Hello guys its my first script have try
It can find the oep of any version of enigma and fix api calls. But it's can't fix VM api. Just fix VM api and dump and fix. Have try .
https://forum.tuts4you.com/topic/38281-enigma-4xx-to-5xx-oep-finder-and-api-patch/
[Asm] 纯文本查看 复制代码 //Created by ramjane
//Its my first script
//Just fix VM api
bphwc
var sec
var ENIGMA
var GetProcAddress
var RET
var EP
mov EP,eip
gpa "GetProcAddress" , "Kernel32.dll"
mov GetProcAddress, $RESULT
alloc 1000
mov sec,$RESULT
mov [sec],#606A006A00E8837AAA906190#
eval "call {GetProcAddress}"
asm sec+05, $RESULT
mov eip,sec
bp eip+0B
bp GetProcAddress
run
bc eip
rtr
mov RET, eip
run
bc
mov eip,EP
bphws RET
esto
free sec
mov ENIGMA, esi
bphwc
var OEPBP
var VABP
var APICALL
gpa "VirtualAlloc", "kernel32.dll"
mov VABP, $RESULT
bp VABP
run
bc
rtr
sti
find ENIGMA, #FF0081C2E0#
mov OEPBP,$RESULT
bphws OEPBP, "x"
find ENIGMA,#3D00F00000#
mov APICALL,$RESULT
eval "inc eax"
asm APICALL-15, $RESULT
eval "nop"
asm APICALL-14,$RESULT
run
bphwc
bphws ecx
run
sti
cmt eip, "OEP"
bphwc
msg "OEP found just fix VM OEP"
ret
| 
发表于 2016-5-6 14:53
