Script Extension for ProcDump32 :


 Technically the goal of such script is to :

     Ŀ
     1) defeat ADT                                                   
     2) -> Find Last instruction BEFORE jumping to ORIGINAL CODE <-  
     3) Run step mode as later as possible to speed up tracing       
     

A) Function Definitions :


 1) Look function.

  the Look function scan for an HEX string in the loader object. The Address,
 where this block is found, is stored so that u can set a breakpoint at this
 location.

 Ex:

  Look 0F,85 will search for a JNE long jump. U may want to set a Breakpoint
  via the BP command.

 2) ADD function.

  Allows u to Add a value to the current Address in mem (ex: the one spotted
 by the look command or by the POS command).

 3) DEC function.

  Guess ;)

 4) REPL function.

  This function apply a patch (HEX Sequence) at the current memory location
 (ex: the one spotted by look command). This may allow u to kick an ADT ;).

 Ex:

  REPL 90,90 will apply a double NOP starting at current memory location.

 5) BP function.

  Set a breakpoint at current memory location.

 6) BPX function.

  Set a breakpoint at a given location. The location is depending on object
 start.

 Ex: If loader object start at RVA 66000h, BPX 2672 will set a breakpoint at
 RVA 68672.

 7) BPF function (Break On Flag Set).

  This function will check each time breakpoint occurs if flag u passed on is
 set. Breakpoint location is the current memory location.

 Flags allowed :

      C : Carry flag.
      P : Positiv Flag.
      A : Above Flag.
      Z : Zero Flag.
      S : Sign Flag.
      D : Direction Flag.
      O : Overflow Flag.

 U can only test ONE flag.

 8) MOVE Function

  Set Current EIP. Add param value to current EIP. BE CAREFULL WITH THIS !!!!
 NO CONTROL ARE DONE about the EIP. Try to use this instead of noping a loca-
 tion, IF there was a CRC check u will defeat it ;).

  Ex: MOVE 14  will move current EIP to EIP+14h

 9) POS function.

  Set current memory location FOR ALL FUNCTIONS. The location is depending on
 object start.

 10) STEP function.

  This set the step by step analyzis. This is used to finished the trace
 generally. BEWARE: Step mode means each lines will be tested -> SLOW !!.
 So SET step mode as later as possible.

 11) OBJR function.

  This set the base memory to start to scan. Affect LOOK command.

 12) BPREG

  Set a breakpoint at Register value.

B) How to set ur own protectors/packers definitions:


 1) Update Index section :
 

  Add a Pxx statement .... be carefull the xx value must follow the previous
 protector one.

 Example :

 before

  [INDEX]
  P1=Shrinker 3.3
  P2=Wwpack32 Beta 9
  P3=Wwpack32 1.0

 after

  [INDEX]
  P1=Shrinker 3.3
  P2=Wwpack32 Beta 9
  P3=Wwpack32 1.0
  P4=My Own definition

 2) Add ur definition :
 

  A definition is composed of lines statements which must be something like
 Lxx.

 Ex:

  [My own definition]

  L1=Look 0F,85,DB,FF,FF
  L2=BP
  L3=STEP
