tElock 0.99 OEP Finder
// tElock 0.99 OEP Finder
// Coded by: kNiGhT
// Note: Ignore all exceptions
var temp
var temp1
var ImgBase
var CodeEnd
var CodeStart
var CodeSize
gmi eip, MODULEBASE
mov ImgBase, $RESULT
mov temp, 3c
add temp, ImgBase
mov temp, [temp]
add temp, ImgBase
add temp, 100
mov CodeSize, [temp]
add temp, 4
mov CodeStart, [temp]
add CodeStart, ImgBase
mov CodeEnd, CodeStart
add CodeEnd, CodeSize
gpa “LoadLibraryA”, “kernel32.dll”
add $RESULT, 2
bp $RESULT
run
bc $RESULT
rtu
String_Schleife:
sto
mov temp, [eip]
and temp, FFFF
cmp temp, 858D
jne String_Schleife
sto
mov temp, eax
DeleteString:
mov temp1, [temp]
and temp1, FF000000
cmp temp1, 0
je FindOEP
mov [temp], 0
inc temp
jmp DeleteString
FindOEP:
bprm CodeStart, CodeSize
OEP_Schleife:
run
cmp eip, CodeStart
jb OEP_Schleife
cmp eip, CodeEnd
ja OEP_Schleife
bpmc
cmt eip, “OEP found by kNiGhT”
msg “Dump and rebuild IAT!”
ret
