好友
阅读权限10
听众
最后登录1970-1-1
|
一风
发表于 2009-2-9 21:49
EnCryptPE 2.2007.4.11
非语音+语音->录像:)
下载地址===>
http://www.namipan.com/d/bc198f0941c77d69710735bdd92a81200ebccefb987e6303
附:条件断点
1.PATCH法
7C863AA9 > 8BFF mov edi,edi ;patch->jmp 019E0000
7C863AAB 55 push ebp
7C863AAC 8BEC mov ebp,esp
7C863AAE FF75 0C push dword ptr ss:[ebp+C]
7C863AB1 FF75 08 push dword ptr ss:[ebp+8]
7C863AB4 FF15 0815807C call dword ptr ds:[<&ntdll>; ntdll.ZwSetContextThread
7C863ABA 85C0 test eax,eax
7C863ABC 7D 0A jge short kernel32.7C863AC>
7C863ABE 50 push eax
7C863ABF E8 3959FAFF call kernel32.7C8093FD
7C863AC4 33C0 xor eax,eax
7C863AC6 EB 03 jmp short kernel32.7C863AC>
7C863AC8 33C0 xor eax,eax
7C863ACA 40 inc eax
7C863ACB 5D pop ebp
7C863ACC C2 0800 retn 8
*************************************
019E0000 60 pushad
019E0001 8B4424 08 mov eax,dword ptr ss:[esp+28]
019E0005 8B80 B8000000 mov eax,dword ptr ds:[eax+0B8]
019E000B 3D 00000070 cmp eax,70000000
019E0010 73 02 jnb short 019E0014
019E0012 - EB FE jmp short 019E0012 ;观察XXXXXX6C处的值,然后F12暂停
019E0014 61 popad
019E0015 8BFF mov edi,edi
019E0017 55 push ebp
019E0018 8BEC mov ebp,esp
019E001A - E9 8F3AE87A jmp kernel32.7C863AAE
019E001F 90 nop
60 8B 44 24 28 8B 80 B8 00 00 00 3D 00 00 00 70 73 02 EB FE 61 8B FF 55 8B EC E9 8F 3A 0B 7B 90
2.条件断点
Shift+F2 or Shift+F4
[[esp+8]+0B8]==004271B0(开卷)
[[esp+8]+0B8]<70000000(闭卷)
bp 7C863AA9 [[esp+8]+0B8]......
[ 本帖最后由 一风 于 2009-2-10 19:05 编辑 ] |
免费评分
-
查看全部评分
|
发帖前要善用【论坛搜索】功能,那里可能会有你要找的答案或者已经有人发布过相同内容了,请勿重复发帖。 |
|
|
|
|
|
|
发表于 2009-2-9 21:50
