Author : Fly2015
I love to crack the first lesson of the Forum training elective exercises of the topic 7 . This shell has not been heard, but it is relatively simple to take off, according to the law of ESP can be direct to the light,Dump out the original program.
In the first instance, the procedure for shelling needs to be checked and shell processed.
Using The result of Die shell, Cheng is the rlpack Shell and the original program was compiled with the Microsoft compiler.
OD Loading shell program for debugging analysis, entry point code disassembly snapshot.
See the Pushad command do not want to think, direct ESP law shelling. F8 Set a hardware write breakpoint on the ESP Register, and then F9 Run the program, the program naturally breaks at the hardware breakpoint just set.
It is obvious that the OEP address of the JMP instruction is the original program . F7 with the past, you can see the familiar entry point disassembly code.
OK, you can now use the Load PE with the importrec tool to program the process Dump and IAT the table was fixed.
Run the shelling procedure to prove that the shelling was successful.
Manual de-rlpack shell actual combat documentation and post-shelling procedure: http://download.csdn.net/detail/qq1084283172/8900731
Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.
Manual de-rlpack shell combat--my love crack training First class elective assignment seven
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
