Title | Content |
---|---|
Title | OEP Finder |
Version | 1.60 |
Author | Human |
Author website | http://www.tuts4you.com/forum/index.php?showtopic= |
Description |
during ****test christmas of my life, 2 weeks without net, 2 car fixes,i was so bored so i decided to code my own oepfinder. first was dereko [ARTEAM], but his version is big like hell and hard to understand. what the differences? -dereko src is in tasm -well i used masm(but i also prefer tasm, but its dying:( ) -dereko patches EP -i create process already as debugged no need for suspending etc -dereko oepfinded stops after messagebox with oep -mine stops on exitprocess so we can find oep inside asprotect that has unpacking code inside code section that is later overwritten with unpacked code -dereko is using small debuger part that gives instruction length and sets int 3(CC) -i dont use it just set guard page on first section worked with most of single process protectors, packers sdprotector and others detect that they are debugged conclussions: updating on every guard page,page properties is slow like hell, but most secure maybe. so i added option faster so i update guard every 4 guard. that sometimes causes that we stop not on oep but 3rd instruction after oep. also i just read 1st section size and VA so that should be updated. if dereko want to do it. go ahead. this one is small and easier to understand, also cleaner. |
View: | 1682 |
Publish time |
5 years ago
2018-04-23 15:19:31
|
Download |
|
AcTioN |
|
Please login/register to Leave a Reply