Results 1 to 4 of 4

Thread: DBPE v2.x Unpacking Script!

  1. #1
    loveboom
    Guest

    DBPE v2.x Unpacking Script!

    Bad luck, cann't visite http://ollyscript.apsvans.com/
    error message:time out.
    so,post here.
    /*
    //////////////////////////////////////////////////
    DBPE V2.X Unpack script v0.1
    Author: loveboom
    Email : bmd2chen@tom.com
    OS : Win2kADV sp2,OllyDbg 1.1b,OllyScript v0.62
    Date : 2004-3-21
    Config: Ignore all exceptions
    Note : If imports table like this "JMP DWORD PTR DS:[804EXXXX] or Call DWORD PTR DS:[804EXXXX]" then use winhex edit
    target's memory,strat addr:IAT start address,find hex"4E80" Replace "4E00".
    f you have one or more question, email me please,thank you!
    Warning:If you want unpacking manual,you'd better use Winxp+IDT tool debug target
    If your system is Win2k,Be careful in(SYSTEM CRASH,hoho!)
    //////////////////////////////////////////////////
    */

    var csize
    var cbase
    var count
    mov count,3
    gmi eip,CODEBASE
    mov cbase,$RESULT
    gmi eip,CODESIZE
    mov csize,$RESULT

    lbl1:
    eob lbl2
    gpa "CloseHandle","kernel32.dll"
    bphws $RESULT,"x"
    run

    lbl2:
    sub count,1
    cmp count,0
    je lbl3
    run
    jmp lbl2

    lbl3:
    bphwc $RESULT
    eob lbl4
    bprm cbase,csize
    run

    lbl4:
    bpmc
    eob lbl5
    findop eip,#FFE0#
    bprm $RESULT,A
    msg "Now Ctrl+B Find 89BD(like this '75 89 jnz addr <89BDxxxxxxxx>'),at the third time replace'nop(909090909090)' and then find 890F replace 8907,last time,resume script!"
    pause
    run

    lbl5:
    bpmc
    sto
    cmt eip,"OEP Found,please dumped it!"
    msg "Script by loveboom[DFCG],Thank you for using my script!"
    ret
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    psyCK0
    Guest

    DBPE v2.x Unpacking Script!

    Added to site, thanks loveboom.

    Yeah, the site goes down from time to time. Thats coz my hosting provider sucks... =(
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    Anonymous
    Guest

    DBPE v2.x Unpacking Script!

    I can't use this script to uppack the DBPE V2.X,Because when I find 89BD everytime,it look's like this:
    7FF936E7 ^75 E9 JNZ SHORT 7FF936D2
    7FF936E9 BD 0100007A MOV EBP,7A000001
    "89BD" is in sunder, how can i do ?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    loveboom
    Guest

    DBPE v2.x Unpacking Script!

    If you are from china or you can speak chinese,you can download my unpacking demo for dbpe 2.x.
    download address:
    http://www.chinadfcg.com/viewthread.php?tid=873
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. [Olly Script] Molebox 2.x Unpacker / OEP Finder Script
    By Cherry in forum OllyScript Plugin
    Replies: 23
    Last Post: October 29th, 2011, 05:05
  2. Armadillo Script v2
    By AvAtAr in forum OllyScript Plugin
    Replies: 5
    Last Post: October 14th, 2005, 14:29
  3. Armadillo Script
    By AvAtAr in forum OllyScript Plugin
    Replies: 13
    Last Post: April 27th, 2005, 13:45
  4. My first Script
    By Candyman in forum OllyScript Plugin
    Replies: 1
    Last Post: July 21st, 2004, 09:00
  5. Script for PESpin v0.7
    By hacnho in forum OllyScript Plugin
    Replies: 4
    Last Post: July 7th, 2004, 06:09

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •