Fly2015
I love cracking training first elective homework 5 practice procedures, in the company when using the tulip OD Debugging the shell program when there is a problem, but home with my love cracked version of od a debugging, all body spirit cool, what problem also did not.
First, the shell tool is used to check the shell operation.
OD loading procedures to be shelled for dynamic debugging and analysis, shell program entry point disassembly snapshot.
F8 Single-step tracking program A few steps, found the more familiar with the Pushad instructions, but also easy to use ESP Law to carry out the shelling of the program.
F8 Step to instruction Pushad The next instruction,ESP Register right-set HW Break Hardware write breakpoint, F9 Carefree Running program, and then the program naturally stopped at the hardware breakpoint just set the place, F8 Go 4 step to discover the original shell procedure OEP of the VA address.
F7 Follow up address 0041DDAC, familiar with the disassembly of the entry instructions appeared.
OK, you can now use the tool scylla_x86 to perform program memory Dump and IAT repair. Run the shelling procedure to prove the success of shelling.
Manual removal of Kbys Packer (0.28) shell analysis document and post-shelling procedure: http://download.csdn.net/detail/qq1084283172/8900545
Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.
Manual stripping Kbys Packer (0.28) shell combat--my love crack training First class elective assignment five