|
|
|
RORDbg使用事项
我卡到了这里: Eip==01001000 GetLastError:::7C910331 未知壳 01001000 B82CBC0101 MOV EAX,101BC2C 01001005 50 PUSH EAX 01001006 64FF3500000000 PUSH DWORD PTR FS:[0] 0100100D 64892500000000 MOV DWORD PTR FS:[0],ESP 01001014 33C0 XOR EAX,EAX 01001016 8908 MOV DWORD PTR [EAX],ECX 发生异常! FS:[0]==0007FFBC 异常处理程序地址:0101BC2C |
|
|
|
[ZT]PECompact 2.68 (Retail)
lin版再重新放一个吧。 |
|
RORDbg使用事项
终于看明白了,谢谢!!!! 先用OD跟了下PECOMPACT2.68,脱完后,用工具一测试,牛X啊,完美! Eip==00401000 GetLastError:::7C910331 未知壳 00401000 B838464300 MOV EAX,434638 00401005 50 PUSH EAX 00401006 64FF3500000000 PUSH DWORD PTR FS:[0] 0040100D 64892500000000 MOV DWORD PTR FS:[0],ESP 00401014 33C0 XOR EAX,EAX 00401016 8908 MOV DWORD PTR [EAX],ECX 发生异常! FS:[0]==0012FFBC 异常处理程序地址:00434638 这个异常被成功捕获! 00434638 B82F3443F0 MOV EAX,F043342F 0043463D 8D882C120010 LEA ECX,DWORD PTR [EAX+01000122Ch] 00434643 894101 MOV DWORD PTR [ECX+01h],EAX 00434646 8B542404 MOV EDX,DWORD PTR [ESP+04h] 0043464A 8B520C MOV EDX,DWORD PTR [EDX+0Ch] 0043464D C602E9 MOV BYTE PTR [EDX],E9 00434650 83C205 ADD EDX,5 00434653 2BCA SUB ECX,EDX 00434655 894AFC MOV DWORD PTR [EDX-04h],ECX 00434658 33C0 XOR EAX,EAX 0043465A C3 RET 异常处理代码结束! 00401016 E940360300 JMP 0043465B 0043465B B82F3443F0 MOV EAX,F043342F 00434660 648F0500000000 POP DWORD PTR FS:[0] 00434667 83C404 ADD ESP,4 0043466A 55 PUSH EBP 0043466B 53 PUSH EBX 0043466C 51 PUSH ECX 0043466D 57 PUSH EDI 0043466E 56 PUSH ESI 0043466F 52 PUSH EDX 00434670 8D98E5110010 LEA EBX,DWORD PTR [EAX+0100011E5h] 00434676 8B5318 MOV EDX,DWORD PTR [EBX+018h] 00434679 52 PUSH EDX 0043467A 8BE8 MOV EBP,EAX 0043467C 6A40 PUSH 40 0043467E 6800100000 PUSH 1000 00434683 FF7304 PUSH DWORD PTR [EBX+04h] 00434686 6A00 PUSH 0 00434688 8B4B10 MOV ECX,DWORD PTR [EBX+010h] 0043468B 03CA ADD ECX,EDX 0043468D 8B01 MOV EAX,DWORD PTR [ECX] 0043468F FFD0 CALL EAX 0043468F ***API: KERNEL32.DLL!VirtualAlloc 7C809A81 8BFF MOV EDI,EDI 7C809A83 55 PUSH EBP 7C809A84 8BEC MOV EBP,ESP 7C809A86 FF7514 PUSH DWORD PTR [EBP+014h] 7C809A89 FF7510 PUSH DWORD PTR [EBP+010h] 7C809A8C FF750C PUSH DWORD PTR [EBP+0Ch] 7C809A8F FF7508 PUSH DWORD PTR [EBP+08h] 7C809A92 6AFF PUSH FF 7C809A94 E809000000 CALL 7C809AA2 7C809A99 5D POP EBP 7C809A9A C21000 RET 10 00434691 5A POP EDX 00434692 8BF8 MOV EDI,EAX 00434694 50 PUSH EAX 00434695 52 PUSH EDX 00434696 8B33 MOV ESI,DWORD PTR [EBX] 00434698 8B4320 MOV EAX,DWORD PTR [EBX+020h] 0043469B 03C2 ADD EAX,EDX 0043469D 8B08 MOV ECX,DWORD PTR [EAX] 0043469F 894B20 MOV DWORD PTR [EBX+020h],ECX 004346A2 8B431C MOV EAX,DWORD PTR [EBX+01Ch] 004346A5 03C2 ADD EAX,EDX 004346A7 8B08 MOV ECX,DWORD PTR [EAX] 004346A9 894B1C MOV DWORD PTR [EBX+01Ch],ECX 003879DE ***API: KERNEL32.DLL!LoadLibraryA 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!LoadLibraryA 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!VirtualAlloc 003F09EC ***API: KERNEL32.DLL!GetModuleHandleA 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003F09EC ***API: KERNEL32.DLL!GetModuleHandleA 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003F09EC ***API: KERNEL32.DLL!GetModuleHandleA 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003F09EC ***API: KERNEL32.DLL!GetModuleHandleA 003879DE ***API: KERNEL32.DLL!GetProcAddress 003F09EC ***API: KERNEL32.DLL!GetModuleHandleA 003879DE ***API: KERNEL32.DLL!LoadLibraryA 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003F09EC ***API: KERNEL32.DLL!GetModuleHandleA 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003F09EC ***API: KERNEL32.DLL!GetModuleHandleA 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003F09EC ***API: KERNEL32.DLL!GetModuleHandleA 003879DE ***API: KERNEL32.DLL!LoadLibraryA 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003F09EC ***API: KERNEL32.DLL!GetModuleHandleA 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!GetProcAddress 003F09EC ***API: KERNEL32.DLL!GetModuleHandleA 003879DE ***API: KERNEL32.DLL!LoadLibraryA 003879DE ***API: KERNEL32.DLL!GetProcAddress 003879DE ***API: KERNEL32.DLL!VirtualProtect 003879DE ***API: KERNEL32.DLL!VirtualProtect 003879DE ***API: KERNEL32.DLL!VirtualFree 可能到OEP了,如果不完全正确,请再单步走几下! 004346FA FFE0 JMP EAX 可能到OEP了,如果不完全正确,请再单步走几下! 004172CF E862760000 CALL 0041E936 003879DD ***API: KERNEL32.DLL!GetSystemTimeAsFileTime 0041E96B FF15D4604200 CALL DWORD PTR [+04260D4h] Make PE now Start:7C900000 End:7C9B0000 GetLastError:::7C910331 Start:7C800000 End:7C8F4000 Start:10000000 End:100A2000 Start:77C10000 End:77C68000 Start:73DD0000 End:73ECE000 Start:77F10000 End:77F57000 Start:77D40000 End:77DD0000 Start:76390000 End:763AD000 Start:77DD0000 End:77E6B000 Start:77E70000 End:77F01000 Start:629C0000 End:629C9000 Start:74D90000 End:74DFB000 Start:77C00000 End:77C08000 Start:7C9C0000 End:7D1D5000 Start:77F60000 End:77FD6000 Start:773D0000 End:774D2000 Start:77120000 End:771AC000 Start:774E0000 End:7761D000 Start:71AB0000 End:71AC7000 Start:71AA0000 End:71AA8000 Start:763B0000 End:763F9000 Start:01740000 End:0177D000 Start:771B0000 End:77256000 Start:77A80000 End:77B14000 Start:77B20000 End:77B32000 Start:01790000 End:017A9000 Start:732E0000 End:732E5000 Start:74E30000 End:74E9C000 Start:76C90000 End:76CB8000 HODULE=004000F8 nSec=2 VirtualSize RVA PhysicalSize PhysicalOffset p=004001F0 32000 1000 14a00 400 p=00400218 2000 33000 1800 14e00 pStart=00426000 pEnd=004262C4 12a1 35000 12a1 35000 1f0 -> 1000 write object at 401000 len 32000 Writing 401000 len 32000 33000 -> 33000 write object at 433000 len 2000 Writing 433000 len 2000 35000 -> 35000 Writing 3899d0 len 12a1 文件已保存到:C:\Program Files\Bitsum Technologies\PECompact2\ROR_Unpacked.exe 被调试程序已经终止 |
|
|
|
[原创]RORDbg V0.25 (下载本帖附件)
最初由 快雪时晴 发布 我这里运行不到生成脱壳文件就不动了。 我的系统是XP+SP2 |
|
|
|
[原创]RORDbg V0.25 (下载本帖附件)
http://bbs.pediy.com/upload/2005/10/files/antidebugdemo.rar 我用了makepe不能脱出文件来,同样本论坛出现的EXE Guarder都能正确到达OEP,但是使用makepe或者makepe oep后都不能脱出文件来,0.16和0.17都如此,为什么? |
|
|
|
[ZT]ODbgScript 1.28 by E3
1.34也出来了。 |
|
HideOD 0.13(隐藏OD插件)
还是exetools里的反馈 newbie_cracker So new version of plugin must patch ZwQueryObject too ! |
|
HideOD 0.13(隐藏OD插件)
没提示是因为别的插件起了作用的,刚才只保留了这个HIDEOD测试了,通不过,kanxue睡觉了,会修改一下的。 |
|
HideOD 0.13(隐藏OD插件)
from exetools by anorganix Nice, but it doesn't work with some AntiDebug tricks! 附件里的程序。 我用了没提示就脱壳了,难道是其他的插件起了作用? 附件:antidebugdemo.rar |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值