1. 公告

    • 黑夜给了我黑色的眼睛去寻找光明,阳光给了我明亮的眼睛我却是去寻找黑暗,所以我只有在夜里才出现真实的自己。(菩提本不树,明镜亦非台,本来无一物,何处染尘埃。)

  2. 写作时间

    << 2008-11 >>

    Sun

    Mon

    Tue

    Wed

    Thu

    Fri

    Sat

    1

    2

    3

    4

    5

    6

    7

    8

    9

    10

    11

    12

    13

    14

    15

    16

    17

    18

    19

    20

    21

    22

    23

    24

    25

    26

    27

    28

    29

  3. 原创下载

  4. 最新文章

  5. 最新评论

  6. 文章归档

  7. Statistics

    • 文章总数:172
    • 评论总数:60
    • 引用总数:0
    • 浏览总数:221449
    • 留言总数:0
    • 当前样式:4u-HK
    • 当前语言:zh-CN

  8. 友情链接

  9. 反向链接

EncryptPE V2.2007.12.01 脱壳测试[附带原代码]

附件是用EncryptPE V2.2007.12.01 加壳的,校验不多,多了就怕人全跑了
VC6编译,除了老王的壳,无其他任何工具处理,脱壳后可以直接F5
成功注册,MessageBox会显示已注册字样!

 

程序代码:
#include <windows.h>
#include <stdio.h>
#include <winsock.h>
#include "ShareI.h"
#include "RegMe.h"

#include "resource.h"

#pragma comment (linker ,"/entry:main")
#pragma comment(linker, "/FILEALIGN:0x200")

typedef struct _COPYMEM{
        PVOID        Dst;
        PVOID        Src;
        int        size;
}COPYMEM,*PCOPYMEM;

DWORD DataBegin;
DWORD CodeBegin;

DWORD DataBegin1;
DWORD CodeBegin1;

HMODULE hMod;
HWND ReghWnd;

char* szMsg1[]={"1","2"};
char* szMsg[]={"107070897CD5BFB2","647CF5E766C3CB89"};
char marker[] = "海风月影[CUG]";
char keyhashhash[256];
char pBuf1[256];
char pBuf2[256];

void PreCall1()
{
        DataBegin=0x3A64;
        CodeBegin = 0x8;
        DataBegin1=0x19;
        CodeBegin1=0xD0;
        return;
}

void PreCall2()
{

        return;
}

DWORD GetdllCRC()
{
DWORD buf=0;
send((SOCKET)-1,(char*)&buf,4,1009);
return buf;
}

void copymem(PVOID Dst ,PVOID Src ,int size)
{
COPYMEM buf={0};
buf.Dst = Dst;
buf.Src = Src;
buf.size = size;
send((SOCKET)-1,(char*)&buf,12,1010);
}


void RegMe()
{
        BYTE* IsReg1;
        BYTE* IsReg2;
        DWORD point1;
        DWORD point2;

        DWORD len;
        DWORD DllAddress;
        PVOID pCode;

        char *pHash1;
        char *szNewMsg;

        BYTE index;

        char* pkeyhash1;
        char* pkeyhash2;

        GetRegisterHandle((HINSTANCE)hMod);

        len = (DWORD) GetSavedData((WORD)DataBegin1,4);
        if (len!=NULL)
                len =*(DWORD*)len;
        DllAddress = (DWORD) GetSavedData((WORD)DataBegin1+(WORD)4,4);
        if(DllAddress !=NULL)
                DllAddress = *(DWORD*)DllAddress;
        pCode = GetSavedData((WORD)DataBegin1+(WORD)CodeBegin1,(WORD)len);
        copymem((PVOID)DllAddress,pCode,len);


        pkeyhash1 = GetRegisterInfo(14);
        ZeroMemory((void*)pBuf1,256);
        copymem((void*)pBuf1,(PVOID)pkeyhash1,strlen(pkeyhash1));
        IsReg1 = (BYTE*)GetRegisterInfo();
        GetRegisterHandle((HINSTANCE)hMod,1);
        SetRegisterInfo(szMsg1[0],szMsg1[1]);
        pkeyhash2 = GetRegisterInfo(14);
        ZeroMemory((void*)pBuf2,256);
        copymem((void*)pBuf2,pkeyhash2,strlen(pkeyhash2));
        IsReg2 = (BYTE*)GetRegisterInfo();
       
        index = 0;
__asm
{
        mov point1,offset __N
        mov point2,offset __B
}
__N:
        if((*IsReg1-'Y')==0 && *IsReg1>*IsReg2 && index == 0)
        {
                index = 1;
        }
       
        GetRegisterHandle((HINSTANCE)hMod);
       
        len = (DWORD) GetSavedData((WORD)DataBegin,4);
        if (len!=NULL)
                len =*(DWORD*)len;
        DllAddress = (DWORD) GetSavedData(WORD(DataBegin)+(WORD)4,4);
        if(DllAddress !=NULL)
                DllAddress = *(DWORD*)DllAddress;
        pCode = GetSavedData(WORD(DataBegin)+WORD(CodeBegin),WORD(len));
        copymem((PVOID)DllAddress,pCode,len);

       
        GetRegisterInfo();
       
        ZeroMemory ((void*)keyhashhash,256);
        strcat(keyhashhash,pBuf1);
        strcat(keyhashhash,(const char *)point1);
        strcat(keyhashhash,marker);
        strcat(keyhashhash,pBuf2);
        strcat(keyhashhash,(const char *)point2);
        pHash1 = EPEHash(keyhashhash);
__B:
        szNewMsg = StringDecrypt(szMsg[index],pHash1);
        //ShowRegisterForm();
        MessageBox(ReghWnd,szNewMsg,GetRegisterInfo(2),MB_OK|MB_ICONINFORMATION);

        return;
}

LRESULT RegMeProc(HWND hWnd,UINT Msg,WPARAM wParam,LPARAM lParam)
{
        switch(Msg)
        {
        case WM_INITDIALOG:
                ReghWnd = hWnd;
                GetRegisterHandle((HINSTANCE)hMod);
                BeginNetHook();
                break;
        case WM_COMMAND:
                switch(LOWORD(wParam))
                {
                case IDOK:
                        RegMe();
                        break;
                case IDCANCEL:
                        EndDialog(hWnd,0);
                        ExitProcess(0);
                        break;
                }
                break;
        }
        return 0;
}

__declspec( naked ) void CodeEnd(){;}

int main()
{
        DWORD Size;
        hMod = GetModuleHandle(NULL);
        Size = (DWORD)CodeEnd - (DWORD)PreCall1;
        DialogBoxParam((HINSTANCE)hMod,MAKEINTRESOURCE(IDD_DIALOG1),NULL,(DLGPROC)RegMeProc,Size);
        EndNetHook();
        ExitProcess(0);
        return 0;
}

 

200801222151322776.rar

您或许还对以下的内容感兴趣:

如果您拥有一个BLOG,如果您的BLOG的PV/IP/PR还算不错,如果您打算用您所拥有的BLOG来赚钱,那么我来告诉您几个赚钱的方法:

1、透过 Google AdSense 使您的BLOG产生收益

2、您还可以通过申请TextLinkAds投放者来直接出售链接位从而产生收入。