Disassemble and crack the folder

The following "crack the folder" is for your reference only!

Cracking Process:
1. Encrypt this test file

2. This will appear after Encryption

3. Now we are going to decrypt the anti-DDOS service. Let's check the shell first.

4. Let's get off the shell now.

5. This is a single process. OD loading. The entry point of the program is

6. Now let's look for Magic jmp. Run the breakpoint HE GetModuleHandleA + 5, SHIFT + F9, run the sixth time, And the stack appears.

7. Run the second operation to return the result.

8. Modify je to jmp.

9. Then, change all the above modifications back to avoid detection. Now, the next bp CreateThread breakpoint will be returned when SHIFT + F9 is run once.

10. Now F8 goes down in one step until this

11. In call ecx, F7 enters the OEP.

12. At first glance, we should have thought that this was compiled by delphi. We will use the tool below to fix it. I will not describe it here.

________________________________________________________________________________

13. the following is the password cracking tool. Because it is written in delphi, we will use the Disassembly tool to find the button event. In this case, the button event is 00501F48, And we will place the F2 breakpoint in the button event, SHIFT + F9 run to this

14. Now the next step has been taken.

15. Let's change this hop to JMP. After decryption, this is the case.

For such a file, we only need to change its suffix to see the file content!