|
自编的多功能破文生成器
试试先!!!! |
|
Steel Box 问题
对啊,请fly兄弟发教程吧:D |
|
Thinstall V2.501脱壳――Win98的Notepad
thanks !!!! |
|
三次内存断点法脱不知名壳[原创]
支持一下!!!!! |
|
Alex-protect外壳完全分析[原创]
很精彩!!!!:D :D :D |
|
|
|
浅谈Armadillo V.3.75 与 V.3.78的保护[原创]
精彩,又多了一次学习的机会:D :D :D |
|
WorkLog 工作日志管理 2.35
不忽略在KERNEL32 中的内存访问异常 用OD载入程序 0044EBD6 W> 33C0 xor eax,eax 0044EBD8 ^ E9 23E4FFFF jmp WorkLog.0044D000 0044EBDD 0087 092EE11E add byte ptr ds:[edi+1EE12E09],al 0044EBE3 EC in al,dx 0044EBE4 04 00 add al,0 F9运行看看 0044E9F0 FF01 inc dword ptr ds:[ecx] 0044E9F2 ^ EB E8 jmp short WorkLog.0044E9DC 0044E9F4 F9 stc 0044E9F5 72 02 jb short WorkLog.0044E9F9 Shift+F9继续运行,15下到最后一次异常 0044E7D6 60 pushad 0044E7D7 E8 06000000 call WorkLog.0044E7E2 0044E7DC 8B6424 08 mov esp,dword ptr ss:[esp+8] 0044E7E0 EB 1A jmp short WorkLog.0044E7FC 0044E7E2 64:67:FF36 0000 push dword ptr fs:[0] 0044E7E8 64:67:8926 0000 mov dword ptr fs:[0],esp 0044E7EE 9C pushfd 0044E7EF 810C24 00010000 or dword ptr ss:[esp],100 0044E7F6 9D popfd 0044E7F7 F8 clc 0044E7F8 ^ 73 DC jnb short WorkLog.0044E7D6 堆栈 0012FF58 0012FFE0 指针到下一个 SEH 记录 0012FF5C 0044E7DC SE 句柄 ctrl+g 0044E7DC F7往下 0044E7FC 64:67:8F06 0000 pop dword ptr fs:[0] ; 0012FFE0 0044E802 58 pop eax 0044E803 61 popad 0044E804 EB 02 jmp short WorkLog.0044E808 0044E808 F5 cmc 0044E809 33C0 xor eax,eax 0044E80B E8 00000000 call WorkLog.0044E810 0044E810 EB 01 jmp short WorkLog.0044E813 0044E813 FC cld 0044E814 13C7 adc eax,edi 0044E816 8B0C24 mov ecx,dword ptr ss:[esp] 0044E819 58 pop eax 0044E81A 81E9 7F144100 sub ecx,WorkLog.0041147F 0044E820 EB 03 jmp short WorkLog.0044E825 0044E825 1BC1 sbb eax,ecx 0044E827 BB 74BD27A3 mov ebx,A327BD74 0044E82C 81F3 E3AE66A3 xor ebx,A366AEE3 0044E832 EB 01 jmp short WorkLog.0044E835 0044E835 23C3 and eax,ebx ; WorkLog.00411397 0044E837 03D9 add ebx,ecx 0044E839 BF 3A1F9201 mov edi,1921F3A 0044E83E 81F7 271F9201 xor edi,1921F27 0044E844 0BE4 or esp,esp 0044E846 75 01 jnz short WorkLog.0044E849 0044E849 03C6 add eax,esi 0044E84B 68 16F00B42 push 420BF016 0044E850 5A pop edx 0044E851 EB 01 jmp short WorkLog.0044E854 0044E854 F9 stc 0044E855 6BD2 79 imul edx,edx,79 0044E858 3113 xor dword ptr ds:[ebx],edx 0044E85A D1C2 rol edx,1 0044E85C F9 stc 0044E85D 83D2 29 adc edx,29 0044E860 81C3 04000000 add ebx,4 0044E866 EB 01 jmp short WorkLog.0044E869 0044E869 1BC0 sbb eax,eax 0044E86B 48 dec eax 0044E86C E8 0B000000 call WorkLog.0044E87C 0044E871 25 F98D5650 and eax,50568DF9 0044E876 E9 09000000 jmp WorkLog.0044E884 0044E87B 48 dec eax 0044E87C 23C5 and eax,ebp 0044E87E C3 retn 0044E88C 33C5 xor eax,ebp 0044E88E 40 inc eax 0044E88F E8 0B000000 call WorkLog.0044E89F 0044E894 FC cld 0044E895 2BC1 sub eax,ecx 0044E897 E9 09000000 jmp WorkLog.0044E8A5 0044E89C 0BC7 or eax,edi 0044E89E 40 inc eax 0044E89F 03C2 add eax,edx 0044E8A1 C3 retn 0044E8A5 83D8 79 sbb eax,79 0044E8A8 81C2 BCBCC61C add edx,1CC6BCBC 0044E8AE EB 02 jmp short WorkLog.0044E8B2 0044E8B2 48 dec eax 0044E8B3 2BC7 sub eax,edi 0044E8B5 97 xchg eax,edi 0044E8B6 48 dec eax 0044E8B7 97 xchg eax,edi 0044E8B8 EB 01 jmp short WorkLog.0044E8BB 0044E8BB 2D 47BA0043 sub eax,4300BA47 0044E8C0 51 push ecx 0044E8C1 8BCF mov ecx,edi 0044E8C3 E3 03 jecxz short WorkLog.0044E8C8 0044E8C5 59 pop ecx 0044E8C6 ^ EB 8C jmp short WorkLog.0044E854 0044E8C8 59 pop ecx //F4,继续 0044E8C9 F9 stc 0044E8CA 72 02 jb short WorkLog.0044E8CE 0044E8CE 13C0 adc eax,eax 0044E8D0 61 popad 0044E8D1 0BE4 or esp,esp 0044E8D3 75 01 jnz short WorkLog.0044E8D6 0044E8D6 1BC3 sbb eax,ebx 0044E8D8 E8 0B000000 call WorkLog.0044E8E8 0044E8DD 03C1 add eax,ecx 0044E8DF 48 dec eax 0044E8E0 E9 0A000000 jmp WorkLog.0044E8EF 0044E8E5 0BC4 or eax,esp 0044E8E7 90 nop 0044E8E8 90 nop 0044E8E9 33C6 xor eax,esi 0044E8EB C3 retn 0044E8EF 48 dec eax 0044E8F0 C3 retn 0044E728 8B9D 82D34000 mov ebx,dword ptr ss:[ebp+40D382] 0044E72E 33F6 xor esi,esi 0044E730 F7D3 not ebx 0044E732 0BF3 or esi,ebx 0044E734 75 08 jnz short WorkLog.0044E73E 0044E73C /EB 06 jmp short WorkLog.0044E744 0044E73E |039D 62D34000 add ebx,dword ptr ss:[ebp+40D362] 0044E744 \895C24 F0 mov dword ptr ss:[esp-10],ebx 0044E748 8DBD 84D24000 lea edi,dword ptr ss:[ebp+40D284] 0044E74E 33C0 xor eax,eax 0044E750 B9 9E030000 mov ecx,39E 0044E755 F3:AA rep stos byte ptr es:[edi] ////好象在解码 0044E757 8DBD A2B64000 lea edi,dword ptr ss:[ebp+40B6A2] 0044E75D B9 58170000 mov ecx,1758 0044E762 F3:AA rep stos byte ptr es:[edi] ////好象在解码 变成这样的: 0044E73C 0000 add byte ptr ds:[eax],al 0044E73E 0000 add byte ptr ds:[eax],al 0044E740 0000 add byte ptr ds:[eax],al 0044E742 0000 add byte ptr ds:[eax],al 0044E744 0000 add byte ptr ds:[eax],al 0044E746 0000 add byte ptr ds:[eax],al 0044E748 0000 add byte ptr ds:[eax],al 0044E74A 0000 add byte ptr ds:[eax],al 0044E74C 0000 add byte ptr ds:[eax],al 0044E74E 0000 add byte ptr ds:[eax],al 0044E750 0000 add byte ptr ds:[eax],al 0044E752 0000 add byte ptr ds:[eax],al 0044E754 0000 add byte ptr ds:[eax],al 0044E756 0000 add byte ptr ds:[eax],al 0044E758 0000 add byte ptr ds:[eax],al 0044E75A B6 40 mov dh,40 0044E75C 00B9 58170000 add byte ptr ds:[ecx+1758],bh 0044E762 F3:AA rep stos byte ptr es:[edi] 0044E764 66:AB stos word ptr es:[edi] 0044E766 8DBD A2B64000 lea edi,dword ptr ss:[ebp+40B6A2] 0044E76C 85F6 test esi,esi 0044E76E 75 08 jnz short WorkLog.0044E778 0044E770 C707 33C040C3 mov dword ptr ds:[edi],C340C033 0044E776 EB 0B jmp short WorkLog.0044E783 0044E778 C607 E9 mov byte ptr ds:[edi],0E9 0044E77B 47 inc edi 0044E77C 2BDF sub ebx,edi 0044E77E 83EB 04 sub ebx,4 0044E781 891F mov dword ptr ds:[edi],ebx 0044E783 8DBD FACD4000 lea edi,dword ptr ss:[ebp+40CDFA] 0044E789 B9 2C000000 mov ecx,2C 0044E78E F3:AA rep stos byte ptr es:[edi] ////又在解码 0044E790 66:AB stos word ptr es:[edi] 0044E792 EB 02 jmp short WorkLog.0044E796 有再次变为: 0044E796 61 popad 0044E797 - FF6424 D0 jmp dword ptr ss:[esp-30] ; WorkLog.0042005F (***飞向光明之颠*****) 入口点: 0042005F 55 push ebp ////DUMP 00420060 8BEC mov ebp,esp 00420062 6A FF push -1 00420064 68 F8914200 push WorkLog.004291F8 00420069 68 E6014200 push WorkLog.004201E6 ; jmp to MSVCRT._except_handler3 0042006E 64:A1 00000000 mov eax,dword ptr fs:[0] 00420074 50 push eax 00420075 64:8925 00000000 mov dword ptr fs:[0],esp 0042007C 83EC 68 sub esp,68 0042007F 53 push ebx 00420080 56 push esi 00420081 57 push edi 00420082 8965 E8 mov dword ptr ss:[ebp-18],esp 00420085 33DB xor ebx,ebx 00420087 895D FC mov dword ptr ss:[ebp-4],ebx 0042008A 6A 02 push 2 0042008C FF15 D4584200 call dword ptr ds:[4258D4] ; MSVCRT.__set_app_type 00420092 59 pop ecx 00420093 830D 90354300 FF or dword ptr ds:[433590],FFFFFFFF 0042009A 830D 94354300 FF or dword ptr ds:[433594],FFFFFFFF 004200A1 FF15 60594200 call dword ptr ds:[425960] ; MSVCRT.__p__fmode 004200A7 8B0D 84354300 mov ecx,dword ptr ds:[433584] 004200AD 8908 mov dword ptr ds:[eax],ecx 用ImportREC修复不成功啊,郁闷啊 |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值