|
搞不定这个壳
我是在98系统下脱的,在XP系统我也试了一下,的确是不行。但98系统下脱的程序确又可以正常运行了没什么问题。 |
|
搞不定这个壳
这个壳的另类脱法: 1、先用PEID找到这个壳的OEP。 2、运行程序,当出现NAG时不要急着按按钮,这一步很重要。 3、运行LoadPE将整个目标程序完全DUMP下来保存。 4、运行ImpREC软件,选择目标程序,ImpREC处输入OEP:00025342,现在可以按按钮启动目标程序了,这一步也很重要,若是不启动目标程序ImpREC会提示搜索不到IAT。:D 5、当程序完全启动时,按ImpREC的自动搜索IAT/获取输入表/修复抓取文件/完成。 6、至此整个程序脱壳完成(程序可以启动运行,但不知道还有没有问题)。:D 我就是这样脱掉这个程序的。:D |
|
12月7日升级――OllyMachine v0.20最终版
最初由 luocong 发布 98系统下不行。;) |
|
|
|
|
|
在98系统下用OD脱PEtite 2.X壳一法
最初由 limee 发布 在98系统中OD是没办法读取FS:[22h]的地址的内容,我是用汇编编一个小程序来读取FS:[22h]的内容,然后再用对话框显示出来。以下是测试程序,你可以看看正常运行和用OD加载运行得出的值变化多大。:D 附件:test.rar |
|
在98系统下用OD脱PEtite 2.X壳一法
最初由 limee 发布 十进制的34正是十六进制的22。 |
|
准备畴建看雪技术论坛人才资源数据库
支持!:D |
|
DRx 加密引擎 Providence 6 Layers Demo
最初由 forgot 发布 上一幅图是没有开任何敌对份子正常运行时出现的,这一幅图是OD跟踪到这里就挂了,没办法跟下去了。 |
|
|
|
|
|
关于David那个早期Asprotect壳(chap708.exe)我们这样来od它
最初由 David 发布 The LocalAlloc function allocates the specified number of bytes from the heap. In the linear Win32 API environment, there is no difference between the local heap and the global heap. HLOCAL LocalAlloc( UINT uFlags, // allocation attributes UINT uBytes // number of bytes to allocate ); Parameters uFlags Specifies how to allocate memory. If zero is specified, the default is the LMEM_FIXED flag. Except for the incompatible combinations that are specifically noted, any combination of the following flags can be specified. To indicate whether the function allocates fixed or movable memory, specify one of the first six flags: Flag Meaning LMEM_FIXED Allocates fixed memory. This flag cannot be combined with the LMEM_MOVEABLE or LMEM_DISCARDABLE flag.The return value is a pointer to the memory block. To access the memory, the calling process simply casts the return value to a pointer. LMEM_MOVEABLE Allocates movable memory. This flag cannot be combined with the LMEM_FIXED flag.The return value is the handle of the memory object. The handle is a 32-bit quantity that is private to the calling process. To translate the handle into a pointer, use the LocalLock function. LPTR Combines the LMEM_FIXED and LMEM_ZEROINIT flags. LHND Combines the LMEM_MOVEABLE and LMEM_ZEROINIT flags. NONZEROLHND Same as the LMEM_MOVEABLE flag. NONZEROLPTR Same as the LMEM_FIXED flag. LMEM_DISCARDABLE Allocates discardable memory. This flag cannot be combined with the LMEM_FIXED flag. Some Win32-based applications may ignore this flag. LMEM_NOCOMPACT Does not compact or discard memory to satisfy the allocation request. LMEM_NODISCARD Does not discard memory to satisfy the allocation request. LMEM_ZEROINIT Initializes memory contents to zero. uBytes Specifies the number of bytes to allocate. If this parameter is zero and the uFlags parameter specifies the LMEM_MOVEABLE flag, the function returns a handle to a memory object that is marked as discarded. |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值