|
[求助]脱UltraProtect 1.x遇难,请指点
记住:发贴前先搜索看雪论坛精华合集 |
|
求一样东西PERPLEX PE-PROTECTOR
ACProtect旧版吧 |
|
fly收集的一些PEiD Sign
大家可以补充、完善这个数据库 [SafeGuard V1.0X -> simonzh2000] signature = E8 00 00 00 00 EB 29 ep_only = true |
|
看雪论坛脱壳版发贴过3万
最初由 hnhuqiong 发布 记住一句话:学习永远是自己的事 大家都从一无所知走过来,即使有师傅,也只是领进门、指导一下方向而已。你能收获多少,在于你能为脱壳付出多少 |
|
|
|
乐百事纯净水的进化.
运行,去\\Temp\RarSFX0目录下复制出Cater.exe Object01: UPX0 RVA: 00001000 Offset: 00000400 Size: 00000000 Flags: C0000040 Object02: UPX1 RVA: 00006000 Offset: 00000400 Size: 00002000 Flags: C0000040 Object03: .rsrc RVA: 00009000 Offset: 00002400 Size: 00000800 Flags: C0000040 Object04: .yygw RVA: 0000A000 Offset: 00002C00 Size: 00000C00 Flags: C0000040 Object05: .aspack RVA: 0000C000 Offset: 00003800 Size: 00001000 Flags: C0000040 Object06: .adata RVA: 0000D000 Offset: 00004800 Size: 00000000 Flags: C0000040 Object07: XJ RVA: 0000E000 Offset: 00004800 Size: 00000BA2 Flags: E00000E0 直接去脱里面的UPX就行了 004081D7 61 popad 004081D8 E9 6F8EFFFF jmp 0040104C |
|
小学生,学SMC
UPX/AsPack的SMC直接在跳OEP前修改就行了 不需要再进行跟踪定位何处可以SMC 另外:MOV WORD PTR DS:[4011E3],6A 可以是:mov byte ptr ds:[4011E4],0 |
|
[求助]加壳的奇怪问题,加壳后出错
AsProtect |
|
|
|
[求助]加壳的奇怪问题,加壳后出错
现在不少壳对.net程序支持还不好 |
|
脱壳为什么用API 函数closehandle?
bp XX函数+XX 一般是为了避开壳对函数前面几条语句是否被设置普通断点的检测 没人说脱壳必须要bp CloseHandle 只是针对某些壳而使用的断点吧 |
|
|
|
脱壳修复问题
How does it work? ----------------- 1) - Select the first based image with the "..." button on the "Original" line. The imagebase will be put automatically. If it is not right, modify it. 2) - Select the second based image with the "..." button on the "Compare to" line. The imagebase will be put automatically. If it is not right, modify it. 3) - Click on "Select Sections" to select all sections which contain code for comparison (default is all). 4) - Click on "Compare" to start comparison between the modules. The result will be in the list control. 5) - If you have other based images, redo the same thing from 2) for all of them 6) - Click on "Fix PE Module" to select a pe file and fix with the new ".reloc" section. |
|
|
|
|
|
这个没见过。怎么脱?
ACProtector见过吧 |
|
[分享]armadillo加壳需KEY运行解压有门!
那如果一个key也没有? |
|
|
|
|
|
9层壳,unpackme
其实这个东东基本上一层层脱壳后都可以运行 |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值