|
[求助]这是什么壳,怎么脱!高手指点~~
这个程序不简单,作者好像经过处理加密了一个区段。也许是我思路不对,继续看看 |
|
[求助]这是什么壳,怎么脱!高手指点~~
ASProtect 1.35 build 04.25 or 06.26 Release |
|
[求助]ASPack 2.12 -> Alexey Solodovnikov
ASPack 2.12是不会加密输入表的! 所以可以知道是 RLPack 1.20 全保护 伪装ASPack 给你一份 IAT表文件: ; Syntax for each function in a thunk (the separator is a TAB) ; ------------------------------------------------------------ ; Flag RVA ModuleName Ordinal Name ; ; Details for <Valid> parameter: ; ------------------------------ ; Flag: 0 = valid: no -> - Name contains the address of the redirected API (you can set ; it to zero if you edit it). ; - Ordinal is not considered but you should let '0000' as value. ; - ModuleName is not considered but you should let '?' as value. ; ; 1 = valid: yes -> All next parameters on the line will be considered. ; Function imported by ordinal must have no name (the 4th TAB must ; be there though). ; ; 2 = Equivalent to 0 but it is for the loader. ; ; 3 = Equivalent to 1 but it is for the loader. ; ; 4 = Equivalent to 0 with (R) tag. ; ; 5 = Equivalent to 1 with (R) tag. ; ; And finally, edit this file as your own risk! :-) Target: c:\documents and settings\administrator\桌面\脱.dll OEP: 0000B181 IATRVA: 00020FFC IATSize: 000003F8 FThunk: 00021000 NbFunc: 00000004 1 00021000 advapi32.dll 01CB RegCloseKey 1 00021004 advapi32.dll 01FB RegSetValueExA 1 00021008 advapi32.dll 01CF RegCreateKeyExA 1 0002100C advapi32.dll 01E4 RegOpenKeyExA FThunk: 00021014 NbFunc: 00000004 1 00021014 comctl32.dll 000C CreatePropertySheetPage 1 00021018 comctl32.dll 0011 InitCommonControls 1 0002101C comctl32.dll 0017 DestroyPropertySheetPage 1 00021020 comctl32.dll 0056 PropertySheet FThunk: 00021028 NbFunc: 00000019 1 00021028 gdi32.dll 024F TextOutA 1 0002102C gdi32.dll 0216 SetBkColor 1 00021030 gdi32.dll 0196 GetObjectA 1 00021034 gdi32.dll 0090 DeleteObject 1 00021038 gdi32.dll 008D DeleteDC 1 0002103C gdi32.dll 0208 SaveDC 1 00021040 gdi32.dll 0201 RestoreDC 1 00021044 gdi32.dll 020F SelectObject 1 00021048 gdi32.dll 01A6 GetStockObject 1 0002104C gdi32.dll 022C SetMapMode 1 00021050 gdi32.dll 0240 SetViewportOrgEx 1 00021054 gdi32.dll 01D6 OffsetViewportOrgEx 1 00021058 gdi32.dll 023F SetViewportExtEx 1 0002105C gdi32.dll 0209 ScaleViewportExtEx 1 00021060 gdi32.dll 0243 SetWindowExtEx 1 00021064 gdi32.dll 020A ScaleWindowExtEx 1 00021068 gdi32.dll 0161 GetClipBox 1 0002106C gdi32.dll 016C GetDeviceCaps 1 00021070 gdi32.dll 01F2 PtVisible 1 00021074 gdi32.dll 01F6 RectVisible 1 00021078 gdi32.dll 00DE ExtTextOutA 1 0002107C gdi32.dll 00D5 Escape 1 00021080 gdi32.dll 00CB EnumFontFamiliesExA 1 00021084 gdi32.dll 0028 CreateBitmap 1 00021088 gdi32.dll 023D SetTextColor FThunk: 00021090 NbFunc: 00000067 1 00021090 kernel32.dll 02FE SetEndOfFile 1 00021094 kernel32.dll 02C5 RtlUnwind 1 00021098 kernel32.dll 01D5 GetTimeZoneInformation 1 0002109C kernel32.dll 01BC GetSystemTime 1 000210A0 kernel32.dll 016B GetLocalTime 1 000210A4 kernel32.dll 010A GetCommandLineA 1 000210A8 kernel32.dll 00B7 ExitProcess 1 000210AC kernel32.dll 0347 TerminateProcess 1 000210B0 kernel32.dll 0209 HeapFree 1 000210B4 kernel32.dll 0203 HeapAlloc 1 000210B8 kernel32.dll 0297 RaiseException 1 000210BC kernel32.dll 020F HeapSize 1 000210C0 kernel32.dll 020D HeapReAlloc 1 000210C4 kernel32.dll 00F7 GetACP 1 000210C8 kernel32.dll 0255 LockResource 1 000210CC kernel32.dll 00E7 FlushFileBuffers 1 000210D0 kernel32.dll 015F GetFileType 1 000210D4 kernel32.dll 01AD GetStartupInfoA 1 000210D8 kernel32.dll 00EF FreeEnvironmentStringsA 1 000210DC kernel32.dll 00F0 FreeEnvironmentStringsW 1 000210E0 kernel32.dll 014E GetEnvironmentStrings 1 000210E4 kernel32.dll 0150 GetEnvironmentStringsW 1 000210E8 kernel32.dll 0151 GetEnvironmentVariableA 1 000210EC kernel32.dll 01DC GetVersionExA 1 000210F0 kernel32.dll 0207 HeapDestroy 1 000210F4 kernel32.dll 0205 HeapCreate 1 000210F8 kernel32.dll 036E VirtualFree 1 000210FC kernel32.dll 036B VirtualAlloc 1 00021100 kernel32.dll 0228 IsBadWritePtr 1 00021104 kernel32.dll 0333 SetUnhandledExceptionFilter 1 00021108 kernel32.dll 0234 LCMapStringA 1 0002110C kernel32.dll 0235 LCMapStringW 1 00021110 kernel32.dll 01B0 GetStringTypeA 1 00021114 kernel32.dll 01B3 GetStringTypeW 1 00021118 kernel32.dll 0225 IsBadReadPtr 1 0002111C kernel32.dll 0222 IsBadCodePtr 1 00021120 kernel32.dll 0322 SetStdHandle 1 00021124 kernel32.dll 0038 CompareStringA 1 00021128 kernel32.dll 0039 CompareStringW 1 0002112C kernel32.dll 02FF SetEnvironmentVariableA 1 00021130 kernel32.dll 0307 SetFilePointer 1 00021134 kernel32.dll 038C WriteFile 1 00021138 kernel32.dll 01D2 GetTickCount 1 0002113C kernel32.dll 033F Sleep 1 00021140 kernel32.dll 0032 CloseHandle 1 00021144 kernel32.dll 02A4 ReadFile 1 00021148 kernel32.dll 0050 CreateFileA 1 0002114C kernel32.dll 013C GetCurrentProcess 1 00021150 kernel32.dll 018B GetOEMCP 1 00021154 kernel32.dll 00FE GetCPInfo 1 00021158 kernel32.dll 00E1 FindResourceExA 1 0002115C kernel32.dll 01A2 GetProcessVersion 1 00021160 kernel32.dll 0169 GetLastError 1 00021164 kernel32.dll 02BF SetLastError 1 00021168 kernel32.dll 0391 WritePrivateProfileStringA 1 0002116C kernel32.dll 01F1 GlobalFlags 1 00021170 kernel32.dll 0264 MulDiv 1 00021174 kernel32.dll 03B0 lstrcpyn 1 00021178 kernel32.dll 0301 SetErrorMode 1 0002117C kernel32.dll 034E TlsGetValue 1 00021180 kernel32.dll 024F LocalReAlloc 1 00021184 kernel32.dll 034F TlsSetValue 1 00021188 kernel32.dll 0097 EnterCriticalSection 1 0002118C kernel32.dll 01F9 GlobalReAlloc 1 00021190 kernel32.dll 0241 LeaveCriticalSection 1 00021194 kernel32.dll 006D CreateThread 1 00021198 kernel32.dll 034D TlsFree 1 0002119C kernel32.dll 01F5 GlobalHandle 1 000211A0 kernel32.dll 0080 DeleteCriticalSection 1 000211A4 kernel32.dll 034C TlsAlloc 1 000211A8 kernel32.dll 0216 InitializeCriticalSection 1 000211AC kernel32.dll 0248 LocalAlloc 1 000211B0 kernel32.dll 024C LocalFree 1 000211B4 kernel32.dll 0265 MultiByteToWideChar 1 000211B8 kernel32.dll 037F WideCharToMultiByte 1 000211BC kernel32.dll 03B3 lstrlen 1 000211C0 kernel32.dll 021A InterlockedDecrement 1 000211C4 kernel32.dll 021E InterlockedIncrement 1 000211C8 kernel32.dll 0242 LoadLibraryA 1 000211CC kernel32.dll 00F1 FreeLibrary 1 000211D0 kernel32.dll 01DB GetVersion 1 000211D4 kernel32.dll 03A4 lstrcat 1 000211D8 kernel32.dll 01F3 GlobalGetAtomNameA 1 000211DC kernel32.dll 01E9 GlobalAddAtomA 1 000211E0 kernel32.dll 01EE GlobalFindAtomA 1 000211E4 kernel32.dll 03AD lstrcpy 1 000211E8 kernel32.dll 0198 GetProcAddress 1 000211EC kernel32.dll 01FD GlobalUnlock 1 000211F0 kernel32.dll 00E0 FindResourceA 1 000211F4 kernel32.dll 0247 LoadResource 1 000211F8 kernel32.dll 0255 LockResource 1 000211FC kernel32.dll 01F2 GlobalFree 1 00021200 kernel32.dll 01F6 GlobalLock 1 00021204 kernel32.dll 01EB GlobalAlloc 1 00021208 kernel32.dll 01ED GlobalDeleteAtom 1 0002120C kernel32.dll 03A7 lstrcmp 1 00021210 kernel32.dll 03AA lstrcmpi 1 00021214 kernel32.dll 013E GetCurrentThread 1 00021218 kernel32.dll 013F GetCurrentThreadId 1 0002121C kernel32.dll 0176 GetModuleHandleA 1 00021220 kernel32.dll 0174 GetModuleFileNameA 1 00021224 kernel32.dll 01AF GetStdHandle 1 00021228 kernel32.dll 037B WaitForSingleObject FThunk: 00021230 NbFunc: 00000062 1 00021230 user32.dll 02D9 wsprintfA 1 00021234 user32.dll 02D3 WinHelpA 1 00021238 user32.dll 0164 GetTopWindow 1 0002123C user32.dll 004B CopyRect 1 00021240 user32.dll 0100 GetClientRect 1 00021244 user32.dll 0232 ScreenToClient 1 00021248 user32.dll 0003 AdjustWindowRectEx 1 0002124C user32.dll 015B GetSysColor 1 00021250 user32.dll 01D8 MapWindowPoints 1 00021254 user32.dll 0237 SendDlgItemMessageA 1 00021258 user32.dll 02BC UpdateWindow 1 0002125C user32.dll 01BC LoadIconA 1 00021260 user32.dll 01A1 IsDialogMessage 1 00021264 user32.dll 0287 SetWindowTextA 1 00021268 user32.dll 02DB wvsprintfA 1 0002126C user32.dll 02B4 UnregisterClassA 1 00021270 user32.dll 00FD GetClassNameA 1 00021274 user32.dll 020C PtInRect 1 00021278 user32.dll 0041 ClientToScreen 1 0002127C user32.dll 029C TabbedTextOutA 1 00021280 user32.dll 00BD DrawTextA 1 00021284 user32.dll 017E GrayStringA 1 00021288 user32.dll 01B8 LoadCursorA 1 0002128C user32.dll 015C GetSysColorBrush 1 00021290 user32.dll 01C9 LoadStringA 1 00021294 user32.dll 0098 DestroyMenu 1 00021298 user32.dll 00F7 GetClassInfoA 1 0002129C user32.dll 0217 RegisterClassA 1 000212A0 user32.dll 012D GetMenu 1 000212A4 user32.dll 0133 GetMenuItemCount 1 000212A8 user32.dll 015A GetSubMenu 1 000212AC user32.dll 0134 GetMenuItemID 1 000212B0 user32.dll 0178 GetWindowTextA 1 000212B4 user32.dll 0111 GetDlgCtrlID 1 000212B8 user32.dll 0061 CreateWindowExA 1 000212BC user32.dll 00FB GetClassLongA 1 000212C0 user32.dll 026B SetPropA 1 000212C4 user32.dll 02AF UnhookWindowsHookEx 1 000212C8 user32.dll 014B GetPropA 1 000212CC user32.dll 001C CallWindowProcA 1 000212D0 user32.dll 022D RemovePropA 1 000212D4 user32.dll 008F DefWindowProcA 1 000212D8 user32.dll 013E GetMessageTime 1 000212DC user32.dll 013D GetMessagePos 1 000212E0 user32.dll 0118 GetForegroundWindow 1 000212E4 user32.dll 0258 SetForegroundWindow 1 000212E8 user32.dll 016B GetWindow 1 000212EC user32.dll 0281 SetWindowLongA 1 000212F0 user32.dll 021B RegisterClipboardFormatA 1 000212F4 user32.dll 029A SystemParametersInfoA 1 000212F8 user32.dll 01A7 IsIconic 1 000212FC user32.dll 0174 GetWindowPlacement 1 00021300 user32.dll 00C7 EndDialog 1 00021304 user32.dll 01AC IsWindow 1 00021308 user32.dll 015E GetSystemMetrics 1 0002130C user32.dll 0053 CreateDialogIndirectParamA 1 00021310 user32.dll 009A DestroyWindow 1 00021314 user32.dll 0175 GetWindowRect 1 00021318 user32.dll 01D3 MapDialogRect 1 0002131C user32.dll 0284 SetWindowPos 1 00021320 user32.dll 0293 ShowWindow 1 00021324 user32.dll 00F4 GetCapture 1 00021328 user32.dll 0257 SetFocus 1 0002132C user32.dll 0112 GetDlgItem 1 00021330 user32.dll 012F GetMenuCheckMarkDimensions 1 00021334 user32.dll 01B6 LoadBitmapA 1 00021338 user32.dll 0138 GetMenuState 1 0002133C user32.dll 0262 SetMenuItemBitmaps 1 00021340 user32.dll 003A CheckMenuItem 1 00021344 user32.dll 00C3 EnableMenuItem 1 00021348 user32.dll 0117 GetFocus 1 0002134C user32.dll 0144 GetNextDlgTabItem 1 00021350 user32.dll 013B GetMessageA 1 00021354 user32.dll 02AB TranslateMessage 1 00021358 user32.dll 00A2 DispatchMessageA 1 0002135C user32.dll 0122 GetKeyState 1 00021360 user32.dll 02C6 ValidateRect 1 00021364 user32.dll 01B0 IsWindowVisible 1 00021368 user32.dll 01FE PeekMessageA 1 0002136C user32.dll 010C GetCursorPos 1 00021370 user32.dll 0146 GetParent 1 00021374 user32.dll 0129 GetLastActivePopup 1 00021378 user32.dll 01AD IsWindowEnabled 1 0002137C user32.dll 016F GetWindowLongA 1 00021380 user32.dll 024E SetCursor 1 00021384 user32.dll 0200 PostMessageA 1 00021388 user32.dll 0202 PostQuitMessage 1 0002138C user32.dll 028B SetWindowsHookExA 1 00021390 user32.dll 00F3 GetAsyncKeyState 1 00021394 user32.dll 001B CallNextHookEx 1 00021398 user32.dll 00EC GetActiveWindow 1 0002139C user32.dll 010D GetDC 1 000213A0 user32.dll 022B ReleaseDC 1 000213A4 user32.dll 01DD MessageBoxA 1 000213A8 user32.dll 00C5 EnableWindow 1 000213AC user32.dll 023C SendMessageA 1 000213B0 user32.dll 0244 SetActiveWindow 1 000213B4 user32.dll 01E5 ModifyMenuA FThunk: 000213BC NbFunc: 00000003 1 000213BC winspool.drv 0105 OpenPrinterA 1 000213C0 winspool.drv 00B1 DocumentPropertiesA 1 000213C4 winspool.drv 0086 ClosePrinter FThunk: 000213CC NbFunc: 00000009 1 000213CC ws2_32.dll 0003 closesocket 1 000213D0 ws2_32.dll 0010 recv 1 000213D4 ws2_32.dll 0073 WSAStartup 1 000213D8 ws2_32.dll 0017 socket 1 000213DC ws2_32.dll 000B inet_addr 1 000213E0 ws2_32.dll 0009 htons 1 000213E4 ws2_32.dll 0004 connect 1 000213E8 ws2_32.dll 0013 send 1 000213EC ws2_32.dll 0074 WSACleanup |
|
[求助]一个很恶劣软件的自检验...
几乎校验方法没变动,注册流程变动了一下! 我对作者的评价“机关算尽”但是有点“大意失荆州” 其实这个软件的破解也就是修改一个字节就可以,算是一个BUG,但是作者好像还没发现! 我只提供去自校验何去广告版。破解你自己去揣摩。 |
|
|
|
已解决,谢谢peeler
Try it ! Attempts this . |
|
已解决,谢谢peeler
什么技术也没有,不脱壳就像修改内存数据,有点痴人说梦。 |
|
|
|
|
|
关于fly脱壳教程的一点小问题
OD插件问题 用 ODscript 0.94 高版本的语法和低版本的有差异 |
|
|
|
|
|
|
|
|
|
|
|
[求助]我有一个软件我用PEiD侦测是脱了壳!但是我修改不了软件的信息
用FixRes 等工具修复资源 |
|
[求助]脱tElock壳后无法正常运行!
CTRL+B 查找 0AF6 是网上流传的一种方法! bp VirtualAlloc+5是我个人总结的一个方法,因为查找二进制时间长了可记忆性较差! 这个壳子检测VirtualAlloc断点 +5就是为了逃避检测。 你还有无效函数 可能是按的次数多了一次,第一次出现返回地址0040D41E的时候就alt+F9 |
|
|
|
[求助]脱tElock壳后无法正常运行!
OD 载入程序 下 bp VirtualAlloc+5 断点,SHIFT+9 5次后,alt+F9返回 修改 0040D41E /0F84 CF000000 je 0040D4F3 这句magic jmp 改为 jmp 0040D4F3 然后在打开内存镜像 在00401000代码段下F2中断 shift+F9 到达OEP 最后dump 修复IAT |
|
|
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值