|
[分享]SDProtector1.1脱壳
nice tut ..:) change Test(OutPutDebugString)1.exe Linker Info to 6.0 instead of 83.82 PEiD will identified as C++ program |
|
arm4.1主程序Patch分析
hehe u should ask me how this patch work....because i'm the one who teach AvAtAr how to patch arma.... but that not very important... the main thing i wanted to tell is this way actualy originate from sanniassin from Revenge Crew.... |
|
问个脱壳小问题arm4.10 public版的
change the linker info to another number instead of 83.82 change it to 6.0 then PEiD will identify it as C++ program.... |
|
Armadillo v4.10破解补丁
..hehe that is my Team's patch....:) |
|
[转贴]Armadillo Code Injection
...no need any plugin...just need ollydbg..... actually have a few ways to inline patch arma...the above is one of them....the most important is u know how to fix the crc... |
|
请教:Armadillo脱壳遇到问题,就差一步了!!!
if the program is written in vb u do not need to patch the magic jump try this run the packed program run imprec, u will see 2 same process choose the second 1(if i'm not mistaken, if not choose the first 1) then enter the oep, do not press "IAT Autosearch" enter the start of the iat address and length, press get import... u will found that only 1 invalid entry..that 1 usually is __vbaEnd |
|
请教:Armadillo脱壳遇到问题,就差一步了!!!
the program u unpacking is copymemII u cannot use that way to unpack it...search the forum u will find the tut on copymemII |
|
ASProtect 2.0 inline patch by -= ALEX =- [俄语]
hehe....asprotect is having problem now... |
|
大侠帮看一下:这个ollyscript的脚本有什么问题?
try to change the eip to infinite loop and use f8 ot f7 to refresh the interface... first change the eip... mov savecode,[eip] mov [eip], #EBFE# put a sto or sti inside the loop.. when the loop is finish or script is end..then restore back the code mov [eip],savecode |
|
Patch注册ASProtect V1.X壳保护程序的方法
hahaha finally u release this tutorial ...:) |
|
[BT]Patch For ACProtector1.41 Pro
lihai.... |
|
恐怖,原来从ARM一直到4.0有人一直能直接PATCH破解.
最初由 newpp 发布 that way of inline patching alread used by fly long time ago...:) but this way of inline patch asprotect has a limitation in the latest version...u have to change a lot of bytes in the exe and the only location u can jump is the pe section..and write ur own patch there....pretty small location...:(..because latest asprotect will delete clear all the code at "adata" section when it's run....but revengecrew team way of inline patching can avoid that....and u can even add section to the exe if u wish just u need to change back the bytes to the original bytes to maintain the crc... |
|
恐怖,原来从ARM一直到4.0有人一直能直接PATCH破解.
最初由 鸡蛋壳 发布 ??? i only know how he inline patch asprotect... i'm still checking how he inline patch armadillo... |
|
恐怖,原来从ARM一直到4.0有人一直能直接PATCH破解.
that guy is from revengecrew team...the same guy who inline patch asprotect, armadillo, and svkp.... |
|
dump后的程序出现如下错误是什么问题,如何解决?
change RestoreLastError to SetLastError...... |
|
Asprotect和ARM都是双进程的壳,有没有不是双进程的壳?
最初由 smrwsmrw 发布 so do i....but i cannot pack an exe that will run 2 same processes....can u post the exe u packed... |
|
PE浏览小东东(bug fixed?)
最初由 WiNrOOt 发布 here is an unpacked version ... 附件:dumped_.rar |
|
有些 ARM 4.0 新版加的双进程的壳OEP不好找.
can u post the unpackme...i wan to have a try..:) |
|
Asprotect和ARM都是双进程的壳,有没有不是双进程的壳?
Asprotect 双进程的壳 ??? never see before.... |
|
脱壳游戏之aspr1.31
u can refer to fly tutorial to unpack this program.... try this unpacked exe... 附件:dumped_.rar |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值