Ollydbg : Différence entre versions
(Page créée avec « == OllyScript == == OllyScript Example == UPX <pre> var hwdBP // Local variable to store hardware breakpoint var softBP // Local variable to strore software breakpoint ... ») |
(→OllyScript Example) |
||
| Ligne 6 : | Ligne 6 : | ||
<pre> |
<pre> |
||
| − | var hwdBP // Local variable to store hardware breakpoint |
+ | var hwdBP // Local variable to store hardware breakpoint |
| − | var softBP // Local variable to strore software breakpoint |
+ | var softBP // Local variable to strore software breakpoint |
| − | sti // Step into F7 command |
+ | sti // Step into F7 command |
| − | findop eip, #61# // find next POPAD |
+ | findop eip, #61# // find next POPAD |
| − | mov hwdBP, $RESULT // Store $RESULT to hardware breakpoint local variable |
+ | mov hwdBP, $RESULT // Store $RESULT to hardware breakpoint local variable |
| − | bphws hwdBP, "x" // Set hardware breakpoint (execute) on the next POPAD |
+ | bphws hwdBP, "x" // Set hardware breakpoint (execute) on the next POPAD |
run // Run F9 command |
run // Run F9 command |
||
| − | findop eip, #E9????????# // Find the next JMP |
+ | findop eip, #E9????????# // Find the next JMP |
| − | mov softBP, $RESULT // Store $RESULT to software breakpoint local variable |
+ | mov softBP, $RESULT // Store $RESULT to software breakpoint local variable |
bp softBP |
bp softBP |
||
| − | run // Run to JMP instruction |
+ | run // Run to JMP instruction |
| − | sti // Step into the OEP |
+ | sti // Step into the OEP |
cmt eip, "<-- OEP" |
cmt eip, "<-- OEP" |
||
| Ligne 28 : | Ligne 28 : | ||
<pre> |
<pre> |
||
| − | var hwBP // Local variable for hardware breakpoint |
+ | var hwBP // Local variable for hardware breakpoint |
| − | mov hwBP, esp // Using esp trick |
+ | mov hwBP, esp // Using esp trick |
| − | bphws hwBP, "r" // Set hardware breakpoint on read |
+ | bphws hwBP, "r" // Set hardware breakpoint on read |
| − | run // Run |
+ | run // Run |
| − | rtr // Execute till return |
+ | rtr // Execute till return |
| − | sto // F8 |
+ | sto // F8 |
msg "OEP found" |
msg "OEP found" |
||
Version actuelle datée du 2 septembre 2016 à 14:10
OllyScript
OllyScript Example
UPX
var hwdBP // Local variable to store hardware breakpoint var softBP // Local variable to strore software breakpoint sti // Step into F7 command findop eip, #61# // find next POPAD mov hwdBP, $RESULT // Store $RESULT to hardware breakpoint local variable bphws hwdBP, "x" // Set hardware breakpoint (execute) on the next POPAD run // Run F9 command findop eip, #E9????????# // Find the next JMP mov softBP, $RESULT // Store $RESULT to software breakpoint local variable bp softBP run // Run to JMP instruction sti // Step into the OEP cmt eip, "<-- OEP" msg "OEP found" ret
ASpack
var hwBP // Local variable for hardware breakpoint mov hwBP, esp // Using esp trick bphws hwBP, "r" // Set hardware breakpoint on read run // Run rtr // Execute till return sto // F8 msg "OEP found" cmt eip, "<-- OEP" ret
