菜鸟啄硬壳―我的脱壳手记
莱鸟啄壳子―我的蜕壳笔记
[引言] 1.轻轻松松找到蜕壳后的OEP。
........2.ESP基本定律和pushad、popad两对基础理论全是错误的。
........3.RVA困惑将荡然无存,莱鸟也可随便玩蜕壳,只需知道简易地加减400000的标准。[预备期专业知识] 只须对PE文档头构造有分步的知道。
我贴了几页烂文就有点儿得意忘形起來,闲来无事又打着了“壳”的歪主意。我要找1个短小精悍的“软壳蛋”来小试下鸡刀,无所谓了挑选到了1个“铁核桃”,差点儿没把门牙啃脱。壮着胆量闯下来,咳~!总算出来,还悟出至少大道理来。
秀才耍棍棒,还得关键点基本技能。“壳”这一物品对莱鸟一些神秘化,关键缘故是欠缺对PE文档构造的知道,更对RVA的变换头疼。蜕壳以前先将段钢的“数据加密与破译”或罗云彬的“汇编程序设计方案”中有关PE文档构造一部分读五遍就能够应负了!下边用脱FantaMorph.exe 的注册机Keygen.exe(外国人写的)的壳为例,谈点蜕壳构思和方式。(Keygen.exe见附注,请大神认证1个该壳是软還是硬?)
一、怪异的PE头和蜕壳的初试牛刀
1.没见过那样的PE头:
先加16进制编辑器开启keygen.exe文档,看一下它的PE头,给出:
00400000 4D 5A 00 00 00 00 00 00 00 00 00 00 50 45 00 00 MZ..........PE._
00400010 4C 01 02 00 46 53 47 21 00 00 00 00 00 00 00 00 L .FSG!........
00400020 E0 00 0F 01 0B 01 00 00 00 2C 00 00 00 50 01 00 ? 有限责任公司,有限责任公司P .
00400030 00 00 00 00 54 01 00 00 00 10 00 00 0C 00 00 00 ___T 有限责任公司 ......
00400040 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 ._@._ 有限责任公司 ._ 有限责任公司
00400050 00 00 00 00 04 00 00 00 00 00 00 00 00 30 02 00 ___ ........0 .
00400060 00 02 00 00 00 00 00 00 02 00 00 00 00 00 10 00 . ...... .我 .
00400070 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 . ___ ._ ......
00400080 10 00 00 00 00 00 00 00 00 00 00 00 98 23 02 00 ...........? .
00400090 84 00 00 00 00 C0 01 00 14 0D 00 00 00 00 00 00 ?有限责任公司?. .......
004000A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004000B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004000C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004000D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004000E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
004000F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00400100 00 00 00 00 00 00 00 00 00 00 00 00 00 B0 01 00 .............?.
00400110 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . ..............
00400120 00 00 00 00 00 00 00 00 E0 00 00 C0 00 00 00 00 ........?.?有限责任公司
00400130 00 00 00 00 00 70 00 00 00
相关文章
- 4条评论
- 鹿岛雾月2022-05-28 11:55:56
- ........004000B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................004000C0&n
- 礼忱七禾2022-05-28 10:48:14
- 0 ................004000B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................004000C0 00 00 00 00 00
- 南殷雨安2022-05-28 12:10:07
- 啃脱。壮着胆量闯下来,咳~!总算出来,还悟出至少大道理来。 秀才耍棍棒,还得关键点基本技能。“壳”这一物品对莱鸟一些神秘化,关键缘故是欠缺对PE文档构造的知道,更对RVA的变换头疼。蜕壳以前先将段钢的“数据加密与破译”或罗云彬的“汇编程序
- 痴者橙柒2022-05-28 09:57:09
- 0 00 00 00 00 00 00 00 00 00 00 00 ................004000C0 00 00 00 00 00 00 00