|
[讨论]unpack论坛怎么关站了
看雪和UNPACK的一批人见证了国内的逆向技术的起伏,从无私分享,火热讨论,到现在的默不作声,装聋作哑!国内技术爆炸的5年已经过去,自从网络支付平台的兴起,摧毁了太多东西,每个人都自私起来! 我是一路走过来的,看的太多!也失望的太多,希望下一次黄金时代的来临 |
|
[讨论]unpack论坛怎么关站了
十年的陪伴,突然发现,往事都已经成风,心情真的很低落 |
|
|
|
[分享]WinHex16.8汉化版带注册机,之前帖上传错了
good THSK |
|
[求助]脱壳后,出现问题,大家帮忙分析下
把附加数据补上!如果还不行下指针断点慢慢分析 |
|
那位大哥,帮我脱下asp2.12这个壳?运行不了
10013090 FF15 24600310 CALL DWORD PTR DS:[<&KERNEL32.FindFirstF>; kernel32.FindFirstFileA 10013096 81BC24 54010000>CMP DWORD PTR SS:[ESP+154],1EA00 100130A1 EB 11 JE SHORT 1.100130B4 /// 改为JMP即去掉校验、 100130A3 6A 00 PUSH 0 100130A5 6A 00 PUSH 0 100130A7 68 3CE90310 PUSH 1.1003E93C ; error! dll size modified! 100130AC 6A 00 PUSH 0 |
|
[求助]麻煩幫我看一下 這個殼我算脫了嗎?
脱完了 其实你还多走了2步 真正的OEP是0054FAB6 E8 4BC60000 CALL unpack_.0055C106 VC 8.0以上的大概都是这样的 |
|
[求助]Minkecn这个壳子是什么原理的...咋个思路脱?
哪有壳????? |
|
[求助]请教一个CRACKME 再次请教!!!
IL_00db: ldc.i4.0 IL_00dc: ceq IL_00de: stloc.s V_7 IL_00e0: ldloc.s V_7 IL_00e2: brtrue.s IL_00f3 //爆破的关键点。 OD分析的关键部分: 00D708FF 8945 E4 MOV DWORD PTR SS:[EBP-1C],EAX 00D70902 837D E4 00 CMP DWORD PTR SS:[EBP-1C],0 00D70906 75 11 JNZ SHORT 00D70919 //这里是关键点 00D70908 90 NOP 00D70909 8B0D CC6B2E02 MOV ECX,DWORD PTR DS:[22E6BCC] 00D7090F E8 74E34F7A CALL System_W.7B26EC88 爆破效果 |
|
[求助]请教一个CRACKME 再次请教!!!
.locals init (valuetype [mscorlib]System.DateTime V_0, string V_1, string V_2, string V_3, string V_4, string V_5, string V_6, bool V_7) IL_0000: nop IL_0001: ldloca.s V_0 IL_0003: initobj [mscorlib]System.DateTime IL_0009: call valuetype [mscorlib]System.DateTime [mscorlib]System.DateTime::get_Now() IL_000e: stloc.0 IL_000f: ldstr bytearray (97 5B E2 6C 0C FF 60 4F 7D 59 05 5E ) // .[.l..`O}Y.^ IL_0014: call class [mscorlib]System.Text.Encoding [mscorlib]System.Text.Encoding::get_Default() IL_0019: ldnull IL_001a: ldnull IL_001b: call string Kaka.DES::DESEncoder(string, class [mscorlib]System.Text.Encoding, uint8[], uint8[]) IL_0020: stloc.1 IL_0021: ldloc.1 IL_0022: call class [mscorlib]System.Text.Encoding [mscorlib]System.Text.Encoding::get_Default() IL_0027: ldnull IL_0028: ldnull IL_0029: call string Kaka.DES::DESDecoder(string, class [mscorlib]System.Text.Encoding, uint8[], uint8[]) IL_002e: stloc.2 IL_002f: ldstr bytearray (68 51 16 4E 4C 75 BA 4E 11 6C FD 90 E5 77 53 90 // hQ.NLu.N.l...wS. 11 62 2F 66 05 5E E5 54 66 55 ) // .b/f.^.TfU IL_0034: call class [mscorlib]System.Text.Encoding [mscorlib]System.Text.Encoding::get_Default() IL_0039: ldnull IL_003a: ldnull IL_003b: call string Kaka.DES::DESEncoder(string, class [mscorlib]System.Text.Encoding, uint8[], uint8[]) IL_0040: stloc.3 IL_0041: ldloc.3 IL_0042: call class [mscorlib]System.Text.Encoding [mscorlib]System.Text.Encoding::get_Default() IL_0047: ldnull IL_0048: ldnull IL_0049: call string Kaka.DES::DESDecoder(string, class [mscorlib]System.Text.Encoding, uint8[], uint8[]) IL_004e: stloc.s V_4 IL_0050: ldloca.s V_0 IL_0052: constrained. [mscorlib]System.DateTime IL_0058: callvirt instance string [mscorlib]System.Object::ToString() IL_005d: call class [mscorlib]System.Text.Encoding [mscorlib]System.Text.Encoding::get_Default() IL_0062: ldnull IL_0063: ldnull IL_0064: call string Kaka.DES::DESEncoder(string, class [mscorlib]System.Text.Encoding, uint8[], uint8[]) IL_0069: stloc.s V_5 IL_006b: ldloc.s V_5 IL_006d: call class [mscorlib]System.Text.Encoding [mscorlib]System.Text.Encoding::get_Default() IL_0072: ldnull IL_0073: ldnull IL_0074: call string Kaka.DES::DESEncoder(string, class [mscorlib]System.Text.Encoding, uint8[], uint8[]) IL_0079: stloc.s V_6 IL_007b: ldarg.0 IL_007c: ldfld class [System.Windows.Forms]System.Windows.Forms.TextBox Kaka.Form1::textBox1 IL_0081: callvirt instance string [System.Windows.Forms]System.Windows.Forms.Control::get_Text() IL_0086: ldloc.1 IL_0087: ldloc.2 IL_0088: call string [mscorlib]System.String::Concat(string, string) IL_008d: callvirt instance bool [mscorlib]System.String::Equals(string) IL_0092: brfalse.s IL_00ac IL_0094: ldarg.0 IL_0095: ldfld class [System.Windows.Forms]System.Windows.Forms.TextBox Kaka.Form1::textBox2 IL_009a: ldloc.3 IL_009b: ldloc.s V_4 IL_009d: call string [mscorlib]System.String::Concat(string, string) IL_00a2: callvirt instance bool [mscorlib]System.Object::Equals(object) IL_00a7: ldc.i4.0 IL_00a8: ceq IL_00aa: br.s IL_00ad IL_00ac: ldc.i4.1 IL_00ad: stloc.s V_7 IL_00af: ldloc.s V_7 IL_00b1: brtrue.s IL_00c2 IL_00b3: nop IL_00b4: ldstr bytearray (EF 55 0C FF 0D 4E 19 95 0C FF 0D 4E 19 95 84 76 // .U...N.....N...v D0 8F 14 6C 0C FF A9 8B 60 4F 1C 73 F9 5B 86 4E ) // ...l....`O.s.[.N IL_00b9: call valuetype [System.Windows.Forms]System.Windows.Forms.DialogResult [System.Windows.Forms]System.Windows.Forms.MessageBox::Show(string) IL_00be: pop IL_00bf: nop IL_00c0: br.s IL_0100 IL_00c2: ldarg.0 IL_00c3: ldfld class [System.Windows.Forms]System.Windows.Forms.TextBox Kaka.Form1::textBox2 IL_00c8: callvirt instance string [System.Windows.Forms]System.Windows.Forms.Control::get_Text() IL_00cd: ldloc.s V_5 IL_00cf: ldloc.s V_6 IL_00d1: call string [mscorlib]System.String::Concat(string, string) IL_00d6: callvirt instance bool [mscorlib]System.String::Equals(string) IL_00db: ldc.i4.0 IL_00dc: ceq IL_00de: stloc.s V_7 IL_00e0: ldloc.s V_7 IL_00e2: brtrue.s IL_00f3 IL_00e4: nop IL_00e5: ldstr bytearray (EF 55 0C FF 0D 4E 19 95 0C FF 0D 4E 19 95 84 76 // .U...N.....N...v D0 8F 14 6C 0C FF C8 53 A9 8B 60 4F 1C 73 F9 5B // ...l...S..`O.s.[ 86 4E ) // .N IL_00ea: call valuetype [System.Windows.Forms]System.Windows.Forms.DialogResult [System.Windows.Forms]System.Windows.Forms.MessageBox::Show(string) IL_00ef: pop IL_00f0: nop IL_00f1: br.s IL_0100 IL_00f3: nop IL_00f4: ldstr bytearray (60 4F 9C 67 36 71 7D 59 C2 70 ) // `O.g6q}Y.p IL_00f9: call valuetype [System.Windows.Forms]System.Windows.Forms.DialogResult [System.Windows.Forms]System.Windows.Forms.MessageBox::Show(string) IL_00fe: pop IL_00ff: nop IL_0100: ret } // end of method Form1::button1_Click 分析下上面的代码 你就知道了 |
|
|
|
|
|
[求助]这个VB程序在哪里下断啊?菜鸟求助
试试效果,算法也不是很难。 |
|
[求助]peid普通扫描什么都没
补齐附加数据就OK了 |
|
[求助]求助
MASM32 / TASM32 程序,无壳,不要过分依赖PEID |
|
[求助]用OllyDBG怎样使不可用按钮状态变为可用?
00434E40 53 PUSH EBX 00434E41 56 PUSH ESI 00434E42 8BDA MOV EBX,EDX 00434E44 8BF0 MOV ESI,EAX 00434E46 8B43 20 MOV EAX,DWORD PTR DS:[EBX+20] 00434E49 50 PUSH EAX 00434E4A 8B43 34 MOV EAX,DWORD PTR DS:[EBX+34] 00434E4D 50 PUSH EAX 00434E4E 6A 00 PUSH 0 00434E50 8B43 1C MOV EAX,DWORD PTR DS:[EBX+1C] 00434E53 50 PUSH EAX 00434E54 8B43 18 MOV EAX,DWORD PTR DS:[EBX+18] 00434E57 50 PUSH EAX 00434E58 8B43 14 MOV EAX,DWORD PTR DS:[EBX+14] 00434E5B 50 PUSH EAX 00434E5C 8B43 10 MOV EAX,DWORD PTR DS:[EBX+10] 00434E5F 50 PUSH EAX 00434E60 8B43 0C MOV EAX,DWORD PTR DS:[EBX+C] 00434E63 50 PUSH EAX 00434E64 8B43 04 MOV EAX,DWORD PTR DS:[EBX+4] ; |Style 这里是关键,设置按钮属性 00434E67 50 PUSH EAX 00434E68 8B03 MOV EAX,DWORD PTR DS:[EBX] 00434E6A 50 PUSH EAX 00434E6B 8D43 4C LEA EAX,DWORD PTR DS:[EBX+4C] 00434E6E 50 PUSH EAX 00434E6F 8B43 08 MOV EAX,DWORD PTR DS:[EBX+8] 00434E72 50 PUSH EAX 00434E73 E8 E01CFDFF CALL <JMP.&user32.CreateWindowExA> |
|
|
|
[求助]帮朋友问个脱UPX壳的问题
Microsoft Visual Basic 6.0 |
|
[讨论]Armadillo 2.51 - 3.xx DLL Stub的dll脱壳
Microsoft Visual C++ 6.0 DLL |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值