1、/*= Obsidium 1.2.5.0 - script for collecting imports, code 2=This script helps to collect 90% imports in Obsidium 1.2.5.0 protector.Script works for basic import protection (CRC32 hash decrypting) fortype of imports code 2. More info find in tutorial.haggar, BIW reversing=*/var addrvar pointervar th
2、unkvar tempmov addr,404000LABEL_01:find addr,#FF15?4000# /Signature for call/jump, needs to be changed.cmp $RESULT,0je END_01mov addr,$RESULTmov eip,addrmov pointer,$RESULTadd pointer,2mov pointer,pointermov thunk,pointermov temp,thunkand temp,0FFFF0000cmp temp, 00B00000 /Address - pointer check, ne
3、eds to be changed. je OK_01 add addr,6 jmp LABEL_01 OK_01:stimov temp,eipand temp,0FFFFFFcmp temp,0BE6660 /Obsidium jump type check, maybe needs to be changed too. je OK_02 add addr,6 add esp,4 jmp LABEL_01 OK_02:log addrlog pointerlog thunkestomov temp,ediadd temp,4mov temp,tempcmp temp,0FFFFFFFF je OK_03 add esp,24 add addr,6 jmp LABEL_01 OK_03:estocmp eax,2 je OK_04 add esp,24 add addr,6 jmp LABEL_01 OK_04:estomov pointer,eaxlog eaxlog add addr,6add esp,24jmp LABEL_01END_01:retERROR:msg Some error occured in this script.ret
