///////////////////////////////////////////////////////////////////////////////////
// FileName    :  EncryptPE_2007.12.1.txt
// Comment     :  EncryptPE V2.2007.12.1 Sʽѿ 0.2
// Environment :  WinXP SP2,LifeDbg V1.4, OllyScript 1.65.2 
// Author      :  softtip
// Date        :  2008-2-18
// WebSite     :  http://www.unpack.cn
///////////////////////////////////////////////////////////////////////////////////
var patch1
var OEP
var baseaddress
var RVA
var RVASIZE

// ע⣺ú0EEDFADE쳣
//нԺalt+l鿴¼ʾoeprvaϢ
//dllļdllodԺӲϵ7120964Cٴdllнű
//űԶѰOEP,޸IATע޸ReplaceCode޸EmbeCodeԶRVAضλ
Start:
    cmp $VERSION, "1.48" 
    jb version
    ask "ֵ40000010000000"
    cmp $RESULT,0
    je end
    mov baseaddress,$RESULT

next:    
gpa "IsDebuggerPresent","kernel32.dll"

ISDEBUGGER:
bp $RESULT
esto
bc $RESULT

    mov  patch1 ,7120B101
    mov [patch1],#E9FA9F0100#
    mov  patch1 ,712059F0
    mov [patch1],#90E9#
    mov  patch1 ,71207968
    mov [patch1],#EB5E#
    mov  patch1 ,7120B1DA
    mov [patch1],#9090909090#
    mov  patch1 ,7120B266
    mov [patch1],#E9B59E0100#
    mov  patch1 ,7120B4DD
    mov [patch1],#9090#
    mov patch1 ,712082ED
    mov [patch1],#E9AECD01009090#
    mov  patch1 ,7120B27A
    mov [patch1],#9090909090#
    mov  patch1, 71207105
    mov [patch1],#EB0B#
    mov patch1 ,711f94B1
    mov [patch1],#E9A600000090#
    mov  patch1 ,7120B287
    mov [patch1],#9090#
    mov patch1 ,711F9054
    mov [patch1],#B201#
    mov  patch1 ,71209182
    mov [patch1],#B00090#
    mov patch1 ,711F91EF
    mov [patch1],#8B25D1502271C3909090#
    mov  patch1 ,7120B2C7
    mov [patch1],#E9749E0100#
    mov  patch1 ,7120B31C
    mov [patch1],#9090#
    mov  patch1, 711fdc15
    mov [patch1],#7400#
    mov  patch1 ,711FDC23
    mov [patch1],#B00090#
    mov  patch1 ,7120B4E4
    mov [patch1],#E9979C0100#
    mov  patch1 ,7120B4C6
    mov [patch1],#9090909090#
    mov  patch1, 712070f6
    mov [patch1],#7400#
    mov  patch1 ,7120B50E
    mov [patch1],#EB05#
    mov  patch1 ,711FCC59
    mov [patch1],#00#
    mov  patch1 ,71209172
    mov [patch1],#7400#
    mov patch1 ,712084b3
    mov [patch1],#E908CD01009090#
    mov patch1 ,711f92b9
    mov [patch1],#B001#
    mov  patch1, 71205b74    
    mov [patch1],#EB7E#
    mov patch1 ,711f955C
    mov [patch1],#8B25F1512271C39090#
    mov  patch1 ,711F8E32
    mov [patch1],#9090909090#
    mov  patch1 ,711F8E41
    mov [patch1],#9090#
    mov  patch1, 71206239
    mov [patch1],#00#
    mov  patch1 ,7120B83D
    mov [patch1],#B00090#
    mov  patch1 ,711F5E2D
    mov [patch1],#909090909090#
    mov  patch1 ,711F5E36
    mov [patch1],#909090909090#
    mov  patch1 ,7120B41F
    mov [patch1],#9090#
    mov  patch1, 711f7490
    mov [patch1],#750E#
    mov  patch1 ,711F5E43
    mov [patch1],#909090909090#
    mov  patch1 ,711F5E63
    mov [patch1],#9090#
    mov patch1 ,711f949b
    mov [patch1],#E9BC00000090#
    mov  patch1 ,711F5E89
    mov [patch1],#9090#
    mov  patch1 ,711FC214
    mov [patch1],#C3#
    mov  patch1 ,711F8E74
    mov [patch1],#8B2573512271C3#
    mov  patch1 ,7120B506
    mov [patch1],#E99B9C0100#
    mov  patch1 ,71225100
    mov [patch1],#609C8B7E0C81C7000000108BF08B4EFCF3A49D61E8AFFEEFFFE9E85FFEFF0000609C8B75C88B4EFC8B3B81C702000010F3A49D618B45C8E92F61FEFF00000000E88F2DFEFF609C892573512271832D7351227104FFD08BF08B4EFC3E8B7DB8890790909090909090909090909D61E95961FEFFFCF40700000000000000000090C70000000000E95E63FEFF900000000000000000000000000000000000900000000000000000A1443E2271C70000000000E95563FEFF00000000000000000000609C8925F1512271832DF15122710448FFD08B3083C0168B38668916897E029D61FF0424FF4C2408E9CD32FEFF#
    mov patch1 ,712250A0
    mov [patch1],#609C8925D1502271832DD15022710448FFD0C740FA00000000C740FC000000009D61FF0424FF4C2408E92632FEFF#
    mov patch1 ,71225107
    mov [patch1],baseaddress
    add baseaddress,2
    mov patch1 ,7122512c
    mov [patch1],baseaddress

    bp 7120B39F
    esto
    bc 7120B39F
    mov RVA,edx
    bp 7120B3A8
    esto
    bc 7120B3A8
    mov RVASIZE,edx
    bp 71209687
    esto
    bc 71209687
    mov OEP,eax
    BP OEP
    ESTO
    BC OEP
    cmt eip,"This is the OEP! "
    sub OEP,baseaddress
    add OEP,2
    log OEP, "OEP = "
    cmp RVASIZE,0
    je end
    log RVA, "ضλRVAַ = "
    log RVASIZE, "ضλĴС = "
    jmp end

version:
    msg "汾"  
    ret

end:
   ret