #c3#
    bp $RESULT
    esto
    esto
    GMI eip, CODEBASE
    mov cbase, $RESULT
    GMI eip, CODESIZE
    mov csize, $RESULT
    bpwm cbase, csize
    esto
    sto
    bpmc
    findop eip, #FFE0#
    mov oki, $RESULT
    bp $RESULT
    esto

    lbl2:
    cmp eip, oki
    jne lbl1
    sto
    MSG "This is OEP, now dump and fix!"
    ret

    lbl1:
    esto
    jmp lbl2
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    Anonymous
    Guest

    PECompact 2.01a script

    Works for v2.02 also! (release 29-04-04)
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    eos
    Guest

    PECompact 2.01a script

    http://www.pgware.com/downloads/pcmedik.exe <= pecompact 2.0
    ollyscript OEP not find.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    Anonymous
    Guest

    PECompact 2.01a script

    Works fine for me.
    i tried your application and script gives me OEP:

    0048566C 55 PUSH EBP
    0048566D 8BEC MOV EBP,ESP
    0048566F B9 37000000 MOV ECX,37
    00485674 6A 00 PUSH 0
    00485676 6A 00 PUSH 0
    00485678 49 DEC ECX
    00485679 ^75 F9 JNZ SHORT PcMedik.00485674
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    vivaman
    Guest

    PECompact 2.01a script

    Thanks.. "Anonymous"..
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  7. #7
    Scarabee
    Guest

    PECompact 2.01a script

    You're welcome..

    i didnt register here just yet. as you can see, i did by now )
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Unpacker PECompact 1.2
    By Nacho_dj in forum Tools of Our Trade (TOT) Messageboard
    Replies: 1
    Last Post: January 15th, 2014, 17:17
  2. PHPScriptExec & CloneDll script & TASM exports generator script
    By roxaz in forum Tools of Our Trade (TOT) Messageboard
    Replies: 1
    Last Post: July 18th, 2008, 17:36
  3. PECompact v1.67 Delphi DLL
    By SunBeam in forum Malware Analysis and Unpacking Forum
    Replies: 9
    Last Post: September 26th, 2006, 21:25
  4. Another UPX script
    By BruceLee in forum OllyScript Plugin
    Replies: 1
    Last Post: June 15th, 2004, 05:57
  5. Unpack PECompact 1.84 - Have anyone can help me?
    By Zombie in forum Malware Analysis and Unpacking Forum
    Replies: 5
    Last Post: March 21st, 2004, 12:56

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •