Scribd Logo
Upload

Welcome to Scribd!

  • Llydbg/Ollyscript Description: Ollydbg

    Uploaded by

    Saifuddin Zuhri
    9 views4 pages
    OllyScript is a plugin for OllyDbg that allows users to automate tasks through scripting. Existing scripts can help identify the entry point of a packed executable. The document provides an example of using the PEcompact 2.00-2.38 OEP Finder script in OllyDbg to find the entry point of malware packed with PE Compact 2.

    Original Description:

    Tutorial menggunakan OllyDbg

    Original Title

    llyDbg

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    OllyScript is a plugin for OllyDbg that allows users to automate tasks through scripting. Existing scripts can help identify the entry point of a packed executable. The document provides an example of using the PEcompact 2.00-2.38 OEP Finder script in OllyDbg to find the entry point of malware packed with PE Compact 2.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    9 views4 pages

    Llydbg/Ollyscript Description: Ollydbg

    Uploaded by

    Saifuddin Zuhri
    OllyScript is a plugin for OllyDbg that allows users to automate tasks through scripting. Existing scripts can help identify the entry point of a packed executable. The document provides an example of using the PEcompact 2.00-2.38 OEP Finder script in OllyDbg to find the entry point of malware packed with PE Compact 2.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    llyDbg/OllyScript

    You are here: OllyDbg OllyScript

    Description
    OllyScript is a plugin in OllyDbg that enables to automatize some tasks via a script. Several
    scripts exist to automate the identification of the OEP in a packed executable.

    For a list of existing scripts, refer to this page:

    http://www.openrce.org/downloads/browse/OllyDbg_OllyScripts.

    Example
    Here is an example of a malware packed with PE Compact 2:

    C:\Documents and Settings\malware\Bureau\windowsxp2>md5sum windowsxp2.exe


    f04cb834ac843ad08a1a5c17e4f67ba3 *windowsxp2.exe

    Let's use the PEcompact 2.00-2.38 OEP Finder script to try to unpack the malware:
    First of all, let's get rid of the warnings in OllyDbg. Go to Options > Debugging Options and
    check all boxes as follows:

    Then open the executable in OllyDbg and go to Plugins > OllyScript > Run script. Then choose
    the pecompact_2.00-2.38.os.txt script:

    After a short while, you should see a similar popup, informing that the OEP has been
    successfully found. You can now use the OllyDump script to dump the process.
    Categories:

     Digital-Forensics/Computer-Forensics/Dynamic-Analysis
     Digital-Forensics/Computer-Forensics/Debugger
     Digital-Forensics/Computer-Forensics/Anti-Reverse-Engineering/Packers

    Navigation menu
     Log in

     Page

     Read
     View source
     View history

    Search

     Recent posts
     ABC Security
     Categories
     Archives

    Menu

     Pentesting
     Network
     Web-hacking
     Forensics
     Reversing
     Malware
     Drones

    Misc

     Ports list / vulns


     ABC *nix commands
     Favorites
     References
     Books

    Tools

     What links here


     Related changes
     Special pages
     Printable version
     Permanent link
     Page information

     This page was last edited on 29 December 2013, at 18:27.


     Content is available under GNU Free Documentation License 1.3 or later unless
    otherwise noted.

    You might also like