|
修复OD的一个bug
刚又修改了一下 因有部分插件读ini是读e文的 有部分是读中文的 所以不正常 这一次改好了 建议各位以后汉化时尽量不要改原ollydbg.ini里的了 不然会太乱 包里也patch了fly的版本的了 |
|
|
|
Stud_PE v. 2.1.0.1
查找 add esp, 60 004BBAEF |. 83C4 60 ADD ESP, 60 004BBAF2 |. 5D POP EBP 004BBAF3 |. FFE0 JMP EAX -->oep 004BBAF5 |> 5F POP EDI 004BBAF6 |. 5E POP ESI 004BBAF7 |. 5B POP EBX 在 44666C 处 dump 修正Import Table ok 期待汉化版 :) |
|
|
|
|
|
直接PATCH ASPR2教程。
里面就一个 doc文件就这些内容 |
|
直接PATCH ASPR2教程。
Inline patching asprotect This is not really a tutorial , but synopsis on the basis of inline patching asprotect. The general tactic is very useful indeed for patching any protected target by other protections as well. To make things easy I will only touch the ground with you on the basic that you need to accomplish the goal. The goal is to pass through the protection and patch the target code. I will do that by attaching a dll that oversees the execution of protected target, if succeeded , then your imagination and skills are the limit of what you can do. Asprotect will refuse to take our remedy, we either have to force it or play a trick on it so I will go with gentle one, the trick: The trick is well known and can be accomplished by different means, my way of doing that is easy and is as follow: As you may know, the trick is to have asprotect checking the original exe , not the patched one. So make a copy and change the last letter of its name, if we take dvdfab.exe for example the patched exe would be dvdfah.exe. Load the patched exe into ollydbg, follow esp to dump, shift+f9 about 5 times or so, search in dump for “h.ex” with out the qt., once found make a note of the stack address. Restart ollydbg, in dump go to the noted address, shift+f9 till you see the string “h.ex”, then Alt+k , double click on the address you see , this is the call we want to loop right below it , just choose an address the best fit. The mission is almost over, by changing the “h.ex” to “b.ex”, asprotect will swallow the bait. Now we have all the info needed, we can check for landmarks to guide us through. Will try to make it works on other pcs, so set bp on virtualAlloc , second stop , alt+f9 , you will see three moves storing the eax value the first one is the base we need , the last one , the one after the fs:[0], is the landmark we need. Write down the two address you found at [ebp+xxx], Subtract the base from va address for looping, will have the rva needed. In the initialization phase of the dll , create a thread the checks the landmark address for non zero entry if true then you can suspend the main thread , if you want, or just go ahead and add the rva to base to get va address to patch to make target loop, if you had suspended the thread resume it now check the stack address for the string as I indicated above, continue checking the stack address till string found, you can suspend the process thread if you want, change string as I indicated above ,if suspended resume, now you can pass through asprotect with your dll on board, have your dll check for landmarks to patch the target exe for anything you desire.[I did not include images because I think it is easy enough]. hoping it may be of any benefit to any of you. Kind Regards ! BriteDream. 谁译一下 |
|
|
|
[原创]一个OD插件/花指令(附件重新上传了)
和 OllyUni Plugin for OllyDbg 有冲突 不能一起用 |
|
|
|
最新PEiD v0.93汉化版
脱了壳就没问题了 |
|
|
|
|
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值