[求助]dillodie1.6脱arm出现的问题,请高手看看-付费问答-看雪-安全社区|安全招聘|kanxue.com

[旧帖] [求助]dillodie1.6脱arm出现的问题,请高手看看 0.00雪花

发表于: 2007-3-9 14:13 3490

[旧帖] [求助]dillodie1.6脱arm出现的问题,请高手看看 0.00雪花

pumk

2007-3-9 14:13

3490

用armfp看，壳的保护为:
======== 09-03-2007 14:10:29 ========
C:\Program Files\Ten Pin Championship Bowling\bowling.exe
★ 目标为Armadillo保护
★ 特征识别 = 0498EC78
保护系统级别为 (标准版)
◆所用到的保护模式有◆
标准保护或最小保护模式
【备份密钥设置】
固定的备份密钥
【程序压缩设置】
最好/最慢地压缩方式
【其它保护设置】

用peid看，是
Armadillo 3.00a - 3.61 -> Silicon Realms Toolworks [Overlay]

于是用主页上的dillodie1.6进行脱壳，但是进行到一半就停住了，提示为：

CreateProcess...
--> Filename: bowling.exe
--> Process ID: 00000CB4
New Thread created. ID: 00000D4C
New Thread created. ID: 00000D84
New Thread created. ID: 00000168
New Thread created. ID: 000008A4
New Thread created. ID: 00000D54
IAT Initialization hooked...
--> 00B3F8D7
Rebuilding Import Table...
--> Thunk @ 2000703C = KERNEL32.dll!CreateFileA
--> Thunk @ 20007040 = KERNEL32.dll!GlobalAlloc
--> Thunk @ 20007044 = KERNEL32.dll!GetTempPathA
--> Thunk @ 20007048 = KERNEL32.dll!_lwrite
--> Thunk @ 2000704C = KERNEL32.dll!_lread
--> Thunk @ 20007050 = KERNEL32.dll!_llseek
--> Thunk @ 20007054 = KERNEL32.dll!_lopen
--> Thunk @ 20007058 = KERNEL32.dll!_lclose
--> Thunk @ 2000705C = KERNEL32.dll!GetSystemDefaultLangID
--> Thunk @ 20007060 = KERNEL32.dll!GlobalUnlock
--> Thunk @ 20007064 = KERNEL32.dll!GlobalLock
--> Thunk @ 20007068 = KERNEL32.dll!FindNextFileA
--> Thunk @ 2000706C = KERNEL32.dll!FindFirstFileA
--> Thunk @ 20007070 = KERNEL32.dll!RemoveDirectoryA
--> Thunk @ 20007074 = KERNEL32.dll!FindClose
--> Thunk @ 20007078 = KERNEL32.dll!DeleteFileA
--> Thunk @ 2000707C = KERNEL32.dll!CreateDirectoryA
--> Thunk @ 20007080 = KERNEL32.dll!GlobalFree
--> Thunk @ 20007084 = KERNEL32.dll!GetCurrentDirectoryA
--> Thunk @ 20007088 = KERNEL32.dll!WinExec
--> Thunk @ 2000708C = KERNEL32.dll!LoadLibraryA
--> Thunk @ 20007090 = KERNEL32.dll!_lcreat
--> Thunk @ 20007094 = KERNEL32.dll!SetErrorMode
--> Thunk @ 20007098 = KERNEL32.dll!SetCurrentDirectoryA
--> Thunk @ 2000709C = KERNEL32.dll!DeleteCriticalSection
--> Thunk @ 200070A0 = KERNEL32.dll!InitializeCriticalSection
--> Thunk @ 200070A4 = KERNEL32.dll!GetStringTypeW
--> Thunk @ 200070A8 = KERNEL32.dll!GetStringTypeA
--> Thunk @ 200070AC = KERNEL32.dll!LCMapStringW
--> Thunk @ 200070B0 = KERNEL32.dll!LCMapStringA
--> Thunk @ 200070B4 = KERNEL32.dll!MultiByteToWideChar
--> Thunk @ 200070B8 = KERNEL32.dll!GetOEMCP
--> Thunk @ 200070BC = KERNEL32.dll!GetACP
--> Thunk @ 200070C0 = KERNEL32.dll!GetCPInfo
--> Thunk @ 200070C4 = KERNEL32.dll!SetFilePointer
--> Thunk @ 200070C8 = KERNEL32.dll!FlushFileBuffers
--> Thunk @ 200070CC = KERNEL32.dll!SetStdHandle
--> Thunk @ 200070D0 = KERNEL32.dll!HeapReAlloc
--> Thunk @ 200070D4 = KERNEL32.dll!VirtualAlloc
--> Thunk @ 200070D8 = KERNEL32.dll!HeapAlloc
--> Thunk @ 200070DC = KERNEL32.dll!WriteFile
--> Thunk @ 200070E0 = KERNEL32.dll!RtlUnwind
--> Thunk @ 200070E4 = KERNEL32.dll!VirtualFree
--> Thunk @ 200070E8 = KERNEL32.dll!HeapCreate
--> Thunk @ 200070EC = KERNEL32.dll!GetModuleHandleA
--> Thunk @ 200070F0 = KERNEL32.dll!EnterCriticalSection
--> Thunk @ 200070F4 = KERNEL32.dll!GetProcAddress
--> Thunk @ 200070F8 = KERNEL32.dll!GetSystemDirectoryA
--> Thunk @ 200070FC = KERNEL32.dll!LeaveCriticalSection
--> Thunk @ 20007100 = KERNEL32.dll!TlsGetValue
--> Thunk @ 20007104 = KERNEL32.dll!FreeLibrary
--> Thunk @ 20007108 = KERNEL32.dll!GetModuleFileNameA
--> Thunk @ 2000710C = KERNEL32.dll!CreateThread
--> Thunk @ 20007110 = KERNEL32.dll!CloseHandle
--> Thunk @ 20007114 = KERNEL32.dll!GetLastError
--> Thunk @ 20007118 = KERNEL32.dll!GetFileAttributesA
--> Thunk @ 2000711C = KERNEL32.dll!ExitProcess
--> Thunk @ 20007120 = KERNEL32.dll!TerminateProcess
--> Thunk @ 20007124 = KERNEL32.dll!GetCurrentProcess
--> Thunk @ 20007128 = KERNEL32.dll!GetStartupInfoA
--> Thunk @ 2000712C = KERNEL32.dll!GetCommandLineA
--> Thunk @ 20007130 = KERNEL32.dll!GetVersion
--> Thunk @ 20007134 = KERNEL32.dll!HeapDestroy
--> Thunk @ 20007138 = KERNEL32.dll!GetEnvironmentStrings
--> Thunk @ 2000713C = KERNEL32.dll!WideCharToMultiByte
--> Thunk @ 20007140 = KERNEL32.dll!SetLastError
--> Thunk @ 20007144 = KERNEL32.dll!HeapFree
--> Thunk @ 20007148 = KERNEL32.dll!UnhandledExceptionFilter
--> Thunk @ 2000714C = KERNEL32.dll!FreeEnvironmentStringsA
--> Thunk @ 20007150 = KERNEL32.dll!FreeEnvironmentStringsW
--> Thunk @ 20007154 = KERNEL32.dll!TlsAlloc
--> Thunk @ 20007158 = KERNEL32.dll!GetEnvironmentStringsW
--> Thunk @ 2000715C = KERNEL32.dll!SetHandleCount
--> Thunk @ 20007160 = KERNEL32.dll!GetStdHandle
--> Thunk @ 20007164 = KERNEL32.dll!GetFileType
--> Thunk @ 20007168 = KERNEL32.dll!GetCurrentThreadId
--> Thunk @ 2000716C = KERNEL32.dll!TlsSetValue
--> Thunk @ 20007174 = USER32.dll!GetWindowLongA
--> Thunk @ 20007178 = USER32.dll!ReleaseDC
--> Thunk @ 2000717C = USER32.dll!SetWindowLongA
--> Thunk @ 20007180 = USER32.dll!DefWindowProcA
--> Thunk @ 20007184 = USER32.dll!PostQuitMessage
--> Thunk @ 20007188 = USER32.dll!InvalidateRect
--> Thunk @ 2000718C = USER32.dll!GetDC
--> Thunk @ 20007190 = USER32.dll!EndPaint
--> Thunk @ 20007194 = USER32.dll!LoadStringA
--> Thunk @ 20007198 = USER32.dll!MessageBoxA
--> Thunk @ 2000719C = USER32.dll!ExitWindowsEx
--> Thunk @ 200071A0 = USER32.dll!PostThreadMessageA
--> Thunk @ 200071A4 = USER32.dll!LoadImageA
--> Thunk @ 200071A8 = USER32.dll!AdjustWindowRectEx
--> Thunk @ 200071AC = USER32.dll!GetDesktopWindow
--> Thunk @ 200071B0 = USER32.dll!GetWindowRect
--> Thunk @ 200071B4 = USER32.dll!CreateWindowExA
--> Thunk @ 200071B8 = USER32.dll!ShowWindow
--> Thunk @ 200071BC = USER32.dll!UpdateWindow
--> Thunk @ 200071C0 = USER32.dll!LoadCursorA
--> Thunk @ 200071C4 = USER32.dll!RegisterClassA
--> Thunk @ 200071C8 = USER32.dll!GetMessageA
--> Thunk @ 200071CC = USER32.dll!TranslateMessage
--> Thunk @ 200071D0 = USER32.dll!DispatchMessageA
--> Thunk @ 200071D4 = USER32.dll!DestroyWindow
--> Thunk @ 200071D8 = USER32.dll!BeginPaint
--> Thunk @ 20007010 = GDI32.dll!CreatePalette
--> Thunk @ 20007014 = GDI32.dll!BitBlt
--> Thunk @ 20007018 = GDI32.dll!SelectObject
--> Thunk @ 2000701C = GDI32.dll!RealizePalette
--> Thunk @ 20007020 = GDI32.dll!UnrealizeObject
--> Thunk @ 20007024 = GDI32.dll!DeleteObject
--> Thunk @ 20007028 = GDI32.dll!DeleteDC
--> Thunk @ 2000702C = GDI32.dll!CreateCompatibleDC
--> Thunk @ 20007030 = GDI32.dll!SelectPalette
--> Thunk @ 20007034 = GDI32.dll!GetObjectA
--> Thunk @ 20007000 = ADVAPI32.dll!RegOpenKeyExA
--> Thunk @ 20007004 = ADVAPI32.dll!RegQueryValueA
--> Thunk @ 20007008 = ADVAPI32.dll!RegCloseKey
Call OEP hooked...
--> 00B42135
--> 00B4215B
New Thread created. ID: 000001B4
New Thread created. ID: 00000D60
Error, Terminating Process...

请问是什么原因造成的？？？难道这不是一个标准壳，所以不能用脱壳机？

[课程]FART 脱壳王！加量不加价！FART作者讲授！

收藏・0

免费・0

支持

分享

分享到微信

分享到QQ

分享到微博

赞赏记录

参与人

雪币

留言

时间

查看更多

赞赏

1 雪花 5 雪花 10 雪花 20 雪花 50 雪花 80 雪花 100 雪花 150 雪花 200 雪花

支付方式：微信支付

赞赏留言：

最新回复 (1)

fly

雪币： 898

活跃值： (4039)

能力值： ( LV9，RANK：3410 )

在线值：

发帖

294

回帖

7686

粉丝

32

关注

私信

fly 85

2 楼

dillodie 当然也不是万能的
还是多学习手动脱壳吧

2007-3-9 21:39

0

游客

登录 | 注册方可回帖

回帖表情雪币赚取及消费

高级回复

返回

最新回复 (1)
fly 雪币： 898 活跃值： (4039) 能力值： ( LV9，RANK：3410 ) 在线值：发帖 294 回帖 7686 粉丝 32 关注私信	fly 85 2 楼 dillodie 当然也不是万能的还是多学习手动脱壳吧 2007-3-9 21:39 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

pumk

10

发帖

35

回帖

10

RANK

关注

私信

他的文章

[已解决]请问如何用OD调试c#程序？ 7807

[求助]我脱一个arm 3.5壳的详细步骤，请高手看看在哪里出错了？？ 6737

arm3.5a标准保护，需要key，但是不需要机器指纹，请问能不能用“字串参考”来破解？ 3552

脱arm壳，用GetModuleHandleA做硬件断点的返回时机究竟是怎么确定的？？ 4542

关于我们

联系我们

企业服务

看雪公众号

专注于PC、移动、智能设备安全研究及逆向工程的开发者社区

看原图