|
ACProtect V.1.3x-1.41的CodeReplace
好文,来点示例就更好了. |
|
|
|
Point-h in WinXP english tutorial
这个东西不错,怎么没人顶. |
|
绿鹰PC万能精灵3.00的脱壳
绿鹰PC万能精灵3.5 00424D32 svi>/$ B8 1C3B5600 mov eax,svi.00563B1C 00424D37 |. 50 push eax 00424D38 |? 64:FF35 00000000 push dword ptr fs:[0] 00424D3F |? 64:8925 00000000 mov dword ptr fs:[0],esp 00424D3F----> f8到这后 d 0012ffbc 0012FFBC E0 FF 12 00 硬件写入断点DWORD F9 00563B4B 83C4 04 add esp,4 00563B4E 55 push ebp 00563B4F 53 push ebx 00563B50 51 push ecx 00563B51 57 push edi 00563B52 56 push esi 00563B53 52 push edx 00563B54 8D98 32113E00 lea ebx,dword ptr ds:[eax+3E1132] 00563B5A 8B53 18 mov edx,dword ptr ds:[ebx+18] 00563B5D 52 push edx 00563B5E 8BE8 mov ebp,eax 00563B60 6A 40 push 40 00563B62 68 00100000 push 1000 00563B67 FF73 04 push dword ptr ds:[ebx+4] 00563B6A 6A 00 push 0 00563B6C 8B4B 10 mov ecx,dword ptr ds:[ebx+10] 00563B6F 03CA add ecx,edx 00563B71 8B01 mov eax,dword ptr ds:[ecx] 00563B73 FFD0 call eax 00563B75 5A pop edx 00563B76 8BF8 mov edi,eax 00563B78 50 push eax 00563B79 52 push edx 00563B7A 8B33 mov esi,dword ptr ds:[ebx] 00563B7C 8B43 20 mov eax,dword ptr ds:[ebx+20] 00563B7F 03C2 add eax,edx 00563B81 8B08 mov ecx,dword ptr ds:[eax] 00563B83 894B 20 mov dword ptr ds:[ebx+20],ecx 00563B86 8B43 1C mov eax,dword ptr ds:[ebx+1C] 00563B89 03C2 add eax,edx 00563B8B 8B08 mov ecx,dword ptr ds:[eax] 00563B8D 894B 1C mov dword ptr ds:[ebx+1C],ecx 00563B90 03F2 add esi,edx 00563B92 8B4B 0C mov ecx,dword ptr ds:[ebx+C] 00563B95 03CA add ecx,edx 00563B97 8D43 1C lea eax,dword ptr ds:[ebx+1C] 00563B9A 50 push eax 00563B9B 57 push edi 00563B9C 56 push esi 00563B9D FFD1 call ecx 00563B9F 5A pop edx 00563BA0 58 pop eax 00563BA1 0343 08 add eax,dword ptr ds:[ebx+8] 00563BA4 8BF8 mov edi,eax 00563BA6 52 push edx 00563BA7 8BF0 mov esi,eax 00563BA9 8B46 FC mov eax,dword ptr ds:[esi-4] 00563BAC 83C0 04 add eax,4 00563BAF 2BF0 sub esi,eax 00563BB1 8956 08 mov dword ptr ds:[esi+8],edx 00563BB4 8B4B 10 mov ecx,dword ptr ds:[ebx+10] 00563BB7 894E 24 mov dword ptr ds:[esi+24],ecx 00563BBA 8B4B 14 mov ecx,dword ptr ds:[ebx+14] 00563BBD 51 push ecx 00563BBE 894E 28 mov dword ptr ds:[esi+28],ecx 00563BC1 8B4B 0C mov ecx,dword ptr ds:[ebx+C] 00563BC4 894E 14 mov dword ptr ds:[esi+14],ecx 00563BC7 FFD7 call edi 00563BC9 8985 23123E00 mov dword ptr ss:[ebp+3E1223],eax 00563BCF 8BF0 mov esi,eax 00563BD1 59 pop ecx 00563BD2 5A pop edx 00563BD3 03CA add ecx,edx 00563BD5 68 00800000 push 8000 00563BDA 6A 00 push 0 00563BDC 57 push edi 00563BDD FF11 call dword ptr ds:[ecx] 00563BDF 8BC6 mov eax,esi 00563BE1 5A pop edx 00563BE2 5E pop esi 00563BE3 5F pop edi 00563BE4 59 pop ecx 00563BE5 5B pop ebx 00563BE6 5D pop ebp 00563BE7 FFE0 jmp eax 这里下断 F9 F8 OK |
|
2004年《看雪论坛精华6》优秀文章评奖2---脱壳奖
fly很优秀 |
|
请问这是加的什么壳
厉害,他说的是3.60版本的别个版本好象无效啊. 不忽略任何异常也没有告诉. 哎我一看E文就晕. 他的意识是载入OLD Press SHIFT+F9 3 times (in this case 3 times) SHIFT+F9 3次后看到 003C5EFA ED in eax,dx 003C5EFB 81FB 68584D56 cmp ebx,564D5868 003C5F01 75 04 jnz short 003C5F07 003C5F03 C645 FF 01 mov byte ptr ss:[ebp-1],1 003C5F07 8A45 FF mov al,byte ptr ss:[ebp-1] CTRL+B armVersion>搜索 003EBC2D 61 popad 在这里转存中跟随选择部分 看到内存区域必须是HEX or TEXT Mode And you will get a 'PRIVILEGED INSTRUCTION' in this case. Now the CODE is Decrypted and we can find ARMADiLLO's EXACT compiler VERSiON 003EBC2D armVersion>....3.60.... <enhancedHardwareID xsi:type="xsd:stri 003EBC6D ng">%u</enhancedHardwareID>.... <standardHardwareID xsi:type=" 003EBCAD xsd:string">%u</standardHardwareID>.... <downloadID xsi:type=" 003EBCED xsd:string">%s</downloadID>.... <key xsi:type="xsd:string">%s< 003EBD2D /key>.. <entitlementID xsi:type="xsd:string">%s</entitlementID 003EBD6D >.. <password xsi:type="xsd:string">%s</password>.... <reqID 003EBDAD xsi:type="xsd:string">%s</reqID>..xmlns:ns2="http://webservic 不知道理解对不对 |
|
请问这是加的什么壳
请问版本是2.5吗 |
|
较完善的旧版Acprotect1.0x-1.2x脱壳脚本
辛苦了,继续吧. |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值