|
|
|
求Microsoft Visual C++ 5.0 [Overlay]脱壳机!谢
基本上没有壳,我刚破了一个Microsoft Visual C++ 5.0 [Overlay],不过有一些ANTI |
|
Unpacking EncryptPE V2.2005910
强,学习了。。。 |
|
aspr 1.3x注册笔记
谢谢,收藏。 |
|
Armadillo V4.40主程序脱壳
我在用脚本是出现提示:设置字节在地址***到CC中(命令代码INT3已用作断点)为何会这样。 |
|
谁有Armadillo CopyMem-II+Code Splicing+Import Table Elimination的教程
fly大大,上面教程要先到达OEP处,我这个程序没办法直到OEP,我有参照你的魔法转换对C2进行脱壳,但现在卡在输入表上。 |
|
|
|
[原创]计算机软件水平考试测试系统 2005 V5.0 网络工程师版
支持一下。.... |
|
Obsidium外壳学习手记
强人.................... |
|
[原创]Asprotect V2.X 的脱壳与修复的总结及练习
very good |
|
Patch 修复 Armadillo 的IAT乱序
very good,ths |
|
|
|
|
|
[转帖]Activemark破解方法
am.dll的原代码: =============================================== // am.cpp : Defines the entry point for the DLL application. // #include typedef HANDLE WINAPI _LoadLibraryA_t ( LPCTSTR lpLibraryName ); typedef HANDLE WINAPI _GetProcAddress_t ( HMODULE hModule, LPCTSTR lpFunctionName ); typedef HANDLE WINAPI _CreateFile_t( LPSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile ); static char g_szGame[MAX_PATH + 1]; static long g_szGameLen = 0; static char* g_szHooksPointersFile = "am_hooks.bin"; DWORD g_pfnCreateFile_ORIG = 0; DWORD g_pfnLoadLibraryA_ORIG = 0; DWORD g_pfnGetProcAddress_ORIG = 0; DWORD g_bLoadingKernel32 = FALSE; HANDLE WINAPI xCreateFile(LPSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile); HANDLE WINAPI xLLA(LPCTSTR lpLibraryName); HANDLE WINAPI xGPA(HMODULE hModule, LPCTSTR lpFunctionName); void FixPointers() { DWORD dwDummy; DWORD dwLLA = 0; DWORD dwGPA = 0; HANDLE hFile = CreateFile(g_szHooksPointersFile, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); if (INVALID_HANDLE_VALUE != hFile) { ReadFile(hFile, &dwLLA, 4, &dwDummy, NULL); ReadFile(hFile, &dwGPA, 4, &dwDummy, NULL); CloseHandle(hFile); *((DWORD*)dwLLA) = (DWORD)xLLA; *((DWORD*)dwGPA) = (DWORD)xGPA; } } BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) { switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: // initialize the pointers g_pfnCreateFile_ORIG = (DWORD)CreateFileA; g_pfnLoadLibraryA_ORIG = (DWORD)LoadLibraryA; g_pfnGetProcAddress_ORIG = (DWORD)GetProcAddress; g_szGame[0] = '\0'; // Get self name g_szGameLen = GetModuleFileName(GetModuleHandle(NULL), g_szGame, MAX_PATH); // mark pointers in the game FixPointers(); break; case DLL_PROCESS_DETACH: break; } return TRUE; } HANDLE WINAPI xLLA(LPCTSTR lpLibraryName) { long k, nLen; for (k = nLen = 0; !IsBadReadPtr(&lpLibraryName[k], 1) && lpLibraryName[k] != '\0'; k++) nLen++; if (nLen == 12) { if (lpLibraryName[0] | 0x20 == 'k' && lpLibraryName[1] | 0x20 == 'e' && lpLibraryName[2] | 0x20 == 'r' && lpLibraryName[3] | 0x20 == 'n' && lpLibraryName[4] | 0x20 == 'e' && lpLibraryName[5] | 0x20 == 'l' && lpLibraryName[6] | 0x20 == '3' && lpLibraryName[7] | 0x20 == '2' && lpLibraryName[8] | 0x20 == '.' && lpLibraryName[9] | 0x20 == 'd' && lpLibraryName[10] | 0x20 == 'l' && lpLibraryName[11] | 0x20 == 'l') { g_bLoadingKernel32 = 1; } else { g_bLoadingKernel32 = 0; } } _LoadLibraryA_t* pfnMyLoadLibraryA = (_LoadLibraryA_t*)g_pfnLoadLibraryA_ORIG; return (*pfnMyLoadLibraryA)(lpLibraryName); } HANDLE WINAPI xGPA(HMODULE hModule, LPCTSTR lpFunctionName) { if (g_bLoadingKernel32) { long k, nLen; for (k = nLen = 0; !IsBadReadPtr(&lpFunctionName[k], 1) && lpFunctionName[k] != '\0'; k++) nLen++; if (11 == nLen) { if ((lpFunctionName[0] | 0x20) == 'c' && (lpFunctionName[1] | 0x20) == 'r' && (lpFunctionName[2] | 0x20) == 'e' && (lpFunctionName[3] | 0x20) == 'a' && (lpFunctionName[4] | 0x20) == 't' && (lpFunctionName[5] | 0x20) == 'e' && (lpFunctionName[6] | 0x20) == 'f' && (lpFunctionName[7] | 0x20) == 'i' && (lpFunctionName[8] | 0x20) == 'l' && (lpFunctionName[9] | 0x20) == 'e' && (lpFunctionName[10] | 0x20) == 'a') { return xCreateFile; } } } _GetProcAddress_t* pfnMyGetProcAddress = (_GetProcAddress_t*)g_pfnGetProcAddress_ORIG; return (*pfnMyGetProcAddress)(hModule, lpFunctionName); } HANDLE WINAPI xCreateFile(LPSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile) { if (IsBadReadPtr(lpFileName, 1)) return INVALID_HANDLE_VALUE; long k, nLen; for (k = nLen = 0; lpFileName[k] != '\0'; k++) nLen++; if (g_szGameLen == nLen) { for (k = 0; k < nLen; k++) { if ((lpFileName[k] | 0x20) != (g_szGame[k] | 0x20)) break; } if (k == nLen) { lpFileName[k -1] = '_'; } } _CreateFile_t* pfnMyCreateFile = (_CreateFile_t*)g_pfnCreateFile_ORIG; return (*pfnMyCreateFile)(lpFileName, dwDesiredAccess, dwShareMode, lpSecurityAttributes, dwCreationDisposition, dwFlagsAndAttributes, hTemplateFile); } --------------------------------------------------------------- and the "optimised", DIRTY too, routine for fixing imports : bool FixImports(char* pszFileName) { CString strOrigGame = CString(pszFileName); char* szFileName = (LPSTR)(LPCSTR)strOrigGame; HANDLE hFile = CreateFile(szFileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL | FILE_FLAG_SEQUENTIAL_SCAN, NULL); if (INVALID_HANDLE_VALUE == hFile) { return false; } DWORD dwDummy; DWORD dwSize = GetFileSize(hFile, &dwDummy); HANDLE hMap = CreateFileMapping(hFile, NULL, PAGE_READONLY, 0, dwSize, "__KRNL32OFFS_SCAN2"); if (!hMap) { printf("CreateFileMapping failed\n"); } DWORD* pMapMem = (DWORD*)MapViewOfFile(hMap, FILE_MAP_READ, 0, 0, 0); ULONG _bFound = 0; ULONG _nOffset = 0; if (pMapMem) { __asm { cld mov _bFound, 0 mov ecx, dwSize shr ecx, 2 mov edi, pMapMem _loop: mov eax, 0x4e52454b // 'KERN' repnz scasd cmp ecx, 0 jnz _found1 jmp _notfound _found1: cmp [edi], 0x32334c45 // 'EL32' jz _found2 jmp _notfound _found2: cmp [edi + 4], 0x4c4c442e // '.DLL' jnz _notfound inc ecx shl ecx, 2 mov eax, dwSize and eax, 0xfffffffc sub eax, ecx mov _nOffset, eax jmp _done _notfound: cmp ecx, 8 ja _loop _done: } } else { return false; } UnmapViewOfFile(pMapMem); DWORD dwAddressOffset = _nOffset - 0x70; CloseHandle(hMap); CloseHandle(hFile); char buff[512]; char libbuff[1024]; GetSystemDirectory(buff, 512); DWORD a[24]; HINSTANCE h; memset(a, 0, 24 * sizeof(DWORD)); a[0] = (DWORD)LoadLibrary; a[1] = (DWORD)GetProcAddress; a[2] = (DWORD)ExitProcess; a[4] = (DWORD)RegCloseKey; strcpy(libbuff, buff); strcat(libbuff, "\\comdlg32.dll"); h = LoadLibrary(libbuff); if (h) { a[6] = (DWORD)GetProcAddress(h, "PrintDlgA");; FreeLibrary(h); } strcpy(libbuff, buff); strcat(libbuff, "\\crypt32.dll"); h = LoadLibrary(libbuff); if (h) { a[8] = (DWORD)GetProcAddress(h, "CertOpenStore");; FreeLibrary(h); } a[10] = (DWORD)::DPtoLP; strcpy(libbuff, buff); strcat(libbuff, "\\netapi32.dll"); h = LoadLibrary(libbuff); if (h) { a[12] = (DWORD)GetProcAddress(h, "Netbios"); FreeLibrary(h); } a[14] = (DWORD)CoInitialize; a[16] = (DWORD)ExtractIconA; a[18] = (DWORD)::GetDC; strcpy(libbuff, buff); strcat(libbuff, "\\wininet.dll"); h = LoadLibrary(libbuff); if (h) { a[20] = (DWORD)GetProcAddress(h, "InternetOpenA");; FreeLibrary(h); } strcpy(libbuff, buff); strcat(libbuff, "\\winmm.dll"); h = LoadLibrary(libbuff); if (h) { a[22] = (DWORD)GetProcAddress(h, "joyGetPos");; FreeLibrary(h); } CFile f; if (f.Open(strOrigGame, CFile::modeReadWrite)) { f.Seek(dwAddressOffset, CFile::begin); f.Write(a, 24 * sizeof(DWORD)); f.Close(); } else { return false; } return true; } |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值