|
[转帖]Windows Anti-Debug Reference
(3) EntryPoint RVA set to 0 Some packed files have their entry point RVA set to 0, which means they will start executing 'MZ...' which corresponds to 'dec ebx / pop edx ...'. This is not an anti-debug trick in itself, but can be annoying if you want to break on the entry-point by using a software breakpoint. If you create a suspended process, then set an INT3 at RVA 0, you will erase part of the magic MZ value ('M'). The magic was checked when the process was created, but it will get checked again by ntdll when the process is resumed (in the hope of reaching the entry-point). In that case, an INVALID_IMAGE_FORMAT exception will be raised. If you create your own tracing or debugging tool, you will want to use hardware breakpoint to avoid this problem. 这个好玩 |
|
[转帖]Windows Anti-Debug Reference
Again to LaoNa |
|
EncryptPE V2.2007.4.11非Service保护方式如何调试! [求助]
LEAVECRITICALSECTION=1 ENTERCRITICALSECTION=2 INITIALIZECRITICALSECTION=3 VIRTUALFREE=4 VIRTUALALLOC=5 LOCALFREE=6 LOCALALLOC=7 GETCURRENTTHREADID=8 INTERLOCKEDDECREMENT=9 INTERLOCKEDINCREMENT=10 VIRTUALQUERY=11 WIDECHARTOMULTIBYTE=12 SETCURRENTDIRECTORYA=13 MULTIBYTETOWIDECHAR=14 LSTRLENA=15 LSTRCPYNA=16 LOADLIBRARYEXA=17 GETTHREADLOCALE=18 GETSTARTUPINFOA=19 GETPROCADDRESS=20 GETMODULEHANDLEA=21 GETMODULEFILENAMEA=22 GETLOCALEINFOA=23 GETLASTERROR=24 GETCURRENTDIRECTORYA=25 GETCOMMANDLINEA=26 FREELIBRARY=27 FINDFIRSTFILEA=28 FINDCLOSE=29 EXITPROCESS=30 EXITTHREAD=31 CREATETHREAD=32 WRITEFILE=33 UNHANDLEDEXCEPTIONFILTER=34 SETFILEPOINTER=35 SETENDOFFILE=36 READFILE=38 RAISEEXCEPTION=39 GETSTDHANDLE=40 GETFILESIZE=41 GETSYSTEMTIME=42 GETFILETYPE=43 CREATEFILEA=44 CLOSEHANDLE=45 GETKEYBOARDTYPE=46 LOADSTRINGA=47 MESSAGEBOXA=48 CHARNEXTA=49 REGQUERYVALUEEXA=50 REGOPENKEYEXA=51 REGCLOSEKEY=52 TLSSETVALUE=56 TLSGETVALUE=57 TLSFREE=58 TLSALLOC=59 LOCALFREE=60 LOCALALLOC=61 REGSETVALUEEXA=62 REGQUERYVALUEEXA=63 REGOPENKEYEXA=64 REGFLUSHKEY=65 REGCREATEKEYEXA=66 REGCLOSEKEY=67 OPENPROCESSTOKEN=68 LOOKUPPRIVILEGEVALUEA=69 GETUSERNAMEA=70 ADJUSTTOKENPRIVILEGES=71 LSTRCPYA=72 LSTRCMPA=73 WRITEPROCESSMEMORY=74 WRITEFILEEX=75 WRITEFILE=76 WAITFORSINGLEOBJECT=77 WAITFORDEBUGEVENT=78 VIRTUALQUERY=79 VIRTUALPROTECT=80 VIRTUALFREE=81 VIRTUALALLOC=82 UNMAPVIEWOFFILE=83 TERMINATETHREAD=84 TERMINATEPROCESS=85 SUSPENDTHREAD=86 SLEEP=87 SIZEOFRESOURCE=88 SETTHREADLOCALE=89 SETTHREADCONTEXT=90 SETLASTERROR=91 SETFILEPOINTER=92 SETEVENT=93 SETERRORMODE=94 SETENDOFFILE=95 RESUMETHREAD=96 RESETEVENT=97 REMOVEDIRECTORYA=98 READPROCESSMEMORY=99 READFILEEX=100 READFILE=101 QUERYPERFORMANCECOUNTER=102 OUTPUTDEBUGSTRINGA=103 OPENPROCESS=104 OPENMUTEXA=105 OPENFILEMAPPINGW=106 OPENFILEMAPPINGA=107 MULDIV=108 MAPVIEWOFFILEEX=109 MAPVIEWOFFILE=110 LOCKRESOURCE=111 LOADRESOURCE=112 LOADLIBRARYEXA=113 LOADLIBRARYW=114 LOADLIBRARYA=115 LEAVECRITICALSECTION=116 INITIALIZECRITICALSECTION=117 HEAPFREE=118 HEAPALLOC=119 GLOBALUNLOCK=120 GLOBALREALLOC=121 GLOBALHANDLE=122 GLOBALLOCK=123 GLOBALFREE=124 GLOBALFINDATOMA=125 GLOBALDELETEATOM=126 GLOBALALLOC=127 GLOBALADDATOMA=128 GETWINDOWSDIRECTORYA=129 GETVOLUMEINFORMATIONW=130 GETVOLUMEINFORMATIONA=131 GETVERSIONEXA=132 GETVERSION=133 GETTICKCOUNT=134 GETTHREADLOCALE=135 GETTHREADCONTEXT=136 GETTEMPPATHA=137 GETSYSTEMTIME=138 GETSYSTEMINFO=139 GETSYSTEMDIRECTORYW=140 GETSYSTEMDIRECTORYA=141 GETSTRINGTYPEEXA=142 GETSTDHANDLE=143 GETSTARTUPINFOA=144 GETPROFILESTRINGA=145 GETPROCADDRESS=146 GETMODULEHANDLEW=147 GETMODULEHANDLEA=148 GETMODULEFILENAMEW=149 GETMODULEFILENAMEA=150 GETLOCALEINFOA=151 GETLOCALTIME=152 GETLASTERROR=153 GETFILEATTRIBUTESA=154 GETEXITCODETHREAD=155 GETENVIRONMENTVARIABLEA=156 GETDISKFREESPACEA=157 GETDATEFORMATA=158 GETCURRENTTHREADID=159 GETCURRENTTHREAD=160 GETCURRENTPROCESSID=161 GETCURRENTPROCESS=162 GETCURRENTDIRECTORYA=163 GETCOMPUTERNAMEA=164 GETCOMMANDLINEA=165 GETCPINFO=166 GETACP=167 FREERESOURCE=168 FREELIBRARY=169 FORMATMESSAGEA=170 FINDRESOURCEA=171 FINDFIRSTFILEA=172 FILETIMETOLOCALFILETIME=174 FILETIMETODOSDATETIME=175 EXITPROCESS=176 ENUMCALENDARINFOA=177 ENTERCRITICALSECTION=178 DEVICEIOCONTROL=179 DELETEFILEW=180 DELETEFILEA=181 CREATETHREAD=182 CREATEPROCESSA=183 CREATEMUTEXA=184 CREATEFILEMAPPINGW=185 CREATEFILEMAPPINGA=186 CREATEFILEW=187 CREATEFILEA=188 CREATEEVENTA=189 CREATEDIRECTORYA=190 CONTINUEDEBUGEVENT=191 COMPARESTRINGA=192 CLOSEHANDLE=193 WINDOWFROMPOINT=194 WINDOWFROMDC=195 WINHELPA=196 WAITMESSAGE=197 WAITFORINPUTIDLE=198 UPDATEWINDOW=199 UNREGISTERCLASSA=200 UNHOOKWINDOWSHOOKEX=201 TRANSLATEMESSAGE=202 TRANSLATEMDISYSACCEL=203 TRACKPOPUPMENU=204 SYSTEMPARAMETERSINFOA=205 SHOWWINDOW=206 SHOWSCROLLBAR=207 SHOWOWNEDPOPUPS=208 SHOWCURSOR=209 SETTIMER=210 SETSCROLLRANGE=211 SETSCROLLPOS=212 SETSCROLLINFO=213 SETRECT=214 SETPROPA=215 SETMENUITEMINFOA=216 SETMENU=217 SETFOREGROUNDWINDOW=218 SETFOCUS=219 SETCURSOR=220 SETCLASSLONGA=221 SETCAPTURE=222 SETACTIVEWINDOW=223 SENDMESSAGEW=224 SENDMESSAGEA=225 SCROLLWINDOW=226 SCREENTOCLIENT=227 REMOVEPROPA=228 REMOVEMENU=229 RELEASEDC=230 RELEASECAPTURE=231 REGISTERWINDOWMESSAGEA=232 REGISTERCLIPBOARDFORMATA=233 REGISTERCLASSA=235 REDRAWWINDOW=234 PTINRECT=236 POSTQUITMESSAGE=237 POSTMESSAGEW=238 POSTMESSAGEA=239 PEEKMESSAGEA=240 OFFSETRECT=241 OEMTOCHARA=242 MSGWAITFORMULTIPLEOBJECTS=243 MESSAGEBOXA=244 MAPWINDOWPOINTS=245 MAPVIRTUALKEYA=246 LOCKWINDOWUPDATE=247 LOADSTRINGA=248 LOADKEYBOARDLAYOUTA=249 LOADICONA=250 LOADCURSORA=251 LOADBITMAPA=252 KILLTIMER=253 ISZOOMED=254 ISWINDOWVISIBLE=255 ISWINDOWENABLED=256 ISWINDOW=257 ISRECTEMPTY=258 ISICONIC=259 ISDIALOGMESSAGEA=260 ISCHILD=261 INVALIDATERECT=262 INTERSECTRECT=263 INSERTMENUITEMA=264 INSERTMENUA=265 INFLATERECT=266 GETWINDOWTHREADPROCESSID=267 GETWINDOWTEXTA=268 GETWINDOWRGN=269 GETWINDOWRECT=270 GETWINDOWPLACEMENT=271 GETWINDOWLONGA=272 GETWINDOWDC=273 GETUPDATERECT=274 GETTOPWINDOW=275 GETSYSTEMMETRICS=276 GETSYSTEMMENU=277 GETSYSCOLOR=278 GETSUBMENU=279 GETSCROLLRANGE=280 GETSCROLLPOS=281 GETSCROLLINFO=282 GETPROPA=283 GETPARENT=284 GETWINDOW=285 GETMESSAGEPOS=286 GETMENUSTRINGA=287 GETMENUSTATE=288 GETMENUITEMRECT=289 GETMENUITEMINFOA=290 GETMENUITEMID=291 GETMENUITEMCOUNT=292 GETMENU=293 GETLASTACTIVEPOPUP=294 GETKEYBOARDSTATE=295 GETKEYBOARDLAYOUTLIST=296 GETKEYBOARDLAYOUT=297 GETKEYSTATE=298 GETKEYNAMETEXTA=299 GETICONINFO=300 GETFOREGROUNDWINDOW=301 GETFOCUS=302 GETDESKTOPWINDOW=303 GETDCEX=304 GETDC=305 GETCURSORPOS=306 GETCURSOR=307 GETCLIPBOARDDATA=308 GETCLIENTRECT=309 GETCLASSNAMEA=310 GETCLASSINFOA=311 GETACTIVEWINDOW=313 FRAMERECT=314 FINDWINDOWA=315 FILLRECT=316 EQUALRECT=317 ENUMWINDOWS=318 ENUMTHREADWINDOWS=319 ENDPAINT=320 ENDDEFERWINDOWPOS=321 ENABLEWINDOW=322 ENABLESCROLLBAR=323 ENABLEMENUITEM=324 DRAWTEXTEXA=325 DRAWTEXTA=326 DRAWMENUBAR=327 DRAWICONEX=328 DRAWICON=329 DRAWFRAMECONTROL=330 DRAWFOCUSRECT=331 DRAWEDGE=332 DISPATCHMESSAGEA=333 DESTROYWINDOW=334 DESTROYMENU=335 DESTROYICON=336 DESTROYCURSOR=337 DELETEMENU=338 DEFERWINDOWPOS=339 DEFWINDOWPROCA=340 DEFMDICHILDPROCA=341 DEFFRAMEPROCA=342 CREATEWINDOWEXA=343 CREATEPOPUPMENU=345 CREATEMENU=344 CREATEICON=346 CLOSEWINDOW=347 CLIENTTOSCREEN=348 CHILDWINDOWFROMPOINT=349 CHECKMENUITEM=350 CALLWINDOWPROCA=351 CALLNEXTHOOKEX=352 BEGINPAINT=353 BEGINDEFERWINDOWPOS=354 CHARNEXTA=355 CHARLOWERBUFFA=356 CHARLOWERA=357 ADJUSTWINDOWRECTEX=358 ACTIVATEKEYBOARDLAYOUT=359 SLEEP=360 SHELLEXECUTEA=397 QUERYSERVICESTATUS=398 OPENSERVICEW=399 OPENSERVICEA=400 OPENSCMANAGERW=401 OPENSCMANAGERA=402 CLOSESERVICEHANDLE=403 NETBIOS=404 |
|
[结束]第三阶段◇第一题]看雪论坛.珠海金山2007逆向分析挑战赛
DiKeN又无敌了 |
|
|
|
[注意]2007逆向分析挑战赛----获得T-shirt 的名单
我是t-shirt*2吧 |
|
看雪论坛.珠海金山2007逆向分析挑战赛--第二阶段成绩(1,2,3,4题)
ccfer摇摇领先, 看不清背影了 |
|
二阶三题,测试样本
自己提供的样本不如以主程序为样本吧 |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值