|
脱壳游戏――ASProtect V1.23 RC4之注册名
最初由 fly 发布 really?? then i going to unpack and crack this...:) |
|
Armadillo 3.00a-3.61的单进程脱壳求助
can u post the link to the target u try to unpack? |
|
用ARM给98的记事本加了壳,脱出来出问题了。
1)use lordpe dump the region of the "stolen code" 2)open the dumped exe with lordpe -> section-> load section..choose the dumped region 3)now edit the virtual address(see the example above) 4) now save the file, open lordpe again go option and ONLY ticked "Validate PE", and rebuild the dumped exe 5)now fix the IAT........ 6)optimize the program after removed some useless section left by armadillo. btw... have to dump the region of stolen code and exe at the same time because everytime u start the program the "stolen code" will be at different address.... understood??? |
|
用ARM给98的记事本加了壳,脱出来出问题了。
this mprogram protected by copymemII and code splicing... unpack the program using the copymemII method and dump the "stolen code" from memory and add a new section...remember to edit the the virtual address... example: the "stolen code" is at address 15c0000 then u have to minus the imagebase which is 400000 then the virtual address is 11c0000... here is the unpack exe..i have optimized the program 附件:dumped_.rar |
|
请问:像这种加双重壳的应该怎么脱?
or u can use this method to unpack this exe 00411060 > 60 PUSHAD 00411061 E8 00000000 CALL NOTEPAD.00411066 <-- f8 to this code now right click ESP register and follow in dump highligh the 4 bytes and set hardware breakpoint at access 0012FFA4 40 00 80 7C @.? <--may be different at ur computer... press F9 3 times.. until u reach this code.. 0040D54F 9D POPFD 0040D550 50 PUSH EAX 0040D551 68 CC104000 PUSH NOTEPAD.004010CC 0040D556 C2 0400 RETN 4 <--F8 until here F8 until the RETN4 and u r at OEP... dump and fix IAT... 004010CC 55 PUSH EBP <--OEP 004010CD 8BEC MOV EBP,ESP 004010CF 83EC 44 SUB ESP,44 004010D2 56 PUSH ESI 004010D3 FF15 E4634000 CALL DWORD PTR DS:[4063E4] ; kernel32.GetCommandLineA |
|
请脱壳,并给出程序的密码
search the forum and u will get the tutorial to unpack this standard protection of armadillo.... |
|
请脱壳,并给出程序的密码
aiyah... u r faster than me... serial checking call 00401CD4 E8 CB9E0000 CALL dumped_.0040BBA4 serial:tHiSiStHESeRIal |
|
恭喜论坛重新开放了
finally the forum is back online....:) |
|
ASProtect v.2.0 加壳例子脱壳教程!
@VolX hi good to see u again...did u receive a pm from me from DFCG about armadillo import table elimination??? can u give me ur email...i would like to know how u fix the import table elimination in armadillo...because now a lot of program start using this protection.... |
|
OllyDbg插件发布 - Ultra String Reference
excellent plugin!! thanks fo sharing !! keep this up..:) |
|
|
|
ASPR1.23RC4脱壳之advanced im password Recovery+简单MD5爆破
hihi, good tutorial!! but after u change all the jump and make the program registered... it will not show u the IM password when u choose ICQ...it just show u "ICQ is detected"....i try to crack this program quite some time....but with no success...:( |
|
Armadillo 3.75 Private builds unpacked version
yup totally agreed with loveboom.... hope to see a tutorial on aspr 1.31 from jingulong and of course a tutorial on latest version of armadillo...:) |
|
Private Armadillo builds release
@pll823. i do have a private build from Team TMG... if u know how to use nanomites just explain how to use it...if u don't just say u dun know.. no need call me f**ker... |
|
Private Armadillo builds release
wo hai shi bu ming bai...:( NANOMITE_BEGIN<---where to put this?? //your code; NANOMITE_END<---- is it inside the exe??? can u explain in more details?...:) |
|
Private Armadillo builds release
@StudentII, can you explain how to use nanomites??? i always get the stupid msg u get previously....:( |
|
UltraEdit-32 10.20版脱壳记
can someone explains how to repair nanomites??? or CC.. i'm not really understand wat the author trying to say... anyone have a tutorial on how to fix nanomites?? any language will do ..:) |
|
Armadillo v3.75 B1
最初由 sharesoft 发布 wtf!!! if u dare to name ur software here i will crack ur software until u bankrupt!!!! |
|
exetools unpacking tuts 全部文章打包下
thanks for sharing these with us.. :) |
|
Armadillo 新版本?――SoftwarePassport
yes!!! i did it!!!:) i just dump the stolen code from memory and add it at the end of the exe...:) |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值