|
|
|
一个程序员的一点牢骚
最初由 firstrose 发布 火墙自己都不是RING0,加的壳用RING0,这不是在嘲笑自己嘛。哦,我下了一个仅仅只有300KB的包过滤型火墙,比那个什么钝强多了,阻抗率要强很多。资源占用很少。有源代码。 |
|
一个程序员的一点牢骚
最初由 loveboom 发布 如果是我要是写本地软件,我相信,不加壳,也没几个人能动的。呵呵 |
|
[分享]最新版 Thinstall 2.517 Unpackme.
最初由 采臣・宁 发布 我又不是靠破解混饭,我只是网络程序员,玩破解无非是中学时期留下的爱好而已,当然了,有不少0DAY没有的货,还是给靠自己来。 |
|
[分享]最新版 Thinstall 2.517 Unpackme.
最初由 linhanshi 发布 更新状况不大,要重大更新,我才出手。 |
|
实在是不行了!这个壳我看了教程也脱不了,我把它传上来,前辈看看吧,
你可以考虑直接从网路上消失。 |
|
ASPR2加壳最简单伪装方法!
最初由 采臣・宁 发布 你可以自己在区段加一些BT代码反嘛。还有就是很多用脱壳机的人,本身自然会过于信赖PEID的结果,既然什么都扫不出,自然无从选脱壳机了。 |
|
|
|
Themida [1.0.0.2] (25-Jan-05)
最初由 采臣・宁 发布 这东西没有XPR强,XPR能自己调制多达上千个变型,上千个抽代码,上千个自检查。 |
|
一个程序员的一点牢骚
最初由 loveboom 发布 既然这么垃圾的软件也要动?是想点名自己的破解功力是真,人家的垃圾是假。国产垃圾多,这又不是没有人知道,16岁小孩都知道。 |
|
深圳比泰科技的软件防盗版战士如何脱壳
K它很容易,主要看破解者有没有独特的思路。 |
|
用Armadillo3.6加密的未脱壳,只打了补丁就破解了,怎么回事?
最初由 zxl777 发布 你应该考虑购买ARM正版,这些问题应该去问作者。 |
|
一个程序员的一点牢骚
据说以初中生开发的DDOS工具已经穿透了这玩意,据本人测试,确实如此。这玩意如同一张薄纸。 |
|
[调查]最近这年头骗子真多,并提供最新ASPR2.0 Unpackme
最初由 deanlh 发布 不是说了嘛,1.31以下才可以注册,1.32以上根本是无效。 |
|
服务端加壳的艺术,qq群
如何在内存中免杀的方法,找我了。呵呵。 |
|
哪位兄弟,翻译一下这边外文,Armadillo 4.01a的
Imag R RWE 77D41000 0005B000 USER32 .text code,imports Imag R RWE 77D9C000 00002000 USER32 .data data Imag R RWE 77D9E000 0002B000 USER32 .rsrc resources Imag R RWE 77DC9000 00003000 USER32 .reloc relocations Imag R RWE 77DD0000 00001000 ADVAPI32 PE header Imag R RWE 77DD1000 00067000 ADVAPI32 .text code,imports Imag R RWE 77E38000 00005000 ADVAPI32 .data data Imag R RWE 77E3D000 0001B000 ADVAPI32 .rsrc resources Imag R RWE 77E58000 00005000 ADVAPI32 .reloc relocations Imag R RWE 77E60000 00001000 kernel32 PE header Imag R RWE 77E61000 00076000 kernel32 .text code,imports Imag R RWE 77ED7000 00003000 kernel32 .data data Imag R RWE 77EDA000 00066000 kernel32 .rsrc resources Imag R RWE 77F40000 00006000 kernel32 .reloc relocations Imag R RWE 77F50000 00001000 ntdll PE header Imag R RWE 77F51000 0006E000 ntdll .text code,exports Imag R RWE 77FBF000 00004000 ntdll ECODE code Imag R RWE 77FC3000 00005000 ntdll .data data Imag R RWE 77FC8000 0002C000 ntdll .rsrc resources Imag R RWE 77FF4000 00003000 ntdll .reloc relocations Imag R RWE 78000000 00001000 RPCRT4 PE header Imag R RWE 78001000 00070000 RPCRT4 .text code,imports Imag R RWE 78071000 00006000 RPCRT4 .orpc code Imag R RWE 78077000 00001000 RPCRT4 .data data Imag R RWE 78078000 00001000 RPCRT4 .rsrc resources Imag R RWE 78079000 00005000 RPCRT4 .reloc relocations Imag R RWE 7E090000 00001000 GDI32 PE header Imag R RWE 7E091000 0003C000 GDI32 .text code,imports Imag R RWE 7E0CD000 00001000 GDI32 .data data Imag R RWE 7E0CE000 00001000 GDI32 .rsrc resources Imag R RWE 7E0CF000 00002000 GDI32 .reloc relocations Imag R RWE 7F6F0000 00007000 Map R E R E 7FFB0000 00024000 Map R R 7FFDD000 00001000 Priv RWE RWE 7FFDE000 00001000 data block o Priv RWE RWE 7FFDF000 00001000 Priv RWE RWE 7FFE0000 00001000 Priv R R U see that after the last section of the exe starting at 004A5000 (.rsrc),there is allocated memory till address AB0000 where the segment we need is.The memory dump after creating the two new segments and loading the exe into Olly is: Memory map Address Size Owner Section Contains Type Access Initial Mapped as 00010000 00001000 Priv RW RW 00020000 00001000 Priv RW RW 0012D000 00001000 Priv RW Guar RW 0012E000 00002000 stack of mai Priv RW Guar RW 00130000 00001000 Map R R 00140000 00004000 Priv RW RW 00240000 00006000 Priv RW RW 00250000 00001000 Map RW RW 00260000 00016000 Map R R \Device\HarddiskVolume1\WINDOWS\system32\unicode.nls 00280000 00034000 Map R R \Device\HarddiskVolume1\WINDOWS\system32\locale.nls 002C0000 00041000 Map R R \Device\HarddiskVolume1\WINDOWS\system32\sortkey.nls 00310000 00006000 Map R R \Device\HarddiskVolume1\WINDOWS\system32\sorttbls.nls 00320000 00006000 Map R E R E 003E0000 00002000 Map R E R E 003F0000 00001000 Priv RW RW 00400000 00001000 unpacked PE header Imag R RWE 00401000 00001000 unpacked CODE Imag R RWE 00402000 00001000 unpacked DATA Imag R RWE 00403000 00001000 unpacked .idata Imag R RWE 00404000 00001000 unpacked .reloc Imag R RWE 00405000 00040000 unpacked .text code Imag R RWE 00445000 00010000 unpacked .adata Imag R RWE 00455000 00010000 unpacked .data data,imports Imag R RWE 00465000 00010000 unpacked .reloc1 relocations Imag R RWE 00475000 00030000 unpacked .pdata Imag R RWE 004A5000 00007000 unpacked .rsrc resources Imag R RWE 004AC000 00604000 unpacked .NewSec Imag R RWE 00AB0000 0004E000 unpacked dumped1. Imag R RWE 00B00000 00103000 Map R R 00C10000 000D4000 Map R E R E 00F10000 00001000 Priv RW RW 77D40000 00001000 USER32 PE header Imag R RWE 77D41000 0005B000 USER32 .text code,imports Imag R RWE 77D9C000 00002000 USER32 .data data Imag R RWE 77D9E000 0002B000 USER32 .rsrc resources Imag R RWE 77DC9000 00003000 USER32 .reloc relocations Imag R RWE 77DD0000 00001000 ADVAPI32 PE header Imag R RWE 77DD1000 00067000 ADVAPI32 .text code,imports Imag R RWE 77E38000 00005000 ADVAPI32 .data data Imag R RWE 77E3D000 0001B000 ADVAPI32 .rsrc resources Imag R RWE 77E58000 00005000 ADVAPI32 .reloc relocations Imag R RWE 77E60000 00001000 kernel32 PE header Imag R RWE 77E61000 00076000 kernel32 .text code,imports Imag R RWE 77ED7000 00003000 kernel32 .data data Imag R RWE 77EDA000 00066000 kernel32 .rsrc resources Imag R RWE 77F40000 00006000 kernel32 .reloc relocations Imag R RWE 77F50000 00001000 ntdll PE header Imag R RWE 77F51000 0006E000 ntdll .text code,exports Imag R RWE 77FBF000 00004000 ntdll ECODE code Imag R RWE 77FC3000 00005000 ntdll .data data Imag R RWE 77FC8000 0002C000 ntdll .rsrc resources Imag R RWE 77FF4000 00003000 ntdll .reloc relocations Imag R RWE 78000000 00001000 RPCRT4 PE header Imag R RWE 78001000 00070000 RPCRT4 .text code,imports Imag R RWE 78071000 00006000 RPCRT4 .orpc code Imag R RWE 78077000 00001000 RPCRT4 .data data Imag R RWE 78078000 00001000 RPCRT4 .rsrc resources Imag R RWE 78079000 00005000 RPCRT4 .reloc relocations Imag R RWE 7E090000 00001000 GDI32 PE header Imag R RWE 7E091000 0003C000 GDI32 .text code,imports Imag R RWE 7E0CD000 00001000 GDI32 .data data Imag R RWE 7E0CE000 00001000 GDI32 .rsrc resources Imag R RWE 7E0CF000 00002000 GDI32 .reloc relocations Imag R RWE 7F6F0000 00007000 Map R E R E 7FFB0000 00024000 Map R R 7FFDE000 00001000 data block o Priv RWE RWE 7FFDF000 00001000 Priv RWE RWE 7FFE0000 00001000 Priv R R So we forced the loader to allocate so much space in memory and with those memory locations as start (and proper sizes) by creating a useless actually for running segment (.NewSec),but after that is the so much useful segment that containz the absolute API calls and the spliced code of the exe (dumped1.). Now try to run it.It still does not run.Why?Becuase Dillo added a last protection. If U see the dll's that are loaded ("M" button) when U are at OEP in Olly are more that the dll's loaded when U load the clear dumped file.So,we have to inject some code to the exe,use LoadLibraryA to load any missing dll's and then Jamp at OEP.In my case the only dll that has to be loaded is msvcrt.dll.So here is the code I patched,before jamping at OEP: 004012C6 > 9C PUSHFD 004012C7 60 PUSHAD 004012C8 68 1C154000 PUSH unpacked.0040151C ; ASCII "C:\WINDOWS\system32\msvcrt.dll" 004012CD E8 8FC6A777 CALL kernel32.LoadLibraryA 004012D2 61 POPAD 004012D3 9D POPFD 004012D4 ^E9 C0FDFFFF JMP unpacked.00401099 Well the final exe is 10 MB's because of the segment .NewSec we added,in order the addresses to be good.When zipped,the size becomes almost equal with the packed file,because the segment .NewSec we added is not actually a "working" segment but uses only for the proper addressing allocation.So it is filled with 00's by LordPE and zip compresses it in a large amount (up to 97%).We could have used also VirtuallAlloc and not have put the .NewSec segment,and just copy the dumped1. segment at AB0000.I tried it but I couldn't use VirtuallAlloc to allocate for a specific memory location as start (here AB0000).But U can try it. Now the exe runz perfectly.Have in mind that by that way the exe may not run in other version of Windows that the system U unpacked it at,because the new IAT containz the ABSOLUTE addresses of the API's that exe uses in that particular system. But who carez?We have unpacked it,nice and clean... This is the End.I think this is the Best Tutor I ever WroTe ;) U may also think this ;) |
|
哪位兄弟,翻译一下这边外文,Armadillo 4.01a的
Priv RW RW 00F30000 00001000 Priv RW RW 00F40000 00007000 Map RW RW 00FC0000 00004000 Priv RW RW 00FD0000 00003000 Priv RW RW 0110D000 00003000 Priv RW Guar RW 01300000 00002000 Map R R 01310000 00010000 Priv RW RW 5AD70000 00001000 uxtheme PE header Imag R RWE 5AD71000 0002C000 uxtheme .text code,imports Imag R RWE 5AD9D000 00001000 uxtheme .data data Imag R RWE 5AD9E000 00004000 uxtheme .rsrc resources Imag R RWE 5ADA2000 00002000 uxtheme .reloc relocations Imag R RWE 666F0000 00001000 inetmib1 PE header Imag R RWE 666F1000 00005000 inetmib1 .text code,imports Imag R RWE 666F6000 00003000 inetmib1 .data data Imag R RWE 666F9000 00001000 inetmib1 .rsrc resources Imag R RWE 666FA000 00001000 inetmib1 .reloc relocations Imag R RWE 70A70000 00001000 SHLWAPI PE header Imag R RWE 70A71000 0005B000 SHLWAPI .text code,imports Imag R RWE 70ACC000 00001000 SHLWAPI .data data Imag R RWE 70ACD000 00002000 SHLWAPI .rsrc resources Imag R RWE 70ACF000 00005000 SHLWAPI .reloc relocations Imag R RWE 71950000 00001000 comctl_1 PE header Imag R RWE 71951000 00088000 comctl_1 .text code,imports Imag R RWE 719D9000 00001000 comctl_1 .data data Imag R RWE 719DA000 00054000 comctl_1 .rsrc resources Imag R RWE 71A2E000 00006000 comctl_1 .reloc relocations Imag R RWE 71AA0000 00001000 WS2HELP PE header Imag R RWE 71AA1000 00004000 WS2HELP .text code,imports Imag R RWE 71AA5000 00001000 WS2HELP .data data Imag R RWE 71AA6000 00001000 WS2HELP .rsrc resources Imag R RWE 71AA7000 00001000 WS2HELP .reloc relocations Imag R RWE 71AB0000 00001000 WS2_32 PE header Imag R RWE 71AB1000 00011000 WS2_32 .text code,imports Imag R RWE 71AC2000 00001000 WS2_32 .data data Imag R RWE 71AC3000 00001000 WS2_32 .rsrc resources Imag R RWE 71AC4000 00001000 WS2_32 .reloc relocations Imag R RWE 71AD0000 00001000 WSOCK32 PE header Imag R RWE 71AD1000 00003000 WSOCK32 .text code,imports Imag R RWE 71AD4000 00003000 WSOCK32 .rsrc data,resourc Imag R RWE 71AD7000 00001000 WSOCK32 .reloc relocations Imag R RWE 71BF0000 00001000 SAMLIB PE header Imag R RWE 71BF1000 0000D000 SAMLIB .text code,imports Imag R RWE 71BFE000 00001000 SAMLIB .data data Imag R RWE 71BFF000 00001000 SAMLIB .rsrc resources Imag R RWE 71C00000 00001000 SAMLIB .reloc relocations Imag R RWE 71C20000 00001000 NETAPI32 PE header Imag R RWE 71C21000 00046000 NETAPI32 .text code,imports Imag R RWE 71C67000 00003000 NETAPI32 .data data Imag R RWE 71C6A000 00001000 NETAPI32 .rsrc resources Imag R RWE 71C6B000 00003000 NETAPI32 .reloc relocations Imag R RWE 71F60000 00001000 snmpapi PE header Imag R RWE 71F61000 00004000 snmpapi .text code,imports Imag R RWE 71F65000 00001000 snmpapi .data data Imag R RWE 71F66000 00001000 snmpapi .rsrc resources Imag R RWE 71F67000 00001000 snmpapi .reloc relocations Imag R RWE 73420000 00001000 MSVBVM60 PE header Imag R RWE 73421000 000FD000 MSVBVM60 .text code,imports Imag R RWE 7351E000 0000D000 MSVBVM60 ENGINE code Imag R RWE 7352B000 00007000 MSVBVM60 .data data Imag R RWE 73532000 00031000 MSVBVM60 .rsrc resources Imag R RWE 73563000 00010000 MSVBVM60 .reloc relocations Imag R RWE 74720000 00001000 MSCTF PE header Imag R RWE 74721000 0003A000 MSCTF .text code,imports Imag R RWE 7475B000 00002000 MSCTF .data data Imag R RWE 7475D000 00004000 MSCTF .rsrc resources Imag R RWE 74761000 00003000 MSCTF .reloc relocations Imag R RWE 763B0000 00001000 comdlg32 PE header Imag R RWE 763B1000 0002C000 comdlg32 .text code,imports Imag R RWE 763DD000 00004000 comdlg32 .data data Imag R RWE 763E1000 00011000 comdlg32 .rsrc resources Imag R RWE 763F2000 00003000 comdlg32 .reloc relocations Imag R RWE 76670000 00001000 SETUPAPI PE header Imag R RWE 76671000 00071000 SETUPAPI .text code,imports Imag R RWE 766E2000 00002000 SETUPAPI .data data Imag R RWE 766E4000 0006E000 SETUPAPI .rsrc resources Imag R RWE 76752000 00005000 SETUPAPI .reloc relocations Imag R RWE 76B20000 00001000 ATL PE header Imag R RWE 76B21000 0000A000 ATL .text code Imag R RWE 76B2B000 00003000 ATL .rdata imports,expo Imag R RWE 76B2E000 00002000 ATL .data data Imag R RWE 76B30000 00003000 ATL .rsrc resources Imag R RWE 76B33000 00002000 ATL .reloc relocations Imag R RWE 76D40000 00001000 MPRAPI PE header Imag R RWE 76D41000 00012000 MPRAPI .text code,imports Imag R RWE 76D53000 00001000 MPRAPI .data data Imag R RWE 76D54000 00001000 MPRAPI .rsrc resources Imag R RWE 76D55000 00001000 MPRAPI .reloc relocations Imag R RWE 76D60000 00001000 iphlpapi PE header Imag R RWE 76D61000 00011000 iphlpapi .text code,imports Imag R RWE 76D72000 00001000 iphlpapi .data data Imag R RWE 76D73000 00003000 iphlpapi .rsrc resources Imag R RWE 76D76000 00001000 iphlpapi .reloc relocations Imag R RWE 76E10000 00001000 adsldpc PE header Imag R RWE 76E11000 00021000 adsldpc .text code,imports Imag R RWE 76E32000 00001000 adsldpc .data data Imag R RWE 76E33000 00001000 adsldpc .rsrc resources Imag R RWE 76E34000 00001000 adsldpc .reloc relocations Imag R RWE 76E40000 00001000 ACTIVEDS PE header Imag R RWE 76E41000 00023000 ACTIVEDS .text code,imports Imag R RWE 76E64000 00008000 ACTIVEDS .data data Imag R RWE 76E6C000 00001000 ACTIVEDS .rsrc resources Imag R RWE 76E6D000 00002000 ACTIVEDS .reloc relocations Imag R RWE 76E80000 00001000 rtutils PE header Imag R RWE 76E81000 00009000 rtutils .text code,imports Imag R RWE 76E8A000 00001000 rtutils .data data Imag R RWE 76E8B000 00001000 rtutils .rsrc resources Imag R RWE 76E8C000 00001000 rtutils .reloc relocations Imag R RWE 76F60000 00001000 WLDAP32 PE header Imag R RWE 76F61000 00020000 WLDAP32 .text code,imports Imag R RWE 76F81000 00008000 WLDAP32 .data data Imag R RWE 76F89000 00001000 WLDAP32 .rsrc resources Imag R RWE 76F8A000 00002000 WLDAP32 .reloc relocations Imag R RWE 77120000 00001000 OLEAUT32 PE header Imag R RWE 77121000 00081000 OLEAUT32 .text code,imports Imag R RWE 771A2000 00002000 OLEAUT32 .data Imag R RWE 771A4000 00001000 OLEAUT32 .rsrc resources Imag R RWE 771A5000 00006000 OLEAUT32 .reloc relocations Imag R RWE 771B0000 00001000 OLE32 PE header Imag R RWE 771B1000 000F9000 OLE32 .text code,imports Imag R RWE 772AA000 00006000 OLE32 .orpc code Imag R RWE 772B0000 00007000 OLE32 .data data Imag R RWE 772B7000 00002000 OLE32 .rsrc resources Imag R RWE 772B9000 0000E000 OLE32 .reloc relocations Imag R RWE 77340000 00001000 COMCTL32 PE header Imag R RWE 77341000 00066000 COMCTL32 .text code,imports Imag R RWE 773A7000 00001000 COMCTL32 .data data Imag R RWE 773A8000 0001F000 COMCTL32 .rsrc resources Imag R RWE 773C7000 00004000 COMCTL32 .reloc relocations Imag R RWE 773D0000 00001000 SHELL32 PE header Imag R RWE 773D1000 001E0000 SHELL32 .text code,imports Imag R RWE 775B1000 0001C000 SHELL32 .data data Imag R RWE 775CD000 005E0000 SHELL32 .rsrc resources Imag R RWE 77BAD000 0001A000 SHELL32 .reloc relocations Imag R RWE 77C10000 00001000 msvcrt PE header Imag R RWE 77C11000 00047000 msvcrt .text code,imports Imag R RWE 77C58000 00007000 msvcrt .data data Imag R RWE 77C5F000 00001000 msvcrt .rsrc resources Imag R RWE 77C60000 00003000 msvcrt .reloc relocations Imag R RWE 77D40000 00001000 USER32 PE header |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值