⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 chap8-4-3.htm.primary

📁 加密与解密,软件加密保护技术与解决方案,看雪文档!
💻 PRIMARY
📖 第 1 页 / 共 2 页
字号:
🔍
12 
<html>
<head>
<title>Crack Tutorial</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<link rel="stylesheet" href="style/css.css" type="text/css">
<link rel="stylesheet" href="../STYLE/Css.css" type="text/css">
</head>

<body bgcolor="white" text="#000000" link="#004080" vlink="#004080" background="../image/Back.gif">
<p><a href="../catalog.htm">目录</a>>>第8章</p>
<p align="center" class="shadow1Copy"><b class="p3">第8章 压缩与脱壳</b></p>
<table width="80%" border="0" cellspacing="0" cellpadding="3" align="center" bgcolor="#bcbcbc" bordercolor="#111111" class="shadow1">
  <tr> 
    <td class="shadow1" width="20%"> 
      <div align="center"><a href="Chap8-1.htm"><font color="#FFFFFF">第一节 PE文件格式</font></a></div>
    </td>
    <td class="shadow1" width="20%"> 
      <div align="center"><a href="Chap8-2.htm"><font color="#FFFFFF">第二节 认识脱壳</font></a></div>
    </td>
    <td class="shadow1" width="20%"> 
      <div align="center"><a href="Chap8-3-1.htm"><font color="#FFFFFF">第三节 自动脱壳</font></a></div>
    </td>
    <td class="shadow1" width="20%"> 
      <div align="center"><a href="Chap8-4.htm"><font color="#FFFFFF">第四节 手动脱壳</font></a></div>
    </td>
    <td class="shadow1" width="20%"> 
      <div align="center"><a href="Chap8-5.htm"><font color="#FFFFFF">第五节 脱壳高级篇</font></a></div>
    </td>
  </tr>
</table>
<p align="center"><span class="p9"><b>第四节 手动脱壳</b></span></p>
<table border="1" width="80%" cellpadding="5" bordercolor="#111111" bgcolor="#efefef" align="center" cellspacing="0">
  <tr> 
    <td width="50%" valign="middle" align="center" class="p9" height="23"> 
      <div align="left"><span class="p9"><span class="p9">  <span class="p9">   </span> <span class="p9">1、<a href="Chap8-4-1.htm">基本知识</a></span></span></span></div>
    </td>
    <td colspan="2" valign="middle" align="center" class="p9" height="23" width="50%"> 
      <div align="left"><span class="p9"><span class="p9">  <span class="p9">   </span> </span></span>2、<a href="Chap8-4-2.htm">UPX 
        V1.01的壳</a></div>
    </td>
  </tr>
  <tr> 
    <td width="50%" valign="middle" align="center" class="p9" height="23"> 
      <div align="left"><span class="p9"><span class="p9">  <span class="p9">   </span> </span></span>3、<a href="Chap8-4-3.htm">Shrinker 
        v3.4 的壳</a></div>
    </td>
    <td colspan="2" valign="middle" align="center" class="p9" height="23" width="50%"> 
      <div align="left"><span class="p9"><span class="p9">  <span class="p9">   </span> </span></span>4、<a href="Chap8-4-4.htm">ASPack 
        v1.083</a></div>
    </td>
  </tr>
</table>
<p align="center"><b>3、Shrinker v3.4 的壳</b></p>
<p class="p9">英文原作: Etenal Bliss <br>
  电子邮件: Eternal_Bliss@hotmail.com <br>
  作者网址: http://crackmes.cjb.net <br>
  &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; http://surf.to/crackmes <br>
  写作日期: 2000年2月25日 <br>
  中文翻译: 冰毒 <br>
  翻译日期: 2000年3月14日 <br>
  <br>
  目标程序: 用Shrinker v3.4压缩过的Notepad.exe <br>
  <br>
  ****************************************************************** <br>
  冰毒注: <br>
  1. Notepad.exe就是Windows自带的写字板程序,相信大家的机器中都会有. <br>
  2. Shrinker v3.4可以在http://w3.to/protools下载,这里你可以找到你 <br>
  想要的几乎所有的工具. <br>
  ****************************************************************** <br>
  <br>
  使用工具: <br>
  ProcDump <br>
  Softice <br>
  Symbol Loader (冰毒注:这个是Softice自带的,用过Softice的应该知道) <br>
  <br>
  破解方法: <br>
  手动脱壳 <br>
  <br>
  教学目的: <br>
  教你手动脱壳的基本技术 <br>
  __________________________________________________________________________ <br>
  <br>
  &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
  &nbsp; 关于这个教程 <br>
  <br>
  这是我打算写的*简单*的脱壳系列教程的第一篇. 目标程序是notepad.exe,在大多数 <br>
  的电脑中都有它. 因为我还不能很好地解释脱壳中的一些问题,我只能尽我所能向你们 <br>
  展示简单的方法. 至于高级的方法,你们必须去读别的教程. <br>
  _________________________________________________________________________ <br>
  <br>
  <br>
  &nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;使Softice中断于程序入口处 <br>
  <br>
  用Symbol Loader打开已压缩的notepad.exe. <br>
  <br>
  点击Symbol loader任务条上的第二个图标,当你把鼠标移到图标上时,在Symbol Loader <br>
  窗口底部提示行你会见到"Load the currently open module"的字样 <br>
  <br>
  你将得到一条出错信息并问你是否尽管出错还是要装入这个exe文件. 点击"Yes". <br>
  <br>
  假如Softice已经运行的话, 它应该在程序的入口处中断.可是它并没有中断,压缩过的 <br>
  notepad.exe直接就运行了. <br>
  <br>
  该到改变characteristics of the sections的时间了... <br>
  通过改变characteristics, 你可以使Softice中断于程序入口. <br>
  <br>
  用ProcDump装入压缩过的notepad.exe (使用PE Editor) <br>
  你会看到这个以"PE Structure Editor"作为标题的窗口. <br>
  点击称作"Sections"的按钮. <br>
  <br>
  你将得到另一个以"Sections Editor"做标题的窗口. <br>
  你会见到压缩过的notepad.exe的不同sections. <br>
  <br>
  第一个是 .shrink0 它的characteristics是C0000082. <br>
  改变characteristics: 鼠标左键点击.shrink0再点击右键并选择edit section. <br>
  <br>
  你将得到另一个窗口,它用'Modify section value" 作标题. <br>
  把Section Characteristics由C0000082改为E0000020. <br>
  一路按OK直到你回到ProcDump的主窗口. <br>
  你现在可以把ProcDump放在一边了. <br>
  <br>
  **我愿意多作解释为什么必须这样做,但我没这个能力. 8P <br>
  &nbsp; 你也许要读些PE结构的资料来找到原因. <br>
  &nbsp; 别人教我说, E0000020将使section成为可执行的,因此Softice将会中断于入口处 </p>
<p class="p9">找到程序真正入口并进行脱壳 <br>
  <br>
  现在, 希望你没有关闭symbol loader. 假如你关掉的话,重新运行它,打开并装入已 <br>
  压缩的notepad.exe <br>
  <br>
  当你这次点击"Yes"时, 你会发现你已在进入Softice中了... <br>
  我把下面的代码贴出来并加上注解. <br>
  <br>
  ************************* 你在SICE中所见到的 ************************* <br>
  <br>
  **Softice中断时,你会在这儿. 一直按F10走过这部分代码 <br>
  <br>
  0041454F&nbsp; FFFF&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; INVALID 
  <br>
  00414556&nbsp; 55&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
  PUSH&nbsp; &nbsp; &nbsp; EBP <br>
  00414557&nbsp; 8BEC&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; MOV&nbsp; 
  &nbsp; &nbsp; EBP,ESP <br>
  00414559&nbsp; 56&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
  PUSH&nbsp; &nbsp; &nbsp; ESI <br>
  0041455A&nbsp; 57&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
  PUSH&nbsp; &nbsp; &nbsp; EDI <br>
  0041455B&nbsp; 756B&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; JNZ&nbsp; 
  &nbsp; &nbsp; 004145C8&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
  (NO JUMP) <br>
  0041455D&nbsp; 6800010000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; PUSH&nbsp; &nbsp; 
  &nbsp; 00000100 <br>
  00414562&nbsp; E8D60B0000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; CALL&nbsp; &nbsp; 
  &nbsp; 0041513D <br>
  00414567&nbsp; 83C404&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; ADD&nbsp; 
  &nbsp; &nbsp; ESP,04 <br>
  0041456A&nbsp; 8B7508&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; MOV&nbsp; 
  &nbsp; &nbsp; ESI,[EBP+08] <br>
  0041456D&nbsp; A3B4F14000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; MOV&nbsp; &nbsp; 
  &nbsp; [0040F1B4],EAX <br>
  00414572&nbsp; 85F6&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; TEST&nbsp; 
  &nbsp; &nbsp; ESI,ESI <br>
  00414574&nbsp; 7423&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; JZ&nbsp; 
  &nbsp; &nbsp; &nbsp; 00414599&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
  &nbsp; (JUMP) <br>
  00414599&nbsp; 33FF&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; XOR&nbsp; 
  &nbsp; &nbsp; EDI,EDI <br>
  0041459B&nbsp; 57&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
  PUSH&nbsp; &nbsp; &nbsp; EDI <br>
  0041459C&nbsp; 893D8C184100&nbsp; &nbsp; &nbsp; &nbsp; MOV&nbsp; &nbsp; &nbsp; 
  [0041188C],EDI <br>
  004145A2&nbsp; FF1510224100&nbsp; &nbsp; &nbsp; &nbsp; CALL&nbsp; &nbsp; &nbsp; 
  [KERNEL32!GetModuleHandleA] <br>
  004145A8&nbsp; 8BF0&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; MOV&nbsp; 
  &nbsp; &nbsp; ESI,EAX <br>
  004145AA&nbsp; 68FF000000&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; PUSH&nbsp; &nbsp;
12

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -