菜鸟啄硬壳―我的脱壳手记

菜鸟啄硬壳―我的脱壳手记

编程入门hacker2019-05-29 7:33:3617364A+A-

莱鸟啄壳子―我的蜕壳笔记

[引言]   1.轻轻松松找到蜕壳后的OEP。

........2.ESP基本定律和pushad、popad两对基础理论全是错误的。

........3.RVA困惑将荡然无存,莱鸟也可随便玩蜕壳,只需知道简易地加减400000的标准。[预备期专业知识] 只须对PE文档头构造有分步的知道。

  

  我贴了几页烂文就有点儿得意忘形起來,闲来无事又打着了“壳”的歪主意。我要找1个短小精悍的“软壳蛋”来小试下鸡刀,无所谓了挑选到了1个“铁核桃”,差点儿没把门牙啃脱。壮着胆量闯下来,咳~!总算出来,还悟出至少大道理来。

   秀才耍棍棒,还得关键点基本技能。“壳”这一物品对莱鸟一些神秘化,关键缘故是欠缺对PE文档构造的知道,更对RVA的变换头疼。蜕壳以前先将段钢的“数据加密与破译”或罗云彬的“汇编程序设计方案”中有关PE文档构造一部分读五遍就能够应负了!下边用脱FantaMorph.exe 的注册机Keygen.exe(外国人写的)的壳为例,谈点蜕壳构思和方式。(Keygen.exe见附注,请大神认证1个该壳是软還是硬?)

  一、怪异的PE头和蜕壳的初试牛刀

  1.没见过那样的PE头:

  先加16进制编辑器开启keygen.exe文档,看一下它的PE头,给出:

00400000  4D 5A 00 00 00 00 00 00 00 00 00 00 50 45 00 00  MZ..........PE._

00400010  4C 01 02 00 46 53 47 21 00 00 00 00 00 00 00 00  L  .FSG!........

00400020  E0 00 0F 01 0B 01 00 00 00 2C 00 00 00 50 01 00  ?   有限责任公司,有限责任公司P .

00400030  00 00 00 00 54 01 00 00 00 10 00 00 0C 00 00 00  ___T 有限责任公司 ......

00400040  00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00  ._@._ 有限责任公司 ._ 有限责任公司

00400050  00 00 00 00 04 00 00 00 00 00 00 00 00 30 02 00  ___ ........0 .

00400060  00 02 00 00 00 00 00 00 02 00 00 00 00 00 10 00  . ...... .我 .

00400070  00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00  . ___ ._ ......

00400080  10 00 00 00 00 00 00 00 00 00 00 00 98 23 02 00   ...........? .

00400090  84 00 00 00 00 C0 01 00 14 0D 00 00 00 00 00 00  ?有限责任公司?. .......

004000A0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

004000B0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

004000C0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

004000D0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

004000E0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

004000F0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

00400100  00 00 00 00 00 00 00 00 00 00 00 00 00 B0 01 00  .............?.

00400110  00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00  . ..............

00400120  00 00 00 00 00 00 00 00 E0 00 00 C0 00 00 00 00  ........?.?有限责任公司

00400130  00 00 00 00 00 70 00 00 00


点击这里复制本文地址 以上内容由黑资讯整理呈现,请务必在转载分享时注明本文地址!如对内容有疑问,请联系我们,谢谢!
  • 4条评论
  • 鹿岛雾月2022-05-28 11:55:56
  • ........004000B0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................004000C0&n
  • 礼忱七禾2022-05-28 10:48:14
  • 0  ................004000B0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................004000C0  00 00 00 00 00
  • 南殷雨安2022-05-28 12:10:07
  • 啃脱。壮着胆量闯下来,咳~!总算出来,还悟出至少大道理来。   秀才耍棍棒,还得关键点基本技能。“壳”这一物品对莱鸟一些神秘化,关键缘故是欠缺对PE文档构造的知道,更对RVA的变换头疼。蜕壳以前先将段钢的“数据加密与破译”或罗云彬的“汇编程序
  • 痴者橙柒2022-05-28 09:57:09
  • 0 00 00 00 00 00 00 00 00 00 00 00  ................004000C0  00 00 00 00 00 00 00

支持Ctrl+Enter提交

黑资讯 © All Rights Reserved.  
Copyright Copyright 2015-2020 黑资讯
滇ICP备19002590号-1
Powered by 黑客资讯 Themes by 如有不合适之处联系我们
网站地图| 发展历程| 留言建议| 网站管理