July 6, 200718 yr Here a little script for this UnpackMe.ItUndetector_1.2_OEP_finder_and_detach_processes.rar
July 7, 200718 yr // code by sdy100// test : Ollydbg 1.10 Odbgscript 1.65.1 mov tmp,1loop:gpa "CreateProcessA", "Kernel32.dll"mov CreateProcessA, $RESULTgpa "WriteProcessMemory", "Kernel32.dll"mov WriteProcessMemory, $RESULTbp CreateProcessAerunbp WriteProcessMemoryerunbcmov addr, [esp+c]mov size, [esp+10]eval "dump{tmp}.exe"mov name, $RESULTdm addr, size, nameeval "dumped dump{tmp}.exe"msg $RESULTinc tmpMSGYN "1 more ?"cmp $RESULT, 1je loopend:ret Edited July 7, 200718 yr by sdy100
July 7, 200718 yr Hello LCF-AT Your script doesn't work correctly.I get the dump Edited July 7, 200718 yr by sdy100
July 7, 200718 yr Use Odbgscript 1.65.1Hi,erm, where did u get it ?The latest version I can see on their site is 1.64...Greets
July 7, 200718 yr http://odbgscript.svn.sourceforge.net/view...script/Release/1.65 (SVN) + BPHWC without parameter clears all hardware breakpoints (same as BPHWCALL, which could be removed/renamed) + BC without parameter clears all loaded breakpoints (Breakpoints Window) + BD without parameter disables all loaded breakpoints * Breakpoints saving enhanced, and saving/restore on restart. Edited July 7, 200718 yr by sdy100
July 7, 200718 yr hi LCF-AT You don't need to manual work use PEtools -> section -> right click -> dumpfixer (PEtools 1.5 Rc7)regard
July 7, 200718 yr Hey sdy100, you are right.I dont have used this feature before. That smoothly escaped me.Thanks for the advice and excuse for the trouble. greetz
Create an account or sign in to comment