700个脱壳脚本, 可以放在在OD的ollyscript Plugin中.

				/*
				//////////////////////////////////////////////////
					DBPE 2.x OEP finder v0.4
					Author:	loveboom
					Email : bmd2chen@tom.com
					OS    : Winxp sp1,OllyDbg 1.1,OllyScript v0.92
					Date  : 2005-1-2
					Config: Ignore all Exceptions.
					Note  : If you have one or more question, email me please,thank you!
				//////////////////////////////////////////////////
				*/
				  
				var cbase
				var csize
				var addr
				var count
				var ebpval
				
				gmi eip,CODEBASE
				mov cbase,$RESULT
				gmi eip,CODESIZE
				mov csize,$RESULT
				
				
				lblset:
				  msgyn "Setting:Ignore all exceptions,require:Ollydbg1.1,ollyscript v0.85(latest),Continue?"
				  cmp $RESULT,0
				  je end
				
				start:
				  gpa "CreateFileA","kernel32.dll"
				  cmp $RESULT,0
				  je lblabort
				  mov addr,$RESULT
				  add addr,8
				  bp addr
				  mov count,4
				
				lbllpbp:
				  cmp count,0
				  je lblfreg
				  dec count
				  run
				  jmp lbllpbp
				
				lblfreg:
				  bc addr
				  rtu
				
				lblcj:
				  find eip,#83F800#
				  cmp $RESULT,0
				  je lblabort
				  mov addr,$RESULT
				  mov count,2
				
				lbllpff:
				  cmp count,0
				  je lbllpff1
				  find addr,#83F900#
				  cmp $RESULT,0
				  je lblabort
				  mov addr,$RESULT
				  go addr
				  inc addr
				  dec count
				  jmp lbllpff
				
				lbllpff1:
				  find eip,#0F85#
				  cmp $RESULT,0
				  je lblabort
				  go $RESULT
				  repl eip,#7A037B01??#,#9090909090#,FF
				  repl eip,#74037501??#,#9090909090#,FF
				  repl eip,#72037301??#,#9090909090#,FF
				  find eip,#E8#
				  go $RESULT
				  sti
				
				lblfcreg:
				  find eip,#9C6A??730BEB02????E806000000#
				  fill $RESULT,2D,90
				  find eip,#83BD#
				  cmp $RESULT,0
				  je lblabort
				  go $RESULT
				  mov addr,$RESULT
				  add addr,2
				  mov addr,[addr]
				  mov ebpval,ebp
				  add addr,ebpval
				  mov [addr],0
				
				lblOR:
				  mov count,2
				  bprm cbase,csize
				  run
				
				lbl1:
				  bpmc
				
				lblfd:
				  find eip, #39BD????????76#         	//Found 'CMP DWORD PTR SS:[EBP+XXXX],EDI'
				  cmp $RESULT,0				//If not found go to abort
				  je lblabort
				  mov addr,$RESULT
				
				loopfix:
				  find addr,#89BD#
				  cmp $RESULT,0
				  je lblabort
				  mov addr,$RESULT
				  fill addr,6,90
				  dec count
				  cmp count,0
				  je lbljmpoep
				  jmp loopfix
				
				lbljmpoep:
				  find eip,#890F#			//Found 'MOV DWORD PTR DS:[EDI],ECX'
				  mov addr,$RESULT
				  mov [addr],#8907#			//Replace to 'MOV DWORD PTR DS:[EDI],EAX'
				  find eip,#C20C00FFE0#			//Found 'jmp eax'
				  mov addr,$RESULT
				  add addr,3
				  bprm addr,FF
				  run
				
				lblsto:
				  bpmc
				  sto	
				
				lblask:
				  msgyn "FIX IAT(very slow)?"
				  cmp $RESULT,0
				  je lblend
				
				lblfixapi:
				  cmt eip,"Scaning,Please wait!"				//Fix IAT
				  repl cbase,#FF25??????80#,#FF25??????00#,csize
				  repl cbase,#FF15??????80#,#FF15??????00#,csize
				
				lblend:
				  cmt eip,"OEP,Please dumped it,Enjoy!"
				  msg "Script by loveboom[DFCG],[FCG],Thank you for using my Scripts!"
				  an
				  jmp end
				
				lblabort:
				  msg "Error!Script aborted,Maybe target is not protect by DBPE or you forgot Ignore all Exceptions."
				
				end:
				  ret