Joined: 25 Jan 2006 Posts: 8517 Location: 127.0.0.1
Posted: Thu Jan 13, 2011 10:34 pm Post subject: UPX 3.x OEP Grabber (Using CE Lua engine.)
Here's a script that can obtain a UPX 3.x packed files real OEP (original entry point). This uses a known signature scanning for the jump back to the original OEP after the file has finished unpacking itself. The script will set a breakpoint at the real OEP and show a message box upon success.
This is an example showing off other things you can do with CE's Lua exposure.
Enjoy.
Code:
--[[
Generic UPX 3.x OEP Grabber
by atom0s [Wiccaan]
This is a demonstrational Lua script showing off
what Cheat Engine 6.0 can do with Lua.
]]--
-- Edit this path to the file that is packed with UPX 3.x
local TargetFile = "C:\\Users\\atom0s\\Desktop\\packed.exe"
--
-- DO NOT EDIT BELOW THIS LINE!!
--
local UPX_Example = { }
----------------------------------------------------------------------------------
-- func: UPX_Example.Main( .. )
-- desc: Prepares script for overall actions.
----------------------------------------------------------------------------------
function UPX_Example.Main( )
-- Set breakpoint handler.
debugger_onBreakpoint = UPX_Example.OnBreakpoint;
-- Open target file for debugging.
createProcess( TargetFile, "", true, true );
return true;
end
----------------------------------------------------------------------------------
-- func: UPX_Example.OnBreakpoint( .. )
-- desc: Breakpoint handler when CE reaches a breakpoint.
----------------------------------------------------------------------------------
function UPX_Example.OnBreakpoint( )
-- Entry point breakpoint.
if( UPX_Example.bFirstBreak == true ) then
UPX_Example.bFirstBreak = false;
-- Scan for known UPX 3.x signature.
local scanList = AOBScan( UPX_Example.UPX3_Signature );
if( scanList == nil ) then
showMessage( "[ERROR] Failed to locate signature. File not packed with UPX 3.x?" );
debugger_onBreakpoint = nil;
return 1;
end
-- Validate scan list has content.
local scanCount = stringlist_getCount( scanList );
if( scanCount == 0 ) then
showMessage( "[ERROR] Scan list was empty. File not packed with UPX 3.x?" );
debugger_onBreakpoint = nil;
return 1;
end
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You cannot download files in this forum