Jump to content
Tuts 4 You

[unpackme] Undetector 1.2


Teddy Rogers

Recommended Posts

// code by sdy100

// test : Ollydbg 1.10 Odbgscript 1.65.1

mov tmp,1

loop:

gpa "CreateProcessA", "Kernel32.dll"

mov CreateProcessA, $RESULT

gpa "WriteProcessMemory", "Kernel32.dll"

mov WriteProcessMemory, $RESULT

bp CreateProcessA

erun

bp WriteProcessMemory

erun

bc

mov addr, [esp+c]

mov size, [esp+10]

eval "dump{tmp}.exe"

mov name, $RESULT

dm addr, size, name

eval "dumped dump{tmp}.exe"

msg $RESULT

inc tmp

MSGYN "1 more ?"

cmp $RESULT, 1

je loop

end:

ret

Edited by sdy100
Link to comment
Share on other sites

Hello LCF-AT

Your script doesn't work correctly.I get the dump
Edited by sdy100
Link to comment
Share on other sites

Use Odbgscript 1.65.1
Hi,

erm, where did u get it ?

The latest version I can see on their site is 1.64...

Greets

Link to comment
Share on other sites

http://odbgscript.svn.sourceforge.net/view...script/Release/

1.65 (SVN)

+ BPHWC without parameter clears all hardware breakpoints (same as BPHWCALL, which could be removed/renamed)

+ BC without parameter clears all loaded breakpoints (Breakpoints Window)

+ BD without parameter disables all loaded breakpoints

* Breakpoints saving enhanced, and saving/restore on restart.

Edited by sdy100
Link to comment
Share on other sites

hi LCF-AT

You don't need to manual work

use PEtools -> section -> right click -> dumpfixer (PEtools 1.5 Rc7)

regard

Link to comment
Share on other sites

Hey sdy100,

you are right.I dont have used this feature before.

That smoothly escaped me.Thanks for the advice

and excuse for the trouble. :kick:

greetz

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...