I wrote this script when Lua was first introduced into Cheat Engine 6.x as a demonstration that it can be used for more than just game hacking things.
This script will locate the OEP of a UPX 3.x packed file. Just edit the marked line in the code and run it as normal.
Code:
--[[
Generic UPX 3.x OEP Grabber
by atom0s [Wiccaan]
This is a demonstrational Lua script showing off
what Cheat Engine 6.0 can do with Lua.
]]--
-- Edit this path to the file that is packed with UPX 3.x
local TargetFile = "C:\\Users\\atom0s\\Desktop\\packed.exe"
--
-- DO NOT EDIT BELOW THIS LINE!!
--
local UPX_Example = { }
----------------------------------------------------------------------------------
-- func: UPX_Example.Main( .. )
-- desc: Prepares script for overall actions.
----------------------------------------------------------------------------------
function UPX_Example.Main( )
-- UPX 3.x Signature
UPX_Example.UPX3_Signature = "6A 00 39 C4 75 ?? 83 EC 80 E9 ?? ?? ?? ??";
-- Misc. variables.
UPX_Example.bFirstBreak = true;
-- Set breakpoint handler.
debugger_onBreakpoint = UPX_Example.OnBreakpoint;
-- Open target file for debugging.
createProcess( TargetFile, "", true, true );
return true;
end
----------------------------------------------------------------------------------
-- func: UPX_Example.OnBreakpoint( .. )
-- desc: Breakpoint handler when CE reaches a breakpoint.
----------------------------------------------------------------------------------
function UPX_Example.OnBreakpoint( )
-- Entry point breakpoint.
if( UPX_Example.bFirstBreak == true ) then
UPX_Example.bFirstBreak = false;
-- Scan for known UPX 3.x signature.
local scanList = AOBScan( UPX_Example.UPX3_Signature );
if( scanList == nil ) then
showMessage( "[ERROR] Failed to locate signature. File not packed with UPX 3.x?" );
debugger_onBreakpoint = nil;
return 1;
end
-- Validate scan list has content.
local scanCount = stringlist_getCount( scanList );
if( scanCount == 0 ) then
showMessage( "[ERROR] Scan list was empty. File not packed with UPX 3.x?" );
debugger_onBreakpoint = nil;
return 1;
end
-- Calculate jump address position.
local jmpAddr = tonumber( "0x" .. stringlist_getString( scanList, 0 ) );
jmpAddr = jmpAddr + 10;
-- Read jump offset and calculate new address.
local jmpOffset = readInteger( jmpAddr );
jmpOffset = jmpOffset + jmpAddr + 4;
-- Set breakpoint at real OEP.
debug_setBreakpoint( jmpOffset );
-- Cleanup stringlist.
object_destroy( scanList );
return 1;
end
-- Real OEP breakpoint. Display to user.
showMessage( "Assumed real OEP: " .. string.format( "%x", EIP ) );
-- Remove breakpoint handler.
debugger_onBreakpoint = nil;
-- Pause debugger at breakpoint.
return 0;
end
-- Execute our script.
UPX_Example.Main();