📄 chap8-3-1.htm.primary
字号:
<html>
<head>
<title>Crack Tutorial</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<link rel="stylesheet" href="style/css.css" type="text/css">
<link rel="stylesheet" href="../STYLE/Css.css" type="text/css">
</head>
<body bgcolor="white" text="#000000" link="#004080" vlink="#004080" background="../image/Back.gif">
<p><a href="../catalog.htm">目录</a>>>第8章</p>
<p align="center" class="shadow1Copy"><b class="p3">第8章 压缩与脱壳</b></p>
<table width="80%" border="0" cellspacing="0" cellpadding="3" align="center" bgcolor="#bcbcbc" bordercolor="#111111" class="shadow1">
<tr>
<td class="shadow1" width="20%">
<div align="center"><a href="Chap8-1.htm"><font color="#FFFFFF">第一节 PE文件格式</font></a></div>
</td>
<td class="shadow1" width="20%">
<div align="center"><a href="Chap8-2.htm"><font color="#FFFFFF">第二节 认识脱壳</font></a></div>
</td>
<td class="shadow1" width="20%">
<div align="center"><a href="Chap8-3-1.htm"><font color="#FFFFFF">第三节 自动脱壳</font></a></div>
</td>
<td class="shadow1" width="20%">
<div align="center"><a href="Chap8-4.htm"><font color="#FFFFFF">第四节 手动脱壳</font></a></div>
</td>
<td class="shadow1" width="20%">
<div align="center"><a href="Chap8-5.htm"><font color="#FFFFFF">第五节 脱壳高级篇</font></a></div>
</td>
</tr>
</table>
<p align="center"><span class="p9"><b>第三节 自动脱壳</b></span></p>
<table border="1" width="80%" cellpadding="5" bordercolor="#111111" bgcolor="#efefef" align="center" cellspacing="0">
<tr>
<td width="50%" valign="middle" align="center" class="p9" height="23">
<div align="left"><span class="p9"><span class="p9"> <span class="p9"> </span> <span class="p9">1、<a href="Chap8-3-1.htm">工具介绍</a></span></span></span></div>
</td>
<td colspan="2" valign="middle" align="center" class="p9" height="23" width="50%">
<div align="left"><span class="p9"><span class="p9"> <span class="p9"> </span> </span></span>2、<a href="Chap8-3-2.htm">ProcDump应用文章一</a></div>
</td>
</tr>
<tr>
<td width="50%" valign="middle" align="center" class="p9" height="23">
<div align="left"><span class="p9"><span class="p9"> <span class="p9"> </span> </span></span>3、<a href="Chap8-3-3.htm">ProcDump应用文章二</a></div>
</td>
<td colspan="2" valign="middle" align="center" class="p9" height="23" width="50%">
<div align="left"><span class="p9"><span class="p9"> <span class="p9"> </span> </span></span>4、<a href="Chap8-3-4.htm">ProcDump中文说明书
</a> </div>
</td>
</tr>
</table>
<p align="center"><b>1、工具介绍</b></p>
<p><span class="p9"><span class="p9"> 通过上一节,我想大家己认识了什么是壳的概念了,也是说运行加壳程序时, 用户执行的实际上是这个外壳的程序,而这个外壳程序负责把用户原来的程序在内存中解压缩,并把控制权交还给解开后的真正的程序,由于一切工作都是在内存中运行,用户根本不知道也不需要知道其运行过程,只要执行起来没有变化就好。当时有些人担心这些解压缩的工作会给程序带来额外的运行时间,但实际上所有的可执行文件都要读到内存中去执行,文件小了,从计算机硬盘上读到内存的时间自然也少了,两下相抵,实际上用户并不会感觉程序慢了多少。脱壳的就是把在内存中真正还原的程序抓取<span class="p9">下来,修正后变成可执行的文件。</span></span></span>
</p>
<p><span class="p9"><span class="p9"><span class="p9"><span class="p9"> </span>在Windows
95/NT/2000 上的文件格式是Portable Executable File Format(即PE格式),该格式应用于所有基于Win32的系统。</span>由于现在windows的普及,下面谈到的壳都是基于这种文件格式。</span></span>
<p><span class="p9"><b>压缩工具介绍(PACKERS)</b></span>
<p><span class="p9"><span class="p9"> </span>我们这里谈的压缩工具不是Winzip,WINRAR等工具(它们是可压缩任何文件),而是谈专门压缩windows下的
PE 格式EXE或DLL文件的工具,压缩的EXE文件是自解压可执行文件。</span>
<p><span class="p9">常用压缩工具(Windows Packers )列表:</span>
<table width="100%" border="1" cellspacing="0" bordercolordark="#FFFFFF">
<tr>
<td width="8%" class="p9">
<div align="center">名称</div>
</td>
<td width="27%" class="p9">
<div align="center">作者</div>
</td>
<td width="17%" class="p9">
<div align="center">主页</div>
</td>
<td width="48%" class="p9">
<div align="center">介绍</div>
</td>
</tr>
<tr>
<td width="8%" class="p9">
<div align="left">ASPack </div>
</td>
<td width="27%" class="p9">
<div align="left">Alexey Solodovnikov </div>
</td>
<td width="17%" class="p9">
<div align="center"><a href="http://www.aspack.com" target="_blank">www.aspack.com</a></div>
</td>
<td width="48%" class="p9">
<div align="left">是俄国作者Alexey Solodovnikov写的一个非常强大的Win32压缩工具,其压缩率、速度和兼容性很不错,是目前很流行的一种压缩工具。</div>
</td>
</tr>
<tr>
<td width="8%" class="p9">UPX</td>
<td width="27%" class="p9">Markus Oberhumer & Laszlo Molnar</td>
<td width="17%" class="p9">
<div align="center"><a href="http://wildsau.idv.uni-linz.ac.at/mfx/upx.html" target="_blank">Homepage</a></div>
</td>
<td width="48%" class="p9">非常全能的 EXE 压缩软件,并可用UPX -D命令脱壳。</td>
</tr>
<tr>
<td width="8%" class="p9">Petite </td>
<td width="27%" class="p9">Ian Luck </td>
<td width="17%" class="p9">
<div align="center"><a href="http://www.icl.ndirect.co.uk/petite/" target="_blank">Homepage</a></div>
</td>
<td width="48%" class="p9">能压缩PE文件的code, data等资源。</td>
</tr>
<tr>
<td width="8%" class="p9">PE-PACK </td>
<td width="27%" class="p9">ANAKiN </td>
<td width="17%" class="p9">
<div align="center"><a href="http://members.xoom.com/MrANAKiN" target="_blank">Homepage</a></div>
</td>
<td width="48%" class="p9">一个自身体积小巧的压缩工具</td>
</tr>
<tr>
<td width="8%" class="p9" height="16">PKLITE32 </td>
<td width="27%" class="p9" height="16">PKWARE, Inc. </td>
<td width="17%" class="p9" height="16">
<div align="center"><a href="http://www.pkware.com" target="_blank">www.pkware.com</a></div>
</td>
<td width="48%" class="p9" height="16">32-位压缩工具(DLL/EXE).</td>
</tr>
<tr>
<td width="8%" class="p9" height="16">WWPack32 </td>
<td width="27%" class="p9" height="16">Piotr Warezak and Rafal Wierzbicki
</td>
<td width="17%" class="p9" height="16">
<div align="center"><a href="http://www.webmedia.pl/wwpack32" target="_blank">Homepage</a></div>
</td>
<td width="48%" class="p9" height="16">32-位压缩工具(DLL/EXE).</td>
</tr>
<tr>
<td width="8%" class="p9" height="16">NeoLite </td>
<td width="27%" class="p9" height="16"> </td>
<td width="17%" class="p9" height="16">
<div align="center"><a href="http://www.neoworx.com/neolite%20" target="_blank">Hompage</a></div>
</td>
<td width="48%" class="p9" height="16">32-位压缩工具(DLL/EXE).</td>
</tr>
<tr>
<td width="8%" class="p9" height="16">Shrinker </td>
<td width="27%" class="p9" height="16">Blink Inc</td>
<td width="17%" class="p9" height="16">
<div align="center"><a href="http://www.blinkinc.com/shrink.htm" target="_blank">Hompage</a></div>
</td>
<td width="48%" class="p9" height="16">32-位压缩工具(DLL/EXE).</td>
</tr>
</table>
<p><b><span class="p9">脱壳工具介绍(UNPACKERS)</span></b>
<p><span class="p9"><span class="p9"> </span>一般某种压缩工具的壳,都会有相应的脱壳工具,因此只要找到较新版本的脱壳工具,
一般的壳都可轻易脱去。</span>
<p><span class="p9"><span class="p9">常用脱壳工具(Windows Unpackers)列表:</span> </span>
<table width="100%" border="1" cellspacing="0" bordercolordark="#FFFFFF">
<tr>
<td width="8%" class="p9" height="18">
<div align="center">名称</div>
</td>
<td width="27%" class="p9" height="18">
<div align="center">作者</div>
</td>
<td width="17%" class="p9" height="18">
<div align="center">主页</div>
</td>
<td width="48%" class="p9" height="18">
<div align="center">介绍</div>
</td>
</tr>
<tr>
<td width="8%" class="p9" height="18">ASPack unpacker</td>
<td width="27%" class="p9" height="18">bane </td>
<td width="17%" class="p9" height="18">
<div align="center"><a href="http://www.wuschel.demon.co.uk/" target="_blank">Homepage</a></div>
</td>
<td width="48%" class="p9" height="18">脱ASPack的压缩PE文件。</td>
</tr>
<tr>
<td width="8%" class="p9" height="18">UnPEPack </td>
<td width="27%" class="p9" height="18">M.o.D. </td>
<td width="17%" class="p9" height="18"> </td>
<td width="48%" class="p9" height="18">脱PEPack的壳</td>
</tr>
<tr>
<td width="8%" class="p9" height="18">ProcDump32 </td>
<td width="27%" class="p9" height="18"> </td>
<td width="17%" class="p9" height="18"> </td>
<td width="48%" class="p9" height="18">十分优秀的“万能”脱壳工具,可惜不升级了,因此只能自动脱些老版本压缩工具的壳,但可通过脚本命令使其升级。也是一款优秀的PE修改工具。</td>
</tr>
</table>
<p><b class="p9">侦测文件类型工具</b></p>
<table width="100%" border="1" cellspacing="0" bordercolordark="#FFFFFF">
<tr>
<td colspan="3" class="p9" height="18">
<div align="center">名称</div>
</td>
<td width="65%" class="p9" height="18">
<div align="center">介绍</div>
</td>
</tr>
<tr>
<td colspan="3" class="p9" height="18">FileInfo </td>
<td width="65%" class="p9" height="18">能检测多种文件格式,脱壳前用来判断是否加壳或何种壳,推荐使用!</td>
</tr>
<tr>
<td colspan="3" class="p9" height="18">GetTyp </td>
<td width="65%" class="p9" height="18">功能同上</td>
</tr>
<tr>
<td colspan="3" class="p9" height="18">TYP</td>
<td width="65%" class="p9" height="18">功能同上</td>
</tr>
</table>
<p><span class="p9"><b>要了解更多的压缩工具或脱壳工具可去下面站点:</b><br>
<br>
站点1:<a href="http://playtools.cjb.net/" target="_blank">playtools工具站点</a>(请通过代理访问)<br>
站点2:<a href="http://protools.cjb.net/" target="_blank">protools工具站点 </a></span><span class="p9">(请通过代理访问)<br>
站点3:<a href="http://www.exetools.com" target="_blank">阿伦主页</a></span></p>
<p align="center"><a href="../Catalog.htm"><img src="../image/navtoc.gif" width="84" height="23" border="0"></a><a href="Chap8-2.htm"><img src="../image/Navprev.gif" width="80" height="23" border="0"></a><a href="Chap8-3-2.htm"><img src="../image/navnext.gif" width="83" height="23" border="0"></a></p>
<hr width=735>
<div align="center"><span class="p9"><font size="2"><span class="p9"><font size="2"><span class="p9">Copyright
© 2000-2001 <a href="http://www.pediy.com/">KanXue Studio</a> All Rights
Reserved.</span></font></span></font></span></div>
</body>
</html>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -