[讨论]这个是themida的新antidebug吗？-加壳脱壳-看雪-安全社区|安全招聘|kanxue.com

[讨论]这个是themida的新antidebug吗？

发表于: 2007-8-2 22:42 9528

[讨论]这个是themida的新antidebug吗？

girl

2007-8-2 22:42

9528

////////////////////////////////////////////////////
xp
////////////////////////////////////////////////////
7C809E01 Breakpoint at kernel32.IsBadReadPtr
         ----------------------------------
         [tmp] = 00936EF5
         [tmp] = 00242000
         [tmp] = 00000004
         ----------------------------------
7C809E01 Breakpoint at kernel32.IsBadReadPtr
         ----------------------------------
         [tmp] = 00936EF5
         [tmp] = 00243000
         [tmp] = 00000004
         ----------------------------------
7C809E01 Breakpoint at kernel32.IsBadReadPtr
         ----------------------------------
         [tmp] = 00936EF5
         [tmp] = 00244000
         [tmp] = 00000004
         ----------------------------------
7C809E01 Breakpoint at kernel32.IsBadReadPtr
         ----------------------------------
         [tmp] = 00936EF5
         [tmp] = 00245000
         [tmp] = 00000004
         ----------------------------------
7C809E01 Breakpoint at kernel32.IsBadReadPtr
         ----------------------------------
         [tmp] = 00936EF5
         [tmp] = 00246000
         [tmp] = 00000004
         ----------------------------------
7C809E3A Access violation in KERNEL32 ignored on request
7C809E01 Breakpoint at kernel32.IsBadReadPtr
         ----------------------------------
         [tmp] = 00936F8E | ASCII "h["
         [tmp] = 00245FF0
         [tmp] = 00000010
         ----------------------------------

////////////////////////////////////////////////////
2003
////////////////////////////////////////////////////

7C82B267 Breakpoint at kernel32.IsBadReadPtr
         ----------------------------------
         [tmp] = 00936EF5
         [tmp] = 7C9BA000
         [tmp] = 00000004
         ----------------------------------
7C82B267 Breakpoint at kernel32.IsBadReadPtr
         ----------------------------------
         [tmp] = 00936EF5
         [tmp] = 7C9BB000
         [tmp] = 00000004
         ----------------------------------
7C82B267 Breakpoint at kernel32.IsBadReadPtr
         ----------------------------------
         [tmp] = 00936EF5
         [tmp] = 7C9BC000
         [tmp] = 00000004
         ----------------------------------
7C82B267 Breakpoint at kernel32.IsBadReadPtr
         ----------------------------------
         [tmp] = 00936EF5
         [tmp] = 7C9BD000
         [tmp] = 00000004
         ----------------------------------
7C82B267 Breakpoint at kernel32.IsBadReadPtr
         ----------------------------------
         [tmp] = 00936EF5

7C9BC000这个是在ntdll里，00246000在exe前

2003里最后异常了，没显示后2个参数，也没继续下去，等知道themida想干吗后，再看看osc插件的问题

[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入！

收藏・1

免费・0

支持

最新回复 (16)
okdodo 雪币： 233 活跃值： (10) 能力值： ( LV6，RANK：90 ) 在线值：发帖 12 回帖 396 粉丝 1 关注私信	okdodo 2 2 楼试了几个新版的测试程序还没发现新ANTI ~ 2007-8-3 08:18 0
skylly 雪币： 304 活跃值： (82) 能力值： ( LV9，RANK：170 ) 在线值：发帖 70 回帖 1087 粉丝 2 关注私信	skylly 4 3 楼貌似不是~` 2007-8-3 09:48 0
girl 雪币： 214 活跃值： (40) 能力值： ( LV4，RANK：50 ) 在线值：发帖 8 回帖 289 粉丝 0 关注私信	girl 1 4 楼你们的od可以跑themida 1.9.1.0吗？我的od不行 2007-8-3 17:37 0
whrcartoon 雪币： 207 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 18 回帖 73 粉丝 0 关注私信	whrcartoon 5 楼跑themida 1.9.1.0, 我的od不行, 不知道具体检测手段, 只会用脚本, 新的就不行了, 正在跟踪antidebug 2007-8-3 18:11 0
海风月影雪币： 7309 活跃值： (3788) 能力值： (RANK：1130 ) 在线值：发帖 93 回帖 2308 粉丝 119 关注私信	海风月影 22 6 楼用hidetoolz试试，选上anti-anti debug,hide window HideOD把ZwQueryInformationProcess去掉试试 2007-8-3 20:44 0
girl 雪币： 214 活跃值： (40) 能力值： ( LV4，RANK：50 ) 在线值：发帖 8 回帖 289 粉丝 0 关注私信	girl 1 7 楼是修改ZwQueryInformationProcess的问题壳有检查ZwQueryInformationProcess代码包含jmp xxxx地址，就出错 push xxxx,ret就没问题但还是过不去，一个新的问题。。 File 'E:\crack\pack\Themida_v1.9.1.0\Themida.exe' New process with ID 00000F38 created 00833014 Main thread with ID 00000350 created hide SendMessage 00400000 Module E:\crack\pack\Themida_v1.9.1.0\Themida.exe 00401000 Code size in header is 0029A000, extending to size of section ' ' CRC changed, discarding .udd data 77B70000 Module C:\WINDOWS\system32\msvcrt.dll 77BD0000 Module C:\WINDOWS\system32\GDI32.dll CRC changed, discarding .udd data Debugging information (PDB format) available 77C20000 Module C:\WINDOWS\system32\RPCRT4.dll CRC changed, discarding .udd data Debugging information (PDB format) available 77CD0000 Module C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.2778_x-ww_A8F04F11\COMCTL32.dll 77E10000 Module C:\WINDOWS\system32\USER32.dll CRC changed, discarding .udd data Debugging information (PDB format) available 77EB0000 Module C:\WINDOWS\system32\SHLWAPI.dll 77F30000 Module C:\WINDOWS\system32\ADVAPI32.dll CRC changed, discarding .udd data Debugging information (PDB format) available 7C800000 Module C:\WINDOWS\system32\kernel32.dll CRC changed, discarding .udd data 7C930000 Module C:\WINDOWS\system32\ntdll.dll CRC changed, discarding .udd data Debugging information (PDB format) available 76180000 Module C:\WINDOWS\system32\IMM32.DLL 63090000 Module C:\WINDOWS\system32\LPK.DLL 00833014 Program entry point CreateFile = 7C801A64 7C801A64 Breakpoint at kernel32.7C801A64 7C801A64 Breakpoint at kernel32.7C801A64 7C801A64 Breakpoint at kernel32.7C801A64 GetFileSize = 7C82F0D0 \| kernel32.GetFileSize 00CD4540 Illegal instruction 00CD4667 Privileged instruction 7C82F0D0 Hardware breakpoint 1 at kernel32.GetFileSize 7C82BF12 Breakpoint at kernel32.7C82BF12 count = 00000001 7C82BF12 Breakpoint at kernel32.7C82BF12 count = 00000002 7C82BF12 Breakpoint at kernel32.7C82BF12 count = 00000003 00CDEDFA Hardware breakpoint 1 at <Themida.getapi3> 74AE0000 Module C:\WINDOWS\system32\USP10.dll 7C82307E Breakpoint at kernel32.7C82307E 7C82B5F3 New thread with ID 00000090 created 7C82B5F3 New thread with ID 00000C70 created 7C82B5F3 New thread with ID 000009F8 created 7C82B5F3 New thread with ID 000008E0 created 7C82B5F3 New thread with ID 00000ED0 created 7C82B5F3 New thread with ID 0000021C created 7C82B5F3 New thread with ID 00000A0C created 7C82B5F3 New thread with ID 00000C04 created 7C82B5F3 New thread with ID 00000E44 created 7C82B5F3 New thread with ID 00000C34 created 7C82B5F3 New thread with ID 00000B2C created 7C82B5F3 New thread with ID 000000E4 created 7C82B5F3 New thread with ID 000006B8 created 7C82B5F3 New thread with ID 00000E80 created 7C82B5F3 New thread with ID 00000FF4 created 7C82B5F3 New thread with ID 00000998 created 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C8056BD \| kernel32.SetEnvironmentVariableA [esp] = 00CFF81D ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 77E22F48 \| USER32.GetForegroundWindow [esp] = 00D028B6 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 77E3269F \| USER32.GetWindowTextA [esp] = 00D02A05 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C828537 \| kernel32.GetProcessHeap [esp] = 00D0755C ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C80616D \| kernel32.DeleteFileA [esp] = 00D07606 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C825FA0 \| kernel32.GetModuleFileNameA [esp] = 00D07626 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82DC40 \| kernel32.WideCharToMultiByte [esp] = 00D07646 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82BCAC \| kernel32.MultiByteToWideChar [esp] = 00D07666 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82C602 \| kernel32.GetFullPathNameA [esp] = 00D07686 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82ECCD \| kernel32.GetCurrentProcess [esp] = 00D076A6 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C803C91 \| kernel32.GetCurrentDirectoryA [esp] = 00D076C6 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C816F84 \| kernel32.SetCurrentDirectoryA [esp] = 00D076E6 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C80E277 \| kernel32.ExpandEnvironmentStringsA [esp] = 00D07706 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C828990 \| kernel32.lstrcmpiA [esp] = 00D07726 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C8222C6 \| kernel32.lstrcpyA [esp] = 00D07746 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82EF38 \| kernel32.lstrlenA [esp] = 00D0776C ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C817722 \| kernel32.lstrcpynA [esp] = 00D0778C ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C820CB9 \| kernel32.lstrcmpA [esp] = 00D077AC ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C80C3A6 \| kernel32.GetSystemDirectoryA [esp] = 00D077CC ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C834FA4 \| kernel32.CreateActCtxA [esp] = 00D077EC ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82A78A \| kernel32.ActivateActCtx [esp] = 00D0780C ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C80DCF1 \| kernel32.GetWindowsDirectoryA [esp] = 00D0782C ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82F42E \| kernel32.WriteFile [esp] = 00D0784C ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C801FC3 \| kernel32.VirtualProtect [esp] = 00D0786C ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C827B80 \| kernel32.FreeLibrary [esp] = 00D078AA ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C801D74 \| kernel32.LoadLibraryExA [esp] = 00D078E8 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82BFF1 \| kernel32.GetProcAddress [esp] = 00D07926 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C825FA0 \| kernel32.GetModuleFileNameA [esp] = 00D07964 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C80DED7 \| kernel32.GetModuleHandleExA [esp] = 00D079AF ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C826404 \| kernel32.GetModuleHandleA [esp] = 00D079ED ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82C1EA \| kernel32.CloseHandle [esp] = 00D07A2B ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C8098E6 \| kernel32.SearchPathA [esp] = 00D07A69 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C822528 \| kernel32.GetFileInformationByHandle [esp] = 00D07AA7 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C827CCE \| kernel32.DuplicateHandle [esp] = 00D07AE5 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82DDC5 \| kernel32.GetFileType [esp] = 00D07C28 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C831D79 \| kernel32.GetPrivateProfileIntA [esp] = 00D07C66 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C813A8F \| kernel32.GetPrivateProfileStringA [esp] = 00D07CA4 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 77E18CB3 \| USER32.LoadImageA [esp] = 00D07CE2 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C827F56 \| kernel32.GetFileTime [esp] = 00D07D20 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C815A1B \| kernel32.GetFileAttributesA [esp] = 00D07D5E ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C829F27 \| kernel32.GetFileAttributesW [esp] = 00D07D9C ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C81495A \| kernel32.GetFileAttributesExA [esp] = 00D07DE7 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C827BE5 \| kernel32.GetFileAttributesExW [esp] = 00D07E25 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82F0D0 \| kernel32.GetFileSize [esp] = 00D07E63 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82F091 \| kernel32.GetFileSizeEx [esp] = 00D07EAE ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C801A38 \| kernel32.CreateFileA [esp] = 00D07EEC ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82C24B \| kernel32.CreateFileW [esp] = 00D07F2A ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C801840 \| kernel32.ReadFile [esp] = 00D07F68 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82F238 \| kernel32.SetFilePointer [esp] = 00D07FA6 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82B267 \| kernel32.IsBadReadPtr [esp] = 00D07FC6 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C80CB2C \| kernel32.SetFilePointerEx [esp] = 00D08011 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C80ADA2 \| kernel32.CopyFileA [esp] = 00D0804F ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C850C42 \| kernel32.CopyFileExA [esp] = 00D0809A ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C821E7C \| kernel32.CreateFileMappingA [esp] = 00D080D8 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 77F582A1 \| ASCII "j h" \| ADVAPI32.CryptVerifySignatureA [esp] = 00D080F8 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C828631 \| kernel32.OpenFileMappingA [esp] = 00D08136 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82BF3A \| kernel32.MapViewOfFileEx [esp] = 00D08156 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C801F20 \| kernel32.GetSystemTime [esp] = 00D08176 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82B36B \| kernel32.UnmapViewOfFile [esp] = 00D08196 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C85B219 \| kernel32.CreateToolhelp32Snapshot [esp] = 00D0CFB9 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C85A4D7 \| kernel32.Process32First [esp] = 00D0D059 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C828990 \| kernel32.lstrcmpiA [esp] = 00D0D0F7 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C85A64E \| kernel32.Process32Next [esp] = 00D0D19F ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C826404 \| kernel32.GetModuleHandleA [esp] = 00CECD04 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C828D34 \| kernel32.VirtualFree [esp] = 00CECEA4 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C828990 \| kernel32.lstrcmpiA [esp] = 00CECF70 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82B267 \| kernel32.IsBadReadPtr [esp] = 00CED033 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C828990 \| kernel32.lstrcmpiA [esp] = 00CECF70 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C951998 \| ntdll.ZwQueryInformationProcess [esp] = 00D12383 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 77E36F04 \| USER32.FindWindowA [esp] = 00D16E1B ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82B267 \| kernel32.IsBadReadPtr [esp] = 00D19C28 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C827A55 \| kernel32.GetVersionExA [esp] = 00D1D35E ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C824888 \| kernel32.IsDebuggerPresent [esp] = 00D1D46B ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C951998 \| ntdll.ZwQueryInformationProcess [esp] = 00D22368 \| ASCII "h A" ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 77E36F04 \| USER32.FindWindowA [esp] = 00D26529 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C828990 \| kernel32.lstrcmpiA [esp] = 00CECF70 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 77E36F04 \| USER32.FindWindowA [esp] = 00D29EC0 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C828990 \| kernel32.lstrcmpiA [esp] = 00CECF70 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C828990 \| kernel32.lstrcmpiA [esp] = 00CECF70 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C828990 \| kernel32.lstrcmpiA [esp] = 00CECF70 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C828990 \| kernel32.lstrcmpiA [esp] = 00CECF70 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C826404 \| kernel32.GetModuleHandleA [esp] = 00D2AC51 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C802335 \| kernel32.WriteProcessMemory [esp] = 00D2AC71 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C818EC7 \| kernel32.VirtualQuery [esp] = 00D2AC91 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C801A71 \| kernel32.VirtualProtectEx [esp] = 00D2ACB1 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C820E76 \| kernel32.GetSystemInfo [esp] = 00D2ACD1 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C825FA0 \| kernel32.GetModuleFileNameA [esp] = 00D2ACF1 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C80E9FD \| kernel32.lstrcatA [esp] = 00E059DA ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82C551 \| kernel32.SystemTimeToFileTime [esp] = 00E096D6 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82F32B \| kernel32.GetLocalTime [esp] = 00E096F6 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C821E7C \| kernel32.CreateFileMappingA [esp] = 00E09716 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82331F \| kernel32.MapViewOfFile [esp] = 00E09736 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82B36B \| kernel32.UnmapViewOfFile [esp] = 00E09756 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 77F4590D \| ADVAPI32.RegOpenKeyA [esp] = 00E09776 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 77F4DA70 \| ADVAPI32.RegCloseKey [esp] = 00E09796 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 77F4768C \| ADVAPI32.RegQueryValueExA [esp] = 00E097B6 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 77F48188 \| ADVAPI32.RegDeleteValueA [esp] = 00E097D6 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82F42E \| kernel32.WriteFile [esp] = 00E097F6 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 77F45FCD \| ADVAPI32.RegCreateKeyExA [esp] = 00E09816 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 77F47F20 \| ADVAPI32.RegSetValueExA [esp] = 00E09836 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C828537 \| kernel32.GetProcessHeap [esp] = 00E09856 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C803C91 \| kernel32.GetCurrentDirectoryA [esp] = 00E14912 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C816F84 \| kernel32.SetCurrentDirectoryA [esp] = 00E1493C ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82C0AF \| kernel32.GetVersion [esp] = 00E13F1F ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82BEF9 \| kernel32.VirtualAlloc [esp] = 00E1405C ---------------------------------- 0170D284 Access violation when reading [817BFFE4] 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C8024B2 \| kernel32.Sleep [esp] = 00BE3E27 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 77E4DE0C \| USER32.MessageBoxExA [esp] = 00BE42F3 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C813051 \| kernel32.ExitProcess [esp] = 00BE43AF ---------------------------------- 2007-8-3 21:48 0
okdodo 雪币： 233 活跃值： (10) 能力值： ( LV6，RANK：90 ) 在线值：发帖 12 回帖 396 粉丝 1 关注私信	okdodo 2 8 楼还有一处特定字符串检测 ~ 2007-8-3 23:55 0
海风月影雪币： 7309 活跃值： (3788) 能力值： (RANK：1130 ) 在线值：发帖 93 回帖 2308 粉丝 119 关注私信	海风月影 22 9 楼 hidetoolz还是那样设置，先add path，把OD目录加进去，然后开OD，载入Themida 测试了一下，原版OD都能过 2007-8-4 12:29 0
whrcartoon 雪币： 207 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 18 回帖 73 粉丝 0 关注私信	whrcartoon 10 楼 "先add path，把OD目录加进去" 这个没看懂, 在哪里操作啊, 没见到OD有这个选项啊 2007-8-4 15:01 0
卡秋莎雪币： 144 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 57 回帖 424 粉丝 0 关注私信	卡秋莎 11 楼 hidetoolz 这东西哪里有啊没有发现过 2007-8-4 15:14 0
whrcartoon 雪币： 207 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 18 回帖 73 粉丝 0 关注私信	whrcartoon 12 楼 hidetoolz 可能就是插件吧, hide debugger hide od, "先add path，把OD目录加进去，然后开OD" 这个就不知道说什么啦 2007-8-4 15:34 0
whrcartoon 雪币： 207 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 18 回帖 73 粉丝 0 关注私信	whrcartoon 13 楼 http://www.cracklab.ru/f/files/1001_20.06.2007_CRACKLAB.rU.tgz 哈哈, 用这个 ,正在测试 2007-8-4 17:19 0
mrghost 雪币： 202 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 5 回帖 53 粉丝 0 关注私信	mrghost 14 楼我的还是不行！试了很多次，A_p的脚本兼容性很差，在1.82版的就是，用他的脚本老是出错，还是Okdodo的好一些！ 2007-8-4 18:05 0
mycatboys 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 16 粉丝 0 关注私信	mycatboys 15 楼 ^_^ ^_^ 好贴　谢谢楼主分享 ----------------------------------------------- 牛郎应叹增广贤文，不及情人朱子家训。 2007-8-4 23:47 0
softtip 雪币： 208 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 35 粉丝 0 关注私信	softtip 16 楼楼主，我试了，用你的方法还是不行麻烦你帮忙看看问题出在哪里我把程序放在附件里面上传的附件： test-1.9.1.part1.rar （0.98MB，11次下载） test-1.9.1.part2.rar （0.98MB，9次下载） test-1.9.1.part3.rar （15.57kb，5次下载） 2007-8-5 00:09 0
lustylol 雪币： 207 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 16 回帖 106 粉丝 0 关注私信	lustylol 17 楼我用这个方法也不行啊 2007-8-8 15:48 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

girl

发帖

289

回帖

RANK

关注

私信

他的文章

关于我们

联系我们

企业服务

看雪公众号

最新回复 (16)
okdodo 雪币： 233 活跃值： (10) 能力值： ( LV6，RANK：90 ) 在线值：发帖 12 回帖 396 粉丝 1 关注私信	okdodo 2 2 楼试了几个新版的测试程序还没发现新ANTI ~ 2007-8-3 08:18 0
skylly 雪币： 304 活跃值： (82) 能力值： ( LV9，RANK：170 ) 在线值：发帖 70 回帖 1087 粉丝 2 关注私信	skylly 4 3 楼貌似不是~` 2007-8-3 09:48 0
girl 雪币： 214 活跃值： (40) 能力值： ( LV4，RANK：50 ) 在线值：发帖 8 回帖 289 粉丝 0 关注私信	girl 1 4 楼你们的od可以跑themida 1.9.1.0吗？我的od不行 2007-8-3 17:37 0
whrcartoon 雪币： 207 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 18 回帖 73 粉丝 0 关注私信	whrcartoon 5 楼跑themida 1.9.1.0, 我的od不行, 不知道具体检测手段, 只会用脚本, 新的就不行了, 正在跟踪antidebug 2007-8-3 18:11 0
海风月影雪币： 7309 活跃值： (3788) 能力值： (RANK：1130 ) 在线值：发帖 93 回帖 2308 粉丝 119 关注私信	海风月影 22 6 楼用hidetoolz试试，选上anti-anti debug,hide window HideOD把ZwQueryInformationProcess去掉试试 2007-8-3 20:44 0
girl 雪币： 214 活跃值： (40) 能力值： ( LV4，RANK：50 ) 在线值：发帖 8 回帖 289 粉丝 0 关注私信	girl 1 7 楼是修改ZwQueryInformationProcess的问题壳有检查ZwQueryInformationProcess代码包含jmp xxxx地址，就出错 push xxxx,ret就没问题但还是过不去，一个新的问题。。 File 'E:\crack\pack\Themida_v1.9.1.0\Themida.exe' New process with ID 00000F38 created 00833014 Main thread with ID 00000350 created hide SendMessage 00400000 Module E:\crack\pack\Themida_v1.9.1.0\Themida.exe 00401000 Code size in header is 0029A000, extending to size of section ' ' CRC changed, discarding .udd data 77B70000 Module C:\WINDOWS\system32\msvcrt.dll 77BD0000 Module C:\WINDOWS\system32\GDI32.dll CRC changed, discarding .udd data Debugging information (PDB format) available 77C20000 Module C:\WINDOWS\system32\RPCRT4.dll CRC changed, discarding .udd data Debugging information (PDB format) available 77CD0000 Module C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.2778_x-ww_A8F04F11\COMCTL32.dll 77E10000 Module C:\WINDOWS\system32\USER32.dll CRC changed, discarding .udd data Debugging information (PDB format) available 77EB0000 Module C:\WINDOWS\system32\SHLWAPI.dll 77F30000 Module C:\WINDOWS\system32\ADVAPI32.dll CRC changed, discarding .udd data Debugging information (PDB format) available 7C800000 Module C:\WINDOWS\system32\kernel32.dll CRC changed, discarding .udd data 7C930000 Module C:\WINDOWS\system32\ntdll.dll CRC changed, discarding .udd data Debugging information (PDB format) available 76180000 Module C:\WINDOWS\system32\IMM32.DLL 63090000 Module C:\WINDOWS\system32\LPK.DLL 00833014 Program entry point CreateFile = 7C801A64 7C801A64 Breakpoint at kernel32.7C801A64 7C801A64 Breakpoint at kernel32.7C801A64 7C801A64 Breakpoint at kernel32.7C801A64 GetFileSize = 7C82F0D0 \| kernel32.GetFileSize 00CD4540 Illegal instruction 00CD4667 Privileged instruction 7C82F0D0 Hardware breakpoint 1 at kernel32.GetFileSize 7C82BF12 Breakpoint at kernel32.7C82BF12 count = 00000001 7C82BF12 Breakpoint at kernel32.7C82BF12 count = 00000002 7C82BF12 Breakpoint at kernel32.7C82BF12 count = 00000003 00CDEDFA Hardware breakpoint 1 at <Themida.getapi3> 74AE0000 Module C:\WINDOWS\system32\USP10.dll 7C82307E Breakpoint at kernel32.7C82307E 7C82B5F3 New thread with ID 00000090 created 7C82B5F3 New thread with ID 00000C70 created 7C82B5F3 New thread with ID 000009F8 created 7C82B5F3 New thread with ID 000008E0 created 7C82B5F3 New thread with ID 00000ED0 created 7C82B5F3 New thread with ID 0000021C created 7C82B5F3 New thread with ID 00000A0C created 7C82B5F3 New thread with ID 00000C04 created 7C82B5F3 New thread with ID 00000E44 created 7C82B5F3 New thread with ID 00000C34 created 7C82B5F3 New thread with ID 00000B2C created 7C82B5F3 New thread with ID 000000E4 created 7C82B5F3 New thread with ID 000006B8 created 7C82B5F3 New thread with ID 00000E80 created 7C82B5F3 New thread with ID 00000FF4 created 7C82B5F3 New thread with ID 00000998 created 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C8056BD \| kernel32.SetEnvironmentVariableA [esp] = 00CFF81D ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 77E22F48 \| USER32.GetForegroundWindow [esp] = 00D028B6 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 77E3269F \| USER32.GetWindowTextA [esp] = 00D02A05 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C828537 \| kernel32.GetProcessHeap [esp] = 00D0755C ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C80616D \| kernel32.DeleteFileA [esp] = 00D07606 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C825FA0 \| kernel32.GetModuleFileNameA [esp] = 00D07626 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82DC40 \| kernel32.WideCharToMultiByte [esp] = 00D07646 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82BCAC \| kernel32.MultiByteToWideChar [esp] = 00D07666 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82C602 \| kernel32.GetFullPathNameA [esp] = 00D07686 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82ECCD \| kernel32.GetCurrentProcess [esp] = 00D076A6 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C803C91 \| kernel32.GetCurrentDirectoryA [esp] = 00D076C6 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C816F84 \| kernel32.SetCurrentDirectoryA [esp] = 00D076E6 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C80E277 \| kernel32.ExpandEnvironmentStringsA [esp] = 00D07706 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C828990 \| kernel32.lstrcmpiA [esp] = 00D07726 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C8222C6 \| kernel32.lstrcpyA [esp] = 00D07746 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82EF38 \| kernel32.lstrlenA [esp] = 00D0776C ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C817722 \| kernel32.lstrcpynA [esp] = 00D0778C ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C820CB9 \| kernel32.lstrcmpA [esp] = 00D077AC ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C80C3A6 \| kernel32.GetSystemDirectoryA [esp] = 00D077CC ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C834FA4 \| kernel32.CreateActCtxA [esp] = 00D077EC ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82A78A \| kernel32.ActivateActCtx [esp] = 00D0780C ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C80DCF1 \| kernel32.GetWindowsDirectoryA [esp] = 00D0782C ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82F42E \| kernel32.WriteFile [esp] = 00D0784C ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C801FC3 \| kernel32.VirtualProtect [esp] = 00D0786C ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C827B80 \| kernel32.FreeLibrary [esp] = 00D078AA ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C801D74 \| kernel32.LoadLibraryExA [esp] = 00D078E8 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82BFF1 \| kernel32.GetProcAddress [esp] = 00D07926 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C825FA0 \| kernel32.GetModuleFileNameA [esp] = 00D07964 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C80DED7 \| kernel32.GetModuleHandleExA [esp] = 00D079AF ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C826404 \| kernel32.GetModuleHandleA [esp] = 00D079ED ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82C1EA \| kernel32.CloseHandle [esp] = 00D07A2B ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C8098E6 \| kernel32.SearchPathA [esp] = 00D07A69 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C822528 \| kernel32.GetFileInformationByHandle [esp] = 00D07AA7 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C827CCE \| kernel32.DuplicateHandle [esp] = 00D07AE5 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82DDC5 \| kernel32.GetFileType [esp] = 00D07C28 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C831D79 \| kernel32.GetPrivateProfileIntA [esp] = 00D07C66 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C813A8F \| kernel32.GetPrivateProfileStringA [esp] = 00D07CA4 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 77E18CB3 \| USER32.LoadImageA [esp] = 00D07CE2 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C827F56 \| kernel32.GetFileTime [esp] = 00D07D20 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C815A1B \| kernel32.GetFileAttributesA [esp] = 00D07D5E ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C829F27 \| kernel32.GetFileAttributesW [esp] = 00D07D9C ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C81495A \| kernel32.GetFileAttributesExA [esp] = 00D07DE7 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C827BE5 \| kernel32.GetFileAttributesExW [esp] = 00D07E25 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82F0D0 \| kernel32.GetFileSize [esp] = 00D07E63 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82F091 \| kernel32.GetFileSizeEx [esp] = 00D07EAE ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C801A38 \| kernel32.CreateFileA [esp] = 00D07EEC ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82C24B \| kernel32.CreateFileW [esp] = 00D07F2A ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C801840 \| kernel32.ReadFile [esp] = 00D07F68 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82F238 \| kernel32.SetFilePointer [esp] = 00D07FA6 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82B267 \| kernel32.IsBadReadPtr [esp] = 00D07FC6 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C80CB2C \| kernel32.SetFilePointerEx [esp] = 00D08011 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C80ADA2 \| kernel32.CopyFileA [esp] = 00D0804F ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C850C42 \| kernel32.CopyFileExA [esp] = 00D0809A ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C821E7C \| kernel32.CreateFileMappingA [esp] = 00D080D8 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 77F582A1 \| ASCII "j h" \| ADVAPI32.CryptVerifySignatureA [esp] = 00D080F8 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C828631 \| kernel32.OpenFileMappingA [esp] = 00D08136 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82BF3A \| kernel32.MapViewOfFileEx [esp] = 00D08156 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C801F20 \| kernel32.GetSystemTime [esp] = 00D08176 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82B36B \| kernel32.UnmapViewOfFile [esp] = 00D08196 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C85B219 \| kernel32.CreateToolhelp32Snapshot [esp] = 00D0CFB9 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C85A4D7 \| kernel32.Process32First [esp] = 00D0D059 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C828990 \| kernel32.lstrcmpiA [esp] = 00D0D0F7 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C85A64E \| kernel32.Process32Next [esp] = 00D0D19F ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C826404 \| kernel32.GetModuleHandleA [esp] = 00CECD04 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C828D34 \| kernel32.VirtualFree [esp] = 00CECEA4 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C828990 \| kernel32.lstrcmpiA [esp] = 00CECF70 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82B267 \| kernel32.IsBadReadPtr [esp] = 00CED033 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C828990 \| kernel32.lstrcmpiA [esp] = 00CECF70 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C951998 \| ntdll.ZwQueryInformationProcess [esp] = 00D12383 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 77E36F04 \| USER32.FindWindowA [esp] = 00D16E1B ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82B267 \| kernel32.IsBadReadPtr [esp] = 00D19C28 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C827A55 \| kernel32.GetVersionExA [esp] = 00D1D35E ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C824888 \| kernel32.IsDebuggerPresent [esp] = 00D1D46B ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C951998 \| ntdll.ZwQueryInformationProcess [esp] = 00D22368 \| ASCII "h A" ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 77E36F04 \| USER32.FindWindowA [esp] = 00D26529 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C828990 \| kernel32.lstrcmpiA [esp] = 00CECF70 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 77E36F04 \| USER32.FindWindowA [esp] = 00D29EC0 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C828990 \| kernel32.lstrcmpiA [esp] = 00CECF70 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C828990 \| kernel32.lstrcmpiA [esp] = 00CECF70 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C828990 \| kernel32.lstrcmpiA [esp] = 00CECF70 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C828990 \| kernel32.lstrcmpiA [esp] = 00CECF70 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C826404 \| kernel32.GetModuleHandleA [esp] = 00D2AC51 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C802335 \| kernel32.WriteProcessMemory [esp] = 00D2AC71 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C818EC7 \| kernel32.VirtualQuery [esp] = 00D2AC91 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C801A71 \| kernel32.VirtualProtectEx [esp] = 00D2ACB1 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C820E76 \| kernel32.GetSystemInfo [esp] = 00D2ACD1 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C825FA0 \| kernel32.GetModuleFileNameA [esp] = 00D2ACF1 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C80E9FD \| kernel32.lstrcatA [esp] = 00E059DA ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82C551 \| kernel32.SystemTimeToFileTime [esp] = 00E096D6 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82F32B \| kernel32.GetLocalTime [esp] = 00E096F6 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C821E7C \| kernel32.CreateFileMappingA [esp] = 00E09716 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82331F \| kernel32.MapViewOfFile [esp] = 00E09736 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82B36B \| kernel32.UnmapViewOfFile [esp] = 00E09756 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 77F4590D \| ADVAPI32.RegOpenKeyA [esp] = 00E09776 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 77F4DA70 \| ADVAPI32.RegCloseKey [esp] = 00E09796 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 77F4768C \| ADVAPI32.RegQueryValueExA [esp] = 00E097B6 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 77F48188 \| ADVAPI32.RegDeleteValueA [esp] = 00E097D6 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82F42E \| kernel32.WriteFile [esp] = 00E097F6 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 77F45FCD \| ADVAPI32.RegCreateKeyExA [esp] = 00E09816 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 77F47F20 \| ADVAPI32.RegSetValueExA [esp] = 00E09836 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C828537 \| kernel32.GetProcessHeap [esp] = 00E09856 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C803C91 \| kernel32.GetCurrentDirectoryA [esp] = 00E14912 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C816F84 \| kernel32.SetCurrentDirectoryA [esp] = 00E1493C ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82C0AF \| kernel32.GetVersion [esp] = 00E13F1F ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C82BEF9 \| kernel32.VirtualAlloc [esp] = 00E1405C ---------------------------------- 0170D284 Access violation when reading [817BFFE4] 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C8024B2 \| kernel32.Sleep [esp] = 00BE3E27 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 77E4DE0C \| USER32.MessageBoxExA [esp] = 00BE42F3 ---------------------------------- 00BE29CF Breakpoint at <Themida.getapi2> ---------------------------------- eax = 7C813051 \| kernel32.ExitProcess [esp] = 00BE43AF ---------------------------------- 2007-8-3 21:48 0
okdodo 雪币： 233 活跃值： (10) 能力值： ( LV6，RANK：90 ) 在线值：发帖 12 回帖 396 粉丝 1 关注私信	okdodo 2 8 楼还有一处特定字符串检测 ~ 2007-8-3 23:55 0
海风月影雪币： 7309 活跃值： (3788) 能力值： (RANK：1130 ) 在线值：发帖 93 回帖 2308 粉丝 119 关注私信	海风月影 22 9 楼 hidetoolz还是那样设置，先add path，把OD目录加进去，然后开OD，载入Themida 测试了一下，原版OD都能过 2007-8-4 12:29 0
whrcartoon 雪币： 207 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 18 回帖 73 粉丝 0 关注私信	whrcartoon 10 楼 "先add path，把OD目录加进去" 这个没看懂, 在哪里操作啊, 没见到OD有这个选项啊 2007-8-4 15:01 0
卡秋莎雪币： 144 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 57 回帖 424 粉丝 0 关注私信	卡秋莎 11 楼 hidetoolz 这东西哪里有啊没有发现过 2007-8-4 15:14 0
whrcartoon 雪币： 207 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 18 回帖 73 粉丝 0 关注私信	whrcartoon 12 楼 hidetoolz 可能就是插件吧, hide debugger hide od, "先add path，把OD目录加进去，然后开OD" 这个就不知道说什么啦 2007-8-4 15:34 0
whrcartoon 雪币： 207 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 18 回帖 73 粉丝 0 关注私信	whrcartoon 13 楼 http://www.cracklab.ru/f/files/1001_20.06.2007_CRACKLAB.rU.tgz 哈哈, 用这个 ,正在测试 2007-8-4 17:19 0
mrghost 雪币： 202 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 5 回帖 53 粉丝 0 关注私信	mrghost 14 楼我的还是不行！试了很多次，A_p的脚本兼容性很差，在1.82版的就是，用他的脚本老是出错，还是Okdodo的好一些！ 2007-8-4 18:05 0
mycatboys 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 16 粉丝 0 关注私信	mycatboys 15 楼 ^_^ ^_^ 好贴　谢谢楼主分享 ----------------------------------------------- 牛郎应叹增广贤文，不及情人朱子家训。 2007-8-4 23:47 0
softtip 雪币： 208 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 35 粉丝 0 关注私信	softtip 16 楼楼主，我试了，用你的方法还是不行麻烦你帮忙看看问题出在哪里我把程序放在附件里面上传的附件： test-1.9.1.part1.rar （0.98MB，11次下载） test-1.9.1.part2.rar （0.98MB，9次下载） test-1.9.1.part3.rar （15.57kb，5次下载） 2007-8-5 00:09 0
lustylol 雪币： 207 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 16 回帖 106 粉丝 0 关注私信	lustylol 17 楼我用这个方法也不行啊 2007-8-8 15:48 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复