首页
社区
课程
招聘
问答 CTF 排行榜 知识库 工具下载 看雪峰会 看雪商城 证书查询
  1. 看雪社区
  2. 加壳脱壳
    3. 发新帖
[求助]ollydbg不能调试64的,程序查壳是 MPRESS x64(大神已解答)
2018-2-22 11:53 6091

[求助]ollydbg不能调试64的,程序查壳是 MPRESS x64(大神已解答)

msjsyba 活跃值
2018-2-22 11:53
6091
没有脱壳机就不会脱壳了,前来求助
程序是ghost系统下载提取的程序查壳是 MPRESS x64
没有病毒http://r.virscan.org/report/4dbeba842518630ae7c6b392a362cdb5


[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法

最后于 2018-2-22 13:11 被msjsyba编辑 ,原因:
上传的附件:
收藏
免费 0
打赏
分享
最新回复 (8)
bambooqj
雪    币: 781
活跃值: (1091)
能力值: ( LV5,RANK:78 )
在线值:
发帖
回帖
粉丝
私信
bambooqj 2018-2-22 12:00
2
0
x64dbg
bambooqj
雪    币: 781
活跃值: (1091)
能力值: ( LV5,RANK:78 )
在线值:
发帖
回帖
粉丝
私信
bambooqj 2018-2-22 12:22
3
0
KG
#Region
#PRE_Icon=C:\Windows\system32\SHELL32.dll
#PRE_UseX64=y
#PRE_Res_requestedExecutionLevel=None
#EndRegion
RUNWAIT("C:\Program Files (x86)\KuGou\kugou7_3261.exe")
RUNWAIT("C:\Program Files (x86)\KuGou\kgset.exe")
FILEDELETE("C:\Program Files (x86)\KuGou\kugou7_3261.exe")
FILEDELETE("C:\Program Files (x86)\KuGou\kgset.exe")
YJ
#NoTrayIcon
#Region
#PRE_Icon=favicon.ico
#PRE_UseX64=y
#PRE_Res_requestedExecutionLevel=None
#EndRegion
IF NOT FILEEXISTS(@WINDOWSDIR & "\system32\kipe.dll") THEN
EXIT
ENDIF
OPT("WinTitleMatchMode", 2)
DIM $2PATH = @SCRIPTDIR & "\"
DIM $FILE = FILEFINDFIRSTFILE(@SCRIPTDIR & "\*p*_*.exe")
$2NAME = FILEFINDNEXTFILE($FILE)
FILECLOSE($FILE)
IF NOT FILEEXISTS($2NAME) THEN
EXIT
ENDIF
IF STRINGINSTR($2NAME, "p7_") THEN
RUNWAIT($2PATH & $2NAME)
FILEDELETE("C:\Users\Public\Desktop\软件管理.lnk")
FILEDELETE("C:\Users\Administrator\Desktop\2345软件管家.lnk")
FILEDELETE("C:\ProgramData\Microsoft\Windows\Start Menu\Programs\搜狐影音\热门游戏中心.lnk")
FILEDELETE($2PATH & "*p*_*.exe")
DIRREMOVE("C:\Documents and Settings\Administrator\「开始」菜单\程序\2345王牌软件", 1)
DIRREMOVE("C:\Documents and Settings\All Users\「开始」菜单\程序\2345王牌软件", 1)
RUN(@COMSPEC & ' /c ping 127.0.0.1 -n 3&del /q "'& @SCRIPTFULLPATH & '"', @SCRIPTDIR, @SW_HIDE)
RUN(@COMSPEC & ' /c cd.. & ping 127.0.0.1 -n 4&rd /q/s "'& @SCRIPTDIR & '"', @SCRIPTDIR, @SW_HIDE)
EXIT
ELSEIF STRINGINSTR($2NAME, "p3_") THEN
RUNWAIT($2PATH & $2NAME & " /S")
FILEDELETE("C:\ProgramData\Microsoft\Windows\Start Menu\Programs\搜狐影音\热门游戏中心.lnk")
FILEDELETE("C:\Users\Administrator\Desktop\2345看图王.lnk")
INIWRITE("C:\Documents and Settings\All Users\Application Data\kuwodata\kwmusic2013\Conf\user\config.ini", "Setting", "exitchoice", "1")
INIWRITE("C:\Documents and Settings\All Users\Application Data\kuwodata\kwmusic2013\Conf\user\config.ini", "Setting", "ShowMiniSite", "0")
INIWRITE("C:\Documents and Settings\All Users\Application Data\kuwodata\kwmusic2013\Conf\user\config.ini", "Setting", "exitkwmv", "1")
FILEDELETE("C:\ProgramData\Microsoft\Windows\Start Menu\酷我音乐 2013.lnk")
FILEDELETE("C:\Users\Public\Desktop\软件管理.lnk")
FILEDELETE("C:\Users\Administrator\Desktop\2345软件管家.lnk")
FILEDELETE($2PATH & "2345pack.ini")
FILEDELETE($2PATH & "*p*_*.exe")
DIRREMOVE("C:\Documents and Settings\Administrator\「开始」菜单\程序\2345王牌软件", 1)
DIRREMOVE("C:\Documents and Settings\All Users\「开始」菜单\程序\2345王牌软件", 1)
REGWRITE("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband", "FavoritesResolve", "REG_BINARY", "0xd60200004c0000000114020000000000c0000000000000468300800020000000d2e350e7e2d7cd01d2e350e7e2d7cd01ee"& "042ee6e2d7cd015705000000000000010000000000000000000000000000007c0114001f80c827341f105c1042aa032ee452"& "87d66852003100000000008b4161a811005461736b426172003c0008000400efbe8b4161a88b4161a82a0000004dce000000"& "000a0000000000000000000000000000005400610073006b004200610072000000160014013200570500008b4160a8200049"& "4e5445524e7e312e4c4e4b0000a60008000400efbe8b4161a88b4161a82a00000073ce000000000b00000000000000000056"& "000000000049006e007400650072006e006500740020004500780070006c006f007200650072002e006c006e006b00000040"& "0043003a005c00570069006e0064006f00770073005c00530079007300740065006d00330032005c00690065003400750069"& "006e00690074002e006500780065002c002d0037003300340000001c00520000001d00efbe02004d006900630072006f0073"& "006f00660074002e0049006e007400650072006e00650074004500780070006c006f007200650072002e0044006500660061"& "0075006c00740000001c000000a80000001c000000010000001c0000002d00000000000000a7000000110000000300000099"& "1aa7301000000000433a5c55736572735c41646d696e6973747261746f725c417070446174615c526f616d696e675c4d6963"& "726f736f66745c496e7465726e6574204578706c6f7265725c517569636b204c61756e63685c557365722050696e6e65645c"& "5461736b4261725c496e7465726e6574204578706c6f7265722e6c6e6b000060000000030000a0580000000000000061646d"& "696e2d7063000000000000000046e76bbfa5dc1d4a97e56e11dbb3125c3a3a28e5d543e211b419e62daf18c60e46e76bbfa5"& "dc1d4a97e56e11dbb3125c3a3a28e5d543e211b419e62daf18c60e00000000cf0200004c0000000114020000000000c00000"& "0000000046830080002000000086a855e7e2d7cd0186a855e7e2d7cd016d02fa7d3e04ca01cc040000000000000100000000"& "0000000000000000000000760114001f80c827341f105c1042aa032ee45287d66852003100000000008b4161a81100546173"& "6b426172003c0008000400efbe8b4161a88b4161a82a0000004dce000000000a000000000000000000000000000000540061"& "0073006b00420061007200000016000e013200cc040000ee3a3426200057494e444f577e312e4c4e4b00007e0008000400ef"& "be8b4161a88b4161a82a00000075ce0000000008000000000000000000540000000000570069006e0064006f007700730020"& "004500780070006c006f007200650072002e006c006e006b00000040007300680065006c006c00330032002e0064006c006c"& "002c002d003200320030003600370000001c00740000001d00efbe02007b00460033003800420046003400300034002d0031"& "004400340033002d0034003200460032002d0039003300300035002d00360037004400450030004200320038004600430032"& "0033007d005c006500780070006c006f007200650072002e0065007800650000001c000000a70000001c000000010000001c"& "0000002d00000000000000a60000001100000003000000991aa7301000000000433a5c55736572735c41646d696e69737472"& "61746f725c417070446174615c526f616d696e675c4d6963726f736f66745c496e7465726e6574204578706c6f7265725c51"& "7569636b204c61756e63685c557365722050696e6e65645c5461736b4261725c57696e646f7773204578706c6f7265722e6c"& "6e6b000060000000030000a0580000000000000061646d696e2d7063000000000000000046e76bbfa5dc1d4a97e56e11dbb3"& "125c3b3a28e5d543e211b419e62daf18c60e46e76bbfa5dc1d4a97e56e11dbb3125c3b3a28e5d543e211b419e62daf18c60e"& "00000000")
REGWRITE("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband", "Favorites", "REG_BINARY", "0x007c01000014001f80c827341f105c1042aa032ee45287d66852003100000000008b4161a811005461736b426172003c00"& "08000400efbe8b4161a88b4161a82a0000004dce000000000a0000000000000000000000000000005400610073006b004200"& "610072000000160014013200570500008b4160a82000494e5445524e7e312e4c4e4b0000a60008000400efbe8b4161a88b41"& "61a82a00000073ce000000000b00000000000000000056000000000049006e007400650072006e0065007400200045007800"& "70006c006f007200650072002e006c006e006b000000400043003a005c00570069006e0064006f00770073005c0053007900"& "7300740065006d00330032005c00690065003400750069006e00690074002e006500780065002c002d003700330034000000"& "1c00520000001d00efbe02004d006900630072006f0073006f00660074002e0049006e007400650072006e00650074004500"& "780070006c006f007200650072002e00440065006600610075006c00740000001c000000007601000014001f80c827341f10"& "5c1042aa032ee45287d66852003100000000008b4161a811005461736b426172003c0008000400efbe8b4161a88b4161a82a"& "0000004dce000000000a0000000000000000000000000000005400610073006b00420061007200000016000e013200cc0400"& "00ee3a3426200057494e444f577e312e4c4e4b00007e0008000400efbe8b4161a88b4161a82a00000075ce00000000080000"& "00000000000000540000000000570069006e0064006f007700730020004500780070006c006f007200650072002e006c006e"& "006b00000040007300680065006c006c00330032002e0064006c006c002c002d003200320030003600370000001c00740000"& "001d00efbe02007b00460033003800420046003400300034002d0031004400340033002d0034003200460032002d00390033"& "00300035002d003600370044004500300042003200380046004300320033007d005c006500780070006c006f007200650072"& "002e0065007800650000001c000000ff")
REGWRITE("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband", "FavoritesChanges", "REG_DWORD", "0x00000007")
REGWRITE("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband", "FavoritesVersion", "REG_DWORD", "0x00000002")
REGWRITE("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband", "FavoritesRemovedChanges", "REG_DWORD", "0x0000000a")
SHELLEXECUTE("C:\Users\Public\Desktop\腾讯QQ.lnk", "", "C:\Users\Administrator\Desktop", "taskbarpin")
RUN(@COMSPEC & ' /c ping 127.0.0.1 -n 3&del /q "'& @SCRIPTFULLPATH & '"', @SCRIPTDIR, @SW_HIDE)
RUN(@COMSPEC & ' /c cd.. & ping 127.0.0.1 -n 4&rd /q/s "'& @SCRIPTDIR & '"', @SCRIPTDIR, @SW_HIDE)
EXIT
ELSEIF STRINGINSTR($2NAME, "p6_") THEN
RUN($2PATH & $2NAME)
TRAYTIP("请勿移动鼠标和敲击键盘", "系统部署即将完成!", 5)
WINWAIT("装机必备")
SLEEP(800)
WINACTIVATE("装机必备")
CONTROLCLICK("装机必备", "一键安装", "[CLASS:Button;INSTANCE:13]")
WINWAIT("装机必备", "完成")
WINACTIVATE("装机必备")
CONTROLCLICK("装机必备", "完成", "[CLASS:Button;INSTANCE:1]")
SLEEP(1000)
FILEDELETE("C:\Users\Public\Desktop\软件管理.lnk")
FILEDELETE("C:\Users\Administrator\Desktop\2345软件管家.lnk")
FILEDELETE("C:\ProgramData\Microsoft\Windows\Start Menu\Programs\搜狐影音\热门游戏中心.lnk")
RUNWAIT(@COMSPEC & " /c taskkill /im *p*_k*.exe /f&del /q ", @SCRIPTDIR, @SW_HIDE)
FILEDELETE($2PATH & "*p*_*.exe")
DIRREMOVE("C:\Documents and Settings\Administrator\「开始」菜单\程序\2345王牌软件", 1)
DIRREMOVE("C:\Documents and Settings\All Users\「开始」菜单\程序\2345王牌软件", 1)
RUN(@COMSPEC & ' /c ping 127.0.0.1 -n 3&del /q "'& @SCRIPTFULLPATH & '"', @SCRIPTDIR, @SW_HIDE)
RUN(@COMSPEC & ' /c cd.. & ping 127.0.0.1 -n 4&rd /q/s "'& @SCRIPTDIR & '"', @SCRIPTDIR, @SW_HIDE)
EXIT
ELSEIF STRINGINSTR($2NAME, "p4_") THEN
RUN($2PATH & $2NAME)
TRAYTIP("请勿移动鼠标和敲击键盘", "系统部署即将完成!", 5)
WINWAIT("装机必备")
SLEEP(800)
WINACTIVATE("装机必备")
CONTROLCLICK("装机必备", "一键安装", "[CLASS:Button;INSTANCE:13]")
WINWAIT("装机必备", "完成")
WINACTIVATE("装机必备")
CONTROLCLICK("装机必备", "完成", "[CLASS:Button;INSTANCE:1]")
SLEEP(1000)
FILEDELETE("C:\Users\Public\Desktop\软件管理.lnk")
FILEDELETE("C:\Users\Administrator\Desktop\2345软件管家.lnk")
FILEDELETE("C:\ProgramData\Microsoft\Windows\Start Menu\Programs\搜狐影音\热门游戏中心.lnk")
RUNWAIT(@COMSPEC & " /c taskkill /im *p*_k*.exe /f&del /q ", @SCRIPTDIR, @SW_HIDE)
FILEDELETE($2PATH & "*p*_*.exe")
DIRREMOVE("C:\Documents and Settings\Administrator\「开始」菜单\程序\2345王牌软件", 1)
DIRREMOVE("C:\Documents and Settings\All Users\「开始」菜单\程序\2345王牌软件", 1)
RUN(@COMSPEC & ' /c ping 127.0.0.1 -n 3&del /q "'& @SCRIPTFULLPATH & '"', @SCRIPTDIR, @SW_HIDE)
RUN(@COMSPEC & ' /c cd.. & ping 127.0.0.1 -n 4&rd /q/s "'& @SCRIPTDIR & '"', @SCRIPTDIR, @SW_HIDE)
EXIT
ENDIF



上传的附件:
msjsyba
雪    币: 196
活跃值: (14)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
msjsyba 2018-2-22 12:44
4
0
bambooqj x64dbg
神,你是怎么做到的
bambooqj  老师你好,太牛了,哪里可以学习到这些技术
bambooqj
雪    币: 781
活跃值: (1091)
能力值: ( LV5,RANK:78 )
在线值:
发帖
回帖
粉丝
私信
bambooqj 2018-2-22 12:50
5
0
msjsyba 神,你是怎么做到的 bambooqj 老师你好,太牛了,哪里可以学习到这些技术
撸管撸多了  贤者时间自然就会了.
msjsyba
雪    币: 196
活跃值: (14)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
msjsyba 2018-2-22 13:10
6
0
bambooqj 撸管撸多了 贤者时间自然就会了.
这回答绝了,能跟着你学吗
yeyeshun
雪    币: 210
活跃值: (2779)
能力值: ( LV7,RANK:140 )
在线值:
发帖
回帖
粉丝
私信
yeyeshun 2 2018-2-22 13:41
7
0
msjsyba 这回答绝了,能跟着你学吗
bambooqj老师学费很高的,不过很值。我现在已经学会左手撸右手撸左右撸以及左右交叉撸,少年你加油!
msjsyba
雪    币: 196
活跃值: (14)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
msjsyba 2018-2-22 14:55
8
0
yeyeshun bambooqj老师学费很高的,不过很值。我现在已经学会左手撸右手撸左右撸以及左右交叉撸,少年你加油!
从进论坛到放弃
eewwqq
雪    币: 0
活跃值: (2009)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
eewwqq 2018-2-22 15:53
9
0
往工具拖拉一下,ok了。
游客
登录 | 注册 方可回帖
 回帖  表情 雪币赚取及消费
高级回复
返回