« Ollydbg » : différence entre les versions

De UnixWiki
Aller à la navigation Aller à la recherche
(Page créée avec « == OllyScript == == OllyScript Example == UPX <pre> var hwdBP // Local variable to store hardware breakpoint var softBP // Local variable to strore software breakpoint ... »)
 
 
Ligne 6 : Ligne 6 :


<pre>
<pre>
var hwdBP // Local variable to store hardware breakpoint
var hwdBP // Local variable to store hardware breakpoint
var softBP // Local variable to strore software breakpoint
var softBP // Local variable to strore software breakpoint


sti // Step into F7 command
sti // Step into F7 command
findop eip, #61# // find next POPAD
findop eip, #61# // find next POPAD
mov hwdBP, $RESULT // Store $RESULT to hardware breakpoint local variable
mov hwdBP, $RESULT // Store $RESULT to hardware breakpoint local variable
bphws hwdBP, "x" // Set hardware breakpoint (execute) on the next POPAD
bphws hwdBP, "x" // Set hardware breakpoint (execute) on the next POPAD
run // Run F9 command
run // Run F9 command
findop eip, #E9????????# // Find the next JMP
findop eip, #E9????????# // Find the next JMP
mov softBP, $RESULT // Store $RESULT to software breakpoint local variable
mov softBP, $RESULT // Store $RESULT to software breakpoint local variable
bp softBP
bp softBP
run // Run to JMP instruction
run // Run to JMP instruction
sti // Step into the OEP
sti // Step into the OEP


cmt eip, "<-- OEP"
cmt eip, "<-- OEP"
Ligne 28 : Ligne 28 :


<pre>
<pre>
var hwBP // Local variable for hardware breakpoint
var hwBP // Local variable for hardware breakpoint


mov hwBP, esp // Using esp trick
mov hwBP, esp // Using esp trick
bphws hwBP, "r" // Set hardware breakpoint on read
bphws hwBP, "r" // Set hardware breakpoint on read
run // Run
run // Run
rtr // Execute till return
rtr // Execute till return
sto // F8
sto // F8


msg "OEP found"
msg "OEP found"

Dernière version du 2 septembre 2016 à 12:10

OllyScript

OllyScript Example

UPX 

var hwdBP                   // Local variable to store hardware breakpoint
var softBP                  // Local variable to strore software breakpoint

sti                         // Step into F7 command
findop eip, #61#            // find next POPAD
mov hwdBP, $RESULT          // Store $RESULT to hardware breakpoint local variable
bphws hwdBP, "x"            // Set hardware breakpoint (execute) on the next POPAD
run // Run F9 command
findop eip, #E9????????#    // Find the next JMP
mov softBP, $RESULT         // Store $RESULT to software breakpoint local variable
bp softBP
run                         // Run to JMP instruction
sti                         // Step into the OEP

cmt eip, "<-- OEP"
msg "OEP found"
ret

ASpack 

var hwBP                    // Local variable for hardware breakpoint

mov hwBP, esp               // Using esp trick
bphws hwBP, "r"             // Set hardware breakpoint on read
run                         // Run
rtr                         // Execute till return
sto                         // F8

msg "OEP found"
cmt eip, "<-- OEP"
ret
Récupérée de "https://futex.re/mediawiki/index.php?title=Ollydbg&oldid=2560"