//////////////////////////////////////////////////////////
// FileName    :  DebugActiveProcess.osc
// Comment     :  Armadillo V4.X CopyMem-II DebugActiveProcess
// Environment :  WinXP SP2,OllyDbg V1.10,OllyScript V0.92
// Author      :  fly
// WebSite     :  http://www.unpack.cn
// Date        :  2005-11-03 11:30
//////////////////////////////////////////////////////////
#inc "Get.eXe.PE.Information.osc"
#log
dbh


MSGYN "Plz Clear All BreakPoints  And  Set Debugging Option Ignore All Excepions Options  !"
cmp $RESULT, 0
je TryAgain


/*
0012DB94   007590FC  /CALL DebugActiveProcess From 007590F6
0012DB98   00000BD0  \ProcessId = BD
*/

var temp
var DebugActiveProcess


gpa "DebugActiveProcess", "KERNEL32.dll"
cmp $RESULT, 0
je Only Win2K/XP
mov DebugActiveProcess, $RESULT

eob DebugActiveProcess
bp DebugActiveProcess
esto
GoOn0:
esto

DebugActiveProcess:
cmp eip,DebugActiveProcess
jne GoOn0
bc DebugActiveProcess
mov temp,esp
add temp,4
mov temp,[temp]

log EP
mov EP,[EP]
//and EP,FFFF
log EP


eval " Plz Run OllyDBG Attach [ProcessId= {temp}] Child Process  And  Run Armadillo.fiXed.IT.osc  And  Modified EP Code={EP}  !   "
MSG $RESULT
ret


//GameOver


Only Win2K/XP:
MSG "Error! This Script only Run on the Win2K/WinXP !   "
ret

TryAgain:
MSG " Plz  Try  Again   !   "
ret