/* ਍开开开开 开开开开 开开开开 开开开    开开开开 开开开开   开  开 开 开          开开开 开  开 开开开ഀഀ ==== [__] |— | — |___ [__] |\/| _X_ . – | |\/| | ਍ഀഀ CopyMemII Script v0.1 by tenketsu0017 26/Sept/2006 ਍   䄀猀猀攀洀戀氀攀爀 戀愀猀攀搀ഀഀ ਍        伀氀氀礀搀戀最 瘀㄀⸀㄀ ഀഀ ODbgScript v1.47 ਍        圀椀渀堀倀⬀匀倀㈀ഀഀ NO BreakPoints ਍        䐀攀琀攀挀琀愀 攀氀 伀䔀倀ഀഀ Desencripta el codigo del proceso hijo ਍        䔀瘀椀琀愀 氀愀 挀愀氀氀 攀渀挀爀椀瀀琀愀搀漀爀愀ഀഀ Modifica los permisos de la seccion de codigo del hijo a PAGE_EXECUTE_READWRITE ਍        刀攀猀琀愀甀爀愀 氀漀猀 䈀礀琀攀猀 漀爀椀最椀渀愀氀攀猀 搀攀氀 伀䔀倀 攀渀 攀氀 栀椀樀漀ഀഀ */ ਍ഀഀ var oep ਍瘀愀爀 挀漀搀攀椀ഀഀ var codes ਍瘀愀爀 戀瀀㄀ഀഀ var report ਍瘀愀爀 眀愀椀琀ഀഀ var write ਍瘀愀爀 眀漀攀瀀ഀഀ var woep2 ਍瘀愀爀 漀爀戀礀琀攀猀ഀഀ var hproc ਍瘀愀爀 砀㄀ഀഀ var x2 ਍瘀愀爀 砀㌀ഀഀ ਍搀戀栀ഀഀ gpa “WriteProcessMemory”, “kernel32.dll” ਍洀漀瘀 眀爀椀琀攀Ⰰ ␀刀䔀匀唀䰀吀ഀഀ gpa “WaitForDebugEvent”, “kernel32.dll” ਍洀漀瘀 眀愀椀琀Ⰰ ␀刀䔀匀唀䰀吀ഀഀ bphws wait, “x” ਍攀漀攀 䰀䄀䈀䔀䰀ഀഀ eob BABEL ਍爀甀渀ഀഀ BABEL: ਍挀漀戀ഀഀ bphwc wait ਍洀漀瘀 戀瀀㄀Ⰰ 嬀攀猀瀀崀ഀഀ sub bp1, 6 ਍戀瀀栀眀猀 戀瀀㄀Ⰰ ᰀ砠ᴀഠഀ eob wfde1 ਍爀甀渀ഀഀ wfde1: ਍挀漀戀ഀഀ bphwc bp1 ਍洀漀瘀 爀攀瀀漀爀琀Ⰰ 嬀攀猀瀀崀ഀഀ add report, 18 ਍戀瀀栀眀猀 眀爀椀琀攀Ⰰ ᰀ砠ᴀഠഀ eob wpm1 ਍爀甀渀ഀഀ wpm1: ਍挀洀瀀 嬀攀猀瀀⬀㄀ 崀Ⰰ ㄀               ⼀⼀䈀礀琀攀猀 琀漀 圀爀椀琀攀ഀഀ je SIG ਍ഀഀ run ਍匀䤀䜀㨀ഀഀ cob ਍戀瀀栀眀挀 眀爀椀琀攀ഀഀ mov x2, eip ਍洀漀瘀 栀瀀爀漀挀Ⰰ 嬀攀猀瀀⬀㐀崀            ⼀⼀ 倀爀漀挀攀猀猀䤀䐀ഀഀ mov oep, [report] ਍洀漀瘀 眀漀攀瀀Ⰰ 漀攀瀀ഀഀ sub woep, [esp+8] //Address xxxxx000 ਍洀漀瘀 眀漀攀瀀㈀Ⰰ 嬀攀猀瀀⬀㠀崀            ⼀⼀䄀搀搀爀攀猀猀 砀砀砀砀砀   ഀഀ add woep, [esp+0C] // Buffer ਍洀漀瘀 漀爀戀礀琀攀猀Ⰰ 嬀眀漀攀瀀崀ഀഀ shl orbytes, 10 ਍猀栀爀 漀爀戀礀琀攀猀Ⰰ ㄀ ഀഀ rev orbytes ਍洀漀瘀 漀爀戀礀琀攀猀Ⰰ ␀刀䔀匀唀䰀吀ഀഀ mov [woep], #EBFE# ਍最洀攀洀椀 漀攀瀀Ⰰ 䴀䔀䴀伀刀夀䈀䄀匀䔀ഀഀ mov codei, $RESULT ਍最洀攀洀椀 漀攀瀀Ⰰ 䴀䔀䴀伀刀夀匀䤀娀䔀ഀഀ mov codes, $RESULT ਍攀砀攀挀ഀഀ pushad ਍瀀甀猀栀昀搀ഀഀ push {report} ਍瀀甀猀栀 㐀 ഀഀ push {codes} ਍瀀甀猀栀 笀挀漀搀攀椀紀ഀഀ call VirtualProtect ਍瀀漀瀀昀搀ഀഀ popad ਍攀渀搀攀ഀഀ mov x1, [esp] ਍猀甀戀 砀㄀Ⰰ 㘀ഀഀ mov eip, x1 ਍愀搀搀 砀㄀Ⰰ 㘀ഀഀ aval “jmp {codei}” ਍愀猀洀 攀椀瀀Ⰰ ␀刀䔀匀唀䰀吀ഀഀ add eip, $RESULT ਍愀猀洀 攀椀瀀Ⰰ ᰀ渠漀瀀ᴀഠഀ mov eip, codei ਍愀瘀愀氀 ᰀ洠漀瘀 攀愀砀Ⰰ 嬀笀爀攀瀀漀爀琀紀崀ᴀഠഀ asm eip, $RESULT ਍愀搀搀 攀椀瀀Ⰰ ␀刀䔀匀唀䰀吀ഀഀ aval “cmp dword [esp+4], eax” ਍愀猀洀 攀椀瀀Ⰰ ␀刀䔀匀唀䰀吀ഀഀ add eip, $RESULT ਍洀漀瘀 砀㌀Ⰰ 攀椀瀀ഀഀ add x3, 0C ਍愀瘀愀氀 ᰀ樠渀攀 笀砀㌀紀ᴀഠഀ asm eip, $RESULT ਍愀搀搀 攀椀瀀Ⰰ ␀刀䔀匀唀䰀吀ഀഀ asm eip, “call WriteProcessMemory” ਍愀搀搀 攀椀瀀Ⰰ ␀刀䔀匀唀䰀吀ഀഀ aval “jmp {x1}” ਍愀猀洀 攀椀瀀Ⰰ ␀刀䔀匀唀䰀吀ഀഀ add eip, $RESULT ਍愀猀洀 攀椀瀀Ⰰ ᰀ愠搀搀 攀猀瀀Ⰰ ㄀㐀㌀ഠഀ add eip, $RESULT ਍愀猀洀 攀椀瀀Ⰰ ᰀ洠漀瘀 攀愀砀Ⰰ ㄀㌀ഠഀ add eip, $RESULT ਍愀瘀愀氀 ᰀ樠洀瀀 笀砀㄀紀ᴀഠഀ asm eip, $RESULT ਍愀搀搀 攀椀瀀Ⰰ ␀刀䔀匀唀䰀吀ഀഀ asm eip, “nop” ਍愀搀搀 攀椀瀀Ⰰ ␀刀䔀匀唀䰀吀ഀഀ asm eip, “nop” ਍愀搀搀 攀椀瀀Ⰰ ␀刀䔀匀唀䰀吀ഀഀ asm eip, “nop” ਍愀搀搀 攀椀瀀Ⰰ ␀刀䔀匀唀䰀吀ഀഀ asm eip, “nop” ਍愀搀搀 攀椀瀀Ⰰ ␀刀䔀匀唀䰀吀ഀഀ asm eip, “nop” ਍愀搀搀 攀椀瀀Ⰰ ␀刀䔀匀唀䰀吀ഀഀ asm eip, “nop” ਍洀漀瘀 攀椀瀀Ⰰ 砀㈀ഀഀ bphws bp1, “x” ਍攀漀戀 眀昀搀攀㈀ഀഀ run ਍眀昀搀攀㈀㨀ഀഀ cob ਍戀瀀栀眀挀 戀瀀㄀ഀഀ mov report, [esp] ਍愀搀搀 爀攀瀀漀爀琀Ⰰ ㄀㠀ഀഀ mov [report], codei ਍愀搀搀 爀攀瀀漀爀琀Ⰰ  䌀ഀഀ mov [report], codei ਍愀搀搀 爀攀瀀漀爀琀Ⰰ 㐀ഀഀ mov [report], codei ਍猀甀戀 爀攀瀀漀爀琀Ⰰ ㄀ ഀഀ add codes, codei ਍愀搀搀 挀漀搀攀椀Ⰰ ㌀ ഀഀ aval “jmp {codei}” ਍愀猀洀 攀椀瀀Ⰰ ␀刀䔀匀唀䰀吀ഀഀ add eip, $RESULT ਍愀猀洀 攀椀瀀Ⰰ ᰀ渠漀瀀ᴀഠഀ mov eip, codei ਍愀猀洀 攀椀瀀Ⰰ ᰀ洠漀瘀 攀愀砀Ⰰ 嬀攀猀瀀崀ᴀഠഀ add eip, $RESULT ਍洀漀瘀 砀㄀Ⰰ 攀椀瀀ഀഀ asm eip, “add dword [eax+18], 1000″ ਍愀搀搀 攀椀瀀Ⰰ ␀刀䔀匀唀䰀吀ഀഀ asm eip, “add dword [eax+24], 1000″ ਍愀搀搀 攀椀瀀Ⰰ ␀刀䔀匀唀䰀吀ഀഀ asm eip, “add dword [eax+28], 1000″ ਍愀搀搀 攀椀瀀Ⰰ ␀刀䔀匀唀䰀吀ഀഀ aval “cmp dword [eax+28], {woep2}” ਍愀猀洀 攀椀瀀Ⰰ ␀刀䔀匀唀䰀吀ഀഀ add eip, $RESULT ਍愀瘀愀氀 ᰀ樠攀 笀砀㄀紀ᴀഠഀ asm eip, $RESULT ਍愀搀搀 攀椀瀀Ⰰ ␀刀䔀匀唀䰀吀ഀഀ aval “cmp dword [eax+28], {codes}” ਍愀猀洀 攀椀瀀Ⰰ ␀刀䔀匀唀䰀吀ഀഀ add eip, $RESULT ਍洀漀瘀 砀㄀Ⰰ 攀椀瀀ഀഀ add x1, 3 ਍愀瘀愀氀 ᰀ樠戀 笀砀㄀紀ᴀഠഀ asm eip, $RESULT ਍愀搀搀 攀椀瀀Ⰰ ␀刀䔀匀唀䰀吀ഀഀ asm eip, “nop” ਍洀漀瘀 砀㄀Ⰰ 攀椀瀀ഀഀ add eip, $RESULT ਍愀猀洀 攀椀瀀Ⰰ ᰀ愠搀搀 攀猀瀀Ⰰ 㠀㌀ഠഀ add eip, $RESULT ਍愀猀洀 攀椀瀀Ⰰ ᰀ洠漀瘀 攀愀砀Ⰰ ㄀㌀ഠഀ add eip, $RESULT ਍愀搀搀 戀瀀㄀Ⰰ 㘀ഀഀ aval “jmp {bp1}” ਍愀猀洀 攀椀瀀Ⰰ ␀刀䔀匀唀䰀吀ഀഀ add eip, $RESULT ਍愀猀洀 攀椀瀀Ⰰ ᰀ渠漀瀀ᴀഠഀ add eip, $RESULT ਍愀猀洀 攀椀瀀Ⰰ ᰀ渠漀瀀ᴀഠഀ add eip, $RESULT ਍愀猀洀 攀椀瀀Ⰰ ᰀ渠漀瀀ᴀഠഀ sub codei, 30 ਍洀漀瘀 攀椀瀀Ⰰ 戀瀀㄀ഀഀ bphws x1, “x” ਍攀漀戀 䘀䤀一ഀഀ run ਍䘀䤀一㨀ഀഀ cob ਍戀瀀栀眀挀 砀㄀ഀഀ mov bp1, eip ਍猀甀戀 挀漀搀攀猀Ⰰ 挀漀搀攀椀ഀഀ aval “push {report}” ਍愀猀洀 攀椀瀀Ⰰ ␀刀䔀匀唀䰀吀ഀഀ add eip, $RESULT ਍愀猀洀 攀椀瀀Ⰰ ᰀ瀠甀猀栀 㐀 ㌀ഠഀ add eip, $RESULT ਍愀瘀愀氀 ᰀ瀠甀猀栀 笀挀漀搀攀猀紀ᴀഠഀ asm eip, $RESULT ਍愀搀搀 攀椀瀀Ⰰ ␀刀䔀匀唀䰀吀ഀഀ aval “push {codei}” ਍愀猀洀 攀椀瀀Ⰰ ␀刀䔀匀唀䰀吀ഀഀ add eip, $RESULT ਍愀瘀愀氀 ᰀ瀠甀猀栀 笀栀瀀爀漀挀紀ᴀഠഀ asm eip, $RESULT ਍愀搀搀 攀椀瀀Ⰰ ␀刀䔀匀唀䰀吀ഀഀ asm eip, “call VirtualProtectEx” ਍愀搀搀 攀椀瀀Ⰰ ␀刀䔀匀唀䰀吀ഀഀ aval “push {report}” ਍愀猀洀 攀椀瀀Ⰰ ␀刀䔀匀唀䰀吀ഀഀ add eip, $RESULT ਍愀猀洀 攀椀瀀Ⰰ ᰀ瀠甀猀栀 ㈀㌀ഠഀ add eip, $RESULT ਍愀搀搀 爀攀瀀漀爀琀Ⰰ ㄀ ഀഀ rev orbytes ਍洀漀瘀 嬀爀攀瀀漀爀琀崀Ⰰ ␀刀䔀匀唀䰀吀ഀഀ aval “push {report}” ਍愀猀洀 攀椀瀀Ⰰ ␀刀䔀匀唀䰀吀ഀഀ add eip, $RESULT ਍愀瘀愀氀 ᰀ瀠甀猀栀 笀漀攀瀀紀ᴀഠഀ asm eip, $RESULT ਍愀搀搀 攀椀瀀Ⰰ ␀刀䔀匀唀䰀吀ഀഀ aval “push {hproc}” ਍愀猀洀 攀椀瀀Ⰰ ␀刀䔀匀唀䰀吀ഀഀ add eip, $RESULT ਍愀猀洀 攀椀瀀Ⰰ ᰀ挠愀氀氀 圀爀椀琀攀倀爀漀挀攀猀猀䴀攀洀漀爀礀ᴀഠഀ add eip, $RESULT ਍愀猀洀 攀椀瀀Ⰰ ᰀ渠漀瀀ᴀഠഀ add eip, $RESULT ਍愀猀洀 攀椀瀀Ⰰ ᰀ渠漀瀀ᴀഠഀ add eip, $RESULT ਍愀猀洀 攀椀瀀Ⰰ ᰀ渠漀瀀ᴀഠഀ mov eip, bp1 ਍猀琀漀ഀഀ sto ਍猀琀漀ഀഀ sto ਍猀琀漀ഀഀ sto ਍猀琀漀ഀഀ sto ਍猀琀漀ഀഀ sto ਍猀琀漀ഀഀ sto ਍猀琀漀ഀഀ aval “OEP: {oep}” ਍氀漀最 ␀刀䔀匀唀䰀吀Ⰰ ᰀᴠഠഀ shr orbytes, 10 ਍愀瘀愀氀 ᰀ䈠礀琀攀猀 伀爀椀最椀渀愀氀攀猀 嬀伀䔀倀崀㨀 笀漀爀戀礀琀攀猀紀ᴀഠഀ log $RESULT, “” ਍愀瘀愀氀 ᰀ传䔀倀㨀 笀漀攀瀀紀  簀簀  嬀伀䔀倀崀㨀 笀漀爀戀礀琀攀猀紀ᴀഠഀ msg $RESULT ਍爀攀琀ഀഀ LABEL: ਍攀猀琀漀ഀഀ jmp LABEL