|
OD的数据窗口显示一个下划线,是不是表示这个地址无效?
我平常的理解是表示是一个Call。如果不对,请高手指教。 |
|
有没有办法将软件中不显示的控件显示出来?!
用FindWindow先找到软件窗口,再用FindWindowEx循环查找它的所有子控件,用IsWindowVisible判断是否可见,然后ShowWindow显示。 当然,应该有现成的工具,网上找找,VS中的工具Spy++应该也可以用。 |
|
Ollydbg作者其人
我又搜集到些资料: ==================================================================== 关于他的个人信息: Ollys full name got to be "Олег Яшук" (no "ж" involved =) ). It definitely sounds russian, but he might as well be from Ukraine or Belarus. Ollys的全名是"阿列克.亚苏克"(Oleh Yuschuk是他的英语音译)。从名上看绝对是俄罗斯人,但也可能是乌克兰或者白俄罗斯人。 After the fall of the Soviet Union some Russians imigrated to Germany... Many of those were well-educated, engineers etc. Maybe Olly is one such immigrant? ...... Ollys English is fluent, which is not usual with russians (language was not really one of the major subjects at school because travel was erstricted). This might mean two things: either he learned it by working with computers or he's been to germany longer than from 1990..... 和大多数俄罗斯人不同,Ollys的英语很流利...... ==================================================================== 他的网站: http://home.t-online.de/home/Ollydbg/ 可是晕倒,这是德文的! ==================================================================== 关于2.0版: Version 2.0 Hopefully I will have more time now for version 2.0. Currently I'm working on analyzer. Global prediction of the contents of registers and stack is practically finished. This was a very hard piece, and initially veeery slow, but today I've found the way to accelerate it by the factor 100+. Next I plan to implement known functions. Debugging engine will follow. Of course, OllyDbg 2.0 will work on all existing versions of 32-bit Windows: 95, 98, ME, NT4, 2000 and XP. I don't know whether it will make sense to play with Server 2003 at all, and Longhorn is not yet ready. Several weeks ago I've asked for help in the form of different Windows versions that I'm going to use for debugging purposes. Honestly, I haven't hoped for so many offers: Windows 98 and/or 98 SE Windows ME (Tony, this was a nice gift!) Windows 2000 home and/or professional (thank you, Rudy! No such thing as a home edition?) Windows XP home and/or professional (thank you, Peter!) Windows Server 2003 (many thanks, Casey!) And my very special thanks to Reinhard - his post completed my collection! So please send me no more Windows, now I have them all :) 2.0 版FAQ: Uh-oh, how many times have I promised to update this list? Enough, no more promises! 1. When will you release the new version of OllyDbg? - I can't tell you when first beta of v2.00 will be ready. 2. Please keep OllyDbg free! - I have no intentions to make OllyDbg commercial, even in second version. It is rated as a shareware for copyright reasons only. ==================================================================== 关于1.10c版: Version 1.10c - third (final) beta This is the last beta. There will be no more new features. For about two weeks I will update the documentation and wait for your bug reports. If nothing unforeseen will happen, I will make final release, close this project and renew my work on v2.0. New features: Now you can set analysis hints to force decoding of some byte sequences. To set hint, select piece of code or data and from the pop-up menu choose Analysis|Treat selection as, then your selection. Selections in singular form set hint only on the first byte, in plural - repeatedly on the whole selection. Proposed by Eric Simmons and others. First I answered that this feature would be too significant for v1.10; now, after considering all possibilities, I've found more or less safe way to do this. Please check! If debugged DLL has entry point, OllyDbg makes first pause on this entry point, then in LOADDLL.EXE. Proposed by Richard Ginzburg. Disassembler will display, on your request, RET instead of RETN. Proposed by Ib Larsen. Run Trace window now supports syntax highlighting. Proposed by X Shadow. If command uses immediate constant that points to valid command in code, Disassembler adds menu item "Follow immediate constant". Proposed by KolAn and Paul Guerra. New copy-to-clipboard options: whole Information pane, line of Run trace window. Proposed by sett07. Option to mark DLL as system or non-system. Important for Run trace where you may request to trace over calls to system DLLs. If doubleword in Stack points to stack, press Enter to follow it. Proposed by CoDe_Inject. Maximal length of argument string is changed from 1024 to 4096 characters. Requested by BlackArT. New CPU option: now you can specify the number of lines visible after current command during stepping and tracing. Proposed by Phong Tran and others. ODBG_Pausedex(reasonex,extmode,registers,debugevent) extends functionality of ODBG_Paused(reason,registers). Many requests. Extended flags in reasonex proposed by Richard. Listmemory() is now exported. Requested by lixg00. There are many more requests in my list, but, unfortunately, they will not appear in the final release. Usually this is due to their complexity that may aversely influence the reliability of v1.10. I have transferred all such requests to the list of wishes for version 2.0. Sorry. Removed bugs: Registers menu option "Copy all registers to clipboard" now copies EAX, too. Reported by many contributors. In code with non-standard alignment of sections, analysis and displayed code were desynchronized, so click on some line selected different line. Reported by comrade. Menu "Follow in Dump" now displays more intuitive items if one of operands is implicit stack location (like in PUSH). Reported by Jacob Benoit. OllyDbg now correctly disassembles VxDCall and VxDJump used by Win95 drivers. However, it assembles them to the same code. In almost improbable case that anybody will use this pseudocommand, user must correctly set bit 0x00008000 to distinguish between call and jump. Reported by Jacob Benoit. OllyDbg compiled REP STOS FWORD [EDI] and similar nonsense to REP STOS DWORD [EDI]. Reported by Paul Guerra. OllyDbg now adds "Open with OllyDbg" to Explorer's menu in DLLs. Reported by Truong Quoc Ngan. Names window sometimes lost its contents after new modules were loaded. Reported by William Whistler. If your bug is not here, this means that I was unable to reproduce it. In this case, please send me the detailed, step-by-step, sequence of actions. Don't forget to mention the version of your OS! |
|
Microsoft Visual Basic 5.0 / 6.0程序,如何才可以查看其所有的中文资源呢。
我只用过OD,OD里不支持中文,虽然里面有个"Ultra字符串参考"的插件,也不好用。 如果在界面上知道某个中文字串,可以用UltraEdit一类支持中文的编辑器取得其Hex码,再到OD中去找。 继续关注,看其他朋友有没有好办法。 |
|
[求助]结合了时间算法加密的软件应该如何着手
关于看雪网速,我也是非常慢,在家和在公司都一样,但上其它大部分网都挺快的,有时候简直是种折磨:网速虽慢可论坛不错,还非上不行。 |
|
[求助]结合了时间算法加密的软件应该如何着手
很少有软件伪装的,看一下里面调用的函数,如果有很多_vba*和rtc*的MSVBVM60函数,必是VB程序。 |
|
[求助]关于VBpcode的困惑
Forever大侠可是这么面的专家,我就是看了他的"VB程序逆向浅析"后破解开第1个VB程序的(虽然简单)。关于P-Code,以及上面提到的一些,在《软件加密技术内幕》中有详细一些的讲解(相对详细,看了后能清晰些,但是还是有非常多的迷惑)。 根据《软件加密技术内幕》中的介绍,FLdPrThis好像是VB中的me的引用,我现在在公司,手头没书,记不大清楚了。 因为微软技术保密,所以Forever大侠说的好,"猜"可能是最好的办法。 |
|
买了半个月了,我感觉很不错!
我一个月前在网上下载了《加密与解密第二版》,觉得内容非常好,后来去书店买了一本,看了一个多月,受益非浅! 后来听说还有《软件加密技术内幕》,也下载了一本,但网上看书实在太费眼,没怎么看,继续在看买的上本书,去好几个书店里转了几次都买不到。昨天乘朋友的车,专程去一家附近几市最大合资书店,因为这里书太多,问书店电脑书籍处的小伙子,他只隐约记得见过这名,但不知道摆在那里,后来他去电脑中查询确实有这本书,于是我们俩一起找了近二十分钟,后来我找到了。 这两本书充满技术含量,讲的内容又极其实用,至于价格也非常公道:49块一本带光盘!我买回后昨晚大致浏览了《加密内幕》,个人认为比《加解二》更有技术含量,更为实用。 《加解二》中的内容在别的地方或多或少地也都能找到,只是没这么系统及附带实例及代码。可是《加密内幕》中的很多内容就很难见到,PE文件分析/调试器/加脱壳软件的编写、各种加密方式的具体实现都我最喜欢的,我想这些都是作者们的心血,或者可以用金庸小说中的武林密籍来比喻! 现在很多论坛及Cracker绝大部分都将精力花在破解上,加密方面相对远远没有破解方面普及。如果没有一定的编程基础和基础知识(别误会,这方面我也很一般,只不过我希望能提高),对于只想爆破几个软件的读者来说,可能这本书看起来会觉得难而令使他们失望。可是要想真正进阶,现在国内没有比这本书更好的了(如果我太孤陋寡闻,请原谅)。 对于写程序的朋友,可以从这本书学到很多高级技巧和对编程及系统获得更深入的理解。 如果《加解二》我评85分,《加密内幕》我评100分。 |
|
[原创]轻轻松松学开车7.8 多层壳+Anti+暗桩
好文章!感谢楼主! 我最近正为一些软件中的暗桩和反跟踪代码烦恼,楼主的文章给了我很多启迪。 请教一个问题,有很多软件初次查是用UPX加的壳,用相关脱壳软件或者OD脱掉,然后PEID中可以查看到是什么软件编写的了,但在OD中打开,仍然提示入口在代码之外,而且查看PE区段写着ASPR一类的名字。请问这是加了多层壳还是没脱尽? |
|
OD和Quick Unpack都不行![求助]
太感谢了!今天又多学了一招来对付反调试的软件。 把前面push处的004023fc用NOP填充,正常了,但运行到这里明显停了一阵,空串也要检查这么久。干脆把00402F6F改为跳转,直接跳过,运行飞快。 再次感谢wekabc! 我是个菜鸟啊!像刚学打麻将的初哥,虽然技术奇差,手气倒还不错,碰巧胡了两把...那两精就这么来的。 |
|
[求助]很具有挑战性的东东,5天没结果,好几个高手搞不定,易语言
看雪大把高手,只是他们未必愿意。你是想求人破解吧? |
|
OD和Quick Unpack都不行![求助]
还是不明白啊,请解释一下。 |
|
|
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值