📄 chap8-3-3.htm.primary
字号:
<font face="Times New Roman" color="#000000">int 3</font> <font face="宋体" color="#000000">语句,令</font>
<font face="Times New Roman" color="#000000">winsoftice</font> <font face="宋体" color="#000000">强行中断。</font>
</span> <span class="p9"><font face="宋体" color="#000000">好了,方法说了一大罗,我们就用最简单的方法吧!没人会有简单的不用,去用最繁的</font></span><span class="p9"><font face="宋体" color="#000000">,如果有</font></span><span class="p9"><font face="宋体" color="#000000">吧!大家就。。。。。。。。</font>
</span>
<p> </p>
<p> <span class="p9"><font face="宋体" color="#000000">运行</font> <font face="Times New Roman" color="#000000">TRW0.75</font>
<font face="宋体" color="#000000">,选择菜单中的</font> <font face="Times New Roman" color="#000000">TRNEWTCB</font>
<font face="宋体" color="#000000">命令,然后运行加脱的程序,程序马上中断于第一句了。</font> </span></p>
<p> <span class="p9"><font face="宋体" color="#000000">具体如下:</font> </span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">0137:0043D100 PUSHAD </font>
<font face="宋体" color="#000000">程序会中断于这里</font> </span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">0137:0043D101 MOV ESI,0042B0D9</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">0137:0043D106 LEA EDI,[ESI+FFFD5F27]</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">0137:0043D10C PUSH EDI</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">0137:0043D10D OR EBP,-01</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">0137:0043D110 JMP 0043D122 </font>
<font face="宋体" color="#000000">跳到解压程序</font> </span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">0137:0043D112 NOP</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">0137:0043D113 NOP</font>
</span></p>
<p> </p>
<p> <span class="p9"><font face="宋体" color="#000000">解压程序的入口:</font> </span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">0137:0043D122 8B1E MOV EBX,[ESI]</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">0137:0043D124 83EEFC SUB ESI,-04</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">0137:0043D127 11DB ADC EBX,EBX</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">0137:0043D129 72ED JB 0043D118</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">0137:0043D12B B801000000 MOV EAX,00000001</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">0137:0043D130 01DB ADD EBX,EBX</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">0137:0043D132 7507 JNZ 0043D13B</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">0137:0043D134 8B1E MOV EBX,[ESI]</font>
</span></p>
<p> </p>
<span class="p9"><font face="宋体" color="#000000">好了在解压程序里面,程序会做无数次的循环,我没有必要了解它是如何进行加压的,所以</font></span><span class="p9"><font face="宋体" color="#000000">就把</font></span><span class="p9"><font face="宋体" color="#000000">光标一直向下走,一直走到这里:</font>
</span>
<p> </p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">0137:0043D250 EBD6 JMP 0043D228</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">0137:0043D252 61 POPAD</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">0137:0043D253 C3 RET</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">0137:0043D254 61 POPAD</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">0137:0043D255 E9D6A1FDFF JMP 00417430 </font>
<font face="宋体" color="#000000">这就是程序的真正入口了</font> </span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">0137:0043D25A 0000 ADD [EAX],AL</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">0137:0043D25C 0000 ADD [EAX],AL</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">0137:0043D25E 0000 ADD [EAX],AL</font>
</span></p>
<span class="p9"><font face="宋体" color="#000000">好开心啊!终于找到了入口地址,如果你只是针对某一个特定的程序而脱壳的,那么现在就</font></span><span class="p9"><font face="宋体" color="#000000">可以</font>
</span><span class="p9"><font face="宋体" color="#000000">用</font> <font face="Times New Roman" color="#000000">TRW</font>
<font face="宋体" color="#000000">的</font> <font face="Times New Roman" color="#000000">pedump</font>
<font face="宋体" color="#000000">命令直接脱壳了,但这不是我们所要的,我们现在是要研究</font> </span><span class="p9"><font face="Times New Roman" color="#000000">UPX0.82</font>
<font face="宋体" color="#000000">的壳,要写</font></span><span class="p9"><font face="宋体" color="#000000">一个通用的脱壳</font>
<font face="Times New Roman" color="#000000">ini</font> <font face="宋体" color="#000000">加入到</font>
<font face="Times New Roman" color="#000000">Procdump1.50</font> <font face="宋体" color="#000000">里面,那么,这样你以</font></span><span class="p9"><font face="宋体" color="#000000">后就可以很方便脱掉</font>
<font face="Times New Roman" color="#000000">UPX0.82</font> <font face="宋体" color="#000000">所</font>
</span><span class="p9"><font face="宋体" color="#000000">的脱了,同时也很方便网上传播了,让别人也能分享你</font></span><span class="p9"><font face="宋体" color="#000000">的成果,这才是真正的</font>
<font face="Times New Roman" color="#000000">Cracker</font> <font face="宋体" color="#000000">精神。</font>
</span>
<p> </p>
<p> <span class="p9"><font face="宋体" color="#000000">操作:</font> </span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">1.</font> <font face="宋体" color="#000000">用</font>
<font face="Times New Roman" color="#000000">Ultraedit6.10</font> <font face="宋体" color="#000000">打开</font>
<font face="Times New Roman" color="#000000">Procdump1.50</font> <font face="宋体" color="#000000">目录下的</font>
<font face="Times New Roman" color="#000000">Script.ini</font> <font face="宋体" color="#000000">文件;</font>
</span></p>
<p> <span class="p9"><font face="宋体" color="#000000">它的格式如下:</font> </span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">[INDEX]</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">P1=Hasiuk/NeoLite</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">P2=PESHiELD</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">P3=Standard</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">P4=Shrinker 3.3</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">P5=Wwpack32 I</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">P6=Manolo</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">P7=Petite<1.3</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">P8=Wwpack32 II</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">P9=Vbox Dialog</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">PA=Vbox Std</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">PB=Petite 1.x</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">PC=Shrinker 3.2</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">PD=PEPack</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">PE=UPX </font>
<font face="宋体" color="#000000">修改为</font> <font face="Times New Roman" color="#000000">PE=UPX<0.7X</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">PF=Aspack<108</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">P10=SoftSentry</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">P11=CodeSafe 3.X</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">P12=Aspack108</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">P13=Neolite2</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">P14=Aspack108.2</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">P15=Petite 2.0</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">P16=Sentinel</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">P17=PKLiTE</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">P18=Petite 2.1</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">P19=PCShrink</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">P1A=PCGUARD v2.10</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">P1B=Aspack108.3</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">P1C=Shrinker 3.4</font>
</span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">P1D=UPX0.7X-0.8X </font>
<font face="宋体" color="#000000">加入这句</font> </span></p>
<p> </p>
<p> <span class="p9"><font face="宋体" color="#000000">然后找到:</font> </span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">[UPX] </font>
<font face="宋体" color="#000000">修改为</font> <font face="Times New Roman" color="#000000">[UPX<0.7X]</font>
</span></p>
<p> </p>
<p> <span class="p9"><font face="宋体" color="#000000">然后在文件最下面加入:</font> </span></p>
<p> <span class="p9"><font face="Times New Roman" color="#000000">[UPX0.7X-0.8X]</font>
</span></p>
<p> </p>
<span class="p9"><font face="宋体" color="#000000">好了,准备功夫我们都做好了,现在可以写</font> <font face="Times New Roman" color="#000000">UPX0.82</font>
<font face="宋体" color="#000000">的脱壳扩展了,首先我们可以见到程</font></span><span class="p9"><font face="宋体" color="#000000">序有</font></span><span class="p9"><font face="宋体" color="#000000">两个跳动的地方,第一个是:</font>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -