|
狗外壳、外壳加密压缩、脱狗外壳!㈢
上面文章主要对有狗朋友(本人以为很明确了) 如下明细: 1、W32Dasm反汇编原狗壳程序,查jmp dword ptr [00 得到RCC0壳入口: :00761235 50 push eax :00761236 E8DDF3FFFF call 00760618 :0076123B 83C40C add esp, 0000000C :0076123E 90 nop :0076123F 90 nop :00761240 90 nop :00761241 90 nop :00761242 90 nop :00761243 90 nop :00761244 90 nop :00761245 90 nop :00761246 90 nop :00761247 90 nop :00761248 90 nop :00761249 90 nop :0076124A 90 nop :0076124B 90 nop :0076124C 90 nop :0076124D 90 nop :0076124E 90 nop :0076124F 90 nop :00761250 90 nop :00761251 90 nop :00761252 EB00 jmp 00761254 * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:00761126(U), :007611B7(U), :007611E3(U), :00761252(U) :00761254 5F pop edi :00761255 5E pop esi :00761256 5B pop ebx :00761257 C9 leave :00761258 90 nop :00761259 90 nop :0076125A 90 nop :0076125B 90 nop :0076125C 90 nop :0076125D 90 nop :0076125E 90 nop :0076125F 90 nop :00761260 61 popad * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00761335(C) :00761261 FF2510217600 jmp dword ptr [00762110] *************** :00761267 C3 ret :00761268 90 nop :00761269 90 nop :0076126A 90 nop :0076126B 90 nop :0076126C 90 nop :0076126D 90 nop * Referenced by a CALL at Address: |:0076121A :0076126E 55 push ebp 2、反汇编脱壳1.EXE,查WSOCK32.DLL取其前面的Possible StringData Ref from Data Obj ->"Y%并记下 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00695B06(U) :0069677E 90 nop :0069677F 90 nop :00696780 90 nop :00696781 90 nop :00696782 90 nop :00696783 90 nop * Possible StringData Ref from Data Obj ->"Y%??? :00696784 A14CBA6A00 mov eax, dword ptr [006ABA4C] **** :00696789 50 push eax :0069678A E8F4EBFFFF call 00695383 :0069678F 83C404 add esp, 00000004 :00696792 A34CBA6A00 mov dword ptr [006ABA4C], eax * Possible StringData Ref from Data Obj ->"Y%??? :00696797 A150BA6A00 mov eax, dword ptr [006ABA50] **** :0069679C 50 push eax :0069679D E8E1EBFFFF call 00695383 :006967A2 83C404 add esp, 00000004 :006967A5 A350BA6A00 mov dword ptr [006ABA50], eax * Possible StringData Ref from Data Obj ->"Y%??? :006967AA A154BA6A00 mov eax, dword ptr [006ABA54] **** :006967AF 50 push eax :006967B0 E8CEEBFFFF call 00695383 :006967B5 83C404 add esp, 00000004 :006967B8 A354BA6A00 mov dword ptr [006ABA54], eax * Possible StringData Ref from Data Obj ->"Y%??? :006967BD A158BA6A00 mov eax, dword ptr [006ABA58] **** :006967C2 50 push eax :006967C3 E8BBEBFFFF call 00695383 :006967C8 83C404 add esp, 00000004 :006967CB A358BA6A00 mov dword ptr [006ABA58], eax * Possible StringData Ref from Data Obj ->"Y%??? :006967D0 A15CBA6A00 mov eax, dword ptr [006ABA5C] **** :006967D5 50 push eax :006967D6 E8A8EBFFFF call 00695383 :006967DB 83C404 add esp, 00000004 :006967DE A35CBA6A00 mov dword ptr [006ABA5C], eax * Possible StringData Ref from Data Obj ->"Y%??? :006967E3 A160BA6A00 mov eax, dword ptr [006ABA60] **** :006967E8 50 push eax :006967E9 E895EBFFFF call 00695383 :006967EE 83C404 add esp, 00000004 :006967F1 A360BA6A00 mov dword ptr [006ABA60], eax * Possible StringData Ref from Data Obj ->"Y%??? :006967F6 A164BA6A00 mov eax, dword ptr [006ABA64] **** :006967FB 50 push eax :006967FC E882EBFFFF call 00695383 :00696801 83C404 add esp, 00000004 :00696804 A364BA6A00 mov dword ptr [006ABA64], eax * Possible StringData Ref from Data Obj ->"Y%??? :00696809 A168BA6A00 mov eax, dword ptr [006ABA68] **** :0069680E 50 push eax :0069680F E86FEBFFFF call 00695383 :00696814 83C404 add esp, 00000004 :00696817 A368BA6A00 mov dword ptr [006ABA68], eax :0069681C E97FF3FFFF jmp 00695BA0 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00695B10(U) :00696821 90 nop :00696822 90 nop :00696823 90 nop :00696824 90 nop :00696825 90 nop :00696826 90 nop :00696827 A16CBA6A00 mov eax, dword ptr [006ABA6C] :0069682C 50 push eax :0069682D E851EBFFFF call 00695383 :00696832 83C404 add esp, 00000004 :00696835 A36CBA6A00 mov dword ptr [006ABA6C], eax * Possible StringData Ref from Data Obj ->"Y%??? :0069683A A170BA6A00 mov eax, dword ptr [006ABA70] **** :0069683F 50 push eax :00696840 E83EEBFFFF call 00695383 :00696845 83C404 add esp, 00000004 :00696848 A370BA6A00 mov dword ptr [006ABA70], eax * Possible StringData Ref from Data Obj ->"Y%??? :0069684D A174BA6A00 mov eax, dword ptr [006ABA74] **** :00696852 50 push eax :00696853 E82BEBFFFF call 00695383 :00696858 83C404 add esp, 00000004 :0069685B A374BA6A00 mov dword ptr [006ABA74], eax * Possible StringData Ref from Data Obj ->"Y%??? :00696860 A178BA6A00 mov eax, dword ptr [006ABA78] **** :00696865 50 push eax :00696866 E818EBFFFF call 00695383 :0069686B 83C404 add esp, 00000004 :0069686E A378BA6A00 mov dword ptr [006ABA78], eax * Possible StringData Ref from Data Obj ->"Y%??? :00696873 A17CBA6A00 mov eax, dword ptr [006ABA7C] **** :00696878 50 push eax :00696879 E805EBFFFF call 00695383 :0069687E 83C404 add esp, 00000004 :00696881 A37CBA6A00 mov dword ptr [006ABA7C], eax * Possible StringData Ref from Data Obj ->"Y%??? :00696886 A180BA6A00 mov eax, dword ptr [006ABA80] **** :0069688B 50 push eax :0069688C E8F2EAFFFF call 00695383 :00696891 83C404 add esp, 00000004 :00696894 A380BA6A00 mov dword ptr [006ABA80], eax :00696899 E902F3FFFF jmp 00695BA0 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00695B1A(U) :0069689E 90 nop :0069689F 51 push ecx :006968A0 31C9 xor ecx, ecx :006968A2 E301 jcxz 006968A5 :006968A4 BF596888BA mov edi, BA886859 :006968A9 6A00 push 00000000 :006968AB FF1574026B00 call dword ptr [006B0274] :006968B1 8985DCFEFFFF mov dword ptr [ebp+FFFFFEDC], eax :006968B7 83BDDCFEFFFF00 cmp dword ptr [ebp+FFFFFEDC], 00000000 :006968BE 7418 je 006968D8 :006968C0 8B85DCFEFFFF mov eax, dword ptr [ebp+FFFFFEDC] :006968C6 A3FCF76A00 mov dword ptr [006AF7FC], eax :006968CB 8B85DCFEFFFF mov eax, dword ptr [ebp+FFFFFEDC] :006968D1 50 push eax :006968D2 FF15F4016B00 call dword ptr [006B01F4] * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:006968BE(C) :006968D8 C705ECF76A0000000000 mov dword ptr [006AF7EC], 00000000 :006968E2 FF157C026B00 call dword ptr [006B027C] :006968E8 8985E8FEFFFF mov dword ptr [ebp+FFFFFEE8], eax :006968EE 81BDE8FEFFFF00000080 cmp dword ptr [ebp+FFFFFEE8], 80000000 :006968F8 734A jnb 00696944 :006968FA C7055CBF6A0001000000 mov dword ptr [006ABF5C], 00000001 * Possible StringData Ref from Data Obj ->"WSOCK32.DLL" ***************** :00696904 6860BF6A00 push 006ABF60 :00696909 FF1574026B00 call dword ptr [006B0274] :0069690F 8985DCFEFFFF mov dword ptr [ebp+FFFFFEDC], eax :00696915 83BDDCFEFFFF00 cmp dword ptr [ebp+FFFFFEDC], 00000000 :0069691C 7424 je 00696942 * Possible StringData Ref from Data Obj ->"WSAGetLastError" 3、冲击波Bw2000得真入口例如:006922F8 <需狗> 另外: 无狗的朋友不妨带上一张软盘或闪盘,拷上TRw2000、W32Dash、冲击波,到有狗用户点疏通一下,不就十来分钟码! 据热心网友介绍,新虹壳是没有无狗可试用功能的,就算原程序有试用功能也不行。(似乎多了点保护,推广性可差了!) 奥运闭幕了,中国队赢了! 无狗脱新虹壳已经有眉目了! Email:jhqg3721@yahoo.com.cn |
|
|
|
狗外壳、外壳加密压缩、脱狗外壳!㈡
彩虹狗壳已搞定!第三篇虹狗心得文章就要见面。 哪位朋友有无狗可试用的虹狗壳软件请发过来,让我来写无狗脱壳心得,省得再写第四篇。 jhqg3721@yahoo.com.cn (1G) jhqg7878eb90@yahoo.com.cn (1G) |
|
请问《加壳与脱壳》(贾洪七公)的这书哪有下的?
本人未出书,指的是《加壳与脱壳》论坛! |
|
|
|
加密狗外壳破解
请看本人的[狗外壳、外壳加密压缩、脱狗外壳]小文章 [email]jhqg3721@yahoo.com.cn[/email] [email]jhqg3721@sina.com[/email] |
|
有专门读取硬件狗的软件吗?
请阅读本人在《加壳与脱壳》里的文章 |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值