能力值:
( LV9,RANK:170 )
|
-
-
2 楼
自己做个小explorer,想怎么调就怎么调~~~
如果你没有手脱armadillo CopyMem的经验,建议放弃~~~
用OD加载这个explorer.exe,并运行,下CreateProcessA断点,然后在你的电脑中运行epe非s加壳的程序,如果顺利的话,就会在CreateProcessA中断下,如果想调试父进程,就在od中继续调试就是;如果想调试子进程,把CreateProcessA的CreateFLag设为0,然后运行,这时子进程就会在四个cc处异常,而弹出异常窗口,然后你就可以用od调了(前提是你设置OD为即时调试器)。
|
能力值:
( LV2,RANK:10 )
|
-
-
3 楼
咋做????
|
能力值:
( LV2,RANK:10 )
|
-
-
4 楼
怎么做,要注意哪些
还有我不是想脱他,我只要能调试
|
能力值:
( LV2,RANK:10 )
|
-
-
5 楼
谢谢!skylly
|
能力值:
( LV2,RANK:10 )
|
-
-
6 楼
在问下,他的四个CC怎么跳过呢?怎么能让程序正常运行!
|
能力值:
( LV9,RANK:170 )
|
-
-
7 楼
你看看父进程是怎么处理它的就知道了,说了,这个壳不建议新手来看, 
并不是别人指点一两句甚至写一篇教程就能轻易学会的
|
能力值:
( LV2,RANK:10 )
|
-
-
8 楼
这个壳要怎么脱才OK呢`各位老大`
|
能力值:
( LV2,RANK:10 )
|
-
-
9 楼
哎.这个壳好难哦
|
能力值:
( LV4,RANK:50 )
|
-
-
10 楼
FLY大侠, 为什么我脱出来的程序API NAME部分被修改了呢?
有一些如:312 140 265 这种格式的API NAME
还请赐教。
|
能力值:
( LV2,RANK:10 )
|
-
-
11 楼
只要能调试起来,请EPE高手帮忙解决下啊!泪流满面的感激
|
能力值:
![]()
(RANK:1130 )
|
-
-
12 楼
用SoftICE
|
能力值:
![]()
(RANK:650 )
|
-
-
13 楼
LEAVECRITICALSECTION=1
ENTERCRITICALSECTION=2
INITIALIZECRITICALSECTION=3
VIRTUALFREE=4
VIRTUALALLOC=5
LOCALFREE=6
LOCALALLOC=7
GETCURRENTTHREADID=8
INTERLOCKEDDECREMENT=9
INTERLOCKEDINCREMENT=10
VIRTUALQUERY=11
WIDECHARTOMULTIBYTE=12
SETCURRENTDIRECTORYA=13
MULTIBYTETOWIDECHAR=14
LSTRLENA=15
LSTRCPYNA=16
LOADLIBRARYEXA=17
GETTHREADLOCALE=18
GETSTARTUPINFOA=19
GETPROCADDRESS=20
GETMODULEHANDLEA=21
GETMODULEFILENAMEA=22
GETLOCALEINFOA=23
GETLASTERROR=24
GETCURRENTDIRECTORYA=25
GETCOMMANDLINEA=26
FREELIBRARY=27
FINDFIRSTFILEA=28
FINDCLOSE=29
EXITPROCESS=30
EXITTHREAD=31
CREATETHREAD=32
WRITEFILE=33
UNHANDLEDEXCEPTIONFILTER=34
SETFILEPOINTER=35
SETENDOFFILE=36
READFILE=38
RAISEEXCEPTION=39
GETSTDHANDLE=40
GETFILESIZE=41
GETSYSTEMTIME=42
GETFILETYPE=43
CREATEFILEA=44
CLOSEHANDLE=45
GETKEYBOARDTYPE=46
LOADSTRINGA=47
MESSAGEBOXA=48
CHARNEXTA=49
REGQUERYVALUEEXA=50
REGOPENKEYEXA=51
REGCLOSEKEY=52
TLSSETVALUE=56
TLSGETVALUE=57
TLSFREE=58
TLSALLOC=59
LOCALFREE=60
LOCALALLOC=61
REGSETVALUEEXA=62
REGQUERYVALUEEXA=63
REGOPENKEYEXA=64
REGFLUSHKEY=65
REGCREATEKEYEXA=66
REGCLOSEKEY=67
OPENPROCESSTOKEN=68
LOOKUPPRIVILEGEVALUEA=69
GETUSERNAMEA=70
ADJUSTTOKENPRIVILEGES=71
LSTRCPYA=72
LSTRCMPA=73
WRITEPROCESSMEMORY=74
WRITEFILEEX=75
WRITEFILE=76
WAITFORSINGLEOBJECT=77
WAITFORDEBUGEVENT=78
VIRTUALQUERY=79
VIRTUALPROTECT=80
VIRTUALFREE=81
VIRTUALALLOC=82
UNMAPVIEWOFFILE=83
TERMINATETHREAD=84
TERMINATEPROCESS=85
SUSPENDTHREAD=86
SLEEP=87
SIZEOFRESOURCE=88
SETTHREADLOCALE=89
SETTHREADCONTEXT=90
SETLASTERROR=91
SETFILEPOINTER=92
SETEVENT=93
SETERRORMODE=94
SETENDOFFILE=95
RESUMETHREAD=96
RESETEVENT=97
REMOVEDIRECTORYA=98
READPROCESSMEMORY=99
READFILEEX=100
READFILE=101
QUERYPERFORMANCECOUNTER=102
OUTPUTDEBUGSTRINGA=103
OPENPROCESS=104
OPENMUTEXA=105
OPENFILEMAPPINGW=106
OPENFILEMAPPINGA=107
MULDIV=108
MAPVIEWOFFILEEX=109
MAPVIEWOFFILE=110
LOCKRESOURCE=111
LOADRESOURCE=112
LOADLIBRARYEXA=113
LOADLIBRARYW=114
LOADLIBRARYA=115
LEAVECRITICALSECTION=116
INITIALIZECRITICALSECTION=117
HEAPFREE=118
HEAPALLOC=119
GLOBALUNLOCK=120
GLOBALREALLOC=121
GLOBALHANDLE=122
GLOBALLOCK=123
GLOBALFREE=124
GLOBALFINDATOMA=125
GLOBALDELETEATOM=126
GLOBALALLOC=127
GLOBALADDATOMA=128
GETWINDOWSDIRECTORYA=129
GETVOLUMEINFORMATIONW=130
GETVOLUMEINFORMATIONA=131
GETVERSIONEXA=132
GETVERSION=133
GETTICKCOUNT=134
GETTHREADLOCALE=135
GETTHREADCONTEXT=136
GETTEMPPATHA=137
GETSYSTEMTIME=138
GETSYSTEMINFO=139
GETSYSTEMDIRECTORYW=140
GETSYSTEMDIRECTORYA=141
GETSTRINGTYPEEXA=142
GETSTDHANDLE=143
GETSTARTUPINFOA=144
GETPROFILESTRINGA=145
GETPROCADDRESS=146
GETMODULEHANDLEW=147
GETMODULEHANDLEA=148
GETMODULEFILENAMEW=149
GETMODULEFILENAMEA=150
GETLOCALEINFOA=151
GETLOCALTIME=152
GETLASTERROR=153
GETFILEATTRIBUTESA=154
GETEXITCODETHREAD=155
GETENVIRONMENTVARIABLEA=156
GETDISKFREESPACEA=157
GETDATEFORMATA=158
GETCURRENTTHREADID=159
GETCURRENTTHREAD=160
GETCURRENTPROCESSID=161
GETCURRENTPROCESS=162
GETCURRENTDIRECTORYA=163
GETCOMPUTERNAMEA=164
GETCOMMANDLINEA=165
GETCPINFO=166
GETACP=167
FREERESOURCE=168
FREELIBRARY=169
FORMATMESSAGEA=170
FINDRESOURCEA=171
FINDFIRSTFILEA=172
FILETIMETOLOCALFILETIME=174
FILETIMETODOSDATETIME=175
EXITPROCESS=176
ENUMCALENDARINFOA=177
ENTERCRITICALSECTION=178
DEVICEIOCONTROL=179
DELETEFILEW=180
DELETEFILEA=181
CREATETHREAD=182
CREATEPROCESSA=183
CREATEMUTEXA=184
CREATEFILEMAPPINGW=185
CREATEFILEMAPPINGA=186
CREATEFILEW=187
CREATEFILEA=188
CREATEEVENTA=189
CREATEDIRECTORYA=190
CONTINUEDEBUGEVENT=191
COMPARESTRINGA=192
CLOSEHANDLE=193
WINDOWFROMPOINT=194
WINDOWFROMDC=195
WINHELPA=196
WAITMESSAGE=197
WAITFORINPUTIDLE=198
UPDATEWINDOW=199
UNREGISTERCLASSA=200
UNHOOKWINDOWSHOOKEX=201
TRANSLATEMESSAGE=202
TRANSLATEMDISYSACCEL=203
TRACKPOPUPMENU=204
SYSTEMPARAMETERSINFOA=205
SHOWWINDOW=206
SHOWSCROLLBAR=207
SHOWOWNEDPOPUPS=208
SHOWCURSOR=209
SETTIMER=210
SETSCROLLRANGE=211
SETSCROLLPOS=212
SETSCROLLINFO=213
SETRECT=214
SETPROPA=215
SETMENUITEMINFOA=216
SETMENU=217
SETFOREGROUNDWINDOW=218
SETFOCUS=219
SETCURSOR=220
SETCLASSLONGA=221
SETCAPTURE=222
SETACTIVEWINDOW=223
SENDMESSAGEW=224
SENDMESSAGEA=225
SCROLLWINDOW=226
SCREENTOCLIENT=227
REMOVEPROPA=228
REMOVEMENU=229
RELEASEDC=230
RELEASECAPTURE=231
REGISTERWINDOWMESSAGEA=232
REGISTERCLIPBOARDFORMATA=233
REGISTERCLASSA=235
REDRAWWINDOW=234
PTINRECT=236
POSTQUITMESSAGE=237
POSTMESSAGEW=238
POSTMESSAGEA=239
PEEKMESSAGEA=240
OFFSETRECT=241
OEMTOCHARA=242
MSGWAITFORMULTIPLEOBJECTS=243
MESSAGEBOXA=244
MAPWINDOWPOINTS=245
MAPVIRTUALKEYA=246
LOCKWINDOWUPDATE=247
LOADSTRINGA=248
LOADKEYBOARDLAYOUTA=249
LOADICONA=250
LOADCURSORA=251
LOADBITMAPA=252
KILLTIMER=253
ISZOOMED=254
ISWINDOWVISIBLE=255
ISWINDOWENABLED=256
ISWINDOW=257
ISRECTEMPTY=258
ISICONIC=259
ISDIALOGMESSAGEA=260
ISCHILD=261
INVALIDATERECT=262
INTERSECTRECT=263
INSERTMENUITEMA=264
INSERTMENUA=265
INFLATERECT=266
GETWINDOWTHREADPROCESSID=267
GETWINDOWTEXTA=268
GETWINDOWRGN=269
GETWINDOWRECT=270
GETWINDOWPLACEMENT=271
GETWINDOWLONGA=272
GETWINDOWDC=273
GETUPDATERECT=274
GETTOPWINDOW=275
GETSYSTEMMETRICS=276
GETSYSTEMMENU=277
GETSYSCOLOR=278
GETSUBMENU=279
GETSCROLLRANGE=280
GETSCROLLPOS=281
GETSCROLLINFO=282
GETPROPA=283
GETPARENT=284
GETWINDOW=285
GETMESSAGEPOS=286
GETMENUSTRINGA=287
GETMENUSTATE=288
GETMENUITEMRECT=289
GETMENUITEMINFOA=290
GETMENUITEMID=291
GETMENUITEMCOUNT=292
GETMENU=293
GETLASTACTIVEPOPUP=294
GETKEYBOARDSTATE=295
GETKEYBOARDLAYOUTLIST=296
GETKEYBOARDLAYOUT=297
GETKEYSTATE=298
GETKEYNAMETEXTA=299
GETICONINFO=300
GETFOREGROUNDWINDOW=301
GETFOCUS=302
GETDESKTOPWINDOW=303
GETDCEX=304
GETDC=305
GETCURSORPOS=306
GETCURSOR=307
GETCLIPBOARDDATA=308
GETCLIENTRECT=309
GETCLASSNAMEA=310
GETCLASSINFOA=311
GETACTIVEWINDOW=313
FRAMERECT=314
FINDWINDOWA=315
FILLRECT=316
EQUALRECT=317
ENUMWINDOWS=318
ENUMTHREADWINDOWS=319
ENDPAINT=320
ENDDEFERWINDOWPOS=321
ENABLEWINDOW=322
ENABLESCROLLBAR=323
ENABLEMENUITEM=324
DRAWTEXTEXA=325
DRAWTEXTA=326
DRAWMENUBAR=327
DRAWICONEX=328
DRAWICON=329
DRAWFRAMECONTROL=330
DRAWFOCUSRECT=331
DRAWEDGE=332
DISPATCHMESSAGEA=333
DESTROYWINDOW=334
DESTROYMENU=335
DESTROYICON=336
DESTROYCURSOR=337
DELETEMENU=338
DEFERWINDOWPOS=339
DEFWINDOWPROCA=340
DEFMDICHILDPROCA=341
DEFFRAMEPROCA=342
CREATEWINDOWEXA=343
CREATEPOPUPMENU=345
CREATEMENU=344
CREATEICON=346
CLOSEWINDOW=347
CLIENTTOSCREEN=348
CHILDWINDOWFROMPOINT=349
CHECKMENUITEM=350
CALLWINDOWPROCA=351
CALLNEXTHOOKEX=352
BEGINPAINT=353
BEGINDEFERWINDOWPOS=354
CHARNEXTA=355
CHARLOWERBUFFA=356
CHARLOWERA=357
ADJUSTWINDOWRECTEX=358
ACTIVATEKEYBOARDLAYOUT=359
SLEEP=360
SHELLEXECUTEA=397
QUERYSERVICESTATUS=398
OPENSERVICEW=399
OPENSERVICEA=400
OPENSCMANAGERW=401
OPENSCMANAGERA=402
CLOSESERVICEHANDLE=403
NETBIOS=404
|
能力值:
![]()
(RANK:1130 )
|
-
-
14 楼
shoooo的信息对想写静态脱壳机的非常有帮助
不明白2个sleep有什么区别?
|
|
|
|
