//////////////////////////////////////////////////

//  FileName    :  Upack V0.10-V0.34.osc

//  Comment     :  Upack V0.10-V0.34 OEP Find

//  Environment :  WinXP SP2,OllyDbg V1.10,OllyScript V0.92

//  Author      :  fly

//  WebSite     :  http://fly2004.163.cn.com

//  Date        :  2005-10-03 15:40

//////////////////////////////////////////////////

#log



1:

//Upack V0.1X-V0.2X-V0.32

sti

find eip, #AD??C00F84#

log $RESULT

cmp $RESULT, 0

je 2



add $RESULT,3

eob Upack V0.1X-V0.2X-V0.32

bpcnd $RESULT,"EAX==0"

run



2:

//Upack V0.33

find eip, #AD??C07430#

cmp $RESULT, 0

je 3

add $RESULT,3

eob Upack V0.33

bpcnd $RESULT,"EAX==0"

run



3:

//Upack V0.33 Some PacKed

find eip, #E2F361E9#

cmp $RESULT, 0

je 4



add $RESULT,3

eob Upack V0.33.Some/V0.34

bp $RESULT

run



4:

//Upack V0.34

find eip, #B180AA81#

cmp $RESULT, 0

je NoFind

eob Final

go $RESULT



Final:

find eip, #ABEBE7C3#

cmp $RESULT, 0

je NoFind

add $RESULT,3

bp $RESULT

eob Upack V0.33.Some/V0.34

run





Upack V0.1X-V0.2X-V0.32:

bc $RESULT

sto

jmp Get OEP



Upack V0.33:

bc $RESULT

sto

sto

jmp Get OEP



Upack V0.33.Some/V0.34:

bc $RESULT

sto

jmp Get OEP



Get OEP:

log eip

cmt eip, "This is the OEP! Found By: fly"

MSG "Just : OEP !  Dump and Fix IAT.  Good Luck  "

ret



NoFind:

MSG "Error! Maybe It's not Upack V0.10-V0.34 ! "

ret