Jump to content
Tuts 4 You

[ Unpackme ] Telock 0.99...


Teddy Rogers

Recommended Posts

Unpackt succesfull!!!

http://files.to/get/461643/8763/tElock.rar

Here is a script for tElock 0.99, i hope it works on other targets to.

"Ignore all exceptions"

var temp

var temp1

var ImgBase

var CodeEnd

var CodeStart

var CodeSize

gmi eip, MODULEBASE

mov ImgBase, $RESULT

mov temp, 3c

add temp, ImgBase

mov temp, [temp]

add temp, ImgBase

add temp, 100

mov CodeSize, [temp]

add temp, 4

mov CodeStart, [temp]

add CodeStart, ImgBase

mov CodeEnd, CodeStart

add CodeEnd, CodeSize

gpa "LoadLibraryA", "kernel32.dll"

add $RESULT, 2

bp $RESULT

run

bc $RESULT

rtu

String_Schleife:

sto

mov temp, [eip]

and temp, FFFF

cmp temp, 858D

jne String_Schleife

sto

mov temp, eax

DeleteString:

mov temp1, [temp]

and temp1, FF000000

cmp temp1, 0

je FindOEP

mov [temp], 0

inc temp

jmp DeleteString

FindOEP:

bprm CodeStart, CodeSize

OEP_Schleife:

run

cmp eip, CodeStart

jb OEP_Schleife

cmp eip, CodeEnd

ja OEP_Schleife

bpmc

cmt eip, "OEP found by kNiGhT"

msg "Dump and rebuild IAT!"

ret

greetz

Edited by -kNiGhT-
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...