////////////////////////////////////////////////// // FileName : JDProtect.V0.9/JDPack.V1.X.osc // Comment : JDPack V1.X / JDProtect V0.9 UnPacK Script // Environment : WinXP SP2,OllyDbg V1.10,OllyScript V0.92 // Author : fly // WebSite : http://www.unpack.cn // Date : 2005-10-22 15:30 ////////////////////////////////////////////////// #log dbh var Temp var ImageBase var PE var e_lfanew var PE_Signature var ImportTableRVA var ->>ImportTableRVA var ImportTableSize var ->>EP var OEPRVA //GetPEInformation覧覧覧覧覧覧覧覧覧覧覧覧覧覧覧覧 mov Temp,eax exec push 0 call GetModuleHandleA ende mov ImageBase,eax mov eax,Temp log ImageBase mov Temp,ImageBase add Temp,3C mov e_lfanew,[Temp] log e_lfanew mov Temp,e_lfanew add Temp,ImageBase mov PE_Signature,Temp log PE_Signature add Temp,28 mov ->>EP,Temp log ->>EP add Temp,58 mov ->>ImportTableRVA,Temp log ->>ImportTableRVA //mov ImportTableRVA,[->ImportTableRVA] add Temp,4 mov ImportTableSize,[Temp] log ImportTableSize //ImportTableRVA覧覧覧覧覧覧覧覧覧覧覧覧覧覧覧覧 find eip, #E2EB# cmp $RESULT, 0 je NoFind add $RESULT,2 log $RESULT go $RESULT find eip, #03F28B460C0BC0# cmp $RESULT, 0 je NoFind eob GetImportTableRVA bp $RESULT esto GoOn: esto GetImportTableRVA: cmp eip,$RESULT jne GoOn bc $RESULT mov ImportTableRVA,esi log ImportTableRVA mov [->>ImportTableRVA],ImportTableRVA //OEP覧覧覧覧覧覧覧覧覧覧覧覧覧覧覧覧 sti sti asm eip, "xor eax, eax" sti sti find eip, #03C28944241C# cmp $RESULT, 0 je NoFind eob OEP bp $RESULT esto OEP: bc $RESULT log eax mov OEPRVA,eax log OEPRVA mov [->>EP],OEPRVA find eip, #6150C3# cmp $RESULT, 0 je NoFind add $RESULT,2 eob OK bp $RESULT esto OK: bc $RESULT sti dpe "C:\UnPacKed.eXe", eip MSG "Dumped File 覧> C:\UnPacKed.eXe " //GameOver覧覧覧覧覧覧覧覧覧覧覧覧覧覧覧覧 cmt eip, "This is the OEP! Found by fly" MSG "OK, Already Fixed OEP and ImportTable ! Good Luck " ret NoFind: MSG "Error! Maybe It's not JDPack V1.X / JDProtect V0.9 " ret