|
|
|
请问下关于delphi的脱壳是否有通用方法(不用修复的)
可以根据编译语言的特征来找OEP 打开一个无壳的delphi程序观察 Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 000507A0 E4 03 45 00 88 03 45 00 F0 0F 45 00 C0 0F 45 00 ?E ?E ?E ?E 000507B0 A8 11 45 00 78 11 45 00 00 00 00 00 B0 11 45 00 ?E x E ?E 000507C0 55 8B EC 83 C4 F0 B8 D8 11 45 00 E8 F8 47 FB FF U??鸶?E 桫G? 000507D0 A1 28 30 45 00 8B 00 E8 AC DA FF FF 8B 0D 08 31 ?0E ?璎?? 1 000507E0 45 00 A1 28 30 45 00 8B 00 8B 15 28 04 45 00 E8 E ?0E ??( E ? 000507F0 AC DA FF FF 8B 0D 40 31 45 00 A1 28 30 45 00 8B ???@1E ?0E ? 00050800 00 8B 15 F8 0F 45 00 E8 94 DA FF FF A1 28 30 45 ??E ???0E 00050810 00 8B 00 E8 08 DB FF FF E8 03 29 FB FF 8D 40 00 ????)?? 00050820 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00050830 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00050840 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00050850 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00050860 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00050870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00050880 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00050890 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000508A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000508B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000508C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000508D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000508E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000508F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00050900 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00050910 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00050920 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00050930 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00050940 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00050950 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00050960 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00050970 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00050980 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00050990 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000509A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000509B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000509C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000509D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000509E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000509F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00050A00 00 00 00 00 00 00 00 00 02 8D 40 00 00 00 00 00 ? 00050A10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00050A20 32 13 8B C0 02 00 8B C0 00 8D 40 00 00 8D 40 00 2 ? ? ? ? 00050A30 00 8D 40 00 00 00 00 00 00 00 00 00 E8 20 40 00 ? ?@ 00050A40 78 22 40 00 F8 25 40 00 00 CB CC C8 C9 D7 CF C8 x"@ ?@ 颂壬紫? 00050A50 CD CE DB D8 DA D9 CA DC DD DE DF E0 E1 E3 00 E4 臀圬谫受蒉哙徙 ? 00050A60 E5 8D 40 00 45 72 72 6F 72 00 8B C0 52 75 6E 74 ?@ Error ?Runt 00050A70 69 6D 65 20 65 72 72 6F 72 20 20 20 20 20 61 74 ime error at 00050A80 20 30 30 30 30 30 30 30 30 00 8B C0 30 31 32 33 00000000 ?0123 00050A90 34 35 36 37 38 39 41 42 43 44 45 46 FF FF FF FF 456789ABCDEF?? 00050AA0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00050AB0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 第二区段从00050A00处开始 向上看 Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 000507B0 A8 11 45 00 78 11 45 00 00 00 00 00 B0 11 45 00 ?E x E ?E 000507C0 55 8B EC 83 C4 F0 B8 D8 11 45 00 E8 F8 47 FB FF U??鸶?E 桫G? 偏移507C0就是OEP |
|
|
|
|
|
|
|
[求助]脱 Cheating-Death的dll 好难
汗,这个侦壳工具可以识别的 Protection ID V5.2 |
|
|
|
|
|
|
|
[求助]脱 Cheating-Death的dll 好难
File Type : Dll, Size : 425984 (068000h) Bytes |
|
[求助]一个不知名的壳
Semi.VB.Decompiler.V1.0.64.Retail.By.h4t0r Semi VB Decompiler 汉化修正版.by.CxLrb |
|
请问IAT不连续要怎么办呢??
脱壳时避开ACPr输入表加密 |
|
|
|
|
|
Thinstall V2.501脱壳――Win98的Notepad
Thinstall.V2.5X.Single.Main.eXe.UnPacK Script 试试脱壳脚本 注意按提示操作 |
|
|
|
|
|
今天碰到一怪事:关于脱aspack
Ctrl+A |
|
|
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值