Joined: 13 Aug 2015
|Posted: Wed Apr 01, 2020 10:18 am Post subject: Find 5Byte length Jumps/Calls to address
|Hi, i made this guetto 0.5min Lua code to find jumps to an address.
-Find assembler CE function is slow as fuk.
-Find assembler CE function sometimes missaligns instructions so the jmp is never catched.
-Rise of obfuscators and virtualizers that make jmp,jns,je,jne everythwere in the code, so i want to find the function who called the address i need.
Just replace the modulename 'PEX.exe' and the variable ADD and hit execute.
It's a code to be improved, like it takes the whole module size so would be suitable to skip non-execute pages but i lack of time/knowledge.
DOesn't take longer or shorter jmp/call than 5 byte length, that could be improved as well.
|--FIND LE "POSIBOL" JUMPS PLS
if mod==0 then return;end;
for i=1,siz do
if c==0xE8 or c==0xE9 or (c>=0x71 and c<=0x7f) then
if b==ADD then