第一课作业~

qiusisi

脱UPX壳，方法知道，有脚本就偷下懒，好像别人都没发~

1. /*
   
2. EOP finder for upxshit 0.6 (snaker) & UPX
   
3. It also works for a "standalone" UPX packed program
   
4. 
   
5. Author : mimas
   
6. */
   
7. 
   
8. var x
   
9. 
   
10. loop:
    
11. findop eip, #E9??# // find jump to next loop
    
12. mov x, $RESULT
    
13. sub x, eip
    
14. cmp x, 10 // (@jmp - eip) use to be 10,
    
15. // we can handle different loop size this way
    
16. ja stub
    
17. go $RESULT
    
18. sto
    
19. jmp loop
    
20. 
    
21. stub:
    
22. // the terrific UPX OEP finder
    
23. eob end
    
24. sto
    
25. mov x, esp
    
26. bphws x, "r"
    
27. run
    
28. 
    
29. end:
    
30. bphwc x
    
31. sto
    
32. ret

复制代码