|
[原创]Safengine Shielden 2.3.8.0 脱壳 ∷之∷ 为了能下断
精彩!精辟!精神!好文! |
|
[原创]SharpOD 反反调试插件 v0.6b (增加功能和修复BUG)
太强大的插件,万分感谢楼主分享。 |
|
哪位大侠帮忙看一下这段代码(VMP的)功能
出口地址在10001525处 |
|
哪位大侠帮忙看一下这段代码(VMP的)功能
今天又跟了一下,原来是一张跳转表。跳转地址整理如下: 100014AA 100014B5 10001527 10001530 1000153F 1000154B 10001556 10001562 10001586 10001590 100015A7 100015B3 100015C5 100015D3 100015EE 100015F9 100015FF 1000160E 10001618 1000161E 1000162C 1000163B 1000163B 1000163B 1000163B 10001649 10001652 10001664 1000166C 10001685 1000168C 10001A9A 10001AA5 10001AC9 10001ACF 10001AEB 10001AF4 10001B0E 10001B17 10001B1F 10001B29 10001B35 10001B41 10001B4A 10001B54 10001B6E 10001B79 10001B79 10001B88 这张表去掉了重复地址 |
|
[求助]一个VFP软件不知加了什么壳。
SET SYSMENU OFF SET EXCLUSIVE OFF SET TALK OFF SET CONSOLE OFF SET DELETED ON SET EXACT ON SET CENTURY ON SET DATE TO ansi SET SAFETY OFF _SCREEN.visible = .T. _SCREEN.caption = "猪猪小庄统计器 V6.8+ 软件设计:猪猪" SET MESSAGE TO "**统计器,支持共享联网,正在登陆..." SET MESSAGE OFF ON ERROR do errormsg with program(),line(),message(),error() PUBLIC pmaxv, pldt, pduser, pusn, pflmn, pmonx, runok, myplay, smm smm = "ncksku14782" myplay = .F. runok = .F. pflmn = "Data.ini" pmaxv = INT(VAL(getiv(PFLMN,"Default","Max","49"))) pmonx = INT(VAL(rsob(getiv(PFLMN,"Default","MMX","CCDEF")))) pduser = getiv(PFLMN,"Default","使用者","888888") pusn = getiv(PFLMN,"Default","分隔符","") pldt = DATE() gxnn() lvvs = ALLTRIM(SMM) lvs = LVVS tmpa = ALLTRIM(getiv("data.ini","Information","Descrip","")) tmpb = TMPA tmpa = ALLTRIM(RSTRG(TMPA)) lvs = ALLTRIM(rstrg(ALLTRIM(LXRS(LVS)))) IF LVS == TMPA ltsv = TMPB tmpa = ALLTRIM(getiv("Data.ini","NetConnectInfo","NetSR","")) lvs = lxrs(RSTVF(LVVS)+RSTVF(LTSV))+rstvf(lxrs(RSTVF(LVVS)+RSTVF(LTSV))) lvs = ALLTRIM(rstrg(ALLTRIM(LXRS(LVS)))) tmpa = ALLTRIM(RSTRG(TMPA)) IF LVS == TMPA myplay = .T. ELSE myplay = .F. ENDIF ELSE myplay = .F. ENDIF ON SHUTDOWN do onshutdown _SCREEN.picture = getiv("data.ini","分析参数","背景","intwm.bmp") lcigt = getiv("Data.ini","HELP","FirstUsed","0") IF LCIGT = "0" IF getiv("Data.ini","HELP","HTML","0") <> "0" mie = CREATEOBJECT("internetexplorer.application") mie.visible = .T. lmgx = getiv("Data.ini","HELP","HTML","0") IF NOT (SYS(5)+SYS(2003)) $ LMGX IF LEFT(LMGX,1) = "\" lmgx = SYS(5)+SYS(2003)+LMGX ELSE lmgx = SYS(5)+SYS(2003)+"\"+LMGX ENDIF ENDIF MIE.NAVIGATE(LMGX) ENDIF putiv("Data.ini","HELP","FirstUsed","1") ENDIF _SCREEN.windowstate = 2 DO FORM getlogin IF RUNOK IF _SCREEN.width <= 800 MESSAGEBOX("分辨率太低",0,"猪猪统计器") QUIT ELSE DO FORM intmainnc ENDIF DO SXINM6.MPR SET MESSAGE TO "**统计器,欢迎使用... " READ EVENTS ENDIF |
|
[求助]OD调试的问题
今天用PEID的核心扫描查出这个Dll文件是用Private exe Protector V2.0 -> SetiSoft Team *加的壳,不知哪位大侠肯出手,敲开这个硬壳? |
|
老五的vfp&exeNc V5.00主程序脱壳求助
这是用dm的foxtools反编译生成的vfp源代码. |
|
老五的vfp&exeNc V5.00主程序脱壳求助
procedure gpb_zc if USED("hd_dwqkk") select hd_dwqkk else select 0 use hd_dwqkk endif replace 单位名称 with THISFORM.TEXT3.value replace 联系人 with THISFORM.TEXT4.value replace 联系电话 with THISFORM.TEXT5.value if not FILE("hd_regdw.dbf") zcdw_mc = "非法用户" else hd_use("hd_regdw") zcdw_mc = ALLTRIM(resuser_list()) if not ALLTRIM(THISFORM.TEXT3.value) == ZCDW_MC zcdw_mc = ALLTRIM(resuser_list2()) endif endif if not FILE("hd_dwqkk.dbf") xtzc_bz = .f. pjyz_t = .f. return endif lxdh = ALLTRIM(THISFORM.TEXT5.value) zcm1 = ALLTRIM(STR(VAL(SUBSTR(LXDH,1,4))+VAL(SUBSTR(LXDH,6,7)))) zcm2 = VAL(ALLTRIM(STR(VAL(ZCM1)*VAL(SUBSTR(LXDH,6,3))))+ALLTRIM(STR(OUT_BH+VAL(ZCM1)*9))) zcm = HD_10TO16(ZCM2) if ALLTRIM(THISFORM.TEXT2.value) == ZCM .and. ALLTRIM(THISFORM.TEXT3.value) == ZCDW_MC MESSAGEBOX("注册成功,祝贺您获得《客户管理系统》永久使用权!",48,TYTSCK) close databases use hdcsk replace 注册码 with ALLTRIM(THISFORM.TEXT2.value) close databases xtzcm_jc() release thisform else MESSAGEBOX("注册码不正确,请向作者联系注册!",16,TYTSCK) do form 联系注册表单 endif close databases procedure share_zc if USED("hd_dwqkk") select hd_dwqkk else select 0 use hd_dwqkk endif replace 单位名称 with THISFORM.TEXT3.value replace 联系人 with THISFORM.TEXT4.value replace 联系电话 with THISFORM.TEXT5.value x = VAL(THISFORM.TEXT1.value) disk_spac = disk_xlh() disk_s = ALLTRIM(STR(DISK_SPAC,16)) bsm = VAL(SUBSTR(DISK_S,1)) zcm = ABS(BITXOR(BSM,BSM/5+OUT_BH)) if VAL(THISFORM.TEXT2.value) = ZCM MESSAGEBOX("注册成功,祝贺您获得《客户管理系统》永久使用权!",48,TYTSCK) close all use hdcsk replace 注册码 with (THISFORM.TEXT2.value) close databases all xtzcm_jc() release thisform else MESSAGEBOX("注册码不正确,请向作者联系注册!",16,TYTSCK) do form 联系注册表单 endif close all procedure Init close databases if XTZC_BZ thisform.caption = "系统注册――已注册用户" else thisform.caption = "系统注册――未注册用户" endif if not SJDS_SHARE thisform.label6.caption = "航空售票客户管理系统 单机光盘版 Ver "+SUBSTR(VER_BH,5,LEN(VER_BH)-4)+"版 用户注册" else thisform.label6.caption = "航空售票客户管理系统 单机标准版 Ver "+SUBSTR(VER_BH,5,LEN(VER_BH)-4)+"版 用户注册" endif disk_s = ALLTRIM(STR(disk_xlh(),16)) thisform.text1.value = DISK_S if not SJDS_SHARE thisform.text1.visible = .f. thisform.label1.visible = .f. thisform.text2.width = 168 thisform.label2.left = 80 thisform.text2.left = 160 endif if not FILE("hd_dwqkk.dbf") use hdcsk copy structure to hd_jgk extended use hd_jgk zap append blank replace field_name with "单位名称" , field_type with "C" , field_len with 50 , field_dec with 0 append blank replace field_name with "联系人" , field_type with "C" , field_len with 12 , field_dec with 0 append blank replace field_name with "联系电话" , field_type with "C" , field_len with 15 , field_dec with 0 use create hd_dwqkk from hd_jgk use hd_dwqkk append blank ss = SYS(0) replace 单位名称 with SUBSTR(SS,1,AT("#",SS)-1) replace 联系人 with SUBSTR(SS,AT("#",SS)+2,LEN(ALLTRIM(SS))-AT("#",SS)-1) use endif use hd_dwqkk thisform.text3.value = 单位名称 thisform.text4.value = 联系人 thisform.text5.value = 联系电话 thisform.text2.setfocus if XTZC_BZ use hdcsk thisform.text2.value = 注册码 thisform.text2.enabled = .f. thisform.command1.enabled = .f. thisform.command2.setfocus endif |
|
老五的vfp&exeNc V5.00主程序脱壳求助
改写了调试寄存器,所以就死机. |
|
如何去掉脱壳后的文件中的垃圾块?
按照版主说的步骤,没有成功. |
|
如何去掉脱壳后的文件中的垃圾块?
谢谢版主fly。能否说的详细点,最好有个实例。奢望! |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值