|
RamSmash 手动脱壳+破解
PECompact V2.X |
|
求助大侠一个NsPack 1.4 -> Liuxingping [Overlay] * 壳。
手动脱壳或者使用Quick Unpack自动脱壳 用WinHeX把config.exe的附加数据复制写入到脱壳文件的末尾就行了 附加数据开始位置=0X7800 00401196 8B35 1C604000 mov esi,dword ptr ds:[40601C] ; kernel32.SetFilePointer 0040119C 6A 02 push 2 0040119E 53 push ebx 0040119F 6A F8 push -8 004011A1 57 push edi 004011A2 FFD6 call esi 004011A4 3D E8030000 cmp eax,3E8 004011A9 8945 F4 mov dword ptr ss:[ebp-C],eax 004011AC 0F82 FD020000 jb 004014AF 004011B2 8D45 E4 lea eax,dword ptr ss:[ebp-1C] 004011B5 53 push ebx 004011B6 50 push eax 004011B7 8D45 DC lea eax,dword ptr ss:[ebp-24] 004011BA 6A 08 push 8 004011BC 50 push eax 004011BD 57 push edi 004011BE 895D E4 mov dword ptr ss:[ebp-1C],ebx 004011C1 FF15 18604000 call dword ptr ds:[406018] ; kernel32.ReadFile 004011C7 85C0 test eax,eax 004011C9 0F84 E9020000 je 004014B8 004011CF 837D E4 08 cmp dword ptr ss:[ebp-1C],8 004011D3 0F85 DF020000 jnz 004014B8 004011D9 8B45 DC mov eax,dword ptr ss:[ebp-24] 004011DC 817D E0 A5B79A82 cmp dword ptr ss:[ebp-20],829AB7A5 004011E3 8945 08 mov dword ptr ss:[ebp+8],eax 004011E6 0F85 C3020000 jnz 004014AF 004011EC 83F8 04 cmp eax,4 004011EF 0F8C BA020000 jl 004014AF 004011F5 3B45 F4 cmp eax,dword ptr ss:[ebp-C] 004011F8 0F8D B1020000 jge 004014AF 004011FE 50 push eax 004011FF E8 32220000 call 00403436 00401204 3BC3 cmp eax,ebx 00401206 59 pop ecx 00401207 8945 F8 mov dword ptr ss:[ebp-8],eax 0040120A 0F84 07010000 je 00401317 00401210 6A 02 push 2 00401212 53 push ebx 00401213 6A F8 push -8 00401215 895D E8 mov dword ptr ss:[ebp-18],ebx 00401218 58 pop eax 00401219 2B45 08 sub eax,dword ptr ss:[ebp+8] 0040121C 50 push eax 0040121D 57 push edi 0040121E FFD6 call esi 00401220 83F8 FF cmp eax,-1 00401223 0F84 7D020000 je 004014A6 00401229 8B75 F8 mov esi,dword ptr ss:[ebp-8] 0040122C 8D45 E8 lea eax,dword ptr ss:[ebp-18] 0040122F 53 push ebx 00401230 50 push eax 00401231 FF75 08 push dword ptr ss:[ebp+8] 00401234 56 push esi 00401235 57 push edi 00401236 FF15 18604000 call dword ptr ds:[406018] ; kernel32.ReadFile 0040123C 85C0 test eax,eax 0040123E 0F84 62020000 je 004014A6 00401244 8B45 08 mov eax,dword ptr ss:[ebp+8] 00401247 3945 E8 cmp dword ptr ss:[ebp-18],eax 0040124A 0F85 56020000 jnz 004014A6 00401250 813E A5B79A82 cmp dword ptr ds:[esi],829AB7A5 00401256 0F85 4A020000 jnz 004014A6 0040125C 8D85 6CFEFFFF lea eax,dword ptr ss:[ebp-194] 00401262 83C6 04 add esi,4 00401265 50 push eax 00401266 68 04010000 push 104 0040126B FF15 14604000 call dword ptr ds:[406014] ; kernel32.GetTempPathA |
|
|
|
|
|
UPX ShellEx 在我的电脑xp不好使,右键没有UPX ShellEx??
重新安装也不行? 参看:http://bbs.pediy.com/showthread.php?s=&threadid=25707 最初由 heXer 发布 最初由 dREAMtHEATER 发布 |
|
|
|
|
|
|
|
[求助]borland c++ 1999 求教~!
是把: BaseOfCode改为第一区段的voffset BaseOfData改为第二区段的voffset 不需要动区段数据 另外,这个改不改都无所谓 忽略那个提示就行了 |
|
|
|
|
|
[求助]xp下有关upx脱壳的问题
用相同版本upx来 -d |
|
[求助]高手帮忙!关于UPX壳的!
脱壳机脱下看看信息 |
|
|
|
[分享]菜鸟脱壳成长历程
鼓励一下 |
|
|
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值