|
脱壳游戏,谁来搞定这个写字本
大概snaker没能力搞xpr,识别能力其差无比. |
|
不到1M的文件脱壳后变136M!!!
dumpfix把vsize作为rsize就大了 |
|
[转]原创加壳工具的壳代码-先了解如何加壳
贴过了,下次注意。。。 |
|
chap708 的一点分析, 从头到 Xp 异常.
Magic debug values Magic debug values are specific values written to memory during allocation or deallocation, so that it will later be possible to tell whether or not they have become corrupted and to make it obvious when values taken from uninitialized memory are being used. Memory is usually viewed in hexadecimal, so common values used are often repeated digits or hexspeak. Famous and common examples include: 0xBAADF00D 0xBAADFEED 0xBADBADBADBAD Burroughs B6700 "uninitialized" memory (48-bit words) 0xC0EDBABE 0xC001D00D 0xCCCCCCCC Used by Microsoft's C++ compiler to mark uninitialised stack areas in debug mode. 0xCDCDCDCD Used by Microsoft's C++ debugging heap to mark uninitialised heap areas. 0xDDDDDDDD Used by MicroQuill's SmartHeap and Microsoft's C++ debugging heap to mark memory returned to the heap. 0xDEADBEEF Famously used on IBM systems such as the RS/6000, also in OPENSTEP Enterprise and the Commodore Amiga. 0xEBEBEBEB From MicroQuill's SmartHeap. OxFACADE Used by a number of real-time OS's 0xFD Used by Microsoft's C++ debugging heap to mark guard bytes in the heap. 0xFEEEFEEE Used by Microsoft's C++ compiler to mark the storage area of a deleted class in debug mode. Note that most of these are each 8 nybbles (32 bits) long, as most modern computers are designed to manipulate 32 bits at a time. The prevalence of these values in Microsoft technology is no coincidence; they are discussed in detail in Steve McGuire's well-known book Writing Solid Code from Microsoft Press. He gives a variety of criteria for these values, such as: They should not be useful; that is, most algorithms that operate on them should be expected to do something unusual. Numbers like zero don't fit this criterion. They should be easily recognized by the programmer as invalid values in the debugger. On machines that don't have byte alignment, they should be odd, so that dereferencing them as addresses causes an exception. They should cause an exception, or perhaps even a debugger break, if executed as code. Since they were often used to mark areas of memory that were essentially empty, some of these terms came to be used in phrases meaning "gone, aborted, flushed from memory"; e.g. "Your program is DEADBEEF". |
|
准备畴建看雪技术论坛人才资源数据库
学习忙,先搬个板凳.:D |
|
|
|
附PC PE Encryptor alpha preview脱壳脚本
esp trace就很好呀 |
|
DRx 加密引擎 Providence 6 Layers Demo
小虾 你没有跟吧?正常是应该执行不到这里的. |
|
关于David那个早期Asprotect壳(chap708.exe)我们这样来od它
那应该是aspr的bug |
|
|
|
|
|
关于David那个早期Asprotect壳(chap708.exe)我们这样来od它
超人居然主动发贴...天下大乱了 |
|
SDP: 第二次握手
TNND,绝世好文啊 |
|
|
|
|
|
UnShellProtect - ShellProtect 解包器
所以我才做得出嘛 |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值