视频切割软件:splitter脱壳
最近比较痴迷脱壳,呵呵,见到什么都想脱:)一款不错的视频切割的软件splitter,用PEID查看,加的壳是UPX 0.80 - 0.84 -> Markus & Laszlo(图1)
我就把他脱下来。用ESP定律法
首先用OD载入,F8单步,右边的 ESP变红了,右键点击ESP后面的数值0012FFA4 从下拉菜单中选择数据窗口跟随。(图2,3)
下窗口中在0012FFA4处右键点击他后面的数值,下拉菜单中选择断点--硬件访问--字 (图4)
然后点击运行,或者F9,运行程序
F8 单步。。
好了就到了程序的入口处了。(图5,6)
然后点击调试下拉菜单中硬件断点,删除刚才断点
然后在程序实际入口处点击右键,下拉菜单中选择用OD脱壳调试。并且脱壳。(图7)
然后再用PEID查看,已经没有壳了。(图8)
双击运行正常,脱壳完毕。(图9)
呵呵,高手见笑了,我刚刚开始学习脱。。希望大家多多指点!
---===本帖最后由 palyboy 于 2007-5-13 23:01 编辑===---
---===本帖最后由 palyboy 于 2007-5-13 23:06 编辑===---
http://www.chinadforce.com/images/attachicons/image.gif图片附件: 1.jpg (2007-5-13 22:58, 30.99 K)
http://www.chinadforce.com/attachments/day_070513/1_uKQ1DtkX4MUC.jpg
http://www.chinadforce.com/images/attachicons/image.gif图片附件: 2.jpg (2007-5-13 22:58, 112.14 K)
http://www.chinadforce.com/attachments/day_070513/2_Lc6YBpbNdh8z.jpg
http://www.chinadforce.com/images/attachicons/image.gif图片附件: 3.jpg (2007-5-13 22:58, 74.33 K)
http://www.chinadforce.com/attachments/day_070513/3_BhFCnwHPP25C.jpg
http://www.chinadforce.com/images/attachicons/image.gif图片附件: 4.jpg (2007-5-13 22:58, 34.49 K)
http://www.chinadforce.com/attachments/day_070513/4_5jDyFCKxGsqM.jpg
http://www.chinadforce.com/images/attachicons/image.gif图片附件: 5.jpg (2007-5-13 22:58, 52.76 K)
http://www.chinadforce.com/attachments/day_070513/5_KTu2IrpbgKjK.jpg
http://www.chinadforce.com/images/attachicons/image.gif图片附件: 6.jpg (2007-5-13 22:58, 76.48 K)
http://www.chinadforce.com/attachments/day_070513/6_GqEX0E6dYTmI.jpg
http://www.chinadforce.com/images/attachicons/image.gif图片附件: 7.jpg (2007-5-13 22:58, 86.39 K)
http://www.chinadforce.com/attachments/day_070513/7_9l5iW6dk6xnY.jpg
http://www.chinadforce.com/images/attachicons/image.gif图片附件: 8.jpg (2007-5-13 22:58, 26.38 K)
http://www.chinadforce.com/attachments/day_070513/8_h5zMOTHel3Y9.jpg
http://www.chinadforce.com/images/attachicons/image.gif图片附件: 9.jpg (2007-5-13 22:58, 15.95 K)
http://www.chinadforce.com/attachments/day_070513/9_PgAj5KKrzAgI.jpg
页:
[1]