📄 chap8-3-3.htm.primary
字号:
<html>
<head>
<title>Crack Tutorial</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<link rel="stylesheet" href="style/css.css" type="text/css">
<link rel="stylesheet" href="../STYLE/Css.css" type="text/css">
</head>
<body bgcolor="white" text="#000000" link="#004080" vlink="#004080" background="../image/Back.gif">
<p><a href="../catalog.htm">目录</a>>>第8章</p>
<p align="center" class="shadow1Copy"><b class="p3">第8章 压缩与脱壳</b></p>
<table width="80%" border="0" cellspacing="0" cellpadding="3" align="center" bgcolor="#bcbcbc" bordercolor="#111111" class="shadow1">
<tr>
<td class="shadow1" width="20%">
<div align="center"><a href="Chap8-1.htm"><font color="#FFFFFF">第一节 PE文件格式</font></a></div>
</td>
<td class="shadow1" width="20%">
<div align="center"><a href="Chap8-2.htm"><font color="#FFFFFF">第二节 认识脱壳</font></a></div>
</td>
<td class="shadow1" width="20%">
<div align="center"><a href="Chap8-3-1.htm"><font color="#FFFFFF">第三节 自动脱壳</font></a></div>
</td>
<td class="shadow1" width="20%">
<div align="center"><a href="Chap8-4.htm"><font color="#FFFFFF">第四节 手动脱壳</font></a></div>
</td>
<td class="shadow1" width="20%">
<div align="center"><a href="Chap8-5.htm"><font color="#FFFFFF">第五节 脱壳高级篇</font></a></div>
</td>
</tr>
</table>
<p align="center"><span class="p9"><b>第三节 自动脱壳</b></span></p>
<table border="1" width="80%" cellpadding="5" bordercolor="#111111" bgcolor="#efefef" align="center" cellspacing="0">
<tr>
<td width="50%" valign="middle" align="center" class="p9" height="23">
<div align="left"><span class="p9"><span class="p9"> <span class="p9"> </span> <span class="p9">1、<a href="Chap8-3-1.htm">工具介绍</a></span></span></span></div>
</td>
<td colspan="2" valign="middle" align="center" class="p9" height="23" width="50%">
<div align="left"><span class="p9"><span class="p9"> <span class="p9"> </span> </span></span>2、<a href="Chap8-3-2.htm">ProcDump应用文章一</a></div>
</td>
</tr>
<tr>
<td width="50%" valign="middle" align="center" class="p9" height="23">
<div align="left"><span class="p9"><span class="p9"> <span class="p9"> </span> </span></span>3、<a href="Chap8-3-3.htm">ProcDump应用文章二</a></div>
</td>
<td colspan="2" valign="middle" align="center" class="p9" height="23" width="50%">
<div align="left"><span class="p9"><span class="p9"> <span class="p9"> </span> </span></span>4、<a href="Chap8-3-4.htm">ProcDump中文说明书
</a> </div>
</td>
</tr>
</table>
<p align="center"><b>3、ProcDump应用文章二</b></p>
<p align="left"><span class="p9"><font face="宋体" color="#000000"> 今天,在吴朝相的网页上看到一篇由台湾的</font>
<font face="Times New Roman" color="#000000">Peter's</font> <font face="宋体" color="#000000">写的关于脱壳的文章,里面提</font>及<span class="p9"><font face="宋体" color="#000000">到</font></span><font face="宋体" color="#000000">的了</font>
<font face="Times New Roman" color="#000000">Procdump1.50</font> <font face="宋体" color="#000000">的使用,但由于所写的内容比较地肤浅,并没有交待到</font>
<font face="Times New Roman" color="#000000">Procdump1.50</font> <font face="宋体" color="#000000">的强</font><font face="宋体" color="#000000">大之处,同时由于最近在网上的软件,加壳之风日盛,如果作为一个</font>
<font face="Times New Roman" color="#000000">Cracker</font> <font face="宋体" color="#000000">,不跟着时代走,可</font>
<font face="宋体" color="#000000">能在不久的将来,你就没有什么软件可以修改了,所以一定要在加脱方法下点苦功才行,为此,</font>
<font face="宋体" color="#000000">小弟想把一月来学习到的脱壳技术</font> <font face="Times New Roman" color="#000000">Post</font>
<font face="宋体" color="#000000">出来,让大家了解一下在</font> <font face="Times New Roman" color="#000000">Windows</font>
<font face="宋体" color="#000000">上是如何进行软件脱</font> <font face="宋体" color="#000000">壳的,同时也想向大家介绍强大的</font>
<font face="Times New Roman" color="#000000">Procdump1.50</font> <font face="宋体" color="#000000">是如何使用的,如何用它来进行手动脱壳的,</font>
<font face="宋体" color="#000000">如何扩展自已的</font> <font face="Times New Roman" color="#000000">Procdump1.50</font>
<font face="宋体" color="#000000">的脱壳种类。但由于小弟在脱壳方面还是新手,如果文章中有</font><font face="宋体" color="#000000">错误之处,请来信指教。</font>
</span> </p>
<p> </p>
<p> <span class="p9"><font face="宋体" color="#000000">读者要求:</font> </span></p>
<p> </p>
<p> <span class="p9"><font face="宋体" color="#000000">你可以阅读和传播本文章,但不能对文章的内容作任何的修改,请尊重作者的劳动。</font>
</span></p>
<p> </p>
<p> <span class="p9"><font face="宋体" color="#000000">首先我们要先准备我们的工具:</font> </span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">1.Procdump1.50</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">2.Ultraedit6.10</font>
<font face="宋体" color="#000000">(这个你也可以用别的编辑器)</font> </span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">3.Winsoftice4.0</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">4.Trw0.75</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">5.MakePE1.27</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">6.Wdasm8.93</font>
</span></p>
<p> </p>
<span class="p9"><font face="宋体" color="#000000">好了!工具都准备齐全了,我们就去下载一个实验品吧!今次我们选的</font>是UPX
<font face="宋体" color="#000000">,在</font> </span><span class="p9"> <font face="Times New Roman" color="#000000">Procdump1.50</font>
</span><span class="p9"><font face="宋体" color="#000000">的脱壳文件列表中,你可以清楚地看到有</font>
<font face="Times New Roman" color="#000000">UPX</font> <font face="宋体" color="#000000">的选项,所以我们今次就选</font></span><span class="p9"><font face="宋体" color="#000000">它了,目前它的最新版本</font></span><span class="p9"><font face="宋体" color="#000000">是</font>
<font face="Times New Roman" color="#000000">0.82</font> <font face="宋体" color="#000000">,好了下载完毕了,我们先用它来为软件加一个脱吧!</font>
</span>
<p> <span class="p9"><font face="宋体" color="#000000">操作:</font> </span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">1.</font> <font face="宋体" color="#000000">在</font>
<font face="Times New Roman" color="#000000">windows</font> <font face="宋体" color="#000000">上打开一个</font>
<font face="Times New Roman" color="#000000">Dos</font> <font face="宋体" color="#000000">窗口</font>
<font face="Times New Roman" color="#000000">,</font> <font face="宋体" color="#000000">进入</font>
<font face="Times New Roman" color="#000000">UPX0.82</font> <font face="宋体" color="#000000">所在的目录;</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">2.</font> <font face="宋体" color="#000000">输入</font>
<font face="Times New Roman" color="#000000">upx [</font> <font face="宋体" color="#000000">要加壳的文件路径和文件名</font>
<font face="Times New Roman" color="#000000">]</font> </span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">3.OK!</font>
<font face="宋体" color="#000000">加壳成功了!</font> </span></p>
<p> </p>
<p> <span class="p9"><font face="宋体" color="#000000">好了!现在可以试一试脱壳了!</font> </span></p>
<p> </p>
<p> <span class="p9"><font face="宋体" color="#000000">操作:</font> </span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">1.</font> <font face="宋体" color="#000000">运行</font>
<font face="Times New Roman" color="#000000">Procdump1.50</font> <font face="宋体" color="#000000">;</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">2.</font> <font face="宋体" color="#000000">按</font>
<font face="Times New Roman" color="#000000">Unpack</font> <font face="宋体" color="#000000">按钮,这时就出现了</font>
<font face="Times New Roman" color="#000000">Choose Unpacker</font> <font face="宋体" color="#000000">窗口;</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">3.</font> <font face="宋体" color="#000000">在窗口中选择</font>
<font face="Times New Roman" color="#000000">UPX</font> <font face="宋体" color="#000000">,这时就会跳出一个选择你要脱壳文件的选择窗口;</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">4.</font> <font face="宋体" color="#000000">按下打开,哦天啊!好痛苦啊!程序没有脱壳竟然运行了,</font>
<font face="Times New Roman" color="#000000">Procdump1.50</font> <font face="宋体" color="#000000">提示一个错</font></span></p>
<p><span class="p9"><font face="宋体" color="#000000">误发生在</font> </span><span class="p9"><font face="Times New Roman" color="#000000">script</font>
<font face="宋体" color="#000000">的第一行。</font> </span></p>
<p> </p>
<span class="p9"><font face="宋体" color="#000000">以上的所有操作,是对自动脱壳来说的,基本上的自动脱壳的操作都是这样的。好了,难道</font></span><span class="p9"><font face="宋体" color="#000000">就这样</font><font face="宋体" color="#000000">没有戏唱了吗?作者写文章那会就写这几十行废话呢?请接着看下面的吧!</font>
</span> <span class="p9"><font face="宋体" color="#000000">好了,看一看它没有没防住</font> <font face="Times New Roman" color="#000000">winsoftice</font>
<font face="宋体" color="#000000">呢?重新启动机器,换一个有安装</font> <font face="Times New Roman" color="#000000">winsoftice</font></span><span class="p9">
<font face="宋体" color="#000000">的</font> <font face="Times New Roman" color="#000000">windows</font>
<font face="宋体" color="#000000">平台</font> </span><span class="p9"><font face="宋体" color="#000000">吧!再次运行被加脱了的程序,还好!没有当掉</font>
<font face="Times New Roman" color="#000000">winsoftice</font> <font face="宋体" color="#000000">,这样心</font></span><span class="p9"><font face="宋体" color="#000000">中暗喜,你有难了啊!看来外</font>
</span><span class="p9"><font face="宋体" color="#000000">国人写的东西还是比较有善,不象</font>
<font face="Times New Roman" color="#000000">Ding Boy</font> <font face="宋体" color="#000000">的幻影系列,</font></span><span class="p9"><font face="宋体" color="#000000">比小燕子还凶(</font>
<font face="Times New Roman" color="#000000">^o^</font> <font face="宋体" color="#000000">,又说</font>
<font face="Times New Roman" color="#000000">Ding Boy</font> <font face="宋体" color="#000000">的坏</font>
</span><span class="p9"><font face="宋体" color="#000000">话了,其实有时我觉得他比较象</font>
<font face="Times New Roman" color="#000000">Crack</font> <font face="宋体" color="#000000">界</font></span><span class="p9"><font face="宋体" color="#000000">的小燕子,令人又爱又恨)。好了关闭程序,用</font>
<font face="Times New Roman" color="#000000">winsoftice</font> </span><span class="p9"><font face="宋体" color="#000000">载入去,唉刚刚还说好呢!</font></span><span class="p9"><font face="宋体" color="#000000">原来它还是对</font>
<font face="Times New Roman" color="#000000">winsoftice</font> <font face="宋体" color="#000000">作了一点小动作,</font>
<font face="Times New Roman" color="#000000">winsoftice</font> <font face="宋体" color="#000000">不能中断于程序的</font></span><span class="p9"><font face="宋体" color="#000000">入口的第一</font></span><span class="p9"><font face="宋体" color="#000000">句处。没有关系,现在有三种方法,第一种方法是通过对程序的</font>
<font face="Times New Roman" color="#000000">exe</font> <font face="宋体" color="#000000">文件作一点修改,</font>
</span> <span class="p9"><font face="宋体" color="#000000">使其符合标准的</font> <font face="Times New Roman" color="#000000">PE</font>
<font face="宋体" color="#000000">文件格式,因为</font> <font face="Times New Roman" color="#000000">winsoftice</font>
<font face="宋体" color="#000000">毕竟不是专为</font> <font face="Times New Roman" color="#000000">Crack</font>
<font face="宋体" color="#000000">设计的,所以它</font></span><span class="p9"><font face="宋体" color="#000000">的中断程序入口</font>
</span><span class="p9"><font face="宋体" color="#000000">是针对标准的</font> <font face="Times New Roman" color="#000000">PE</font>
<font face="宋体" color="#000000">文件格式来写的,对于那些不符合的,它就没有能力了</font></span><span class="p9"><font face="宋体" color="#000000">,具体的</font>
<font face="Times New Roman" color="#000000">PE</font> <font face="宋体" color="#000000">文件格式,大</font>
</span><span class="p9"><font face="宋体" color="#000000">家可以看一看</font> <font face="Times New Roman" color="#000000">VC</font>
<font face="宋体" color="#000000">中的</font> <font face="Times New Roman" color="#000000">MSDN</font>
<font face="宋体" color="#000000">中的帮助和</font> <font face="Times New Roman" color="#000000">WINNT.H</font>
<font face="宋体" color="#000000">中的解释</font></span><span class="p9"><font face="宋体" color="#000000">;第二种方法就是不用</font>
<font face="Times New Roman" color="#000000">winsoftice</font> <font face="宋体" color="#000000">,而用</font>
</span><span class="p9"><font face="Times New Roman" color="#000000">TRW</font>
<font face="宋体" color="#000000">,因为刘涛涛先生的</font> <font face="Times New Roman" color="#000000">TRW</font>
<font face="宋体" color="#000000">是专为</font> <font face="Times New Roman" color="#000000">Crack</font></span><span class="p9">
<font face="宋体" color="#000000">设计的,所以几乎所有可以在</font> <font face="Times New Roman" color="#000000">Windows</font>
<font face="宋体" color="#000000">上运行的程序,它</font> </span><span class="p9"><font face="宋体" color="#000000">都可以中断得了;第三种方法</font></span><span class="p9"><font face="宋体" color="#000000">,就是在原</font>
<font face="Times New Roman" color="#000000">exe</font> <font face="宋体" color="#000000">文件中加插</font>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -