[转载]Enigma Protector 5.x.x - 6.x.x .NET OEP by 2lht_love
软件说明:Enigma Protector 5.x.x - 6.x.x .NET OEP by 2lht_love软件配图:GIF见本帖(如下)
https://s3.bmp.ovh/imgs/2022/02/b754d63e3a264759.gif
标题是否带有本站网址:
否
病毒查杀截图或链接:无;属纯TXT格式脚本
下载链接:脚本文件以及脚本内容见本帖(如下)
///////////////////////////////////////////////////////////////////////
//OllyDBG script for Enigma Protector 5.x.x - 6.x.x .NET OEP by 2lht_love
///////////////////////////////////////////////////////////////////////
LC
BC
BPHWC
BPMC
LOG "Enigma Protector 5.x.x - 6.x.x .NET OEP by 2lht_love"
LOG "2019"
VAR BACKUP_EIP
VAR TEMP
VAR OEP_PACKER
VAR ADDRESS_CODE_SECTION
VAR SIZE_SECTION_CODE
VAR GET_BYTE
MOV OEP_PACKER,eip
CALL GET_ADDRESS_API
BPHWS GA
ESTO
RTR
STO
BPHWC GA
FIND eip,#FFE0#
BPHWS $RESULT
ESTO
STO
MOV BACKUP_EIP,eip
FIND_CALL:
FIND BACKUP_EIP,#E8#
MOV BACKUP_EIP,$RESULT
INC BACKUP_EIP
INC TEMP
CMP TEMP,4
JNZ FIND_CALL
BPHWS $RESULT
ESTO
BPHWCALL
STI
STI
MOV GET_BYTE,,1
CMP GET_BYTE, 68
ifeq
CALL METHOD_01
else
CALL METHOD_02
endif
BPHWC
BPMC
RET
METHOD_01:
BPHWS VA
CALL GET_ADDRESS_CODE_SECTION
LOOP1:
ESTO
FINDADDRESS_CODE_SECTION,#FF25????????#
CMP $RESULT,0
JE LOOP1
BPHWC
BPHWS $RESULT
ESTO
CMT eip,"This is OEP NET for dumper !"
RET
METHOD_02:
STI
BPHWS eip
CALL GET_ADDRESS_CODE_SECTION
BPRM ADDRESS_CODE_SECTION,SIZE_SECTION_CODE
ESTO
BPMC
BPHWS VA
ESTO
RTR
BPHWC VA
BPRM ADDRESS_CODE_SECTION,SIZE_SECTION_CODE
LOOP2:
ESTO
CMP eip,eax
JNZ LOOP2
CMT eip,"This is OEP NET for dumper !"
RET
GET_ADDRESS_CODE_SECTION:
GMI OEP_PACKER,CODEBASE
MOV ADDRESS_CODE_SECTION,$RESULT
GMI ADDRESS_CODE_SECTION,CODESIZE
MOV SIZE_SECTION_CODE, $RESULT
RET
GET_ADDRESS_API:
VAR VA
GPA "VirtualAlloc","kernel32.dll"
MOV VA,$RESULT
VAR GA
GPA "GetProcAddress","kernel32.dll"
MOV GA,$RESULT
RET
谢谢分享 感谢楼主 不知道说啥,给楼主顶一下吧! 感谢楼主 谢谢分享 感谢楼主 感谢楼主 感谢楼主 来向大佬学习