Fly2015
Windows platform Shell Software is still more, so there are many people for the pc software Shelling Music This, I rookie a, also learn about the shelling of the PC. To shelled the software, the first step is to check the shell, and then the shelling.
Recommended more good Shell software:
PE detective ,exeinfo pe, die tool.
The procedure that needs shelling is my love crack forum windows reverse hack training http://www.52pojie.cn/thread-378612-1-1.html First lesson of the homework problem 1.
1. Check the shell for the procedure ( I love cracking training lesson one . exe)
shell Results of PE Detective :
Exeinfo PE Case finding:
The results of the Die check case :
one of the benefits of die checking is that it is useful to know what language is being used for the Packers program from the results of the shell check.
2. carry out UPX shelling Combat
The program is loaded into the OD after the discovery of Pushad instructions, it is obvious that the program needs to use ESP law to shelling.
F8 Step One step, then right-select the HW Break Hardware breakpoint under the ESP Register .
F9 Run the program, the program will automatically break down in the place of the hardware breakpoint,
F2 The breakpoint at the location of the JMP directive , and then F9 runs to the breakpoint 00457765 , address 0041DDAC is the original OEP of the shell process . Normally the Packers will have a jump after the shell is unpacked, possibly JMP or other instructions. F7 follow up to address 0041DDAC ,
is not very familiar Ah,VS2008 and other compiled program entry point assembly instructions. The next step is to use the OD plug- in ollydump or the (Load pe+recimport) tool to carry out the program's shelling and IAT fix for table:
The RVA address of the real OEP of the Packers is 1DDAC, here The method of reconstruction of the IAT table is chosen 1 , choose according to the actual situation IAT How the table is repaired.
Ok. Shell procedure is used to check the shell, the results are as follows:
Run the shell just now to prove the success of shelling!
UPX shelling analysis document and perfect shelling procedure; http://download.csdn.net/detail/qq1084283172/8883081
Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.
Manual de-UPX shell combat--my Love crack training first lesson Assignment 1
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
