Teddy Rogers Posted May 27, 2007 Share Posted May 27, 2007 Thinstall 2.736http://tuts4you.com/download.php?view.1679Ted. Link to comment Share on other sites More sharing options...
pavka Posted May 28, 2007 Share Posted May 28, 2007 Unpackedhttp://rapidshare.com/files/33795691/Thinstall_2.736.rar& smal script1.no use imprecVar iat_startvar oepgpa "SetEnvironmentVariableA","kernel32.dll"bp $RESULTrun bc $RESULTrtumov oep,eipadd oep,6Fbp oeprunbc oepstifind eip,#898D48FEFFFF8B55BC6BD214#cmp $RESULT,0je quitmov iat_start,$RESULTbp iat_startfind eip,#8B854CFFFFFF508B8550FFFFFFFFE0#cmp $RESULT,0je quitmov oep,$RESULTadd oep,Dbp oeprun bc iat_startmov iat_start,eaxaval " ИАТ бинарно скопируйте и вставте в дамп на OEP(IAT bynary copy), IAT Start: {iat_star}"msg $RESULTrunbc oepsticmt eip,"OEP"aval " ИАТ бинарнo вставте в дамп,(IAT bynary paste) IAT Start: {iat_start}"msg $RESULTretquit"not Thinstall 2.736"2.By means of ImpRec for those who prefersVar iat_Repvar oepgpa "SetEnvironmentVariableA","kernel32.dll"bp $RESULTrun bc $RESULTrtumov oep,eipadd oep,6Fbp oeprunbc oepstifind eip,#0F85D70000008B8D40FEFFFF51#cmp $RESULT,0je quitmov iat_rep,$RESULTmov [iat_rep],#90E9#find eip,#8B854CFFFFFF508B8550FFFFFFFFE0#cmp $RESULT,0je quitmov oep,$RESULTadd oep,Dbp oeprunbc oepsticmt eip,"OEP"msg "Oep faund IAt fixed"retquit"not Thinstall 2.736" Link to comment Share on other sites More sharing options...
pavka Posted May 30, 2007 Share Posted May 30, 2007 For extraction of files from Thinstall 2.736 Unpackme I wrote a script! Can be useful to whom...Var modvar _isBadvar addr_dllvar size_dllvar img_dllgpa "SetEnvironmentVariableA","kernel32.dll"bp $RESULTrun bc $RESULTrtumov oep,eipadd oep,6Fbp oeprunbc oepstifind eip,#51E8??????0083C4088B55C4899528FBFFFFC78578FEFFFF00000000C645FC058B8528FBFFFF#cmp $RESULT,0je quitmov mod,$RESULTbp modrungpa "IsBadWritePtr","kernel32.dll"mov _isBad,$RESULTrunl:bp _isBadrunrtumov addr_dll,eipadd addr_dll,1Ebc _isBadgo addr_dllmov img_dll,edxmov size_dll,edxadd size_dll,90mov size_dll,[size_dll]aval "Name dll in ebx, damp partial address:{img_dll} , size:{size_dll}"msg $RESULTpauserunjmp lquitret Link to comment Share on other sites More sharing options...
NeO Posted January 28, 2008 Share Posted January 28, 2008 aval stand for eval its error Link to comment Share on other sites More sharing options...
Teddy Rogers Posted January 29, 2008 Author Share Posted January 29, 2008 aval stand for eval its errorIt isn't an error with the original script Pavka posted. When it was posted the forum automatically filtered a few of the words to what you see now. This was fixed some time ago...Ted. Link to comment Share on other sites More sharing options...
kaksii Posted January 30, 2008 Share Posted January 30, 2008 pavka: damn you like writing scripts Good job. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now