/*ഀ
//////////////////////////////////////////////////ഀ
Назначение скрипта eXePressor Unpacker 1.5.01 for Unpackmeeഀ
OS : XP SP2 Олька любая патченая + Фантом, Адванседഀ
Note : ODbgScript 1.64.3.0ഀ
/////////////////////////////////////////////////ഀ
*/ഀ
var oepഀ
var mhഀ
var cbഀ
var cszഀ
var mbaseഀ
var emഀ
var iatഀ
var E8ഀ
var funcഀ
var iat_startഀ
mov iat_start,00460818ഀ
ഀ
GMI eip,CODEBASEഀ
mov cb,$RESULTഀ
GMI eip,CODESIZEഀ
mov csz,$RESULTഀ
GMI eip,ENTRYഀ
mov oep,$RESULTഀ
BC oepഀ
ഀ
gpa "GetProcAddress","kernel32.dll"ഀ
find $RESULT,#5F5BC9C2#ഀ
bp $RESULT+3ഀ
erunഀ
bc eipഀ
rtuഀ
find eip,#595985C0#ഀ
cmp $RESULT,0ഀ
je quitഀ
mov [$RESULT+4],#9090# // IAT Fixഀ
runഀ
mov [eip],#cc# // remove antidebugഀ
mov mh,[esp+8]ഀ
bp mhഀ
runഀ
bc eipഀ
add mh,10ഀ
bp mhഀ
runഀ
bc eipഀ
add eip,7ഀ
rtrഀ
stiഀ
find eip,#586A01585E5B5FC9C3#ഀ
ഀ
cmp $RESULT,0ഀ
je quitഀ
mov oep,$RESULT+8ഀ
bp oepഀ
GMEMI eip, MEMORYBASEഀ
mov mbase,$RESULTഀ
find mbase,#8945D8837DD800750733C0#ഀ
mov em,$RESULTഀ
bp emഀ
find em,#C600E88B45E4#ഀ
mov E8,$RESULT ഀ
bp E8ഀ
mov mbase,E8+2Cഀ
bp mbaseഀ
loop:ഀ
erunഀ
cmp eip,emഀ
jne oepfindഀ
mov iat,eaxഀ
find iat_start,iatഀ
mov func,$RESULTഀ
erunഀ
stiഀ
mov [eax],#FF15# ഀ
erunഀ
inc eaxഀ
add eip,2ഀ
mov [eax],funcഀ
ഀ
jmp loopഀ
ഀ
oepfind:ഀ
bc eipഀ
stiഀ
BPRM cb, cszഀ
runഀ
BPMCഀ
bc E8ഀ
bc emഀ
bc mbaseഀ
CMT eip,"OEP"ഀ
mov iat_start,40008Cഀ
mov [iat_start],60000ഀ
dpe "dump.exe", eipഀ
msg " File Unpacked"ഀ
retഀ