/////////////////////////////////////////////////////////////

//  FileName    :  KByS V0.28.osc

//  Comment     :  OEP Find For KByS V0.28

//  Environment :  WinXP SP2,OllyDbg V1.10,OllyScript V0.92

//  Author      :  fly

//  WebSite     :  http://www.unpack.cn

//  Date        :  2006-05-22 14:30

/////////////////////////////////////////////////////////////

#log



var OEP

var Temp

var Count

var Second





MSGYN "Plz Clear All BreakPoints + Set Events Make first pause at Entry Point !   "

cmp $RESULT, 0

je TryAgain



//eXe覧覧覧覧覧覧覧覧覧覧覧覧覧覧覧覧



mov Temp,eip

find eip, #68????????E801000000C3C3#

cmp $RESULT, 0

je Second



mov Temp,$RESULT

add Temp,1

mov Temp,[Temp]





//Second覧覧覧覧覧覧覧覧覧覧覧覧覧覧覧覧



Second:

find Temp, #B8????????BA????????03C2FFE0#

cmp $RESULT, 0

je NoFind





//OEP覧覧覧覧覧覧覧覧覧覧覧覧覧覧覧覧

        

add $RESULT,C

mov OEP,$RESULT

bp OEP



eob OEP

esto

GoOn0:

esto



OEP:

cmp eip,OEP

jne GoOn0

inc Count

cmp Count,2

je GameOver

jmp GoOn0





//GameOver覧覧覧覧覧覧覧覧覧覧覧覧覧覧覧覧



GameOver:

bc OEP        

esti

log eip

cmt eip, "This is the OEP! Found By: fly"

MSG "Just : OEP !  Dump and Fix IAT.  Good Luck   "

ret



NoFind:

MSG "Error! Maybe It's not KByS V0.28  !  "

ret



TryAgain:

MSG " Plz  Try  Again   !   "

ret