|
XProtector壳->清除保护、内存导出、修复IAT、获得OEP
问老外要多不好,要求上门服务。 |
|
XProtector壳->清除保护、内存导出、修复IAT、获得OEP
还说有正式版,哪个是正式版? |
|
XProtector壳->清除保护、内存导出、修复IAT、获得OEP
这句话我给你留下纪念.
|
|
XProtector壳->清除保护、内存导出、修复IAT、获得OEP
同意。还是不要玩Xpr了,开始Themida. |
|
|
|
XProtector壳->清除保护、内存导出、修复IAT、获得OEP
Release和Beta的不同。 |
|
XProtector壳->清除保护、内存导出、修复IAT、获得OEP
附件:98NOTEPAD.part1.rar 附件:98NOTEPAD.part2.rar 让鸡蛋壳见识一下真正的Xtreme-Protector |
|
|
|
XProtector壳->清除保护、内存导出、修复IAT、获得OEP
缺货。只有动画? |
|
XProtector壳->清除保护、内存导出、修复IAT、获得OEP
好像牛人话都很少 |
|
UnPacKit――MSLRH V0.30+V0.31
不能运行。真难脱啊! |
|
鸽子改特征码
变性 |
|
duzaizhe的旧hying修改壳脱壳过程
看懂的话就不是人,我也看不懂了。 |
|
|
|
duzaizhe的旧hying修改壳脱壳过程
我写得比较垃圾: ; ------------------------------------------------------------------------ ; Rebuild imports, my hardest work brrrrr @@RebuildNewImports: pushad mov ecx, ImportsProtectedFlag test ecx, ecx mov esi, MutatedImports jz __xxxit_nor ; let's rebuild -_0 ;FristThunk 00 01 02 03 ; we must patch this ;LengthOfDllName 04 ;DllName 05 .. .. .. ; ;Null 00 ;NumberOfThunks 01 02 03 04 ;FakeThunkx 05 - Flag 0=Index, 1=String ;06 07 08 09 index ;06 xx xx xx string mov edi, LoaderStart ; use old loader space for new IMPORT TABLE add edi, LoaderSize ; skip loader,rsrc,othershit ; state 1 - build stringz & fake-thunkx ; recreate all of above, write new ptr in old pos push esi __x_s_1: mov eax, [esi] test eax, eax jz __r_end1 movzx ecx, byte ptr[esi+4] ; name len inc ecx mov eax, edi sub eax, FileBase ; rva add esi, 4+1 push esi rep_movsb mov ecx, esi pop esi mov [esi], eax xchg esi, ecx lodsd xchg ecx, eax ; # of thunkx __r_1_big_loop: push ecx lodsb test al, al jz __bd_thunkx_i ; imported by index mov ecx, edi sub ecx, FileBase ; 2 rva mov edx, esi xor eax, eax stosw ; no hint @copysz mov [edx-1], ecx jmp __r_1_big_out __bd_thunkx_i: lodsd or eax, 80000000h ; set MSB flag mov [esi-5], eax __r_1_big_out: pop ecx loop __r_1_big_loop jmp __x_s_1 __r_end1: pop esi ;int 3 nop ; state 2 - modify IID thunks array push esi __x_s_2: mov eax, [esi] test eax, eax jz __r_end2 lodsd ; 1st thunk array xchg ebx, eax add ebx, FileBase movzx ecx, byte ptr[esi] inc ecx ; self inc ecx add esi, ecx lodsd ; # of thunkx xchg ecx, eax mov edx, esi ; to put ptr here l8r push ebx __make_1st_thunkx: lodsd mov [ebx], eax @endsz add ebx, 4 loop __make_1st_thunkx pop ebx mov [edx], ebx mov [edx+4], esi ; we can place here next time jmp __x_s_2 __r_end2: pop esi ; state 3 - final build IID structs , our imports back! push edi ; IMPORTANT! save new Import Table VA push esi __x_s_3: mov eax, [esi] test eax, eax jz __r_end3 lodsd movzx ecx, byte ptr[esi] inc esi lodsd ; name rva xchg edx, eax sub ecx, 4-1 add esi, ecx lodsd lodsd ; first thunk sub eax, FileBase ; rva xchg ebx, eax mov ecx, edi ; our NEW IMPORT ADDRESS xor eax, eax stosd dec eax stosd stosd xchg eax, edx stosd ; name xchg eax, ebx stosd ; 1st thunk lodsd ; get done ptr xchg esi, eax jmp __x_s_3 __r_end3: pop esi ; build a null IID for end push 5 pop ecx xor eax, eax __bd_null_iid: stosd loop __bd_null_iid ;int 3 ;nop ; bound IT to target file pop edi xchg esi, edi sub esi, FileBase jmp __xxxit_do __xxxit_nor: sub esi, RealSymbiontStart __xxxit_do: mov edi, NtHeaderPtr mov [edi+pe_struc.pe_importtablerva], esi xor ecx, ecx inc ecx mov [edi+pe_struc.pe_importtablesize], ecx jmp __xxxit_exit __xxxit_exit: popad retn |
|
|
|
|
|
|
|
[讨论]我想写一个加壳软件作为毕设,大家给点意见
你要是有WinRAR源代码1天就搞定 |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值