Shell, shelling, shelling

Comments: In nature, I think everyone should be familiar with shell. We can see from the above stories. Plants in nature use it to protect seeds, and animals use it to protect the body. Similarly, some computer software also has a program dedicated to protecting the software from unauthorized modification or decompilation. They generally run the program before they get control and then complete it in nature. I think everyone should be familiar with shell. From the above stories, we can also see that. Plants in nature use it to protect seeds, and animals use it to protect the body. Similarly, some computer software also has a program dedicated to protecting the software from unauthorized modification or decompilation. They generally run programs before they get control and then complete their tasks to protect the software. Just like the shells of animals and plants are generally taken for granted outside the body (but there is also a so-called "seed shell in the shell ). Because this program has many similarities in functionality with the shell of nature, such a program is called a "shell" based on naming rules. Just like computer viruses and viruses in nature, they are actually naming methods. Functionally abstract, the shell of the software is almost the same as that of the natural world. It is nothing more than protecting and hiding things in the shell. From a technical point of view, the shell is a piece of code executed before the original program. The code of the original program may be compressed and encrypted during shelling ....... When the files after shelling are executed, shell-the code runs before the original program. It restores the compressed and encrypted code to the original program code, and then returns the execution right to the original code. The software shells are classified into encryption shells, compression shells, camouflage shells, and multi-layer shells to hide the real OEP of the Program (entry point to Prevent Cracking ). For more information about the "shell" and related software development history, see Mr. Wu's "Everything starts with" shell ". (1) After compiling the software, compile the concept of shell into an exe executable file.
1. Some copyright information needs to be protected without any modification, such as the author's name. To protect the software from being cracked, shells are usually used for protection.
2. You need to make the program a little easier to use. Therefore, some software is required to compress the executable files of exe,
3. In the hacker community, shells and shells Trojans and other software to avoid anti-virus software. To implement the above functions, these software are called shelling software. (2) The most common shell software ASPACK, UPX, PEcompact not commonly used shell software WWPACK32; PE-PACK; petite neolite (3) software in programming languages used to detect shells and software is checked for the type of their shells before shelling.
1.fileinfo.exe, the shell detection software, is short as fi.exe (with powerful shell detection capabilities ).
2. age.exe, a programming language used by the detection shell and software, is a good combination of the two functions. It is recommended that the ageage2000 Chinese version (specialized detection and shelling type ).
3. Commonly Used programming language of the software: Delphi, Visual Basic (VB) --- the most difficult to crack, Visual C (VC ). (4) shelling software is a common means used by the author to protect their own code or protect the interests of software property rights after writing the software. At present, there are a lot of shell tools, of course, there is shield, naturally there is a spear, as long as we collect all the common shell removal tools, it is not afraid of him shelling. Software shelling can be divided into manual shelling and automatic shelling. Next we will introduce automatic shelling, because manual shelling requires the use of assembly language and tracking breakpoints, which is not suitable for beginners, but we will introduce it later. Shelling is generally a type of Software Encryption. Nowadays, more and more software is compressed, which brings a lot of inconvenience to the Chinese language. The Chinese language enthusiasts also have to learn this skill. Currently, shelling is generally divided into two types of actions: manual use of TRW2000, TR, SOFTICE and other debugging tools to deal with, there are a certain level of requirements for shelling, it involves a lot of assembly language and software debugging knowledge. Automatic is to use a dedicated shell removal tool. The most common compression software has a decompressed tool written by others. Some compression tools can decompress them themselves, such as UPX; some do not provide this function, such as ASPACK, which requires UNASPACK. The advantage is that it is simple. The disadvantage is that it is useless when the version is updated. In addition, shelling is done with dedicated shelling tools. The most popular one is PROCDUMP v1.62, which can deal with the compression files of various compression software. Here we will introduce some common methods and tools, and hope to help you. We know the file encryption method, so we can use different tools and methods for shelling. The following are common shelling methods and simple shelling measures for your reference: the basic principle of shelling is one-step tracking, which can only go forward and cannot go back. The general process of shelling is: Shell check-> Search for OEP-> Dump-> fix the general idea of finding OEP as follows: Check whether the shell is an encrypted shell or a compressed shell first, it is easier to compress the shell. Generally, there is no exception. After finding the corresponding popad, you can go to the portal. We know that files are encrypted by some compressed and shelled software. Next, we need to analyze the name and version of the encryption software. Different software versions or even different versions have different shelling methods. Common shelling tools: 1. File analysis tools (detecting shell types): Fi, GetTyp, peid, pe-scan,
2. OEP entry search tools: SoftICE, TRW, ollydbg, loader, peid
3. dump tools: IceDump, TRW, PEditor, ProcDump32, LordPE
4. PE file editing tool PEditor, ProcDump32, LordPE
5. Import Table reconstruction tool: ImportREC, ReVirgin
6. ASProtect shelling tools: Caspr (ASPr V1.1-V1.2 valid), Rad (only valid for ASPr V1.1), loader, peid
(1) Aspack: The most used, but you only need to use UNASPACK or PEDUMP32 to shell it.
(2) ASProtect aspack: Second, foreign software is often shelled. softice icedump is used for shelling and requires some professional knowledge. However, there is no way to get the latest version.
(3) Upx: You can use UPX to shell out, but pay attention to the version consistency. Use the-D parameter.
(4) Armadill: softice icedump can be used to shell out.
(5) Dbpe: Domestic encryption software, the new version cannot be detached, but can be cracked
(6) NeoLite: You can shell it by yourself.
(7) Pcguard: You can use softice icedump frogice to Shell
(8) Pecompat: Use SOFTICE with PEDUMP32 to shell, but do not have professional knowledge
(9) Petite: some old versions can be directly shelled using PEDUMP32. softice icedump is required for the new version, which requires some professional knowledge. (10) WWpack32, so it is best to use SOFTICE with PEDUMP32 shelling. We usually use Procdump32, a general shelling software, which is a powerful shelling software that can unlock most of the encrypted shells, you can also use scripts to easily unbind encrypted files in a specific shell. In addition, we often use the exe Executable File editing software ultraedit. We can download its Chinese Registration version, and its registration machine can be searched online. Ultraedit opens a Chinese software. If it is shelled, many Chinese characters cannot be recognized. ultraedit opens a Chinese software. If it is not shelled or has been shelled, many Chinese characters can be recognized. ultraedit can be used to check whether the shell is taken off, it will be useful in the future. Please be familiar with it. For example, you can use its replacement function to replace the author's name with your name. Note that the byte must be equal. Two Chinese characters must be replaced by two, and three are replaced by three, use 00 to fill in the left side of the ultraedit editor. Common shell removal methods: 1. aspack case shelling available unaspack or caspr 1. unaspack, which is similar to lanuage, is a silly software. After running, select the software to be shelled. disadvantage: only the shell of the earlier version of aspack can be removed, and the shell of the later version cannot be removed. 2. caspr 1: software to be shelled (such as aa.exe133 and caspr.exe are located in the same directory, run the windows Start Menu, and type caspr detail. The usage method is similar to fi. advantages: it can take off the shell of any version of aspack and has a strong shelling capability. Disadvantages: Dos interface. Type 2: drag the aa.exeicon to the icon of caspr.exe. *** if an aspack shell has been detected, an unaspack shell error occurs. This indicates that it is a high-version aspack shell and can be removed using caspr. 2. The upx shell can be used with upxto shell software (such as aa.exe.zip and upx.exe are located in the same directory, run the windows Start Menu, and type upx-d aa.exe. 3. PEcompact shell shelling the unpecompact method is similar to the lanuage silly software. After running the program, select the software to be shelled. 4. procdump is omnipotent but not refined. Generally, do not use it: after running, specify the name of the shell, and then select the software to be shelled, after confirming that the files can be shelled are larger than the original files. Because the shelling software is mature, manual shelling is generally not used.