#webscene

#The biggest in small world

Do you have question about this tools? You can ask here.

OEP Finder

Title Content
Title OEP Finder
Version 1.60
Author Human
Author website http://www.tuts4you.com/forum/index.php?showtopic=
Description
[OEP Finder]

during ****test christmas of my life, 2 weeks without net, 2 car fixes,i was so bored so i decided to code my own oepfinder. first was dereko [ARTEAM], but his version is big like hell and hard to understand. what the differences?

-dereko src is in tasm -well i used masm(but i also prefer tasm, but its dying:( )

-dereko patches EP -i create process already as debugged no need for suspending etc

-dereko oepfinded stops after messagebox with oep -mine stops on exitprocess so we can find oep inside asprotect that has unpacking code inside code section that is later overwritten with unpacked code

-dereko is using small debuger part that gives instruction length and sets int 3(CC) -i dont use it just set guard page on first section

worked with most of single process protectors, packers sdprotector and others detect that they are debugged

conclussions:

updating on every guard page,page properties is slow like hell, but most secure maybe. so i added option faster so i update guard every 4 guard. that sometimes causes that we stop not on oep but 3rd instruction after oep. also i just read 1st section size and VA so that should be updated. if dereko want to do it. go ahead. this one is small and easier to understand, also cleaner.

View: 1682
Publish time
5 years ago
2018-04-23 15:19:31
Download
AcTioN [ Abuse / Report ]

Please login/register to Leave a Reply

Publisher:
Death.Song Death.Song