初始化第一次提交

!EPack/!EPack 1.4 OEP Finder.txt

@@ -0,0 +1,8 @@
+
+find eip,#61B8#
+go $RESULT
+sto
+sto
+sto
+ret
+

!EPack/!EPack Lite 1.2 OEP Finder.txt

@@ -0,0 +1,79 @@
+////////////////////////////////////////////////////////// 
+// !EP Exe Pack (Software Compress) 1.2
+// Get Thunk Table Addresses, Keep Original Thunk Table, 
+// Calculate Thunk Table Size, Find OEP
+// Written by Fungus
+// Date: 2006-31-10
+//////////////////////////////////////////////////////////
+
+var addr1            // temp variable for thunk table origin
+var addr2            // temp variable for think table end
+var org                // variable for thunk table origin
+var end               // variable for thunk table end
+var size               // variable for thunk table size
+var oep               // variable for OEP
+var temp
+
+eob getthunk
+findop eip,#61#
+bphws $RESULT,"x"
+mov temp,$RESULT
+run
+
+getthunk:             // get thunk table origin, end, and size
+
+eob dothunk
+bphwc temp
+findop eip,#0305#
+bphws $RESULT,"x"
+mov temp,$RESULT
+run
+
+dothunk:
+
+eob findoep
+
+bphwc temp
+sto
+mov addr1,eax      // get thunk table origin
+mov org,eax
+sto
+sto
+sto
+sto
+sto
+sto
+sto
+sto
+sto
+mov addr2,ebx      // get thunk table end
+mov end,ebx
+sub addr2,addr1    // calculate size
+mov size,addr2
+find eip,#8907#
+fill $RESULT,2,90 // keep original thunk table
+find eip,#61#
+bphws $RESULT,"x"
+mov temp,$RESULT
+run
+
+findoep:                // find OEP
+
+bphwc temp
+sto
+sto
+sti
+mov oep,eip
+eval "OEP = {oep}"
+msg $RESULT
+eval "Start of Thunk Table = {org}"
+msg $RESULT
+eval "End of Thunk Table = {end}"
+msg $RESULT
+eval "Size of Thunk Table = {size}"
+msg $RESULT
+ret
+
+/end
+
+

!EPack/!EPack all version 脚本.osc

@@ -0,0 +1,108 @@
+//for !EPack 1.4 beta2
+//code by skylly
+//msg "���������쳣"
+find eip,#7CF3#
+cmp $RESULT,0
+je notbeta2
+log "ver 1.4 beta2"
+#log
+gpa "GlobalFindAtomA", "kernel32.dll"
+cmp $RESULT,0
+je err
+var GlobalFindAtomA
+mov GlobalFindAtomA,$RESULT
+bp GlobalFindAtomA
+esto
+bc GlobalFindAtomA
+rtu
+mov ax,1
+
+find eip,#64A130000000#  //MOV EAX,DWORD PTR FS:[30]
+cmp $RESULT,0
+je jmpoep         //���û����С������ֱ����OEP
+bp $RESULT
+esto
+bc $RESULT
+
+find eip,#8333FF#
+cmp $RESULT,0
+je err
+mov [$RESULT],#909090#     //patch sizeofimage
+
+find eip,#8939#
+cmp $RESULT,0
+je err
+mov [$RESULT],#9090#       //patch baseofaddress
+
+find eip,#7C49#
+cmp $RESULT,0
+je err
+mov [$RESULT],#EB#         //peͷд������
+
+jmpoep:
+find eip,#FFE0#       //jmp eax
+cmp $RESULT,0
+je err
+bp $RESULT
+esto
+bc $RESULT
+sti
+//���ڶ���AHPack
+
+var temp
+mov temp,[eip]
+and temp,FF
+cmp temp,60   //�Ƿ�pushad
+jne OEP
+
+AHPack:
+log "ver AHPack"
+sto
+var espvar
+mov espvar,esp
+bphws espvar,"r"
+esto
+bphwc espvar
+
+jmpedx:
+find eip,#FFE2#     //jmp edx
+cmp $RESULT,0
+je pushecx
+jmp allok
+
+pushecx:
+find eip,#51C3#     //push ecx; retn
+cmp $RESULT,0
+je allok
+go $RESULT
+sti
+sti
+sti
+jmp OEP
+
+allok:
+cmp $RESULT,0
+je OEP
+go $RESULT
+sti
+
+OEP:
+cmt eip,"OEP"
+ret
+
+notbeta2:
+log "not 1.4 beta 2 version"
+var temp
+mov temp,[eip]
+and temp,FF
+cmp temp,60   //�Ƿ�pushad
+je AHPack
+
+maybe14f:
+log "may be 1.4 final version"
+jmp jmpoep
+
+ret
+err:
+msg "error"
+ret

12311134/12311134 Unpacker.txt

@@ -0,0 +1,49 @@
+var counter
+var ImageBase
+
+var OEP
+var iat_start
+
+
+mov counter,0
+gmi eip,MODULEBASE
+mov ImageBase,$RESULT
+find eip,#33C0BF????????F3ABC3#
+cmp $RESULT,0
+je quit
+mov OEP,$RESULT+9
+mov iat_start, $RESULT+49
+bp iat_start
+bp OEP
+run
+bc iat_start
+mov iat_start,esi
+mov [eip+4E],#90E9#
+run
+sti
+bc OEP
+mov OEP,eip
+cmt eip, "This is the entry point"
+
+sub OEP,ImageBase
+sub iat_start,ImageBase
+mov counter,ImageBase
+add counter,3C
+mov counter,[counter]
+add counter,ImageBase
+add counter,28
+mov [counter],OEP
+add counter,58
+mov [counter],iat_start
+
+DPE "dump.exe",eip
+msg "The file is unpacked! Name ->Dump.exe Remove  section Xiao in Dump"
+ret
+
+
+
+quit:
+MSG "Not 12311134"
+ret
+
+

32Lite/32Lite 0.03a OEP V0.1 [Mr.David].txt

@@ -0,0 +1,13 @@
+// 32Lite 0.03a OEP V0.1
+// by Mr.David        
+// http://www.chinadfcg.com
+
+  var addr
+  sto   
+  mov addr,esp 
+  bphws addr,"r"
+  run
+  sto
+  BPHWC addr
+  cmt eip,"OEP To Get,Please dumped it,Enjoy!"
+

AHTeam EP Protector/AHTeam EP Protector 0.3a [Goldocrack].txt

@@ -0,0 +1,41 @@
+/*
+Avant d'utiliser ce script, vous devez aller dans les options de olly, 
+dans -> debugging options et cocher toutes les erreurs!
+
+
+
+*/
+
+
+
+/*
+	============================
+
+	      Author: Goldocrack 30 mars 2006
+	      Packer: AHTeam EP Protector v0.3a -> FEUERRADER *
+	      Script for: AHTeam EP Protector v0.3a -> FEUERRADER *
+	      Level: Easy
+	      Date: lundi 8 mai 2006
+
+            http://reverseengineering.online.fr
+            http://www.forumcrack.new.fr/
+            http://s141422204.onlinehome.fr/forum/
+            Merci � tous 
+	 ============================
+						*/
+
+
+
+
+
+
+msgyn "English(oui) ou Francais(non)?"
+cmp $RESULT,1
+je lang1
+msg "remonte d'une ligne dans le code et met un BP sur la ligne, tu fais 1x F9 et 1x F8 et Tu sera � l'entry point ! dumpe ton fichier c'est tout !"
+ret
+lang1:
+msg "Go up 1 line in the code and put a BP on this line, do 1x F9 et 1x F8 and you'll be at the entry point ! dump your file , that's all !"
+
+
+