Fly2015
Here the shelling procedure is my love crack training of the job 2, compared to the job 1 A little stronger, but as long as the control of the shelling of the ESP Law, take off this Nspack Shell is not difficult, but it is quite interesting.
1. Check shell with Shell software.
Results of using PE detective to check the shell:
results of using die Shell:
2.OD loading procedure for shelling operations
After OD loading, the assembly code of the entry point of the shell is added. Obviously, after loading OD , the Packers program found 3 pushad instructions, so when the procedure was shelled, the ESP the law requires 3 a hardware breakpoint.
The shell is loaded according to the characteristics of the OD assembly , according to the ESP Law under the 3 hardware breakpoints.
3 times F9 Run the shell program, the program will naturally break at the first 3 hardware breakpoints,.
F7 Follow-up to address 0044c18d , observe the characteristics of the following assembly instructions, after analysis and combined with the experience of the disassembly, found this section of the Assembly,.
Obviously, the address 0041DDAC behind the JMP directive is the real OEP address of the original program. Remove The 3 hardware breakpoints that you set earlier, and then F2 the breakpoint at address 0044c33c ,F4 or the F9 runs to the breakpoint at the break.
To delete a hardware breakpoint that was originally set:
Run to the breakpoint 0044c33c , the program breaks down.
F7 follow up to the real OEP address at 0041DDAC .
The annoying thing happened, OD did not correctly convert the memory data into the assembly form display, so we need to manually convert the memory data into assembly instructions to display ( Check the memory data is not displayed correctly- - > Right-click analysis - Analyze code or use shortcut keys Ctrl + A) .
Ok, the assembly code above is not very familiar AH. Now we can use OD plug- in Ollydump or Load PE to combine recimport tools to carry out the shelling of the program. After running the shelling procedure, the program runs normally.
Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.
Manual de-nspack shell combat--my Love crack training first lesson Assignment 2
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
