/*

//////////////////////////////////////////////////

	MSLRH v0.31A unpack script v0.1

	Author:	loveboom

	Email : loveboom%163.com

	OS    : WinXP sp2,Ollydbg 1.1,OllyScript v0.92

	Date  : 2005-03-07

        Action: Auto fix IAT,find oep

	Config: Ignore all exceptions and ingnore exception: 'C000001E (INVALID LOCK SEQUENCE)'

	Note  : If you have one or more question, email me please,thank you!

//////////////////////////////////////////////////

*/

var addr

var espval

var cbase

var csize

var peheader

var mbase



start:

  msgyn "Setting:Ignore all exceptions.continue?"

  cmp $RESULT,1

  je lbl1

  ret



lbl1:

  dbh

  mov espval,esp		//Get esp value

  sub espval,4

  gmi eip,MODULEBASE		//Get code section information

  mov mbase,$RESULT

  mov peheader,mbase

  add peheader,3c

  mov addr,[peheader]

  add addr,mbase

  mov peheader,addr		//Get pe header

  

  add peheader,100		//Get section size

  mov csize,[peheader]



  add peheader,4		//Get section VirutalAddress

  mov cbase,[peheader]

  add cbase,mbase



  

lbl2:

  gpa "OutputDebugStringA","kernel32.dll"

  cmp $RESULT,0

  je lbl3

  mov addr,$RESULT

  asm addr,"xor eax,eax"	//Patch api function

  add addr,2

  asm addr, "ret 4"

  

lbl3:

  gpa "CreateFileA","kernel32.dll"

  bp $RESULT

  esto

  bc $RESULT

  rtu

  

lbl4:			//clear anti-ImportREC 

  mov addr,eax

  exec

    push {addr}

    Call CloseHandle

  ende



lbl5:

  gpa "ZwQueryInformationProcess","ntdll.dll"		//Clear Anti-Ring3 debug

  cmp $RESULT,0

  je lbl6

  bp $RESULT

  esto

  bc $RESULT

  rtu

  sto

  mov eax,0

  

lbl6:

  bprm cbase,csize

  esto

  bpmc

  bphws espval,"r"

  esto

  bphwc espval

  sto

  

lblend:

  dbs

  cmt eip,"OEP"

  msg "Script by loveboom[DFCG][FCG][US],thank you for using my script!"

  ret