|
[求助]一个EXE文件给改成不是(有效的PE文件)
有一个.NET写的壳也可以做成这样的效果,好像还是个捆绑机,不过逃不过GT2的扫描,段名,入口,都能看到,很详细。 |
|
[求助]求VPSTUDIO 7/8的HASPEmulPE-XP数据
最初由 alphasxb 发布 买D版去电子市场? |
|
ExeShield V3.X 脱壳一点捷径
最初由 deanlh 发布 我就是这个意思 |
|
|
|
[转贴]Using ASPRAPI for creating inline patches for ASProtect 2.0
又是TSRH的东西,TSRH也不知道为什么不回到0DAY。 |
|
[原创]菜鸟看懂算法以后之一:头痛的64次左移
稍微动点头脑的人就知道了,中华压缩是那样,而加密算法是这样?这算一个档次吗? |
|
Hide user mode debuggers[转帖]
一人想到的新检测方法: a few ideas for debugger detection I had a few other ideas for debugger detection... I have no idea if anyone uses these, but you might want to consider them: 1) CSRSS and/or SMSS may keep some information on who is debugging and who is being debugged... Maybe it's possible to find this information using ReadProcessMemory, or maybe you can just ask them over LPC? (for a place to start, you can load SMSS.EXE with symbols and search for "HashTable") 2) If a process is created in a debugger, and it's allowed to initialize before you clear the "being debugged" flag, LdrpInitialize will create the process heap with certain flags, I think HEAP_TAIL_CHECKING_ENABLED and HEAP_FREE_CHECKING_ENABLED but I'm not sure. This could be a giveaway, but it's a theoretically-poor technique because possibly other factors (NtGlobalFlag?) could set these heap flags as well. 3) Here's the best one: a process can raise a 40010006h (DBG_PRINTEXCEPTION_C) exception, and if it's being debugged, this exception will be swallowed by WaitForDebugEvent (it's what OutputDebugString and DbgPrint use to send debug output) and regurgitated as an OUTPUT_DEBUG_STRING_EVENT instead of an EXCEPTION_DEBUG_EVENT. If it's not being debugged, then the thread's KiUserExceptionDispatcher will be called as normal. A very crafty debugger could do all the LPC itself and actually see the 0x40010006 exception, but a normal debugger using WaitForDebugEvent doesn't get a choice. It appears that RaiseException(0x80000003) (STATUS_BREAKPOINT) may get special treatment by NTOSKRNL, and 0x80000003 and 0x80000004 (STATUS_SINGLE_STEP) may be recognized specially by SMSS, which passes it to the debugger. These might be worth exploring further, since special processing in NTOSKRNL, CSRSS, or SMSS could preclude the debugger from any chance of receiving the original message, a discrepancy that could be exploited as an anti-debugging trick. Sorry for the lack of hard facts, this is just a kinda cursory brainstorm on anti-debugging tricks. |
|
请教!FLASH编成的EXE文件是否也能破解
先爆掉密码,动画出来后直接DUMP出来,FLASH文件头格式有固定格式,修复一下,OK |
|
调试的时候碰到这种情况怎么处理...
手动把某些字节直接改为90,就能看到正确指令。看完后再恢复 |
|
Memory Patcher for Aspr Source.
其实DUP有一个通用的加密壳LOADER,只需要找到这个壳的效验内存地址以及正确效验值即可 |
|
请教,关于软件破解-文件名自校验
直接SMC,让作者吐点血 |
|
Ultra Protect脱壳+暗桩解除――股市风暴 V6.0
直接用LOADER不就可以了。 |
|
注入+dump+内存补钉+themida暴破4-24更新
最初由 netsowell 发布 主要是对你通用的输入表方法有点兴趣 |
|
谁去EXETOOLS上把这个OD插件贴过来
隐藏进程的话有更好的工具,插件反而有兼容问题。 |
|
[原创]土地拍卖竞标助手 专业版 6.31-MD5算法分析+VB注册机
行业软件一向没兴趣 |
|
真实的谎言 -- 让查壳工具下岗
最初由 KuNgBiM 发布 你这个没什么用,我那个伪装才叫伪装。判断你这个伪装有一个好办法就是看EP是否压缩,而我的伪装可以做到未压缩。 |
|
|
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值