欧美bbbwbbbw肥妇,免费乱码人妻系列日韩,一级黄片

Jdpack的脫殼及破解

互聯(lián)網(wǎng)   發(fā)布時(shí)間:2008-10-08 19:02:16   作者:佚名   我要評(píng)論
這是一個(gè)加殼軟件,軟件加殼后可以檢測(cè)trw及sice,它的1.00版檢測(cè)到trw或sice時(shí)只是提示,到了1.01版,檢測(cè)到就會(huì)出現(xiàn)非法操作.   未注冊(cè)版好像沒有時(shí)間限制,但是給軟件加殼后每次運(yùn)行就會(huì)提示"Unregistered JDPack.This file PACKED by Unregistered JDPack1.0* fro
這是一個(gè)加殼軟件,軟件加殼后可以檢測(cè)trw及sice,它的1.00版檢測(cè)到trw或sice時(shí)只是提示,到了1.01版,檢測(cè)到就會(huì)出現(xiàn)非法操作.   未注冊(cè)版好像沒有時(shí)間限制,但是給軟件加殼后每次運(yùn)行就會(huì)提示"Unregistered JDPack.This file PACKED by Unregistered JDPack1.0* from http://www.tlzj18.com"   使用工具:TRW kWDSM   下載地址(1.00 and 1.01): http://person.longcity.net/home0/flyfancy/jd.rar   脫殼:   我最初追蹤的是1.00版,當(dāng)時(shí)軟件還只是提示,我就很輕易的找到了關(guān)鍵   bpx getversionexa   g   斷下后   先bc(因?yàn)橐院笥袔讉€(gè)getversionexa的調(diào)用,但是與脫殼無(wú)關(guān))   下面會(huì)有2個(gè)Jz,但是不能讓它跳,否則就提示檢測(cè)到調(diào)試器(因?yàn)槲矣玫氖荰RW)   輸入 r fl z   之后就是一個(gè)jmp   F8繼續(xù),后面就很簡(jiǎn)單了,我只記得快到的時(shí)候會(huì)有   popa   jmp eax   然后makepe即可   1.01的脫殼方法也是   bpx getversionexa   g   就到了這里   0187:0040E250 CALL NEAR [EBP 004031B1] //停在這里,先bc   0187:0040E256 LEA EBX,[EBP 00403449]   0187:0040E25C CMP DWORD [EBX 10],BYTE 01   0187:0040E260 JZ 0040E276 (JUMP)//下 r fl z,跳的話就完了.   0187:0040E262 CMP DWORD [EBX 10],BYTE 02   0187:0040E266 JZ 0040E26A   0187:0040E268 JMP SHORT 0040E284 //F8進(jìn)去   0187:0040E284 MOV EDX,[EBP 00403441] //到了這里   0187:0040E28A MOV ESI,[EBP 004031D9]   0187:0040E290 ADD ESI,EDX   0187:0040E292 MOV EAX,[ESI 0C]   0187:0040E295 OR EAX,EAX   0187:0040E297 JZ NEAR 0040E3EA (NO JUMP) //看到這里嗎,就g 40E3EA吧   0187:0040E29D ADD EAX,EDX   0187:0040E29F MOV [EBP 004031A5],EAX   0187:0040E2A5 MOV EBX,EAX   0187:0040E3EA MOV EDX,[EBP 00403441]   0187:0040E3F0 MOV EAX,[EBP 004031D5]   0187:0040E3F6 ADD EAX,EDX   0187:0040E3F8 MOV [ESP 1C],EAX   0187:0040E3FC POPA   0187:0040E3FD PUSH EAX   0187:0040E3FE RET // 到了這里,按F8就返回程序的OEP處了,直接makepe即可
 破解:   破解它可難倒了我,我用kwdsm反匯編后,半天都摸不著頭腦   沒有辦法只有載入已加殼的Notepad.exe跟蹤,發(fā)現(xiàn)多了一段代碼   0187:0040D3EA 6A30 PUSH BYTE 30 //就是多了這么一段   0187:0040D3EC 8D9D4D324000 LEA EBX,[EBP 0040324D] //   0187:0040D3F2 53 PUSH EBX //   0187:0040D3F3 8D9D61324000 LEA EBX,[EBP 00403261] //   0187:0040D3F9 53 PUSH EBX //   0187:0040D3FA 6A00 PUSH BYTE 00 //   0187:0040D3FC FF95D5314000 CALL NEAR [EBP 004031D5] //這里彈出提示窗口   0187:0040D402 8B9565344000 MOV EDX,[EBP 00403465]   0187:0040D408 8B85ED314000 MOV EAX,[EBP 004031ED]   0187:0040D40E 03C2 ADD EAX,EDX   0187:0040D410 8944241C MOV [ESP 1C],EAX   0187:0040D414 61 POPA   0187:0040D415 50 PUSH EAX   0187:0040D416 C3 RET   再次使用KWDSM反匯編,找到   * Referenced by a (U)nconditional or (C)onditional Jump at Addresses:   |:00402BE8(C), :00402E57(C)   |   :00402FAA 6A30 push 00000030 //   :00402FAC 8D9D4D324000 lea ebx, dword ptr [ebp 0040324D]   :00402FB2 53 push ebx   :00402FB3 8D9D61324000 lea ebx, dword ptr [ebp 00403261]   :00402FB9 53 push ebx   :00402FBA 6A00 push 00000000   :00402FBC FF95D5314000 call dword ptr [ebp 004031D5] //這斷和那斷多的代碼不是一樣嗎?   :00402FC2 8B9565344000 mov edx, dword ptr [ebp 00403465]   :00402FC8 8B85ED314000 mov eax, dword ptr [ebp 004031ED]   :00402FCE 03C2 add eax, edx   :00402FD0 8944241C mov dword ptr [esp 1C], eax   :00402FD4 61 popad   :00402FD5 50 push eax   :00402FD6 C3 ret   于是跳轉(zhuǎn)到402e57
* Referenced by a (U)nconditional or (C)onditional Jump at Address:   |:00402FA5(U)   |   :00402E52 8B460C mov eax, dword ptr [esi 0C]   :00402E55 0BC0 or eax, eax   :00402E57 0F844D010000 je 00402FAA //這里改為0F8465010000即可   :00402E5D 03C2 add eax, edx   :00402E5F 8985BD314000 mov dword ptr [ebp 004031BD], eax   :00402E65 8BD8 mov ebx, eax   :00402E67 50 push eax   :00402E68 FF95E4334000 call dword ptr [ebp 004033E4]   :00402E6E 0BC0 or eax, eax   :00402E70 7555 jne 00402EC7   :00402E72 53 push ebx   :00402E73 FF95E8334000 call dword ptr [ebp 004033E8]   :00402E79 0BC0 or eax, eax   :00402E7B 754A jne 00402EC7   :00402E7D FFB5BD314000 push dword ptr [ebp 004031BD]   :00402E83 8D9D06334000 lea ebx, dword ptr [ebp 00403306]   :00402E89 53 push ebx   :00402E8A 8D9D01354000 lea ebx, dword ptr [ebp 00403501]   :00402E90 53 push ebx   :00402E91 FF95D9314000 call dword ptr [ebp 004031D9]   :00402E97 83C40C add esp, 0000000C   :00402E9A 6A30 push 00000030   :00402E9C 8D9DA8324000 lea ebx, dword ptr [ebp 004032A8]   :00402EA2 53 push ebx   :00402EA3 8D9D01354000 lea ebx, dword ptr [ebp 00403501]   :00402EA9 53 push ebx   :00402EAA 6A00 push 00000000   :00402EAC FF95D5314000 call dword ptr [ebp 004031D5]   :00402EB2 83BDDD31400001 cmp dword ptr [ebp 004031DD], 00000001   :00402EB9 7408 je 00402EC3   :00402EBB 6A00 push 00000000   :00402EBD FF95C5314000 call dword ptr [ebp 004031C5]

相關(guān)文章

最新評(píng)論