Wednesday, July 22, 2009

Ollyscript Tutorial - Unpack UPX

This is the simplest Ollyscript tutorial to demonstrate how to write Ollydbg script.

var hwdBP // Local variable to store hardware breakpoint
var softBP
// Local variable to strore software breakpoint
sti
// Step into F7 command
findop eip, #61#
// find next POPAD
mov hwdBP, $RESULT
// Store $RESULT to hardware breakpoint local variable
bphws hwdBP, "x"
// Set hardware breakpoint (execute) on the next POPAD
run
// Run F9 command
findop eip, #E9????????#
// Find the next JMP
mov softBP, $RESULT
// Store $RESULT to software breakpoint local variable
bp softBP
run
// Run to JMP instruction
sti
// Step into the OEP
cmt eip, "<<>>"
msg "OEP found, you can dump the file starting from this address"
ret

Downloads:

Ollyscript Editor V2.0
Ollyscript Plugin V0.94 - ORIGINAL_README.txt - List of Ollyscript Commands by SHaG
ARTeam_eZine_Number2.rar - Page 36 - Writing OllyDbg Scripts, Buzifer of Team RESURRECTiON from ARTeam

Signing off
~x9090

3 comments:

jay said...

Thanks for this :)

--
AceticSoft.com

MMORPG Development Community!

jay said...

Thank you for this :)

--
AceticSoft.com

MMORPG Development Community!

Anonymous said...

Cool stuff bro.. Can u tell me where i can get extensive list of ollyscript keywords..

- kru3l hack3r