Monday, September 14, 2009

Ollyscript Tutorial - Unpack ASPack

ASPack is actually similar to UPX.

Using PEiD: ASPack 2.12 -> Alexey Solodovnikov

The script
-----------

var hwBP // Local var for hwBP

mov hwBP, esp // Using esp trick

bphws hwBP, "r" // Set hardware breakpoint

run // Run

rtr // Execute till return

sto // F8

msg "OEP found"

cmt eip, "<<<<>>>>"

ret

Download: Notepad.exe packed with ASPack

Signing off
~x9090
Posted by x9090 at 9:32 PM
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)