|
[转帖]IDA 5.0 Adv 5.0.0.879+SDK+ARM/XScale debugger+Crack补丁(打包)
毕竟stl是在类的基础上的一个实现和扩充,要熟悉stl编程的相关知识、相关stl与asm的对应关系 |
|
ASPack 2.12 -> Alexey Solodovnikov
对比aspack的反汇编代码,得知非正常aspack。故此,不能用工具处理。本人水平有限,手脱不了。可以请教其它高手。 |
|
ASPack 2.12 -> Alexey Solodovnikov
能给个链接吗?让我试试。一般来说,od手脱iat修复即可搞定。我以前脱deepfreeze时,用程序脱失败,手脱搞定。原因在于iat修复时需要pickup dll。 |
|
帮我看一下这是什么壳
acprotect |
|
一些关于pe的idc
高手都不愿意分享自己的成果,一般人又没有能力,所谓曲高和寡即此。逆向和编程是相互促进的,高手可以通过逆向了解别人的思路,通过编程在自己的程序中实现。 |
|
发一个ida插件的写作教程
顺便再发一个处理mfc的插件,是4.17的 |
|
[讨论]如何判断Themida是否带驱?
在system32\driver下有两个一个oreans.sys,一个oreans32.sys |
|
[ZT]madCodeHook 2.2b
themida also use it |
|
|
|
Themida v1008 驱动程序分析,去除花指令的 IDA 文件
1、请问使用什么调试的?sice吗? 2、能介绍一下花指令的去除技巧吗? 3、建议用pe_sections.idc预处理一下,会清晰一些,比如section INIT 我处理后的结果: INIT:0001A060 INIT segment para public 'CODE' use32 INIT:0001A060 assume cs:INIT INIT:0001A060 ;org 1A060h INIT:0001A060 assume es:_reloc, ss:_reloc, ds:_data, fs:nothing, gs:nothing INIT:0001A060 import_directory dd offset NTOSKRNL_EXE_ilt - offset image_base; import_lookup_table INIT:0001A060 ; DATA XREF: HEADER:pe_headero INIT:0001A060 ; HEADER:00010238o INIT:0001A060 dd 0 ; time_date_stamp ; NTOSKRNL.EXE INIT:0001A060 dd 0 ; forwarder_chain ; time stamp: uninitialized INIT:0001A060 dd offset aNtoskrnl_exe_0 - offset image_base; name INIT:0001A060 dd offset __imp_DbgPrint - offset image_base; import_address_table INIT:0001A074 import_dir_01 IMPORT_DIR_ENTRY <offset ntoskrnl_exe_ilt - offset image_base, 0, 0, \ ; ntoskrnl.exe INIT:0001A074 offset aNtoskrnl_exe - offset image_base, \ ; time stamp: uninitialized INIT:0001A074 offset __imp_MmAllocateNonCachedMemory - offset image_base> INIT:0001A088 import_directory_terminator IMPORT_DIR_ENTRY <0> INIT:0001A09C NTOSKRNL_EXE_ilt dd offset word_1A0D0 - offset image_base INIT:0001A09C ; DATA XREF: INIT:import_directoryo INIT:0001A09C ; DbgPrint (import by name) INIT:0001A0A0 dd offset word_1A0DC - offset image_base ; RtlInitUnicodeString (import by name) INIT:0001A0A4 dd offset word_1A0F4 - offset image_base ; IoCreateDevice (import by name) INIT:0001A0A8 dd offset word_1A106 - offset image_base ; IoDeleteDevice (import by name) INIT:0001A0AC dd offset word_1A118 - offset image_base ; IoCreateSymbolicLink (import by name) INIT:0001A0B0 dd offset word_1A130 - offset image_base ; IoDeleteSymbolicLink (import by name) INIT:0001A0B4 dd offset word_1A148 - offset image_base ; IofCompleteRequest (import by name) INIT:0001A0B8 dd offset word_1A15E - offset image_base ; RtlZeroMemory (import by name) INIT:0001A0BC dd 0 INIT:0001A0C0 ntoskrnl_exe_ilt dd offset word_1A194 - offset image_base INIT:0001A0C0 ; DATA XREF: INIT:import_dir_01o INIT:0001A0C0 ; MmAllocateNonCachedMemory (import by name) INIT:0001A0C4 dd offset word_1A1B0 - offset image_base ; KeServiceDescriptorTable (import by name) INIT:0001A0C8 dd offset word_1A17C - offset image_base ; MmFreeNonCachedMemory (import by name) INIT:0001A0CC dd 0 INIT:0001A0D0 word_1A0D0 dw 1 ; DATA XREF: INIT:NTOSKRNL_EXE_ilto INIT:0001A0D2 aDbgprint db 'DbgPrint',0 INIT:0001A0DB align 4 INIT:0001A0DC word_1A0DC dw 0DEh ; DATA XREF: INIT:0001A0A0o INIT:0001A0DE aRtlinitunicode db 'RtlInitUnicodeString',0 INIT:0001A0F3 align 4 INIT:0001A0F4 word_1A0F4 dw 3Ah ; DATA XREF: INIT:0001A0A4o INIT:0001A0F6 aIocreatedevice db 'IoCreateDevice',0 INIT:0001A105 align 2 INIT:0001A106 word_1A106 dw 3Fh ; DATA XREF: INIT:0001A0A8o INIT:0001A108 aIodeletedevice db 'IoDeleteDevice',0 INIT:0001A117 align 4 INIT:0001A118 word_1A118 dw 3Dh ; DATA XREF: INIT:0001A0ACo INIT:0001A11A aIocreatesymbol db 'IoCreateSymbolicLink',0 INIT:0001A12F align 10h INIT:0001A130 word_1A130 dw 40h ; DATA XREF: INIT:0001A0B0o INIT:0001A132 aIodeletesymbol db 'IoDeleteSymbolicLink',0 INIT:0001A147 align 4 INIT:0001A148 word_1A148 dw 70h ; DATA XREF: INIT:0001A0B4o INIT:0001A14A aIofcompletereq db 'IofCompleteRequest',0 INIT:0001A15D align 2 INIT:0001A15E word_1A15E dw 0EDh ; DATA XREF: INIT:0001A0B8o INIT:0001A160 aRtlzeromemory db 'RtlZeroMemory',0 INIT:0001A16E aNtoskrnl_exe_0 db 'NTOSKRNL.EXE',0 ; DATA XREF: INIT:import_directoryo INIT:0001A17B align 4 INIT:0001A17C word_1A17C dw 23Dh ; DATA XREF: INIT:0001A0C8o INIT:0001A17E aMmfreenoncache db 'MmFreeNonCachedMemory',0 INIT:0001A194 word_1A194 dw 232h ; DATA XREF: INIT:ntoskrnl_exe_ilto INIT:0001A196 aMmallocatenonc db 'MmAllocateNonCachedMemory',0 INIT:0001A1B0 word_1A1B0 dw 1F5h ; DATA XREF: INIT:0001A0C4o INIT:0001A1B2 aKeservicedescr db 'KeServiceDescriptorTable',0 INIT:0001A1CB align 4 INIT:0001A1CC aNtoskrnl_exe db 'ntoskrnl.exe',0 ; DATA XREF: INIT:import_dir_01o 请多指教 |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值