Learn several simple shelling Methods

Let's first introduce the basic knowledge of shelling!
Common shelling knowledge:
1. PUSHAD (pressure stack) indicates the entry point of the program
2. POPAD (Out stack) indicates the exit point of the program. It corresponds to PUSHAD. Generally, the OEP is pulled nearby!
3. OEP: the entry point of the program. If the software is shelled, the OEP is hidden (or a false OEP is used ),
As long as we find the real OEP of the program, we can immediately shell it.

The method is officially introduced !!
Method 1:
1. Load with OD without analyzing the code!
2. Track F8 in one step, which is implemented by jumping down
3. When the program jumps back (including loops), we press F4 in the next code (or right-click the code and select breakpoint -- run to the selected code)
4. The green line indicates that the jump is not implemented. Ignore it. The red line indicates that the jump has been implemented!
5. If you have just loaded the program and there is a CALL nearby, we will follow F7, so that we can quickly get to the program's OEP
6. During tracking, if a CALL program runs, F7 enters
7. There are usually large jumps, such as jmp XXXXXX or je xxxxxx or OEP with RETE.

Method 2:
ESP theorem shelling (ESP in the OD register, we only need to access the breakpoint of ESP hardware in the command line, and we will come to the program's OEP !)
1. Click F8 at the beginning. Note that ESP does not appear in the register in the top-right corner of the OD.
2. In the command line: dd 0012FFA4 (the ESP address in the current Code), press Enter!
3. Select an offline address and use the hardware to access the WORD breakpoint.
4. Press F9 to run the program and directly go to the jump point. Press F8 to reach the program OEP and shell the program.

Method 3:
Memory tracking:
1: Open the software with OD!
2: click "option"> "debug option"> "exception" to ignore all the errors! CTRL + F2 reload the program!
3: press ALT + M and DA to open the memory image and find the first. rsrc. Press F2 to start the breakpoint,
Then press SHIFT + F9 to run to the breakpoint, then press ALT + M, DA to open the memory image, find the CODE above. RSRC, and press
F2 breakpoint! Then press SHIFT + F9 to directly reach the program OEP, shelling!

Method 4:
Arrive at OEP in one step (the experience accumulated by our predecessors)
1. Start to press Ctrl + F, input: popad (only applicable to a few shells, including ASPACK shells), and then press F2, F9 to run here
2. Go to the big jump, click F8, and shell it!

Method 5:
1: Open the software with OD!
2: click option-debug option-exception to remove all √! CTRL + F2 reload the program!
3: When the program is started, it is a jump. Here we press SHIFT + F9 until the program runs, and write down from start press F9 to program
Number of running times!
4: press CTRL + F2 to reload the program and press SHIFT + F9 (the number of times the program runs-1 time)
5: In the lower-right corner of the OD, we can see a SE handle. Press CTRL + G to enter the address before the SE handle!
6: press the F2 breakpoint! Then press SHIFT + F9 to go To the breakpoint!
7: remove the breakpoint and press F8 to go down slowly!
8: reach the program's OEP, shelling!