Unpackme_molebox Pro 2.6.4.2534

Posted June 17, 200718 yr

unpacked &scrpts

1.unpack exe

/*

//////////////////////////////////////////////////

Назначение скрипта MoleBox

/////////////////////////////////////////////////

*/

var patch

var counter

var ImageBase

var OEP

var iat_start

var Start

msg "Add ignore custom exption or ranges [EF000007]"

mov counter,0

gmi eip,MODULEBASE

mov ImageBase,$RESULT

ask "Введите адрес секции SFX"

cmp $RESULT, 0

je quit

mov Start,$RESULT

find Start,#FFD0#

cmp $RESULT,0

je quit

mov OEP,$RESULT

mov patch,$RESULT

sub patch,E

BPHWS patch,"x"

run

BPHWC patch

find eip,#558BEC83EC48C645FC01C745F800000000EB09#

cmp $RESULT,0

je quit

mov patch,$RESULT

mov [patch],#C3#

BPHWS patch,"x"

run

mov iat_start,eax

BPHWC patch

BPHWS OEP,"x"

run

BPHWC OEP

sti

cmt eip, "Oep"

sub OEP,ImageBase

sub iat_start,ImageBase

mov counter,ImageBase

add counter,3C

mov counter,[counter]

add counter,ImageBase

add counter,28

mov [counter],OEP

add counter,58

mov [counter],iat_start

DPE "dump.exe",eip

msg "The file is unpacked! Remove unnecessary section in Dump"

ret

quit:

MSG "Not MoleBox"

ret

2. extract dll

//////////////////////////////////////////////////

Назначение скрипта MoleBox extr

/////////////////////////////////////////////////

*/

var patch

var dllwr

var size_dll

var img_dll

var Start

msg "Add ignore custom exption or ranges [EF000007]"

ask "Введите адрес секции SFX" // начало секции где находиться еп

cmp $RESULT, 0

je quit

mov Start,$RESULT

find Start,#FFD0#

cmp $RESULT,0

je quit

mov OEP,$RESULT

mov patch,$RESULT

sub patch,E

BPHWS patch,"x"

run

BPHWC patch

find eip,#8B45C48B4DF0#

cmp $RESULT,0

je quit

mov dllwr,$RESULT

BPHWS dllwr,"x"

loop:

run

sti

mov img_dll,eax

find img_dll,#5045#

mov size_dll,$RESULT

add size_dll,50

mov size_dll,[size_dll]

eval "Name dll in ebx, damp partial address:{img_dll} , size:{size_dll}! If it is necessary, choose active dump engine ->IntelDump"

msg $RESULT

pause

jmp loop

MoleBox_Pro_2.6.4.2534.rar

Edited June 17, 200718 yr by pavka

June 18, 200718 yr

huh... :cc_confused:

where is the target :cc_confused:

June 18, 200718 yr

it's at that tuts4you homepage Apakekdah

Link: http://www.tuts4you.com/download.php?view.1710

BTW, nice script Pavka

November 19, 200915 yr

How to use this script and what is the output file of this?

Sign In

Unpackme_molebox Pro 2.6.4.2534

Featured Replies

Create an account or sign in to comment

Account

Navigation

Search

Configure browser push notifications

Chrome (Android)

Chrome (Desktop)

Safari (iOS 16.4+)

Safari (macOS)

Edge (Android)

Edge (Desktop)

Firefox (Android)

Firefox (Desktop)