|
Vmprotect1.7脱壳,OD被检测到。
没问题?你这个OD应该是修改过的,也许是专门跑win7的,我把插件全删除了,打开unpackme,od还是直接消失。 你的系统是win7吧?用我那个OD能跑不? |
|
Vmprotect1.7脱壳,OD被检测到。
[QUOTE=Kisesy;1393740] GIF图,点击观看 我这没事,你是管理员模式运行的吗,或者把杀毒软件关掉试试[/QUOTE] 是的,是Administrator用户,我是xp的sp3,杀毒软件就没装。 你哪里OD能跑那个unpack吗?如果可以跑,你bp VirtualProtect(或者 he VirtualProtect),看下是不是就是调试器被检测到了,我这里就是vm1.7被检测到,vm2.x的都没事。 |
|
|
|
[原创]二哥的超经典教程,手动脱壳十八篇载点
下不了啊,谁在给个链接啊 |
|
[求助]如何从PE中的到资源文件,比如图标
自己顶!明白了,要个图片加上文件头就OK了 |
|
[求助]如何从PE中的到资源文件,比如图标
贴出所有代码! ------------------------------------------------------------------------------------------------------------ // PEResource.cpp : 定义控制台应用程序的入口点。 // #include "stdafx.h" int _tmain(int argc, _TCHAR* argv[]) { if (argc<=1){ printf("没有指定文件!\n"); getchar(); return 0; } printf("FileName = %s \n " , argv[1]); HANDLE peFile; peFile = CreateFile( argv[1], GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL ); if (peFile == INVALID_HANDLE_VALUE) { printf("打开文件失败! = %d \n" , GetLastError()); getchar(); return 1; } DWORD readnum; IMAGE_DOS_HEADER dosHead; ReadFile(peFile,&dosHead,sizeof(IMAGE_DOS_HEADER),&readnum,NULL); printf("\n -----------------IMAGE_DOS_HEADERS---------------------- \n"); printf("IMAGE_DOS_HEADER e.Image = %04X , e.ifanew=%08X \n" , dosHead.e_magic,dosHead.e_lfanew); printf("\n -----------------IMAGE_NT_HEADERS---------------------- \n"); IMAGE_NT_HEADERS ntHead; SetFilePointer(peFile,dosHead.e_lfanew,0,FILE_BEGIN); ReadFile(peFile,&ntHead,sizeof(IMAGE_NT_HEADERS),&readnum,NULL); printf(" Signature = %08X \n" , ntHead.Signature); printf(" NumberOfSections= %d \n" , ntHead.FileHeader.NumberOfSections); printf(" AddressOfEntryPoint= %08X\n" , ntHead.OptionalHeader.AddressOfEntryPoint); printf(" ImageBase= %08X\n" , ntHead.OptionalHeader.ImageBase); printf(" SectionAlignmen= %08X\n" , ntHead.OptionalHeader.SectionAlignment); printf(" FileAlignmen= %08X\n" , ntHead.OptionalHeader.FileAlignment); printf(" SizeofResource = %08X \n" ,ntHead.OptionalHeader.DataDirectory[2].Size); printf(" AddressofResource = %08X \n" ,ntHead.OptionalHeader.DataDirectory[2].VirtualAddress); printf("\n -----------------Section Infor---------------------- \n"); IMAGE_SECTION_HEADER sectionList[30]; int sectionIndex=-1; DWORD dtk=0; for(int i=0; i<=ntHead.FileHeader.NumberOfSections -1 ; i++){ ReadFile(peFile,§ionList[i],sizeof(IMAGE_SECTION_HEADER),&readnum,NULL); printf("Name=%s,VA=%08X,VS=%08X,RA=%08X,RS=%08X\n", sectionList[i].Name, sectionList[i].VirtualAddress, sectionList[i].Misc.VirtualSize, sectionList[i].PointerToRawData, sectionList[i].SizeOfRawData ); if ((ntHead.OptionalHeader.DataDirectory[2].VirtualAddress>=sectionList[i].VirtualAddress)&& (ntHead.OptionalHeader.DataDirectory[2].VirtualAddress<=sectionList[i].VirtualAddress+sectionList[i].Misc.VirtualSize)){ sectionIndex = i; dtk = sectionList[i].VirtualAddress - sectionList[i].PointerToRawData; } } printf("TDK = %08X , SectionIndex = %d \n",dtk,sectionIndex); printf("\n -----------------Root---------------------- \n"); SetFilePointer(peFile,ntHead.OptionalHeader.DataDirectory[2].VirtualAddress -dtk,0,FILE_BEGIN); IMAGE_RESOURCE_DIRECTORY Firstird; ReadFile(peFile,&Firstird,sizeof(IMAGE_RESOURCE_DIRECTORY),&readnum,NULL); printf("NumberofNameEnteryes=%d , NumberOfIDEnteries=%d \n",Firstird.NumberOfNamedEntries,Firstird.NumberOfIdEntries); IMAGE_RESOURCE_DIRECTORY_ENTRY dirlist[20]; for(int i=0; i<=Firstird.NumberOfIdEntries + Firstird.NumberOfNamedEntries -1 ;i++){ DWORD FileAddress; FileAddress = ntHead.OptionalHeader.DataDirectory[2].VirtualAddress - dtk + sizeof(IMAGE_RESOURCE_DIRECTORY)+i*sizeof(IMAGE_RESOURCE_DIRECTORY_ENTRY); SetFilePointer(peFile,FileAddress,0,FILE_BEGIN); ReadFile(peFile,&dirlist[i],sizeof(IMAGE_RESOURCE_DIRECTORY_ENTRY),&readnum,NULL); printf("Root: Type=%02X, OffertoData =%08X \n",dirlist[i].Name,dirlist[i].OffsetToData); if(dirlist[i].OffsetToData&0x80000000){ IMAGE_RESOURCE_DIRECTORY Secird; DWORD SecFileAddress; SecFileAddress = ntHead.OptionalHeader.DataDirectory[2].VirtualAddress - dtk + dirlist[i].OffsetToData&0x7FFFFFFF; SetFilePointer(peFile,SecFileAddress,0,FILE_BEGIN); ReadFile(peFile,&Secird,sizeof(IMAGE_RESOURCE_DIRECTORY),&readnum,NULL); printf(" SecAddress =%08X,NumberOfNameEnteries=%d,NumberOfIDEnteries=%d\n", SecFileAddress, Secird.NumberOfNamedEntries, Secird.NumberOfIdEntries ); IMAGE_RESOURCE_DIRECTORY_ENTRY Seclist[20]; for(int j=0; j<=Secird.NumberOfIdEntries + Secird.NumberOfNamedEntries -1; j++){ DWORD ThirdAddress; ThirdAddress = SecFileAddress+ sizeof(IMAGE_RESOURCE_DIRECTORY) +j*sizeof(IMAGE_RESOURCE_DIRECTORY_ENTRY); SetFilePointer(peFile,ThirdAddress,0,FILE_BEGIN); ReadFile(peFile,&Seclist[j],sizeof(IMAGE_RESOURCE_DIRECTORY_ENTRY),&readnum,NULL); char szFileName[100]; if ( Seclist[j].Name & 0x80000000) { //printf(" sssssssss\n"); WORD length; DWORD tmpadd; tmpadd = ntHead.OptionalHeader.DataDirectory[2].VirtualAddress + Seclist[j].Name&0x7FFFFFFF; SetFilePointer(peFile,tmpadd,0,FILE_BEGIN); ReadFile(peFile,&length,2,&readnum,NULL); wchar_t name[30]; ReadFile(peFile,name,30,&readnum,NULL); printf(" Name=%S , OffertoData =%08X\n",name, Seclist[j].OffsetToData); sprintf(szFileName,"%S",name); }else{ printf(" ID=%02X , OffertoData =%08X\n",Seclist[j].Name, Seclist[j].OffsetToData); sprintf(szFileName, "%02X",Seclist[j].Name); } if ( Seclist[j].OffsetToData & 0x80000000){ IMAGE_RESOURCE_DIRECTORY Thirdird; DWORD thirdAddr; thirdAddr = ntHead.OptionalHeader.DataDirectory[2].VirtualAddress - dtk + Seclist[j].OffsetToData &0x7FFFFFFF; SetFilePointer(peFile,thirdAddr,0,FILE_BEGIN); ReadFile(peFile,&Thirdird,sizeof(IMAGE_RESOURCE_DIRECTORY),&readnum,NULL); printf(" ThirdAddress=%08X,NumberofName=%d,NumberofID=%d\n" ,thirdAddr,Thirdird.NumberOfNamedEntries,Thirdird.NumberOfIdEntries); IMAGE_RESOURCE_DIRECTORY_ENTRY thirdlist[20]; for(int k=0; k<=Thirdird.NumberOfIdEntries+Thirdird.NumberOfNamedEntries -1; k++){ SetFilePointer(peFile,thirdAddr+sizeof(IMAGE_RESOURCE_DIRECTORY)+sizeof(IMAGE_RESOURCE_DIRECTORY_ENTRY)*k,0,FILE_BEGIN); ReadFile(peFile,&thirdlist[k],sizeof(IMAGE_RESOURCE_DIRECTORY_ENTRY),&readnum,NULL); printf(" Name=%08X,OffsertoData=%08X\n",thirdlist[k].Name,thirdlist[k].OffsetToData); IMAGE_RESOURCE_DATA_ENTRY irde; SetFilePointer(peFile,ntHead.OptionalHeader.DataDirectory[2].VirtualAddress - dtk + thirdlist[k].OffsetToData,0,FILE_BEGIN); ReadFile(peFile,&irde,sizeof(IMAGE_RESOURCE_DATA_ENTRY),&readnum,NULL); printf(" ResOffertoData = %08X,Size=%08X\n",irde.OffsetToData,irde.Size); switch(dirlist[i].Name){ case 0x03: sprintf(szFileName,"%s%s",szFileName,".ico"); break; case 0x04: sprintf(szFileName,"%s%s",szFileName,".txt"); break; case 0x0E: sprintf(szFileName,"%s%s",szFileName,".bmp"); break; } PBYTE pBuffer; pBuffer = new BYTE[irde.Size]; SetFilePointer(peFile,irde.OffsetToData,0,FILE_BEGIN); ReadFile(peFile,pBuffer,irde.Size,&readnum,NULL); HANDLE saveFile; saveFile = CreateFile( szFileName, GENERIC_WRITE, FILE_SHARE_WRITE, NULL, CREATE_NEW, FILE_ATTRIBUTE_NORMAL, NULL ); WriteFile(saveFile,pBuffer,irde.Size,&readnum,NULL); CloseHandle(saveFile); delete [] pBuffer; printf(" File: %s Saved\n\n" ,szFileName); } } } } } CloseHandle(peFile); getchar(); return 0; } |
|
|
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值