//////////////////////////////////////////////////////////////////////////////////////////

//

//  Thinstall 2.736 Extract Dependecies (DLL's)

//  Note: This script is used for extracting dependencies, such as those found here:

//  http://tuts4you.com/download.php?view.1679

//  Coded by: Pavka

//  

//////////////////////////////////////////////////////////////////////////////////////////





Var mod

var _isBad

var addr_dll

var size_dll

var img_dll





gpa "SetEnvironmentVariableA","kernel32.dll"

bp $RESULT

run 

bc $RESULT

rtu

mov oep,eip

add oep,6F

bp oep

run

bc oep

sti

find eip,#51E8??????0083C4088B55C4899528FBFFFFC78578FEFFFF00000000C645FC058B8528FBFFFF#



cmp $RESULT,0

je quit

mov mod,$RESULT

bp mod



run

gpa "IsBadWritePtr","kernel32.dll"

mov _isBad,$RESULT

run

l:

bp _isBad

run

rtu

mov addr_dll,eip

add addr_dll,1E

bc _isBad

go addr_dll

mov img_dll,edx

mov size_dll,edx

add size_dll,90

mov size_dll,[size_dll]

eval "Name dll in ebx, damp partial address:{img_dll} , size:{size_dll}"

msg $RESULT

pause

run

jmp l



quit

ret