[unpackme] Asdpack 2.0...

[Teddy Rogers]

ASDPack 2.0

http://tuts4you.com/download.php?view.1747

Ted.

[pavka]

Script unpack

var counter

var ImageBase

var OEP

var iat_start

mov counter,0

gmi eip,MODULEBASE

mov ImageBase,$RESULT

mov OEP,esp-4

gpa "LoadLibraryExA","kernel32.dll" <---- Sorry Has corrected here

bp $RESULT

run

bc eip

rtu

mov iat_start,esi

find eip,#ABE9#

cmp $RESULT,0

je quit

mov [$RESULT],#90#

bphws OEP,"r"

run

sti

sti

bphwc OEP

mov oep,eip

cmt eip, "This is the entry point"

sub OEP,ImageBase

sub iat_start,ImageBase

mov counter,ImageBase

add counter,3C

mov counter,[counter]

add counter,ImageBase

add counter,28

mov [counter],OEP

add counter,58

mov [counter],iat_start

DPE "dump.exe",eip

msg "The file is unpacked! Name ->Dump.exe Remove unnecessary section in Dump"

ret

Edited June 26, 2007 by pavka

[azmo]

thx Ted

pavka your script Rockx

azmo

[pavka]

@azmo

Has corrected try

[LCF-AT]

@pavka

Your script does not function correctly.

Error on this line-je quit?

Your script does not come to the OEP (004271B0).

@azmo

Your "Unpacking NakedPacker 1.0" link on your homepage does also not work.

The file is suspected.....Can you fix this.Thank

[azmo]

@pavka

Both versions of the script works fine 100% with ODbgScript plugin v1.51 and it reaches the OEP 004271B0

@LCF-AT

thank you, i've fixed the link

_http://www.4shared.com/file/18528855/420877c2/UnpackingNP10AoRE.html

azmo

[LCF-AT]

No problem azmo.

I get an error message with line "je quit" and the script ends here...

00469155 8BF8 MOV EDI,EAX ; This is the entry point

but the OEP is here...

004271B0 55 PUSH EBP

The same error with ODbgScript 1.47 and 1.63.

greetz