Registration Code (Part 1): w%kQ6
Registration Code (Part 2): b<#$1[*(cw~
In order to register on this forum, you must use the codes above. Combine them into one code (copy paste).

Cheat Engine 6.x UPX OEP Finder

Programming topics that relate to the Lua scripting language.
Post Reply
User avatar
atom0s
Site Admin
Posts: 401
Joined: Sun Jan 04, 2015 11:23 pm
Location: 127.0.0.1
Contact:

Cheat Engine 6.x UPX OEP Finder

Post by atom0s » Fri Jan 09, 2015 10:11 am

  1. --[[
  2.  
  3.     Generic UPX 3.x OEP Grabber
  4.     by atom0s [Wiccaan]
  5.    
  6.     This is a demonstrational Lua script showing off
  7.     what Cheat Engine 6.0 can do with Lua.
  8.    
  9. ]]--
  10.  
  11. -- Edit this path to the file that is packed with UPX 3.x
  12. local TargetFile = "C:\\Users\\atom0s\\Desktop\\packed.exe"
  13.  
  14. --
  15. -- DO NOT EDIT BELOW THIS LINE!!
  16. --
  17.  
  18. local UPX_Example = { }
  19.  
  20. ----------------------------------------------------------------------------------
  21. -- func: UPX_Example.Main( .. )
  22. -- desc: Prepares script for overall actions.
  23. ----------------------------------------------------------------------------------
  24. function UPX_Example.Main( )
  25.  
  26.     -- UPX 3.x Signature
  27.     UPX_Example.UPX3_Signature = "6A 00 39 C4 75 ?? 83 EC 80 E9 ?? ?? ?? ??";
  28.    
  29.     -- Misc. variables.
  30.     UPX_Example.bFirstBreak = true;
  31.    
  32.     -- Set breakpoint handler.
  33.     debugger_onBreakpoint = UPX_Example.OnBreakpoint;
  34.    
  35.     -- Open target file for debugging.
  36.     createProcess( TargetFile, "", true, true );
  37.     return true;
  38. end
  39.  
  40. ----------------------------------------------------------------------------------
  41. -- func: UPX_Example.OnBreakpoint( .. )
  42. -- desc: Breakpoint handler when CE reaches a breakpoint.
  43. ----------------------------------------------------------------------------------
  44. function UPX_Example.OnBreakpoint( )
  45.  
  46.     -- Entry point breakpoint.
  47.     if( UPX_Example.bFirstBreak == true ) then
  48.         UPX_Example.bFirstBreak = false;
  49.        
  50.         -- Scan for known UPX 3.x signature.
  51.         local scanList = AOBScan( UPX_Example.UPX3_Signature );
  52.         if( scanList == nil ) then
  53.             showMessage( "[ERROR] Failed to locate signature. File not packed with UPX 3.x?" );
  54.             debugger_onBreakpoint = nil;
  55.             return 1;
  56.         end
  57.        
  58.         -- Validate scan list has content.
  59.         local scanCount = stringlist_getCount( scanList );
  60.         if( scanCount == 0 ) then
  61.             showMessage( "[ERROR] Scan list was empty. File not packed with UPX 3.x?" );
  62.             debugger_onBreakpoint = nil;
  63.             return 1;
  64.         end
  65.        
  66.         -- Calculate jump address position.
  67.         local jmpAddr = tonumber( "0x" .. stringlist_getString( scanList, 0 ) );
  68.         jmpAddr = jmpAddr + 10;
  69.        
  70.         -- Read jump offset and calculate new address.
  71.         local jmpOffset = readInteger( jmpAddr );
  72.         jmpOffset = jmpOffset + jmpAddr + 4;
  73.        
  74.         -- Set breakpoint at real OEP.
  75.         debug_setBreakpoint( jmpOffset );
  76.        
  77.         -- Cleanup stringlist.
  78.         object_destroy( scanList );
  79.         return 1;
  80.     end
  81.  
  82.     -- Real OEP breakpoint. Display to user.
  83.     showMessage( "Assumed real OEP: " .. string.format( "%x", EIP ) );
  84.    
  85.     -- Remove breakpoint handler.
  86.     debugger_onBreakpoint = nil;
  87.    
  88.     -- Pause debugger at breakpoint.
  89.     return 0;
  90. end
  91.  
  92. -- Execute our script.
  93. UPX_Example.Main();
Derp~
Need a great web host? Check out: AnHonestHost.com


Donations can be made via Paypal:
https://www.paypal.me/atom0s
Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest