Ollydbg

De UnixWiki
Aller à : navigation, rechercher

OllyScript

OllyScript Example

UPX 

var hwdBP                   // Local variable to store hardware breakpoint
var softBP                  // Local variable to strore software breakpoint

sti                         // Step into F7 command
findop eip, #61#            // find next POPAD
mov hwdBP, $RESULT          // Store $RESULT to hardware breakpoint local variable
bphws hwdBP, "x"            // Set hardware breakpoint (execute) on the next POPAD
run // Run F9 command
findop eip, #E9????????#    // Find the next JMP
mov softBP, $RESULT         // Store $RESULT to software breakpoint local variable
bp softBP
run                         // Run to JMP instruction
sti                         // Step into the OEP

cmt eip, "<-- OEP"
msg "OEP found"
ret

ASpack 

var hwBP                    // Local variable for hardware breakpoint

mov hwBP, esp               // Using esp trick
bphws hwBP, "r"             // Set hardware breakpoint on read
run                         // Run
rtr                         // Execute till return
sto                         // F8

msg "OEP found"
cmt eip, "<-- OEP"
ret
Récupérée de « https://futex.re/mediawiki/index.php?title=Ollydbg&oldid=2560 »