Professional Documents
Culture Documents
Llydbg/Ollyscript Description: Ollydbg
Llydbg/Ollyscript Description: Ollydbg
Description
OllyScript is a plugin in OllyDbg that enables to automatize some tasks via a script. Several
scripts exist to automate the identification of the OEP in a packed executable.
http://www.openrce.org/downloads/browse/OllyDbg_OllyScripts.
Example
Here is an example of a malware packed with PE Compact 2:
Let's use the PEcompact 2.00-2.38 OEP Finder script to try to unpack the malware:
First of all, let's get rid of the warnings in OllyDbg. Go to Options > Debugging Options and
check all boxes as follows:
Then open the executable in OllyDbg and go to Plugins > OllyScript > Run script. Then choose
the pecompact_2.00-2.38.os.txt script:
After a short while, you should see a similar popup, informing that the OEP has been
successfully found. You can now use the OllyDump script to dump the process.
Categories:
Digital-Forensics/Computer-Forensics/Dynamic-Analysis
Digital-Forensics/Computer-Forensics/Debugger
Digital-Forensics/Computer-Forensics/Anti-Reverse-Engineering/Packers
Navigation menu
Log in
Page
Read
View source
View history
Search
Recent posts
ABC Security
Categories
Archives
Menu
Pentesting
Network
Web-hacking
Forensics
Reversing
Malware
Drones
Misc
Tools