-
公告
- 黑夜给了我黑色的眼睛去寻找光明,阳光给了我明亮的眼睛我却是去寻找黑暗,所以我只有在夜里才出现真实的自己。(菩提本不树,明镜亦非台,本来无一物,何处染尘埃。)
-
写作时间
-
原创下载
-
最新文章
- [11/11]代理寻[全功能版]
- [11/11]最新验证HTTP代理【202枚】
- [11/11]中国部分城市HTTP代理20条
- [11/03]Three Eyes v2.1[远程控制]
- [10/30]Connect BackDoor For ShellCode
- [10/30]API函数大全
- [09/04]说一些入侵经验
- [07/05]原来--明星离我们是那么的近。
- [06/14]揭露“冰点暴力强制视频”的骗局
- [06/04]初恋女友与现在女友的区别---注:不是我哈,转载的
- [06/04]最近一段时间的生活
- [05/22]辽宁蛮女(续)
- [05/21]大家看看,这个辽宁的恶心女。
- [05/20]马英九宣誓就职 送陈水扁吕秀莲离开“总统府”
- [05/19]血浓于水!关键时刻,方可知谁是自己人!
-
最新评论
-
文章归档
-
Statistics
- 文章总数:172
- 评论总数:60
- 引用总数:0
- 浏览总数:221449
- 留言总数:0
- 当前样式:4u-HK
- 当前语言:zh-CN
-
友情链接
- 反木马在线
- warhammer gold
- warhammer gold
- 交换友情链接请与QQ:287963907联系.审核非违法网站都可通过!
-
反向链接
EncryptPE 2007.12.1 s方式脱壳脚本
出于一些保护的目的,脚本没有加入跳过注册框的功能和修复dll重定位,对付一般s方式的exe足够了非s方式的暂时就不发了
脚本能够自动修复iat和replacecode
///////////////////////////////////////////////////////////////////////////////////
// FileName : EncryptPE_2007.12.1.txt
// Comment : EncryptPE V2.2007.12.1 S方式脱壳
// Environment : WinXP SP2,LifeDbg V1.4, OllyScript 1.65.2
// Author : softtip
// Date : 2008-2-15
// WebSite : http://www.unpack.cn
///////////////////////////////////////////////////////////////////////////////////
var patch1
var OEP
// 注意:须设置忽略0EEDFADE异常
Start:
cmp $VERSION, "1.48"
jb version
je end
next:
gpa "IsDebuggerPresent","kernel32.dll"
bp $RESULT
esto
bc $RESULT
bphws 7120B091,"x"
esto
bphwc 7120B091
mov patch1 ,7120B101
mov [patch1],#E9FA9F0100#
mov patch1 ,7120B1DA
mov [patch1],#9090909090#
mov patch1 ,7120B266
mov [patch1],#E9B59E0100#
mov patch1 ,7120B27A
mov [patch1],#9090909090#
mov patch1 ,7120B287
mov [patch1],#9090#
mov patch1 ,7120B2C7
mov [patch1],#E9749E0100#
mov patch1 ,7120B31C
mov [patch1],#9090#
mov patch1 ,7120B4E4
mov [patch1],#E9979C0100#
mov patch1 ,7120B50E
mov [patch1],#EB05#
mov patch1 ,711F8E32
mov [patch1],#9090909090#
mov patch1 ,711F8E41
mov [patch1],#9090#
mov patch1 ,711F5E2D
mov [patch1],#909090909090#
mov patch1 ,711F5E36
mov [patch1],#909090909090#
mov patch1 ,711F5E43
mov [patch1],#909090909090#
mov patch1 ,711F5E63
mov [patch1],#9090#
mov patch1 ,711F5E89
mov [patch1],#9090#
mov patch1 ,711F8E74
mov [patch1],#8B2573512271C3#
mov patch1 ,7120B506
mov [patch1],#E99B9C0100#
mov patch1 ,712084b3
mov [patch1],#E908CD01009090#
mov patch1 ,711f92b9
mov [patch1],#B001#
mov patch1 ,711f949b
mov [patch1],#E9BC00000090#
mov patch1 ,711f94B1
mov [patch1],#E9A600000090#
mov patch1 ,711f955C
mov [patch1],#8B25F1512271C39090#
mov patch1 ,71225100
mov [patch1],#609C8B7E0C81C7000040008BF08B4EFCF3A49D61E8AFFEEFFFE9E85FFEFF0000609C8B75C88B4EFC8B3B81C702004000F3A49D618B45C8E92F61FEFF00000000E88F2DFEFF609C892573512271832D7351227104FFD08BF08B4EFC3E8B7DB8890790909090909090909090909D61E95961FEFF00000000000000000000000090C70000000000E95E63FEFF900000000000000000000000000000000000900000000000000000A1443E2271C70000000000E95563FEFF00000000000000000000609C8925F1512271832DF15122710448FFD08B3083C0168B38668916897E029D61FF0424FF4C2408E9CD32FEFF#
bp 71209687
esto
bc 71209687
mov OEP,eax
BP OEP
ESTO
BC OEP
cmt eip,"This is the OEP! "
log OEP, "OEP = "
jmp end
version:
msg "插件版本过低"
ret
end:
ret
0 Comments , 0 Trackbacks
Jump to comment form | comments rss | Get trackback uri