首页
社区
课程
招聘
问答 CTF 排行榜 知识库 工具下载 峰会 看雪商城 证书查询
  1. 社区
  2. 付费问答
    3. 发新帖
[旧帖] 新手求助~貌似是伪装壳的东东 0.00雪花
发表于: 2011-9-20 11:18 9278

[旧帖] 新手求助~貌似是伪装壳的东东 0.00雪花

peterabo 活跃值
2011-9-20 11:18
9278
程序为传奇M2主程序
PEID v0.95检测出为:ASPack 2.12 -> Alexey Solodovnikov [Overlay]
FFI v1.4     检测出为:
MD5: D195231BD76FAE92717F768C8CE955A3
ASPack v2.12
Notice:0x00000014 extra bytes found,starting at offset 0x00121E00.
Exeinfo PE v.0.0.2.7检测出为:
镜像是 32位可执行文件
未知的压缩器-保护器 , 12 个区段  ( 多于必要 )
PeiD V0.94 检测出为:ASPack 2.12 -> Alexey Solodovnikov [Overlay]
Un-ASPACK2.12脱壳器无法脱壳
提示:[!]Error:This file seems not to be packed with ASPACK 2.12
VMUnpacker1.5 检测出为:ASPack v2.12 [Overlay] <===> 支持脱该壳
但点击脱壳提示为:
脱壳错误!
入口模拟跟踪脱壳失败!

尝试使用FFI v1.4 脱壳 :
首先移除附加数据
然后选择重建PE
点击脱壳 出现提示文本:
MD5: D195231BD76FAE92717F768C8CE955A3
ASPack v2.12
Notice:0x00000014 extra bytes found,starting at offset 0x00121E00.
成功移除附加数据.
PE 重建成功, 压缩字节:512, 压缩率: %0.
脱壳成功!
输出路径:D:\MirServer\Mir200\M2Server_unpacked.exe
但程序运行时提示:
"0x00000001"指令引用的"0x00000001"内存。该内存不能为"read"
要终止程序,请单击"确定"。
要调试程序,请单击"取消"。

个人感觉像是伪装壳或者做了加壳后入口移位处理。
由于本人在手脱方面连ESP定律都不会,所以想请教一下大家,这到底是什么情况?
跪谢各位了。
下面为未脱壳附件。

[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)

上传的附件:
收藏
免费 0
支持
分享
最新回复 (11)
peterabo
雪    币: 213
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
2
问题补充:
刚刚使用pe-scan 3.31进行检测 以下为检测信息
入口点:003C0001  偏移量:0011FC01
原入口点:0E033C7E
运行 高级扫描 点击启发特征入口点,得出以下文本
最接近的匹配
加壳器 :: 匹配度
-
aspack 2.12 :: 100.00%
aspack 2.11 :: 50.00%
telock 0.70 :: 50.00%
telock 0.71 :: 50.00%
telock 0.80 :: 50.00%
pe-shield 0.25 :: 41.67%
upx 0.80-1.23 :: 40.00%
aspack 2.1 :: 36.36%
pe-nightmare 1.3 :: 31.25%
pe-shield 0.2bx :: 29.17%
telock 0.95 :: 28.57%
aspack 1.08.04 :: 28.13%
aspack 2.000 :: 28.13%
aspack 2.001 :: 28.13%
yoda's pe-encryptor 1.0 :: 28.13%
yoda's pe-encryptor 1.2 :: 28.00%
aspack 2.11c-d :: 27.27%
neolite 1.0 :: 26.67%
neolite 1.01 :: 26.67%
neolite 2.00 :: 26.67%
exe-stealth 1.0 :: 25.93%
vbowatch 2.1 :: 25.93%
bit-arts crunch 4.0.0.0 :: 25.00%
packmaster 1.0/1.6 :: 25.00%
yoda's pe-encryptor 1.1 :: 25.00%
upx 0.71-0.72 :: 22.73%
telock 0.98 :: 22.22%
upx 0.62-0.70 :: 21.74%
zcode 1.01 :: 21.43%
upx 0.60-0.61 :: 20.83%
petite 2.1-2.2 :: 20.83%
petite 2.1-2.2 :: 20.83%
neolite 1.0x [dll/ocx] :: 20.69%
ep 0.2 :: 20.00%
upx 0.80-1.23 :: 20.00%
pc-guard 2.10d-4.02d :: 19.35%
pc-guard 4.03d-4.05d :: 19.35%
aspack 1.00b :: 18.75%
aspack 1.01b :: 18.75%
aspack 1.02b :: 18.75%
aspack 1.03b :: 18.75%
aspack 1.06x [dll/ocx] :: 18.75%
aspack 1.07b [dll/ocx] :: 18.75%
aspack 1.08.03 :: 18.75%
asprotect 1.1c :: 18.75%
asprotect 1.2 [dll/ocx] :: 18.75%
pe-pack 0.99 :: 18.75%
xcr 0.12 :: 18.75%
aspack 1.04b :: 18.75%
aspack 1.05b :: 18.75%

最接近的匹配 :: 区段 1
加壳器 :: 匹配度
-
yoda's pe-encryptor 1.2 :: 4.00%
exe-stealth 1.0 :: 3.70%
fsg 1.0 :: 3.57%
fsg 1.3 :: 3.33%
pc-guard 2.10d-4.02d :: 3.23%
bjfnt 1.3 :: 3.13%
krypton 0.2 :: 3.13%
pe-pack 0.99 :: 3.13%
xcr 0.11 :: 3.13%

最接近的匹配 :: 区段 2
加壳器 :: 匹配度
-
telock 0.98 :: 5.56%
telock 0.95 :: 4.76%
telock 0.96 :: 4.76%
telock 0.92a :: 4.17%
ep 0.2 :: 4.00%
lamecrypt 1.0 :: 4.00%
pe-compact 1.60-1.84 :: 3.70%
krypton 0.1.1 :: 3.57%
pe-compact 0.976.1b :: 3.57%
pe-compact 0.977b :: 3.57%
pe-compact 0.978b :: 3.57%
pe-compact 0.978.1b :: 3.57%
pe-compact 0.978.4b :: 3.57%
pe-compact 0.98b :: 3.57%
pe-compact 0.99b :: 3.57%
pe-compact 1.00 :: 3.57%
pe-compact 1.10b1 :: 3.57%
pe-compact 1.10b2-1.10b8 :: 3.57%
pe-compact 1.20-1.26 :: 3.57%
pe-compact 1.30-1.40b1 :: 3.57%
pe-compact 1.40-1.50 :: 3.57%
pe-compact 1.56 :: 3.57%
pe-pack 1.0 :: 3.57%
neolite 1.0x [dll/ocx] :: 3.45%
pc-guard 4.03d-4.05d :: 3.23%
telock 0.60 :: 3.23%
asprotect 1.0 :: 3.13%
bit-arts crunch 4.0.0.0 :: 3.13%
dbpe/phantasm 0.07 :: 3.13%
dbpe/phantasm 0.8 :: 3.13%
krypton 0.2 :: 3.13%
krypton 0.3 :: 3.13%
noodlecrypt 2 :: 3.13%
pcpec alpha preview :: 3.13%
pe-diminisher 0.1 :: 3.13%
petite 1.2 :: 3.13%
spec b2 :: 3.13%
spec b3 :: 3.13%
stone's pe-encryptor 1.0 :: 3.13%
stone's pe-encryptor 1.13 :: 3.13%
xcr 0.12 :: 3.13%

最接近的匹配 :: 区段 3
加壳器 :: 匹配度
-
petite 1.2 :: 6.25%
telock 0.98 :: 5.56%
telock 0.95 :: 4.76%
telock 0.96 :: 4.76%
telock 0.92a :: 4.17%
upx 0.60-0.61 :: 4.17%
ep 0.2 :: 4.00%
lamecrypt 1.0 :: 4.00%
pe-mangle 1.0 :: 3.85%
armadillo 2.52b2 :: 3.70%
pe-pack 1.0 :: 3.57%
shrinker 3.4 :: 3.57%
neolite 1.0x [dll/ocx] :: 3.45%
def 1.0 :: 3.33%
secupack 1.5 :: 3.33%
armadillo 1.77 :: 3.23%
pc-guard 4.03d-4.05d :: 3.23%
telock 0.60 :: 3.23%
bit-arts crunch 4.0.0.0 :: 3.13%
dbpe/phantasm 0.07 :: 3.13%
dbpe/phantasm 0.8 :: 3.13%
krypton 0.2 :: 3.13%
krypton 0.3 :: 3.13%
noodlecrypt 2 :: 3.13%
pcpec alpha preview :: 3.13%
pe-diminisher 0.1 :: 3.13%
pe-protect 0.9 :: 3.13%
spec b2 :: 3.13%
spec b3 :: 3.13%
stone's pe-encryptor 1.0 :: 3.13%
stone's pe-encryptor 1.13 :: 3.13%

最接近的匹配 :: 区段 4
加壳器 :: 匹配度
-
petite 1.2 :: 6.25%
telock 0.98 :: 5.56%
telock 0.95 :: 4.76%
telock 0.96 :: 4.76%
telock 0.92a :: 4.17%
upx 0.60-0.61 :: 4.17%
ep 0.2 :: 4.00%
lamecrypt 1.0 :: 4.00%
pe-mangle 1.0 :: 3.85%
armadillo 2.52b2 :: 3.70%
pe-pack 1.0 :: 3.57%
shrinker 3.4 :: 3.57%
neolite 1.0x [dll/ocx] :: 3.45%
def 1.0 :: 3.33%
secupack 1.5 :: 3.33%
armadillo 1.77 :: 3.23%
pc-guard 4.03d-4.05d :: 3.23%
telock 0.60 :: 3.23%
bit-arts crunch 4.0.0.0 :: 3.13%
dbpe/phantasm 0.07 :: 3.13%
dbpe/phantasm 0.8 :: 3.13%
krypton 0.2 :: 3.13%
krypton 0.3 :: 3.13%
noodlecrypt 2 :: 3.13%
pcpec alpha preview :: 3.13%
pe-diminisher 0.1 :: 3.13%
pe-protect 0.9 :: 3.13%
spec b2 :: 3.13%
spec b3 :: 3.13%
stone's pe-encryptor 1.0 :: 3.13%
stone's pe-encryptor 1.13 :: 3.13%

最接近的匹配 :: 区段 5
加壳器 :: 匹配度
-
telock 0.98 :: 61.11%
neolite 1.0 :: 53.33%
neolite 1.01 :: 53.33%
pe-pack 1.0 :: 50.00%
neolite 1.0x [dll/ocx] :: 48.28%
telock 0.95 :: 47.62%
neolite 2.00 :: 46.67%
petite 2.1-2.2 :: 45.83%
ep 0.2 :: 44.00%
petite 2.1-2.2 :: 41.67%
aspack 1.08.04 :: 40.63%
telock 0.96 :: 38.10%
bit-arts crunch 4.0.0.0 :: 37.50%
telock 0.92a :: 37.50%
pex 0.99b :: 32.14%
aspack 2.000 :: 31.25%
aspack 2.001 :: 31.25%
petite 1.2 :: 28.13%
neolite 2.00 [dll/ocx] :: 27.27%
noodlecrypt 2 :: 25.00%
upx 0.71-0.72 :: 23.53%
yoda's pe-encryptor 1.0 :: 21.88%
upx 0.62-0.70 :: 21.74%
zcode 1.01 :: 21.43%
upx 0.80-1.23 :: 20.00%
pklite 1.1 build 11 [dll/ocx] :: 18.75%
telock 0.42 :: 18.75%
telock 0.51 :: 18.75%
aspack 2.12 :: 18.52%
pklite 1.1 build 11 :: 18.18%
aspack 2.11c-d :: 18.18%
petite 1.4 :: 17.86%
petite 2.0 :: 17.86%
shrinker 3.4 :: 17.86%
pe-compact 0.90 :: 16.67%
pe-compact 0.92 :: 16.67%
pe-compact 0.93 :: 16.67%
pe-shield 0.2bx :: 16.67%
upx 0.60-0.61 :: 16.67%
ezip 1.0 :: 16.13%
yoda's pe-encryptor 1.2 :: 16.00%
bit-arts crunch 1.2 :: 15.63%
bit-arts crunch 2.0.0.2 :: 15.63%
bit-arts crunch 3.0.0.0 :: 15.63%
crypto-lock 2.00 :: 15.63%
pe-diminisher 0.1 :: 15.63%
yoda's pe-encryptor 1.1 :: 15.63%
armadillo 2.53x :: 15.38%
armadillo 2.50 :: 14.81%
armadillo 2.50b1a :: 14.81%

最接近的匹配 :: 区段 6
加壳器 :: 匹配度
-
telock 0.98 :: 61.11%
neolite 1.0 :: 53.33%
neolite 1.01 :: 53.33%
pe-pack 1.0 :: 50.00%
neolite 1.0x [dll/ocx] :: 48.28%
telock 0.95 :: 47.62%
neolite 2.00 :: 46.67%
petite 2.1-2.2 :: 45.83%
ep 0.2 :: 44.00%
petite 2.1-2.2 :: 41.67%
aspack 1.08.04 :: 40.63%
telock 0.96 :: 38.10%
bit-arts crunch 4.0.0.0 :: 37.50%
telock 0.92a :: 37.50%
pex 0.99b :: 32.14%
aspack 2.000 :: 31.25%
aspack 2.001 :: 31.25%
petite 1.2 :: 28.13%
neolite 2.00 [dll/ocx] :: 27.27%
noodlecrypt 2 :: 25.00%
upx 0.71-0.72 :: 23.53%
yoda's pe-encryptor 1.0 :: 21.88%
upx 0.62-0.70 :: 21.74%
zcode 1.01 :: 21.43%
upx 0.80-1.23 :: 20.00%
pklite 1.1 build 11 [dll/ocx] :: 18.75%
telock 0.42 :: 18.75%
telock 0.51 :: 18.75%
aspack 2.12 :: 18.52%
pklite 1.1 build 11 :: 18.18%
aspack 2.11c-d :: 18.18%
petite 1.4 :: 17.86%
petite 2.0 :: 17.86%
shrinker 3.4 :: 17.86%
pe-compact 0.90 :: 16.67%
pe-compact 0.92 :: 16.67%
pe-compact 0.93 :: 16.67%
pe-shield 0.2bx :: 16.67%
upx 0.60-0.61 :: 16.67%
ezip 1.0 :: 16.13%
yoda's pe-encryptor 1.2 :: 16.00%
bit-arts crunch 1.2 :: 15.63%
bit-arts crunch 2.0.0.2 :: 15.63%
bit-arts crunch 3.0.0.0 :: 15.63%
crypto-lock 2.00 :: 15.63%
pe-diminisher 0.1 :: 15.63%
yoda's pe-encryptor 1.1 :: 15.63%
armadillo 2.53x :: 15.38%
armadillo 2.50 :: 14.81%
armadillo 2.50b1a :: 14.81%

最接近的匹配 :: 区段 7
加壳器 :: 匹配度
-
armadillo 2.52b3a :: 7.41%
armadillo 1.91a :: 6.45%
telock 0.98 :: 5.56%
telock 0.95 :: 4.76%
telock 0.96 :: 4.76%
daemon-protect 0.6.7 :: 4.35%
upx 0.62-0.70 :: 4.35%
telock 0.92a :: 4.17%
upx 0.60-0.61 :: 4.17%
ep 0.2 :: 4.00%
pc-shrink 0.70b :: 4.00%
lamecrypt 1.0 :: 4.00%
armadillo 2.53x :: 3.85%
armadillo 2.50 :: 3.70%
armadillo 2.50b1a :: 3.70%
armadillo 2.50b3 :: 3.70%
armadillo 2.51 :: 3.70%
armadillo 2.52b2 :: 3.70%
armadillo 2.52 :: 3.57%
armadillo 2.60 :: 3.57%
armadillo 2.60a :: 3.57%
armadillo 2.60b2 :: 3.57%
armadillo 2.60c :: 3.57%
pe-pack 1.0 :: 3.57%
petite 1.4 :: 3.57%
petite 2.0 :: 3.57%
armadillo 2.60c [dll/ocx] :: 3.45%
neolite 1.0x [dll/ocx] :: 3.45%
armadillo 1.60a :: 3.23%
armadillo 1.77 :: 3.23%
armadillo 1.82 :: 3.23%
armadillo 1.83 :: 3.23%
armadillo 1.84 :: 3.23%
armadillo 1.90 :: 3.23%
armadillo 1.90b1 :: 3.23%
armadillo 1.90b2 :: 3.23%
armadillo 1.90b3 :: 3.23%
armadillo 1.90b4 :: 3.23%
armadillo 1.91c :: 3.23%
armadillo 2.00 :: 3.23%
armadillo 2.00 alpha a :: 3.23%
armadillo 2.00b1 :: 3.23%
armadillo 2.00b2-b3 :: 3.23%
armadillo 2.01x :: 3.23%
armadillo 2.10 :: 3.23%
armadillo 2.10b2 :: 3.23%
armadillo 2.20 :: 3.23%
armadillo 2.20b1 :: 3.23%
pc-guard 4.03d-4.05d :: 3.23%
pe-crypt 1.02 :: 3.23%

最接近的匹配 :: 区段 8
加壳器 :: 匹配度
-
pe-pack 1.0 :: 64.29%
telock 0.95 :: 61.90%
neolite 1.0x [dll/ocx] :: 58.62%
ep 0.2 :: 56.00%
telock 0.92a :: 54.17%
neolite 1.0 :: 53.33%
neolite 1.01 :: 53.33%
aspack 1.08.04 :: 53.13%
telock 0.96 :: 47.62%
aspack 2.000 :: 46.88%
aspack 2.001 :: 46.88%
neolite 2.00 :: 46.67%
bit-arts crunch 4.0.0.0 :: 43.75%
telock 0.98 :: 38.89%
petite 2.1-2.2 :: 33.33%
telock 0.60 :: 32.26%
petite 1.2 :: 31.25%
yoda's pe-encryptor 1.0 :: 28.13%
neolite 2.00 [dll/ocx] :: 27.27%
pklite 1.1 build 11 :: 27.27%
armadillo 2.50 :: 25.93%
armadillo 2.50b1a :: 25.93%
armadillo 2.50b3 :: 25.93%
armadillo 2.51 :: 25.93%
armadillo 2.52b2 :: 25.93%
armadillo 2.52b3a :: 25.93%
armadillo 2.52 :: 25.00%
armadillo 2.60 :: 25.00%
armadillo 2.60a :: 25.00%
armadillo 2.60b2 :: 25.00%
armadillo 2.60c :: 25.00%
exe-bundle 1.31 :: 25.00%
packmaster 1.0/1.6 :: 25.00%
petite 2.1-2.2 :: 25.00%
armadillo 2.53x :: 23.08%
armadillo 1.60a :: 22.58%
armadillo 1.77 :: 22.58%
armadillo 1.82 :: 22.58%
armadillo 1.83 :: 22.58%
armadillo 1.84 :: 22.58%
armadillo 1.90 :: 22.58%
armadillo 1.90b1 :: 22.58%
armadillo 1.90b2 :: 22.58%
armadillo 1.90b3 :: 22.58%
armadillo 1.90b4 :: 22.58%
armadillo 1.91a :: 22.58%
armadillo 1.91c :: 22.58%
armadillo 2.00 :: 22.58%
armadillo 2.00 alpha a :: 22.58%
armadillo 2.00b1 :: 22.58%

最接近的匹配 :: 区段 9
加壳器 :: 匹配度
-
xcr 0.11 :: 9.38%
pelocknt 2.01 :: 6.25%
shrinker 3.2 :: 4.76%
upx 0.99.x [dll] :: 4.35%
upx 0.60-0.61 :: 4.17%
upx 0.80-0.83 [dll] :: 4.17%
upx 0.84-0.90 [dll] :: 4.17%
upx 0.89x [dll] :: 4.17%
upx 0.92-0.94 [dll] :: 4.17%
fsg 1.0 :: 3.57%
shrinker 3.4 :: 3.57%
upx 0.99-1.23 [dll] :: 3.57%
armadillo 2.51 [dll/ocx] :: 3.45%
armadillo 2.52x [dll/ocx] :: 3.45%
armadillo 2.52b2 [dll/ocx] :: 3.45%
armadillo 2.53x [dll/ocx] :: 3.45%
armadillo 2.60x [dll/ocx] :: 3.45%
armadillo 2.60c [dll/ocx] :: 3.45%
asprotect 1.1 :: 3.33%
fsg 1.3 :: 3.33%
secupack 1.5 :: 3.33%
pex 0.99b :: 3.33%
pc-guard 4.03d-4.05d :: 3.23%
asprotect 1.0 :: 3.13%
bjfnt 1.3 :: 3.13%
crypto-lock 2.00 :: 3.13%
noodlecrypt 2 :: 3.13%
pe-diminisher 0.1 :: 3.13%
pelocknt 2.03 :: 3.13%
spec b2 :: 3.13%
vg-shrink 0.14 :: 3.13%

最接近的匹配 :: 区段 10
加壳器 :: 匹配度
-
aspack 2.12 :: 100.00%
aspack 2.11 :: 50.00%
telock 0.70 :: 50.00%
telock 0.71 :: 50.00%
telock 0.80 :: 50.00%
pe-shield 0.25 :: 41.67%
upx 0.80-1.23 :: 40.00%
aspack 2.1 :: 36.36%
pe-nightmare 1.3 :: 31.25%
pe-shield 0.2bx :: 29.17%
telock 0.95 :: 28.57%
aspack 1.08.04 :: 28.13%
aspack 2.000 :: 28.13%
aspack 2.001 :: 28.13%
yoda's pe-encryptor 1.0 :: 28.13%
yoda's pe-encryptor 1.2 :: 28.00%
aspack 2.11c-d :: 27.27%
neolite 1.0 :: 26.67%
neolite 1.01 :: 26.67%
neolite 2.00 :: 26.67%
exe-stealth 1.0 :: 25.93%
vbowatch 2.1 :: 25.93%
bit-arts crunch 4.0.0.0 :: 25.00%
packmaster 1.0/1.6 :: 25.00%
yoda's pe-encryptor 1.1 :: 25.00%
upx 0.71-0.72 :: 22.73%
telock 0.98 :: 22.22%
upx 0.62-0.70 :: 21.74%
zcode 1.01 :: 21.43%
upx 0.60-0.61 :: 20.83%
petite 2.1-2.2 :: 20.83%
petite 2.1-2.2 :: 20.83%
neolite 1.0x [dll/ocx] :: 20.69%
ep 0.2 :: 20.00%
upx 0.80-1.23 :: 20.00%
pc-guard 2.10d-4.02d :: 19.35%
pc-guard 4.03d-4.05d :: 19.35%
aspack 1.00b :: 18.75%
aspack 1.01b :: 18.75%
aspack 1.02b :: 18.75%
aspack 1.03b :: 18.75%
aspack 1.06x [dll/ocx] :: 18.75%
aspack 1.07b [dll/ocx] :: 18.75%
aspack 1.08.03 :: 18.75%
asprotect 1.1c :: 18.75%
asprotect 1.2 [dll/ocx] :: 18.75%
pe-pack 0.99 :: 18.75%
xcr 0.12 :: 18.75%
aspack 1.04b :: 18.75%
aspack 1.05b :: 18.75%

最接近的匹配 :: 区段 11
加壳器 :: 匹配度
-
aspack 2.12 :: 100.00%
aspack 2.11 :: 50.00%
telock 0.70 :: 50.00%
telock 0.71 :: 50.00%
telock 0.80 :: 50.00%
pe-shield 0.25 :: 41.67%
upx 0.80-1.23 :: 40.00%
aspack 2.1 :: 36.36%
pe-nightmare 1.3 :: 31.25%
pe-shield 0.2bx :: 29.17%
telock 0.95 :: 28.57%
aspack 1.08.04 :: 28.13%
aspack 2.000 :: 28.13%
aspack 2.001 :: 28.13%
yoda's pe-encryptor 1.0 :: 28.13%
yoda's pe-encryptor 1.2 :: 28.00%
aspack 2.11c-d :: 27.27%
neolite 1.0 :: 26.67%
neolite 1.01 :: 26.67%
neolite 2.00 :: 26.67%
exe-stealth 1.0 :: 25.93%
vbowatch 2.1 :: 25.93%
bit-arts crunch 4.0.0.0 :: 25.00%
packmaster 1.0/1.6 :: 25.00%
yoda's pe-encryptor 1.1 :: 25.00%
upx 0.71-0.72 :: 22.73%
telock 0.98 :: 22.22%
upx 0.62-0.70 :: 21.74%
zcode 1.01 :: 21.43%
upx 0.60-0.61 :: 20.83%
petite 2.1-2.2 :: 20.83%
petite 2.1-2.2 :: 20.83%
neolite 1.0x [dll/ocx] :: 20.69%
ep 0.2 :: 20.00%
upx 0.80-1.23 :: 20.00%
pc-guard 2.10d-4.02d :: 19.35%
pc-guard 4.03d-4.05d :: 19.35%
aspack 1.00b :: 18.75%
aspack 1.01b :: 18.75%
aspack 1.02b :: 18.75%
aspack 1.03b :: 18.75%
aspack 1.06x [dll/ocx] :: 18.75%
aspack 1.07b [dll/ocx] :: 18.75%
aspack 1.08.03 :: 18.75%
asprotect 1.1c :: 18.75%
asprotect 1.2 [dll/ocx] :: 18.75%
pe-pack 0.99 :: 18.75%
xcr 0.12 :: 18.75%
aspack 1.04b :: 18.75%
aspack 1.05b :: 18.75%

使用PE-scan v3.31脱壳后 程序运行出现错误信息如下
"0xfe433c7e"指令引用的"0xfe433c7e"内存。该内存不能为"read"。
要终止程序,请单击"确定"。
要调试程序,请单击"取消"。

再次使用Exeinfo.PE.v.0.0.2.7检查,提示:文件已损坏  --->  入口点超出文件! ***

在线等大神来救助~~
2011-9-20 12:32
0
pachelbel
雪    币: 55
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
3
我很久没有玩了 我来说说我看法, 有错误的地方请谅解:
程序有附加数据的,附加数据没有经过处理, 附加数据是壳的一部分,也是程序的一部分。
你脱掉了壳 就把附加数据脱掉了,需要经过处理 把附加数据放回脱了壳的程序里面才能正常运行
记得以前我处理附加数据的方法是用到一款叫Overlay的软件 把附加数据从壳上取出来 脱壳后再加进脱壳后的程序的 。手动操作我就忘了怎么做的了。原理也差不多 找到附加数据 拿出来 放进去
2011-9-20 13:19
0
leavekwong
雪    币: 291
活跃值: (48)
能力值: ( LV3,RANK:20 )
在线值:
发帖
回帖
粉丝
私信
4
没有看错的话 是先加VMProtect  v1.63 - v2.xx
再加ASPack V2.2 -> Alexey Solodovnikov & StarForce
2011-9-20 13:21
0
peterabo
雪    币: 213
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
5
后来又研究了下  发现确实是ASPack V2.2 -> Alexey Solodovnikov 的壳  但是有自校验~
请教楼上  如何能去除ASPack V2.2 -> Alexey Solodovnikov 的自校验呢?
2011-9-21 14:12
0
xuhaoguang
雪    币: 77
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
6
把检验跳过去

找ExitProcess        (原理 :程序退出都会调用ExitProcess这个函数     )因此我们加载脱过壳的程序   搜索 ——当前模块中的名称——找ExitProcess   ——在每个参考上设置断点     中断后找有没有跳转可以跳过去的

不行的话,下bp CreateFileA       (中断后都Alt+F9返回)    然后在两个OD中单步走    通过对比看跳转然后改之。
2011-9-22 00:08
0
leavekwong
雪    币: 291
活跃值: (48)
能力值: ( LV3,RANK:20 )
在线值:
发帖
回帖
粉丝
私信
7
lz   在这款软件中没有自校验  ASPack V2.2 -> Alexey Solodovnikov  直接就可以脱掉  不过还有VMProtect  v1.63 - v2.xx  这个你就慢慢弄吧  我把脱了ASPack的上传给你吧
上传的附件:
2011-9-22 08:04
0
peterabo
雪    币: 213
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
8
楼上脱了的这个 无法运行吖~
6楼 兄弟~ 我要是会下断点就好了  呜呜~~~~(>_<)~~~~ ~

希望有人能帮帮我~
跪谢~
2011-9-29 14:32
0
peterabo
雪    币: 213
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
9
求各位帮帮忙~有能帮我解决的 跪谢了~
2011-10-1 20:26
0
peterabo
雪    币: 213
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
10
大神们都不在么?
小虾米我真的很纠结吖~弄了好长时间了~
跪求大神们给个办法吖~
求求了~
2011-10-17 21:16
0
winnip
雪    币: 145
活跃值: (85)
能力值: ( LV5,RANK:60 )
在线值:
发帖
回帖
粉丝
私信
11
vm 弄脚本吧,看视频弄吧
2011-10-21 12:36
0
demoscene
雪    币: 1981
活跃值: (771)
能力值: ( LV13,RANK:420 )
在线值:
发帖
回帖
粉丝
私信
12
ASPack + VMP,脱了ASPack ,VMP你自己慢慢玩
http://dl.dbank.com/c0b2uyfzot
2011-10-22 13:44
0
游客
登录 | 注册 方可回帖
回帖 表情 雪币赚取及消费
高级回复
返回
//