pc guard for win32 脱壳的问题-加壳脱壳-看雪-安全社区|安全招聘|kanxue.com

最新回复 (4)
fly 雪币： 898 活跃值： (4054) 能力值： ( LV9，RANK：3410 ) 在线值：发帖 294 回帖 7686 粉丝 34 关注私信	fly 85 2 楼新版需要自己手脱 a9cK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4m8J5L8%4c8G2L8$3I4K6i4K6u0W2M7X3g2$3k6i4u0K6k6g2)9J5k6r3g2F1k6$3W2F1k6h3g2J5K9h3&6Y4i4K6u0W2L8X3g2@1i4K6u0r3 Unpackers/decrypters/unprotectors ->PCGuard PCGuard Decryptor by da DAEMON. 24.X.2000. PCGuard Decryptor 0.7 (21K). - decrypts each section that got encrypted - kills 100% of the pcgw code - it has got support for these versions: 2.10d, 3.00d, 3.02d, 3.03d (shareware versions). - also tries to rename the section names back to their original ones PCGuard Dumper by just Evaluator. 17.V.2003. PCGuard Dumper (77K). Dumper for PCGuard 3.05-4.10. 2005-9-30 10:10 0
南蛮妈妈雪币： 233 活跃值： (130) 能力值： ( LV8，RANK：130 ) 在线值：发帖 6 回帖 472 粉丝 0 关注私信	南蛮妈妈 3 3 楼楼主搞定了,要写教程哦 2005-9-30 10:35 0
disth 雪币： 206 活跃值： (15) 能力值： ( LV2，RANK：10 ) 在线值：发帖 11 回帖 192 粉丝 1 关注私信	disth 4 楼没有注册窗口要求UNLOCK的很容易搞定。而要求注册才能键入程序内部的，不知道怎样绕过注册。。。。。 2005-9-30 13:57 0
Fpc 雪币： 598 活跃值： (282) 能力值： ( LV13，RANK：330 ) 在线值：发帖 26 回帖 169 粉丝 1 关注私信	Fpc 4 5 楼跟过一次，代码太长了，没完成摘出一段笔记，杀完花，清爽多了： 1. PC GUARD 5.0 (SEE: PC Guard for Win32 V5.0 DEMO 脱壳 ―― PCGWIN32.EXE 主程序 BY FLY) ----------------------------------------------------------------------- STEP ONE: DE-JUNKcode ActivePatListX = _pc01,_pc02,_pc03,_pc04 [CODE_pc01] ;00484009 60 pushad ;0048400A E8 03000000 call pcgwin32.00484012 ;0048400F 83EB 0E sub ebx,0E ;00484012 EB 01 jmp short pcgwin32.00484015 ;00484014 0C 58 or al,58 ;00484016 EB 01 jmp short pcgwin32.00484019 ;00484018 35 40EB0136 xor eax,3601EB40 ;0048401D FFE0 jmp eax ;0048401F 0B61 B8 or esp,dword ptr ds:[ecx-48] S = 60E803000000??EB0EEB01??58EB01??40EB01??FFE0??61 R = 909090909090909090909090909090909090909090909090 [CODE_pc02] ;00484029 60 pushad ;0048402A E8 03000000 call pcgwin32.00484032 ;0048402F D2EB shr bl,cl ;00484031 0B58 EB or ebx,dword ptr ds:[eax-15] ;00484034 0148 40 add dword ptr ds:[eax+40],ecx ;00484037 EB 01 jmp short pcgwin32.0048403A ;00484039 35 FFE0E761 xor eax,61E7E0FF S = 60E803000000??EB0B58EB01??40EB01??FFE0??61 R = 909090909090909090909090909090909090909090 [CODE_pc03] ;004841C4 9C pushfd ;004841C5 EB 01 jmp short pcgwin32.004841C8 ;004841C7 D5 9D aad 9D ;004841C9 EB 01 jmp short pcgwin32.004841CC ;004841CB 0B75 39 or esi,dword ptr ss:[ebp+39] S = 9CEB01??9DEB01?? R = 9090909090909090 [CODE_pc04] ;004841E7 /EB 01 jmp short pcgwin32.004841EA ;004841E9 ^\|E3 90 jecxz short pcgwin32.0048417B S = EB01E3 R = 909090 --------------------------------------------------------------------- 2005-9-30 15:28 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

最新回复 (4)
fly 雪币： 898 活跃值： (4054) 能力值： ( LV9，RANK：3410 ) 在线值：发帖 294 回帖 7686 粉丝 34 关注私信	fly 85 2 楼新版需要自己手脱 a9cK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4m8J5L8%4c8G2L8$3I4K6i4K6u0W2M7X3g2$3k6i4u0K6k6g2)9J5k6r3g2F1k6$3W2F1k6h3g2J5K9h3&6Y4i4K6u0W2L8X3g2@1i4K6u0r3 Unpackers/decrypters/unprotectors ->PCGuard PCGuard Decryptor by da DAEMON. 24.X.2000. PCGuard Decryptor 0.7 (21K). - decrypts each section that got encrypted - kills 100% of the pcgw code - it has got support for these versions: 2.10d, 3.00d, 3.02d, 3.03d (shareware versions). - also tries to rename the section names back to their original ones PCGuard Dumper by just Evaluator. 17.V.2003. PCGuard Dumper (77K). Dumper for PCGuard 3.05-4.10. 2005-9-30 10:10 0
南蛮妈妈雪币： 233 活跃值： (130) 能力值： ( LV8，RANK：130 ) 在线值：发帖 6 回帖 472 粉丝 0 关注私信	南蛮妈妈 3 3 楼楼主搞定了,要写教程哦 2005-9-30 10:35 0
disth 雪币： 206 活跃值： (15) 能力值： ( LV2，RANK：10 ) 在线值：发帖 11 回帖 192 粉丝 1 关注私信	disth 4 楼没有注册窗口要求UNLOCK的很容易搞定。而要求注册才能键入程序内部的，不知道怎样绕过注册。。。。。 2005-9-30 13:57 0
Fpc 雪币： 598 活跃值： (282) 能力值： ( LV13，RANK：330 ) 在线值：发帖 26 回帖 169 粉丝 1 关注私信	Fpc 4 5 楼跟过一次，代码太长了，没完成摘出一段笔记，杀完花，清爽多了： 1. PC GUARD 5.0 (SEE: PC Guard for Win32 V5.0 DEMO 脱壳 ―― PCGWIN32.EXE 主程序 BY FLY) ----------------------------------------------------------------------- STEP ONE: DE-JUNKcode ActivePatListX = _pc01,_pc02,_pc03,_pc04 [CODE_pc01] ;00484009 60 pushad ;0048400A E8 03000000 call pcgwin32.00484012 ;0048400F 83EB 0E sub ebx,0E ;00484012 EB 01 jmp short pcgwin32.00484015 ;00484014 0C 58 or al,58 ;00484016 EB 01 jmp short pcgwin32.00484019 ;00484018 35 40EB0136 xor eax,3601EB40 ;0048401D FFE0 jmp eax ;0048401F 0B61 B8 or esp,dword ptr ds:[ecx-48] S = 60E803000000??EB0EEB01??58EB01??40EB01??FFE0??61 R = 909090909090909090909090909090909090909090909090 [CODE_pc02] ;00484029 60 pushad ;0048402A E8 03000000 call pcgwin32.00484032 ;0048402F D2EB shr bl,cl ;00484031 0B58 EB or ebx,dword ptr ds:[eax-15] ;00484034 0148 40 add dword ptr ds:[eax+40],ecx ;00484037 EB 01 jmp short pcgwin32.0048403A ;00484039 35 FFE0E761 xor eax,61E7E0FF S = 60E803000000??EB0B58EB01??40EB01??FFE0??61 R = 909090909090909090909090909090909090909090 [CODE_pc03] ;004841C4 9C pushfd ;004841C5 EB 01 jmp short pcgwin32.004841C8 ;004841C7 D5 9D aad 9D ;004841C9 EB 01 jmp short pcgwin32.004841CC ;004841CB 0B75 39 or esi,dword ptr ss:[ebp+39] S = 9CEB01??9DEB01?? R = 9090909090909090 [CODE_pc04] ;004841E7 /EB 01 jmp short pcgwin32.004841EA ;004841E9 ^\|E3 90 jecxz short pcgwin32.0048417B S = EB01E3 R = 909090 --------------------------------------------------------------------- 2005-9-30 15:28 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复