|
|
|
|
|
|
|
请问那儿有正版的EXECryptor买?
http://www.strongbit.com/execryptor.asp |
|
|
|
Aspack 的壳有要修复脱壳程序的吗?
去除自检验――手机短信炸弹2005终结版 看来一下,P-Code的东东 stripper_v207f自动脱壳后用WKTVBDebugger调试 下rtcFileLen断点 ***********Reference To:[propget]App.EXEName | :0040EC94 0D58001B00 VCallHresult ;Call ptr_0040A1A8 :0040EC99 3EDCFE FLdZeroAd ;Push DWORD [LOCAL_0124]; [LOCAL_0124]=0 :0040EC9C 46CCFE CVarStr ; :0040EC9F FBEFBCFE ConcatVar ; ******Possible String Ref To->".exe" | :0040ECA3 3AACFE2400 LitVarStr ;PushVarString ptr_0040A1FC :0040ECA8 FBEF9CFE ConcatVar ; :0040ECAC 60 CStrVarTmp ; :0040ECAD 3178FF FStStr ;SysFreeString [LOCAL_0088]; [LOCAL_0088]=Pop :0040ECB0 2F64FF FFree1Str ;SysFreeString [LOCAL_009C]; [LOCAL_009C]=0 :0040ECB3 29060070FF68FFE0 FFreeAd ; :0040ECBC 36120054FF34FF14 FFreeVar ;Free 0012/2 variants :0040ECD1 0013 LargeBos ;IDE beginning of line with 13 byte codes :0040ECD3 6C78FF ILdRf ;Push DWORD [LOCAL_0088] **********Reference To->msvbvm50.rtcFileLen | :0040ECD6 5E25000400 ImpAdCallI2 ;Call ptr_00401036; check stack 0004; Push EAX :0040ECDB F518F60000 LitI4 ;Push 0000F618 :0040ECE0 DB GtI4 ;Push (Pop1 > Pop2) :0040ECE1 1CDF00 BranchF ;If Pop=0 then ESI=0040ECEB //不跳则OVER 修改为:1EDF00 Branch ★ ;ESI=0040ECEB :0040ECE4 0004 LargeBos ;IDE beginning of line with 04 byte codes :0040ECE6 FCC800 End ; //Game Over |
|
Aspack 的壳有要修复脱壳程序的吗?
自检验不是都只检测长度 |
|
|
|
有谁知道版本是多少?
知道了确切版本号又有何意义? |
|
有人知道这个壳的破法么
我的意思是:如果ASProtect V1.23 RC4脱不了,也就没必要去搞1.3X |
|
|
|
|
|
|
|
[求助]Armadillo V4.X CopyMem-II脱壳
按我上面的代码patch可以完成解码后dump |
|
MoleBox捆绑文件的解包方法――MoleBox Pro V2.3.3主程序脱壳+破解
哪个地方解码的就复制到哪里 |
|
[求助]Armadillo V4.X CopyMem-II脱壳
没有dump出来? 00428F16 FF85 CCF5FFFF inc dword ptr ss:[ebp-0A34] 00428F1C C705 4C3F4600 0 mov dword ptr ds:[463F4C],1 00428F26 E9 18FFFFFF jmp 00428E43 |
|
fly收集的一些PEiD Sign
用工具要看说明文档 ;The file userdb.txt is used to store the external signatures. ;External signatures can be modified by the user as and when he requires. ;The signatures are in the format [Name of the Packer v1.0] signature = 50 E8 ?? ?? ?? ?? 58 25 ?? F0 FF FF 8B C8 83 C1 60 51 83 C0 40 83 EA 06 52 FF 20 9D C3 ep_only = true ;The ?? in the signature represent wildcard bytes (they are skipped while scanning) ;ep_only can be either true or false. When true, the signature is scanned for at the EntryPoint only. ;Else it is scanned throughout the file. ;A '*' in the results of PEiD signifies that the external database was used for scanning the file. 一般是取EP处几个字节 |
|
fly收集的一些PEiD Sign
记事本打开自己加特征码 |
|
|
|
|
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值