-
-
脱壳无门的朋友请进来看看----学习CRACK第1个月体会
-
发表于: 2004-9-2 00:18
-
学习CRACK第1个月体会
作者:doa007
此文谨致于落后于我这个初学者的初学者。(有点?嗦)
论坛的朋友如果你此时还不会脱壳,那么我强烈建议你去下载《破解实例信息资源豪华版》,这个东西实在是很不错,光看个头就知道是好东
西有63M还多,记得一个月前我刚开始学破解的时候照那本49元的《加密与解密》,头两天我先是熟悉了一下OLLDBG到第三天早上突然有了灵感解开了随书光碟中的三个CRACKME,当时可把我高兴坏了(现在想起来那时真可笑 那三个CRme是没加壳的),到了第4个CRme 就惨了,用找字串却什么都没有,那时我还不知道要脱壳过了一天我才知道是加了壳的原因,当时就在论坛中下了个FI但FI闪闪就没了,一时找不到其它工具查壳自然就没法下载相应的脱壳工具,为这事我郁闷了好几天,现在想想幸好没被我找到自动脱壳找入口的工具。 有一天到de0K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3y4J5j5h3y4C8L8h3!0J5k6g2)9J5k6h3y4G2L8g2)9J5c8W2!0q4y4q4!0n7z5q4)9^5b7W2!0q4y4q4!0n7b7g2)9^5y4W2!0q4y4q4!0n7z5q4!0m8b7g2!0q4x3#2)9^5x3q4)9^5b7g2!0q4y4W2)9^5z5g2)9^5b7W2!0q4y4g2)9^5b7g2!0m8z5q4!0q4z5q4)9^5y4q4!0n7x3g2!0q4y4g2!0m8x3#2!0n7x3#2!0q4y4g2)9^5y4g2!0m8y4g2!0q4z5g2)9&6y4#2!0m8z5q4!0q4y4#2!0m8b7#2!0m8b7K6l9I4i4@1f1%4i4@1q4r3i4K6R3%4i4@1f1#2i4K6S2m8i4@1p5^5i4@1f1%4i4K6V1@1i4@1u0n7i4@1f1$3i4K6V1#2i4K6V1&6i4@1f1%4i4@1p5^5i4K6S2n7i4@1f1K6i4K6R3H3i4K6S2n7i4@1f1%4i4K6V1@1i4@1t1I4i4@1f1@1i4@1u0m8i4K6S2q4i4@1f1#2i4@1q4q4i4K6S2o6i4@1f1#2i4K6R3#2i4@1p5^5i4@1f1@1i4@1t1^5i4K6S2p5i4@1f1$3i4K6R3%4i4K6R3J5i4@1f1^5i4K6R3@1i4@1t1I4i4@1f1#2i4@1p5K6i4@1t1K6i4@1g2r3i4@1u0o6i4K6S2o6i4@1f1^5i4@1u0r3i4K6W2q4i4@1f1^5i4@1u0r3i4K6V1&6i4@1f1@1i4@1t1^5i4@1q4m8i4@1f1#2i4K6R3#2i4@1p5#2i4@1f1&6i4K6V1%4i4@1p5^5i4@1f1%4i4@1u0m8i4@1p5%4i4@1f1%4i4K6W2m8i4K6R3@1g2g2m8j5x3g2)9J5k6e0m8Q4c8e0N6Q4z5f1q4Q4z5o6c8Q4c8e0S2Q4z5o6c8Q4b7U0q4Q4c8e0g2Q4b7e0y4Q4b7U0y4Q4c8e0g2Q4z5p5q4Q4b7e0S2Q4c8e0N6Q4z5e0c8Q4b7V1u0Q4c8e0c8Q4b7U0W2Q4z5f1k6Q4c8e0N6Q4z5f1y4Q4z5p5u0Q4c8e0c8Q4b7U0S2Q4z5p5c8Q4c8e0k6Q4z5o6N6Q4z5o6u0Q4c8f1k6Q4b7V1y4Q4z5p5y4Q4c8e0S2Q4b7V1k6Q4z5e0S2Q4c8e0g2Q4b7e0g2Q4b7V1c8Q4c8e0S2Q4b7V1k6Q4z5o6N6Q4c8e0c8Q4b7V1q4Q4z5o6k6Q4c8e0c8Q4b7U0S2Q4z5o6m8Q4c8e0c8Q4b7V1y4Q4z5f1q4Q4c8e0g2Q4z5f1y4Q4b7e0S2Q4c8e0g2Q4z5p5k6Q4b7e0k6Q4c8e0c8Q4b7U0S2Q4z5o6m8Q4c8e0c8Q4b7U0S2Q4b7f1q4Q4c8e0N6Q4b7V1c8Q4z5e0q4Q4c8e0N6Q4b7f1u0Q4z5e0W2Q4c8e0c8Q4b7U0S2Q4z5p5u0Q4c8e0S2Q4b7V1c8Q4b7V1c8Q4c8e0g2Q4z5o6S2Q4b7U0m8Q4c8e0c8Q4b7V1q4Q4z5o6k6Q4c8e0S2Q4b7V1k6Q4z5e0W2Q4c8e0c8Q4b7U0S2Q4b7f1p5$3x3@1#2Q4c8e0N6Q4z5f1q4Q4z5o6c8Q4c8e0g2Q4b7e0c8Q4b7e0N6Q4c8e0c8Q4b7U0S2Q4b7f1q4Q4c8e0g2Q4b7e0c8Q4b7U0c8Q4c8e0W2Q4b7V1y4Q4z5e0y4Q4c8e0S2Q4b7U0g2Q4b7U0N6Q4c8e0g2Q4z5p5u0Q4z5o6N6Q4c8e0k6Q4b7U0m8Q4z5e0c8Q4c8e0N6Q4z5o6g2Q4b7e0N6Q4c8e0k6Q4z5e0g2Q4z5e0W2Q4c8e0N6Q4b7e0S2Q4z5p5u0Q4c8e0g2Q4z5o6q4Q4z5f1q4Q4c8e0g2Q4b7f1g2Q4z5p5x3I4i4@1f1%4i4@1q4r3i4K6R3%4i4@1g2r3i4@1u0o6i4K6S2o6i4@1f1%4i4@1q4o6i4@1q4o6i4@1f1@1i4@1t1^5i4K6R3H3i4@1f1$3i4K6R3@1i4K6W2r3i4@1f1^5i4@1p5%4i4K6R3&6i4@1f1$3i4K6V1^5i4@1q4r3i4@1f1^5i4K6R3@1i4@1t1I4i4@1f1#2i4@1p5K6i4@1t1K6i4@1f1#2i4@1t1H3i4@1t1I4i4@1f1$3i4K6V1^5i4@1q4r3i4@1f1^5i4@1p5$3i4K6R3I4i4@1f1#2i4K6V1H3i4K6V1I4i4@1f1@1i4@1t1^5i4K6S2n7i4@1f1^5i4@1t1#2i4@1t1H3i4@1g2r3i4@1u0o6i4K6S2o6i4@1f1%4i4K6W2n7i4@1t1@1i4@1f1#2i4K6R3^5i4@1t1H3i4@1f1@1i4@1u0n7i4@1p5K6i4@1f1%4i4@1p5H3i4K6R3I4i4@1f1#2i4K6R3&6i4K6S2p5i4@1f1&6i4K6W2p5i4@1p5J5i4@1f1%4i4K6W2m8i4K6R3@1i4@1f1#2i4K6W2o6i4@1t1H3i4@1f1#2i4K6W2p5i4K6R3H3i4@1f1$3i4K6W2o6i4K6R3&6i4@1f1@1i4@1u0m8i4K6R3$3i4@1f1@1i4@1t1^5i4K6R3H3i4@1f1@1i4@1t1^5i4@1q4m8i4@1f1#2i4@1p5@1i4@1p5%4i4@1f1#2i4K6S2r3i4K6V1^5i4@1f1#2i4K6S2o6i4K6V1$3
之后就是入口了,认为代码突然变成如下
0040100C 4F DB 4F ; CHAR 'O'
0040100D 74 DB 74 ; CHAR 't'
0040100E A4 DB A4
0040100F D2 DB D2
00401010 48 DB 48 ; CHAR 'H'
00401011 74 DB 74 ; CHAR 't'
00401012 D2 DB D2
00401013 BB DB BB
00401014 64 DB 64 ; CHAR 'd'
00401015 64 DB 64 ; CHAR 'd'
00401016 A6 DB A6
就是入口了,之所以会变成这样主要是因为刚载入OD时发现压缩问我要不要继续分析,我点了是,后来过了好多天终于才明白不能点是,但好
在不但没影响我脱?,反而将错就错很方便地
把colorpicker V2.06搞定了,当时我就写了个破文《第一次写破文 colorpicker V2.06脱壳 》http://bbs.pediy.com/showthread.php?s=&threadid=3933(那时我用的是restxx这个名字,昨天网管把我的doa007激活了我才重用上这个老号码)在这篇破文里就可以找到CLICK是的影子呵呵!!!老实说这样搞还为我脱壳提供了很大的方便,快速按F8的时候不需要看前面的地址只需看看代码的样子就行了,(呵呵!这种方法实在很搞笑)过了好几天我重新调试那第4个CRme时终于发现了问题,脱?那个CRme没有生成新的EXE时就按F9运行了,虽然在参考中找到了出错信息,但双击后回来时却看到的仍是如上面的DB ??语句,根本看不到我要找的字串,后来反复调试才发现这个问题,经过18篇入门脱文的洗礼总算找回了点自信,如今还在搞加密壳学习,好了不早了有什么事天亮后再交流吧。
2004.9.2 00:20
作者:doa007
此文谨致于落后于我这个初学者的初学者。(有点?嗦)
论坛的朋友如果你此时还不会脱壳,那么我强烈建议你去下载《破解实例信息资源豪华版》,这个东西实在是很不错,光看个头就知道是好东
西有63M还多,记得一个月前我刚开始学破解的时候照那本49元的《加密与解密》,头两天我先是熟悉了一下OLLDBG到第三天早上突然有了灵感解开了随书光碟中的三个CRACKME,当时可把我高兴坏了(现在想起来那时真可笑 那三个CRme是没加壳的),到了第4个CRme 就惨了,用找字串却什么都没有,那时我还不知道要脱壳过了一天我才知道是加了壳的原因,当时就在论坛中下了个FI但FI闪闪就没了,一时找不到其它工具查壳自然就没法下载相应的脱壳工具,为这事我郁闷了好几天,现在想想幸好没被我找到自动脱壳找入口的工具。 有一天到de0K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3y4J5j5h3y4C8L8h3!0J5k6g2)9J5k6h3y4G2L8g2)9J5c8W2!0q4y4q4!0n7z5q4)9^5b7W2!0q4y4q4!0n7b7g2)9^5y4W2!0q4y4q4!0n7z5q4!0m8b7g2!0q4x3#2)9^5x3q4)9^5b7g2!0q4y4W2)9^5z5g2)9^5b7W2!0q4y4g2)9^5b7g2!0m8z5q4!0q4z5q4)9^5y4q4!0n7x3g2!0q4y4g2!0m8x3#2!0n7x3#2!0q4y4g2)9^5y4g2!0m8y4g2!0q4z5g2)9&6y4#2!0m8z5q4!0q4y4#2!0m8b7#2!0m8b7K6l9I4i4@1f1%4i4@1q4r3i4K6R3%4i4@1f1#2i4K6S2m8i4@1p5^5i4@1f1%4i4K6V1@1i4@1u0n7i4@1f1$3i4K6V1#2i4K6V1&6i4@1f1%4i4@1p5^5i4K6S2n7i4@1f1K6i4K6R3H3i4K6S2n7i4@1f1%4i4K6V1@1i4@1t1I4i4@1f1@1i4@1u0m8i4K6S2q4i4@1f1#2i4@1q4q4i4K6S2o6i4@1f1#2i4K6R3#2i4@1p5^5i4@1f1@1i4@1t1^5i4K6S2p5i4@1f1$3i4K6R3%4i4K6R3J5i4@1f1^5i4K6R3@1i4@1t1I4i4@1f1#2i4@1p5K6i4@1t1K6i4@1g2r3i4@1u0o6i4K6S2o6i4@1f1^5i4@1u0r3i4K6W2q4i4@1f1^5i4@1u0r3i4K6V1&6i4@1f1@1i4@1t1^5i4@1q4m8i4@1f1#2i4K6R3#2i4@1p5#2i4@1f1&6i4K6V1%4i4@1p5^5i4@1f1%4i4@1u0m8i4@1p5%4i4@1f1%4i4K6W2m8i4K6R3@1g2g2m8j5x3g2)9J5k6e0m8Q4c8e0N6Q4z5f1q4Q4z5o6c8Q4c8e0S2Q4z5o6c8Q4b7U0q4Q4c8e0g2Q4b7e0y4Q4b7U0y4Q4c8e0g2Q4z5p5q4Q4b7e0S2Q4c8e0N6Q4z5e0c8Q4b7V1u0Q4c8e0c8Q4b7U0W2Q4z5f1k6Q4c8e0N6Q4z5f1y4Q4z5p5u0Q4c8e0c8Q4b7U0S2Q4z5p5c8Q4c8e0k6Q4z5o6N6Q4z5o6u0Q4c8f1k6Q4b7V1y4Q4z5p5y4Q4c8e0S2Q4b7V1k6Q4z5e0S2Q4c8e0g2Q4b7e0g2Q4b7V1c8Q4c8e0S2Q4b7V1k6Q4z5o6N6Q4c8e0c8Q4b7V1q4Q4z5o6k6Q4c8e0c8Q4b7U0S2Q4z5o6m8Q4c8e0c8Q4b7V1y4Q4z5f1q4Q4c8e0g2Q4z5f1y4Q4b7e0S2Q4c8e0g2Q4z5p5k6Q4b7e0k6Q4c8e0c8Q4b7U0S2Q4z5o6m8Q4c8e0c8Q4b7U0S2Q4b7f1q4Q4c8e0N6Q4b7V1c8Q4z5e0q4Q4c8e0N6Q4b7f1u0Q4z5e0W2Q4c8e0c8Q4b7U0S2Q4z5p5u0Q4c8e0S2Q4b7V1c8Q4b7V1c8Q4c8e0g2Q4z5o6S2Q4b7U0m8Q4c8e0c8Q4b7V1q4Q4z5o6k6Q4c8e0S2Q4b7V1k6Q4z5e0W2Q4c8e0c8Q4b7U0S2Q4b7f1p5$3x3@1#2Q4c8e0N6Q4z5f1q4Q4z5o6c8Q4c8e0g2Q4b7e0c8Q4b7e0N6Q4c8e0c8Q4b7U0S2Q4b7f1q4Q4c8e0g2Q4b7e0c8Q4b7U0c8Q4c8e0W2Q4b7V1y4Q4z5e0y4Q4c8e0S2Q4b7U0g2Q4b7U0N6Q4c8e0g2Q4z5p5u0Q4z5o6N6Q4c8e0k6Q4b7U0m8Q4z5e0c8Q4c8e0N6Q4z5o6g2Q4b7e0N6Q4c8e0k6Q4z5e0g2Q4z5e0W2Q4c8e0N6Q4b7e0S2Q4z5p5u0Q4c8e0g2Q4z5o6q4Q4z5f1q4Q4c8e0g2Q4b7f1g2Q4z5p5x3I4i4@1f1%4i4@1q4r3i4K6R3%4i4@1g2r3i4@1u0o6i4K6S2o6i4@1f1%4i4@1q4o6i4@1q4o6i4@1f1@1i4@1t1^5i4K6R3H3i4@1f1$3i4K6R3@1i4K6W2r3i4@1f1^5i4@1p5%4i4K6R3&6i4@1f1$3i4K6V1^5i4@1q4r3i4@1f1^5i4K6R3@1i4@1t1I4i4@1f1#2i4@1p5K6i4@1t1K6i4@1f1#2i4@1t1H3i4@1t1I4i4@1f1$3i4K6V1^5i4@1q4r3i4@1f1^5i4@1p5$3i4K6R3I4i4@1f1#2i4K6V1H3i4K6V1I4i4@1f1@1i4@1t1^5i4K6S2n7i4@1f1^5i4@1t1#2i4@1t1H3i4@1g2r3i4@1u0o6i4K6S2o6i4@1f1%4i4K6W2n7i4@1t1@1i4@1f1#2i4K6R3^5i4@1t1H3i4@1f1@1i4@1u0n7i4@1p5K6i4@1f1%4i4@1p5H3i4K6R3I4i4@1f1#2i4K6R3&6i4K6S2p5i4@1f1&6i4K6W2p5i4@1p5J5i4@1f1%4i4K6W2m8i4K6R3@1i4@1f1#2i4K6W2o6i4@1t1H3i4@1f1#2i4K6W2p5i4K6R3H3i4@1f1$3i4K6W2o6i4K6R3&6i4@1f1@1i4@1u0m8i4K6R3$3i4@1f1@1i4@1t1^5i4K6R3H3i4@1f1@1i4@1t1^5i4@1q4m8i4@1f1#2i4@1p5@1i4@1p5%4i4@1f1#2i4K6S2r3i4K6V1^5i4@1f1#2i4K6S2o6i4K6V1$3
之后就是入口了,认为代码突然变成如下
0040100C 4F DB 4F ; CHAR 'O'
0040100D 74 DB 74 ; CHAR 't'
0040100E A4 DB A4
0040100F D2 DB D2
00401010 48 DB 48 ; CHAR 'H'
00401011 74 DB 74 ; CHAR 't'
00401012 D2 DB D2
00401013 BB DB BB
00401014 64 DB 64 ; CHAR 'd'
00401015 64 DB 64 ; CHAR 'd'
00401016 A6 DB A6
就是入口了,之所以会变成这样主要是因为刚载入OD时发现压缩问我要不要继续分析,我点了是,后来过了好多天终于才明白不能点是,但好
在不但没影响我脱?,反而将错就错很方便地
把colorpicker V2.06搞定了,当时我就写了个破文《第一次写破文 colorpicker V2.06脱壳 》http://bbs.pediy.com/showthread.php?s=&threadid=3933(那时我用的是restxx这个名字,昨天网管把我的doa007激活了我才重用上这个老号码)在这篇破文里就可以找到CLICK是的影子呵呵!!!老实说这样搞还为我脱壳提供了很大的方便,快速按F8的时候不需要看前面的地址只需看看代码的样子就行了,(呵呵!这种方法实在很搞笑)过了好几天我重新调试那第4个CRme时终于发现了问题,脱?那个CRme没有生成新的EXE时就按F9运行了,虽然在参考中找到了出错信息,但双击后回来时却看到的仍是如上面的DB ??语句,根本看不到我要找的字串,后来反复调试才发现这个问题,经过18篇入门脱文的洗礼总算找回了点自信,如今还在搞加密壳学习,好了不早了有什么事天亮后再交流吧。
2004.9.2 00:20
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
