Cheat Engine :: View topic - UPX 3.x OEP Grabber (Using CE Lua engine.)

Cheat Engine
The Official Site of Cheat Engine

FAQ

Memberlist

Usergroups

Profile

UPX 3.x OEP Grabber (Using CE Lua engine.)

Cheat Engine Forum Index -> Cheat Engine Tutorials -> LUA Tutorials

View previous topic :: View next topic

Author

Message

atom0s
Moderator

Reputation: 198

Joined: 25 Jan 2006
Posts: 8517
Location: 127.0.0.1

Posted: Thu Jan 13, 2011 10:34 pm Post subject: UPX 3.x OEP Grabber (Using CE Lua engine.)

Here's a script that can obtain a UPX 3.x packed files real OEP (original entry point). This uses a known signature scanning for the jump back to the original OEP after the file has finished unpacking itself. The script will set a breakpoint at the real OEP and show a message box upon success.

This is an example showing off other things you can do with CE's Lua exposure.
Enjoy. Smile

Code:

--[[

Generic UPX 3.x OEP Grabber
by atom0s [Wiccaan]

This is a demonstrational Lua script showing off
what Cheat Engine 6.0 can do with Lua.

]]--

-- Edit this path to the file that is packed with UPX 3.x
local TargetFile = "C:\\Users\\atom0s\\Desktop\\packed.exe"

--
-- DO NOT EDIT BELOW THIS LINE!!
--

local UPX_Example = { }

----------------------------------------------------------------------------------
-- func: UPX_Example.Main( .. )
-- desc: Prepares script for overall actions.
----------------------------------------------------------------------------------
function UPX_Example.Main( )

-- UPX 3.x Signature
UPX_Example.UPX3_Signature = "6A 00 39 C4 75 ?? 83 EC 80 E9 ?? ?? ?? ??";

-- Misc. variables.
UPX_Example.bFirstBreak = true;

-- Set breakpoint handler.
debugger_onBreakpoint = UPX_Example.OnBreakpoint;

-- Open target file for debugging.
createProcess( TargetFile, "", true, true );
return true;
end

----------------------------------------------------------------------------------
-- func: UPX_Example.OnBreakpoint( .. )
-- desc: Breakpoint handler when CE reaches a breakpoint.
----------------------------------------------------------------------------------
function UPX_Example.OnBreakpoint( )

-- Entry point breakpoint.
if( UPX_Example.bFirstBreak == true ) then
UPX_Example.bFirstBreak = false;

-- Scan for known UPX 3.x signature.
local scanList = AOBScan( UPX_Example.UPX3_Signature );
if( scanList == nil ) then
showMessage( "[ERROR] Failed to locate signature. File not packed with UPX 3.x?" );
debugger_onBreakpoint = nil;
return 1;
end

-- Validate scan list has content.
local scanCount = stringlist_getCount( scanList );
if( scanCount == 0 ) then
showMessage( "[ERROR] Scan list was empty. File not packed with UPX 3.x?" );
debugger_onBreakpoint = nil;
return 1;
end

-- Calculate jump address position.
local jmpAddr = tonumber( "0x" .. stringlist_getString( scanList, 0 ) );
jmpAddr = jmpAddr + 10;

-- Read jump offset and calculate new address.
local jmpOffset = readInteger( jmpAddr );
jmpOffset = jmpOffset + jmpAddr + 4;

-- Set breakpoint at real OEP.
debug_setBreakpoint( jmpOffset );

-- Cleanup stringlist.
object_destroy( scanList );
return 1;
end

-- Real OEP breakpoint. Display to user.
showMessage( "Assumed real OEP: " .. string.format( "%x", EIP ) );

-- Remove breakpoint handler.
debugger_onBreakpoint = nil;

-- Pause debugger at breakpoint.
return 0;
end

-- Execute our script.
UPX_Example.Main();

_________________

- Retired.

Display posts from previous:

	Cheat Engine Forum Index -> Cheat Engine Tutorials -> LUA Tutorials	All times are GMT - 6 Hours
Page 1 of 1

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum