OEPFinder - Original Entry Point Finder
Version: 0.2 
Build: Hybrid
Release Date: 20 April 2002.
Copyright 1999-2002 FoxThree

Web: http://foxthree.cjb.net
Email: foxthree@antionline.org

FREEWARE utility to find Original Entry Point of compressed/packed Win32 applications

Description:
~~~~~~~~~~~

OEPFinder has been designed to:

1. Locate the addresses where the packer *finally* returns control back to the original application.

2. It does not employ any kind of "tracer" to achieve this functionality [though it might do so in future]. It works on the concept of "signature" bytes: Opcodes that are unique for every packer. 

3. Features an easy-to-use GUI

Requirements:
~~~~~~~~~~~~
This software was tested on Windows 98 SE. I've heard that it does *NOT* work on Windows 2000. I intend to add support for this shortly. So, hang on!

Packer List Supported:
~~~~~~~~~~~~~~~~~~~~~
Hybrid Build:

  - Armadillo 2.51 (Thx to binh81)
  - Armadillo 2.52 (Thx to binh81)
  - VBox 4.6.5     (Thx to binh81)
  - ASPack 2.12
  - UPX 1.20w 

Quasar Build [Beta!]:
  - ASProtect >= 1.2
  - PECompact 1.33
  - Petite 2.2

History:
~~~~~~~

Build: Hybrid

  - Added support for the above mentioned packers.
  - Added a "Tip" for each packer after finding OEiP to assist in what to do next ;)
  - Fixed a minor bug in the UI

Build: Quasar

  - First Public Release
  - Beta!

Known limitations/Bugs:
~~~~~~~~~~~~~~~~~~~~~~

None so far. If you are sure that you have a program packed by one of the packers supported by OEPFinder and still unable to find the OEP, drop me a line with the target URL. I'll take a look.

Also, I'm always looking for ways to enhance the program. If you find a new packer that you think can be supported by OEPFinder or *generally* have good ideas to expand the programs functionality, feel free to write to me.

ToDo:
~~~~

- Add Support for packed DLLs
- Add Support for automatically finding the actual OEiP (with/without writing a tracer)

Thanks and Greetz:
~~~~~~~~~~~~~~~~~

My sincere thanks goes to the various members of the Fravia MessageBoard (fraviamb.cjb.net) for their enthusiastic help in nurturing new ideas / directions. I'd like to thank +SplAj initiating me to his excellent "Signature Byte" trick for unpacking packers, Kayaker for helping me understand how WinHex and in general ReadProcessMemory works and binh81 for being there always ;). Thanks. 

My Greetz to all the FraviaMB for making it a great place to hangout.