|
[分享]新手第一次破了软件。给比我更新的人一点经验。壳是:Version: ASProtect 2.3 SKE build 06.26 Beta [Extract]
补充:根据13课的学习这个软件根本不用脱壳(就一垃圾软件),直接运行,输入错的注册码,提示错误.F12暂停.查看堆栈.直接去程序的领空.(新人学习嘛,找到这段的头下硬件执行断点)慢慢分析下来..直接出注册码. 我现在遇到的麻烦是软件注册了.没的玩了.注册表里找不到.这个软件也查不到超级字符串的.高手指点一下.怎么把注册删了. 还有我做了个内存注册机.开的时候被检测了.是不是要加壳? |
|
[讨论]这个板块是不是该改成求破求脱专用板块了?
言外之意小弟明白了..以后有问题还希望能指点一.二 |
|
[求助]ASProtect 2.3 SKE build 06.26 Beta [Extract]怎么脱?
ASProtect 2.3 SKE build 06.26 Beta [Extract]壳 这个壳用Aspr2.XX_unpacker_v1.0E.osc或者Aspr2.XX Unpacker 1.0SE.osc脱壳看看.然后在处理附加数据.我估计脱完后是VC++6.0(覆盖)的.最后过自检验.具体教程自己找吧.要自己学习. 脚本我放下面了 |
|
[讨论]这个板块是不是该改成求破求脱专用板块了?
标题不错.说实话我刚接触这东西..现在才开始看天草的教程.之前一点不会.因为我要破个挂在来到这论坛上.但是这深深迷上了我.那个挂被个高手破了.我也下了试了.能用.但是我却再没上那游戏了.我开始学汇编(今天第3天)我真想那高手那破那挂的例子放上来让我参考.学习.现在的我应该算是PEELER说的:有人是想通过解答来升华。这种人了吧. 昨天下到了小生我怕怕工具包,然后有把自己喜欢的几个工具放进去了.好开心....... |
|
[求助]来看下这个挂的壳哦。。。。帮忙看下
大哥把步骤写下吧。或者做个视频让我们学习一下吧。 |
|
[求助]来看下这个挂的壳哦。。。。帮忙看下
行是行。。。。关键我是想学破了他。。。。。呵呵 |
|
[求助]来看下这个挂的壳哦。。。。帮忙看下
你破的什么哦??没看到啊。。。 |
|
[求助]来看下这个挂的壳哦。。。。帮忙看下
来人看下吧。。 |
|
[求助]来看下这个挂的壳哦。。。。帮忙看下
再线等待高手出现 |
|
[求助]ASProtect 2.3 SKE build 06.26 Beta脱壳修复后不能运行.救命呀
用Overlay 最终版..... 然后开能开不..看看是不是Microsoft Visual C++ |
|
[求助]来看下这个挂的壳哦。。。。帮忙看下
还这样.不行..... |
|
|
|
[求助]来看下这个挂的壳哦。。。。帮忙看下
.......是外挂啊.....我弄到现在了..怎么成病毒了? |
|
[求助]来看下这个挂的壳哦。。。。帮忙看下
上面的那文件还没用奥运版脱壳机0.3b2和OVERLAY的.还是最早的. |
|
[求助]来看下这个挂的壳哦。。。。帮忙看下
用bp MessageBoxExA.F9运行.第一次按F9 OD动了.但没跳出任何程序在按ALT+F9出现了NOT found the kernel library or the kernel library is invalid 查找ASCII后发现 Ultra String Reference Address Disassembly Text String 004010A8 push 00401019 krnln.fnr 004010D5 push 00401038 software\flysky\e\install 00401109 push 00401052 path 0040114A push 00401023 krnln.fne 0040116B push 0040102D getnewsock 004011A7 push 00401096 error 004011AC push 00401057 not found the kernel library or the kernel library is invalid! 004011B8 mov eax, -1 (initial cpu selection) 跟随004011AC push 00401057 not found the kernel library or the kernel library is invalid! 到达. 00401000 >/$ E8 06000000 call 0040100B 00401005 |. 50 push eax ; /ExitCode 00401006 \. E8 BB010000 call <jmp.&KERNEL32.ExitProcess> ; \ExitProcess 0040100B /$ 55 push ebp 0040100C |. 8BEC mov ebp, esp 0040100E |. 81C4 F0FEFFFF add esp, -110 00401014 |. E9 83000000 jmp 0040109C 00401019 |. 6B 72 6E 6C 6>ascii "krnln.fnr",0 00401023 |. 6B 72 6E 6C 6>ascii "krnln.fne",0 0040102D |. 47 65 74 4E 6>ascii "GetNewSock",0 00401038 |. 53 6F 66 74 7>ascii "Software\FlySky\" 00401048 |. 45 5C 49 6E 7>ascii "E\Install",0 00401052 |. 50 61 74 68 0>ascii "Path",0 00401057 |. 4E 6F 74 20 6>ascii "Not found the ke" 00401067 |. 72 6E 65 6C 2>ascii "rnel library or " 00401077 |. 74 68 65 20 6>ascii "the kernel libra" 00401087 |. 72 79 20 69 7>ascii "ry is invalid!",0 00401096 |. 45 72 72 6F 7>ascii "Error",0 0040109C |> 8D85 FCFEFFFF lea eax, dword ptr [ebp-104] 004010A2 |. 50 push eax 004010A3 |. E8 44010000 call 004011EC 004010A8 |. 68 19104000 push 00401019 ; /krnln.fnr 004010AD |. 8D85 FCFEFFFF lea eax, dword ptr [ebp-104] ; | 004010B3 |. 50 push eax ; |ConcatString 004010B4 |. E8 25010000 call <jmp.&KERNEL32.lstrcatA> ; \lstrcatA 004010B9 |. 50 push eax ; /FileName 004010BA |. E8 19010000 call <jmp.&KERNEL32.LoadLibraryA> ; \LoadLibraryA 004010BF |. 85C0 test eax, eax 004010C1 |. 0F85 9E000000 jnz 00401165 004010C7 |. 8D85 F4FEFFFF lea eax, dword ptr [ebp-10C] 004010CD |. 50 push eax ; /pHandle 004010CE |. 68 19000200 push 20019 ; |Access = KEY_READ 004010D3 |. 6A 00 push 0 ; |Reserved = 0 004010D5 |. 68 38104000 push 00401038 ; |software\flysky\e\install 004010DA |. 68 01000080 push 80000001 ; |hKey = HKEY_CURRENT_USER 004010DF |. E8 36010000 call <jmp.&ADVAPI32.RegOpenKeyExA> ; \RegOpenKeyExA 004010E4 |. 83F8 00 cmp eax, 0 004010E7 |. 0F85 B8000000 jnz 004011A5 004010ED |. C785 F0FEFFFF>mov dword ptr [ebp-110], 103 004010F7 |. 8D85 F0FEFFFF lea eax, dword ptr [ebp-110] 004010FD |. 50 push eax ; /pBufSize 004010FE |. 8D85 FCFEFFFF lea eax, dword ptr [ebp-104] ; | 00401104 |. 50 push eax ; |Buffer 00401105 |. 6A 00 push 0 ; |pValueType = NULL 00401107 |. 6A 00 push 0 ; |Reserved = NULL 00401109 |. 68 52104000 push 00401052 ; |path 0040110E |. FFB5 F4FEFFFF push dword ptr [ebp-10C] ; |hKey 00401114 |. E8 07010000 call <jmp.&ADVAPI32.RegQueryValueExA> ; \RegQueryValueExA 00401119 |. 50 push eax 0040111A |. FFB5 F4FEFFFF push dword ptr [ebp-10C] ; /hKey 00401120 |. E8 EF000000 call <jmp.&ADVAPI32.RegCloseKey> ; \RegCloseKey 00401125 |. 58 pop eax 00401126 |. 83F8 00 cmp eax, 0 00401129 |. 75 7A jnz short 004011A5 0040112B |. 8D85 FCFEFFFF lea eax, dword ptr [ebp-104] 00401131 |. 50 push eax ; /String 00401132 |. E8 AD000000 call <jmp.&KERNEL32.lstrlenA> ; \lstrlenA 00401137 |. 8D9D FCFEFFFF lea ebx, dword ptr [ebp-104] 0040113D |. 03D8 add ebx, eax 0040113F |. 4B dec ebx 00401140 |. 803B 5C cmp byte ptr [ebx], 5C 00401143 |. 74 05 je short 0040114A 00401145 |. 66:C703 5C00 mov word ptr [ebx], 5C 0040114A |> 68 23104000 push 00401023 ; /krnln.fne 0040114F |. 8D85 FCFEFFFF lea eax, dword ptr [ebp-104] ; | 00401155 |. 50 push eax ; |ConcatString 00401156 |. E8 83000000 call <jmp.&KERNEL32.lstrcatA> ; \lstrcatA 0040115B |. 50 push eax ; /FileName 0040115C |. E8 77000000 call <jmp.&KERNEL32.LoadLibraryA> ; \LoadLibraryA 00401161 |. 85C0 test eax, eax 00401163 |. 74 40 je short 004011A5 00401165 |> 8985 F8FEFFFF mov dword ptr [ebp-108], eax 0040116B |. 68 2D104000 push 0040102D ; /getnewsock 00401170 |. 50 push eax ; |hModule 00401171 |. E8 5C000000 call <jmp.&KERNEL32.GetProcAddress> ; \GetProcAddress 00401176 |. 85C0 test eax, eax 00401178 |. 74 20 je short 0040119A 0040117A |. 68 E8030000 push 3E8 0040117F |. FFD0 call eax 00401181 |. 85C0 test eax, eax 00401183 74 15 je short 0040119A 00401185 |. E8 00000000 call 0040118A 0040118A |$ 810424 761E00>add dword ptr [esp], 1E76 00401191 |. FFD0 call eax 00401193 |. 6A 00 push 0 ; /ExitCode = 0 00401195 |. E8 2C000000 call <jmp.&KERNEL32.ExitProcess> ; \ExitProcess 0040119A |> FFB5 F8FEFFFF push dword ptr [ebp-108] ; /hLibModule 004011A0 |. E8 27000000 call <jmp.&KERNEL32.FreeLibrary> ; \FreeLibrary 004011A5 |> 6A 10 push 10 ; /Style = MB_OK|MB_ICONHAND|MB_APPLMODAL 004011A7 |. 68 96104000 push 00401096 ; |error 004011AC |. 68 57104000 push 00401057 ; |not found the kernel library or the kernel library is invalid! 004011B1 |. 6A 00 push 0 ; |hOwner = NULL 004011B3 |. E8 08000000 call <jmp.&USER32.MessageBoxA> ; \MessageBoxA 004011B8 |. B8 FFFFFFFF mov eax, -1 ; (initial cpu selection) 004011BD |. C9 leave 004011BE \. C3 retn 004011BF CC int3 004011C0 $- FF25 30204000 jmp dword ptr [<&USER32.MessageBoxA>>; USER32.MessageBoxA 004011C6 .- FF25 1C204000 jmp dword ptr [<&KERNEL32.ExitProces>; kernel32.ExitProcess 004011CC $- FF25 10204000 jmp dword ptr [<&KERNEL32.FreeLibrar>; kernel32.FreeLibrary 004011D2 $- FF25 24204000 jmp dword ptr [<&KERNEL32.GetProcAdd>; kernel32.GetProcAddress 004011D8 $- FF25 20204000 jmp dword ptr [<&KERNEL32.LoadLibrar>; kernel32.LoadLibraryA 004011DE $- FF25 14204000 jmp dword ptr [<&KERNEL32.lstrcatA>] ; kernel32.lstrcatA 004011E4 $- FF25 28204000 jmp dword ptr [<&KERNEL32.lstrlenA>] ; kernel32.lstrlenA 004011EA CC int3 004011EB CC int3 004011EC /$ 55 push ebp 004011ED |. 8BEC mov ebp, esp 004011EF |. 68 80000000 push 80 ; /BufSize = 80 (128.) 004011F4 |. FF75 08 push dword ptr [ebp+8] ; |PathBuffer 004011F7 |. 6A 00 push 0 ; |hModule = NULL 004011F9 |. E8 28000000 call <jmp.&KERNEL32.GetModuleFileName>; \GetModuleFileNameA 004011FE |. 8B4D 08 mov ecx, dword ptr [ebp+8] 00401201 |. 8D4C08 FA lea ecx, dword ptr [eax+ecx-6] 00401205 |> 8A01 mov al, byte ptr [ecx] 00401207 |. 49 dec ecx 00401208 |. 3C 5C cmp al, 5C 0040120A |.^ 75 F9 jnz short 00401205 0040120C |. C641 02 00 mov byte ptr [ecx+2], 0 00401210 |. C9 leave 00401211 \. C2 0400 retn 4 00401214 $- FF25 04204000 jmp dword ptr [<&ADVAPI32.RegCloseKe>; ADVAPI32.RegCloseKey 0040121A $- FF25 08204000 jmp dword ptr [<&ADVAPI32.RegOpenKey>; ADVAPI32.RegOpenKeyExA 00401220 $- FF25 00204000 jmp dword ptr [<&ADVAPI32.RegQueryVa>; ADVAPI32.RegQueryValueExA 00401226 $- FF25 18204000 jmp dword ptr [<&KERNEL32.GetModuleF>; kernel32.GetModuleFileNameA 请高手看下. |
|
[求助]来看下这个挂的壳哦。。。。帮忙看下
本来是1MB的.dump_e0.3b2.exe这个以后只有70KB了.再[PE处理]Overlay 最终版以后变720KB.还这这样..NOT found the kernel library or the kernel library is invalid是不是说明有自检.杂办呢? |
|
[求助]来看下这个挂的壳哦。。。。帮忙看下
是不是因为有附加数据.怎么搞?教一下. |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值