//////////////////////////////////////////////////////////////////////////////////////////

//  

//  AsCrypt 0.1 OEP Finder

//  Coded by: 0x87k/ICU

//  Special greetz fly out to: TEAM ICU,SnD,TSRh,{RES},ARTeam,REVENGE,my friends

//  Data: 21.05.2007

//  Test: WinXP SP2, OllyDbg V1.10, ODbgScript V1.53 or OllyScript v0.92, OllyDump

//  Contact: oxy87k@gmail.com

//

//////////////////////////////////////////////////////////////////////////////////////////



//.v4r

var bk



//.c0de

_start:

	findop eip, #C3#	// searches for retn

	go $RESULT		// go over it	

	cmp eip, $RESULT	// if it find it

	je _continue		// continue, else...

   	msg "Error, maybe target isn't packed with AsCrypt v0.1!"

   	ret			// exit



_continue:

	sto			// step over

	sto			// step over

	bphws esp,"r"		// set hardware breakpoint on ESP value

	mov bk, esp

	run			// run appz

	cob			// wait until break

	sto			// step over

	sto			// step over

	sto			// step over

	log eip

	an eip			// Analysis

   	cmt eip, "This is the OEP! Found by 0x87k/ICU"

   	msg "File was dumped, now you have to fix the IAT! Regards!"

	dpe "dumped.exe", eip

	bphwc bk		// clean the breakpoint

   	ret