« Ollydbg » : différence entre les versions
Aller à la navigation
Aller à la recherche
(Page créée avec « == OllyScript == == OllyScript Example == UPX <pre> var hwdBP // Local variable to store hardware breakpoint var softBP // Local variable to strore software breakpoint ... ») |
|||
| Ligne 6 : | Ligne 6 : | ||
<pre> |
<pre> |
||
var hwdBP // Local variable to store hardware breakpoint |
var hwdBP // Local variable to store hardware breakpoint |
||
var softBP // Local variable to strore software breakpoint |
var softBP // Local variable to strore software breakpoint |
||
sti // Step into F7 command |
sti // Step into F7 command |
||
findop eip, #61# // find next POPAD |
findop eip, #61# // find next POPAD |
||
mov hwdBP, $RESULT // Store $RESULT to hardware breakpoint local variable |
mov hwdBP, $RESULT // Store $RESULT to hardware breakpoint local variable |
||
bphws hwdBP, "x" // Set hardware breakpoint (execute) on the next POPAD |
bphws hwdBP, "x" // Set hardware breakpoint (execute) on the next POPAD |
||
run // Run F9 command |
run // Run F9 command |
||
findop eip, #E9????????# // Find the next JMP |
findop eip, #E9????????# // Find the next JMP |
||
mov softBP, $RESULT // Store $RESULT to software breakpoint local variable |
mov softBP, $RESULT // Store $RESULT to software breakpoint local variable |
||
bp softBP |
bp softBP |
||
run // Run to JMP instruction |
run // Run to JMP instruction |
||
sti // Step into the OEP |
sti // Step into the OEP |
||
cmt eip, "<-- OEP" |
cmt eip, "<-- OEP" |
||
| Ligne 28 : | Ligne 28 : | ||
<pre> |
<pre> |
||
var hwBP // Local variable for hardware breakpoint |
var hwBP // Local variable for hardware breakpoint |
||
mov hwBP, esp // Using esp trick |
mov hwBP, esp // Using esp trick |
||
bphws hwBP, "r" // Set hardware breakpoint on read |
bphws hwBP, "r" // Set hardware breakpoint on read |
||
run // Run |
run // Run |
||
rtr // Execute till return |
rtr // Execute till return |
||
sto // F8 |
sto // F8 |
||
msg "OEP found" |
msg "OEP found" |
||
Dernière version du 2 septembre 2016 à 12:10
OllyScript
OllyScript Example
UPX
var hwdBP // Local variable to store hardware breakpoint var softBP // Local variable to strore software breakpoint sti // Step into F7 command findop eip, #61# // find next POPAD mov hwdBP, $RESULT // Store $RESULT to hardware breakpoint local variable bphws hwdBP, "x" // Set hardware breakpoint (execute) on the next POPAD run // Run F9 command findop eip, #E9????????# // Find the next JMP mov softBP, $RESULT // Store $RESULT to software breakpoint local variable bp softBP run // Run to JMP instruction sti // Step into the OEP cmt eip, "<-- OEP" msg "OEP found" ret
ASpack
var hwBP // Local variable for hardware breakpoint mov hwBP, esp // Using esp trick bphws hwBP, "r" // Set hardware breakpoint on read run // Run rtr // Execute till return sto // F8 msg "OEP found" cmt eip, "<-- OEP" ret