1、/*/PESpin v0.3 Stolen Code Finder v0.1( for Remove OEP mode)Author:loveboomEmail : bmd2chenOS : Win2kADV sp2,OllyDbg 1.1b,OllyScript v0.7Date : 2004-4-22Config: Ignore other exceptions except Invalid or privileged instructionNote : If you have one or more question, email me please,thank you!/*/var b
2、paddr /Break point addressvar addrstart:/script start runlbl1: esto estolblgpa: gpa LoadLibraryA,kernel32.dll/LoadLibraryA mov bpaddr,$RESULT bp bpaddr eob lbl2 estolbl2: bc bpaddr rtuloop: cmp eip,50000000 jb lbl3 sto rtu jmp looplbl3: mov bpaddr,esp add bpaddr,4 find eip,#763503BD# cmp $RESULT,0 j
3、e lblabort mov addr,$RESULT mov addr,#EB# find eip,#EB01FF8944241C# /find mov esp+1c,eax cmp $RESULT,0 je lblabort mov addr,$RESULT add addr,3 mov addr,#89029090# /replace mov edx,eax bphws bpaddr,r eob lbl4 runlbl4: bphwc bpaddrend: cmt eip,Stole Code found.please patch OEP code and then dumped it! msg Script by loveboomDFCGFCG,Thank you for using my script! retlblabort: msg Error,Script abort!Maybe target is not protect by PeSpin v0.41 or you forgot Ignore other exceptions except Invalid or privileged instruction ret
