/*Autor: Apuromafo whit idea from others tutorials..
Date: today
Team: not have team..im retired but some time read all of others..
Environment :  WinXP SP2,OllyDbg V1.10,ODbgScript V1.48
Ignore all exceptions
Erase all breakpoints
*/
var apuromafo
var APUROMAFO
var follow
var follow2
var tmp
var tmp2
var temp
var temp1
var en
var temp2
var addr
find eip, #8A0141#
mov temp, $RESULT
bphws temp, "x"
run
mov APUROMAFO, $RESULT
mov follow, eax
log "el serial o clave de encriptacion"
log "es:"
log follow
bphwc temp
//msg "copy  licence in eax"
gpa "GetSystemDirectoryA","kernel32.dll"
bp $RESULT
run
bc $RESULT
find eip, #C20800#
mov temp, $RESULT
//log "im go from getsystemdirectory "
//log temp
bphws temp, "x"
run
bphwc temp
sti
find eip, #8B8538FBFFFF#
mov temp, $RESULT
find eip, #B941000000#
mov temp, $RESULT
//log "stalk"
//log temp
bphws temp, "x"
run
bphwc temp
sti
//msg "can copy licence whit  follow in dump edx"
mov follow2, edx
log "el nombre del proyecto,name of proyect"
log follow2
//msg "im here"
find eip, #8B08FF5154#
mov en, $RESULT
//log temp
bphws en, "x"
run
bphwc en
sti
find eip,#FFFFFFFF#
mov en,$RESULT
log "patch in..."
log en
mov [en],#00000000#
//msg "check patching... parchado?"
sti //aca estamos
find eip, #8BD98BF28BF833C0#
cmp $RESULT,0
je error
mov tmp, $RESULT
bphws tmp, "x"
run
bphwc tmp
sti
find eip, #3B35????????74133B35????????740B5356E8????????8BD8#
cmp $RESULT,0
je error
mov temp1, $RESULT
//log temp1
find temp1,#7413#
cmp $RESULT,0
je error
fill $RESULT,2,90
find temp1,#740B#
cmp $RESULT,0
je error
fill $RESULT,2,90
bphws temp1, "x"
run
bphwc temp1
sti
sti
sti
sti
sti
sti
sti
sti
sti
sti
//second api redirect
//log eip
find eip, #6685C0751D8B4424083905????????75076681FE540174275650#
cmp $RESULT,0
je error
mov temp2, $RESULT
//log temp2
find temp2,#751D#
cmp $RESULT,0
je error
fill $RESULT,2,90
find temp2,#7507#
cmp $RESULT,0
je error
fill $RESULT,2,90
find temp2,#7427#
cmp $RESULT,0
je error
fill $RESULT,2,90
rtr
sti
find eip, #FF65FC6A00E8????????E9????????A1#
cmp $RESULT,0
je error
mov temp, $RESULT
bphws temp, "x"
run
bphwc temp
sti
cmt eip, "<-- OEP found ! one invalid function remaining: GetProcAddress"
//mov [follow3],edx
msgyn "analize?? analizo?"
cmp $RESULT,0
je analiza
msg [follow]
msg [follow2]
analiza:
log "se analizo!"
an eip
mov edx, 0
mov edx,[APUROMAFO]
ret