/*

//////////////////////////////////////////////////

	Script for Asprotect v2.0 

	Author:	loveboom

	Email : bmd2chen@tom.com

	OS    : WinXP sp2,Ollydbg 1.1,OllyScript v0.92

	Date  : 2004-11-15

        Action: Stop stolen code 

	Config: Ignore all exceptions except 'INT 3 breaks'

	Note  : If you have one or more question, email me please,thank you!

//////////////////////////////////////////////////

*/



var addr



lblask:

  ask "Press 1 clear junkcode,press other key run script."

  cmp $RESULT,1

  je lblcCode



lblsetting:

  msgyn "Setting:Ignore all exceptions except 'INT 3 breaks',Continue?"

  cmp $RESULT,1

  je  lblbp1					//޸һ

  ret



//￪ʼıһ

lblbp1:

  gpa "LoadLibraryA","kernel32.dll"		//ȡLOADlibraryAĵַ

  mov addr,$RESULT

  add addr,B					//bp LoadLibraryA+0B

  bp addr

  run



lblbc1:

  bc addr

  rtu						//û

  rtr						//ִеreturn

  sto

  find eip,#E8#					//CALL

  go $RESULT

  sti						//

  find eip,#8B550C8B128902#			//ҴIAT

  mov addr,$RESULT

  add addr,5

  mov [addr],#891A#





//ԭĴ

start:

  dbh

  run

lbl1:

  find eip,#5B5A59C3#		//Found commands 'pop ebx, pop edx, pop ecx, retn'

  cmp $RESULT,0

  je lblerr

  mov addr,$RESULT

  add addr,3

  bp addr





lbl2:

  esto





lbl3:

  cmp eip,addr

  jne lbl2

  bc addr



lbl4:

  find eip,#FF35????????C3#

  cmp $RESULT,0

  je lblerr

  mov addr,$RESULT

  add addr,2

  mov addr,[addr]			//Get push address

  mov addr,[addr]			//Get push value(address)

  bp addr

  run



lbl5:

  cmp eip,addr

  jne lblerr

  bc addr



lbl7:

  cmt eip,"Stolen code."			

  msgyn "Clear Junkcode?"		//CLEAR JUNKCODE?

  cmp $RESULT,0

  je lblend



lblcCode:

 //jmp 01

  repl eip,#2EEB01??#,#90909090#,1000

  repl eip,#65EB01??#,#90909090#,1000

  repl eip,#F2EB01??#,#90909090#,1000

  repl eip,#F3EB01??#,#90909090#,1000

  repl eip,#F3EB01??#,#90909090#,1000

  repl eip,#EB01??#,#909090#,1000

  //jmp 02

  repl eip,#26EB02????#,#9090909090#,1000

  repl eip,#3EEB02????#,#9090909090#,1000

  repl eip,#F3EB02????#,#9090909090#,1000

  repl eip,#EB02????#,#90909090#,1000



lblend:

  msg "Script by loveboom[DFCG][FCG][US],Thank you for using my Scripts!"

  ret

  

lblerr:

  msg "Error!Script aborted.Maybe target is not protect by asprotect 2.0 or your forgot Ignore all exceptions except 'INT 3 breaks'."

  ret