吾爱破解 - 52pojie.cn

 找回密码
 注册[Register]

QQ登录

只需一步,快速开始

查看: 14487|回复: 16
收起左侧

[Scripts] 网上转载的 Safengine 脱壳脚本.

[复制链接]
swallow52o 发表于 2017-4-30 19:07
[Asm] 纯文本查看 复制代码
mov x, "ecx"
mov y, "dword ptr fs:[18]"
mov z,"dword ptr ds:[ecx+24h]"
mov OldEcx,ecx
exec
mov {x},{y}       
mov {x}, {z}    
ende
mov MainTid, ecx,4
mov ecx,OldEcx,4
STI
mov [98afc3],E8,1
mov PStartupInfo,[7C8853DC],4
mov SizeStartupInfo,[PStartupInfo],4
sub SizeStartupInfo,4
add PStartupInfo,4
Set0:
cmp SizeStartupInfo,0
je NextH
mov [PStartupInfo],0,4
add PStartupInfo,4
sub SizeStartupInfo,4
jmp Set0
NextH:
alloc 1000 
mov Addr2, $RESULT
mov PRunNext,$RESULT
add PRunNext,7de
add PRunNext,1b
mov Asmaddr,Addr2
//反反调试部分 
ASM Asmaddr,"cmp eax,0E5"
add Asmaddr,$RESULT 
mov [Asmaddr],2875,2
add Asmaddr,2
ASM Asmaddr,"CMP dword ptr ss:[esp+c],11"
add Asmaddr,$RESULT
mov [Asmaddr],850F,2
mov [Asmaddr+2],1D,4
add Asmaddr,6
ASM Asmaddr,"CMP dword ptr ss:[esp+10],0"
add Asmaddr,$RESULT
mov [Asmaddr],850F,2
mov [Asmaddr+2],12,4
add Asmaddr,6
ASM Asmaddr,"CMP dword ptr ss:[esp+14],0"
add Asmaddr,$RESULT
mov [Asmaddr],850F,2
mov [Asmaddr+2],07,4
add Asmaddr,6
ASM Asmaddr,"mov eax,0"
add Asmaddr,$RESULT
ASM Asmaddr,"retn"
add Asmaddr,$RESULT
ASM Asmaddr,"cmp eax,9a"
add Asmaddr,$RESULT
mov [Asmaddr],850F,2
mov [Asmaddr+2],50,4
add Asmaddr,6
ASM Asmaddr,"cmp dword ptr ss:[esp+c],7"
add Asmaddr,$RESULT
mov [Asmaddr],850F,2
mov [Asmaddr+2],11,4
add Asmaddr,6
ASM Asmaddr,"mov eax,dword ptr ss:[esp+10]"
add Asmaddr,$RESULT
ASM Asmaddr,"mov dword ptr ds:[eax],0"
add Asmaddr,$RESULT
ASM Asmaddr,"mov eax,-1"
add Asmaddr,$RESULT
ASM Asmaddr,"retn"
add Asmaddr,$RESULT
ASM Asmaddr,"cmp dword ptr ss:[esp+C],1E"
add Asmaddr,$RESULT
mov [Asmaddr],1175,2
add Asmaddr,2
ASM Asmaddr,"mov eax,dword ptr ss:[esp+10]"
add Asmaddr,$RESULT
ASM Asmaddr,"mov dword ptr ds:[eax],0"
add Asmaddr,$RESULT
ASM Asmaddr,"mov eax,0"
add Asmaddr,$RESULT
ASM Asmaddr,"retn"
add Asmaddr,$RESULT
ASM Asmaddr,"cmp dword ptr ss:[esp+C],1F"
add Asmaddr,$RESULT
mov [Asmaddr],850F,2
mov [Asmaddr+2],11,4
add Asmaddr,6
ASM Asmaddr,"mov eax,dword ptr ss:[esp+10]"
add Asmaddr,$RESULT
ASM Asmaddr,"mov dword ptr ds:[eax],1"
add Asmaddr,$RESULT
ASM Asmaddr,"mov eax,0"
add Asmaddr,$RESULT
ASM Asmaddr,"retn"
add Asmaddr,$RESULT
ASM Asmaddr,"cmp eax,101"
add Asmaddr,$RESULT
mov [Asmaddr],850F,2
mov [Asmaddr+2],24,4
add Asmaddr,6
ASM Asmaddr,"cmp dword ptr ss:[esp+8],0"
add Asmaddr,$RESULT
mov [Asmaddr],850F,2
mov [Asmaddr+2],07,4
add Asmaddr,6
ASM Asmaddr,"mov eax,0"
add Asmaddr,$RESULT
ASM Asmaddr,"retn"
add Asmaddr,$RESULT
ASM Asmaddr,"cmp dword ptr ss:[esp+8],-1"
add Asmaddr,$RESULT
mov [Asmaddr],850F,2
mov [Asmaddr+2],07,4
add Asmaddr,6
ASM Asmaddr,"mov eax,0"
add Asmaddr,$RESULT
ASM Asmaddr,"retn"
add Asmaddr,$RESULT
ASM Asmaddr,"cmp eax,d5"
add Asmaddr,$RESULT
mov [Asmaddr],850F,2
mov [Asmaddr+2],7,4
add Asmaddr,6
ASM Asmaddr,"mov eax,0"
add Asmaddr,$RESULT
ASM Asmaddr,"retn"
add Asmaddr,$RESULT
ASM Asmaddr,"cmp eax,19"
add Asmaddr,$RESULT
mov [Asmaddr],850F,2
mov [Asmaddr+2],12,4
add Asmaddr,6
ASM Asmaddr,"cmp dword ptr ss:[esp+8],0"
add Asmaddr,$RESULT
mov [Asmaddr],850F,2
mov [Asmaddr+2],07,4
add Asmaddr,6
ASM Asmaddr,"mov eax,0"
add Asmaddr,$RESULT
ASM Asmaddr,"retn"
add Asmaddr,$RESULT
mov [Asmaddr],#83f85575478b44240c803810b8550000007539#,13
add Asmaddr,13
MOV [Asmaddr],#C70424#,3
ADD Asmaddr,3
MOV TEMP,Asmaddr
ADD TEMP,8
MOV [Asmaddr],TEMP,4
ADD Asmaddr,4
MOV [Asmaddr],#8BD40F34508B44240CC7400401000000C7400800000000C7400C00000000C74010000000006A016A0F#,2E
ADD Asmaddr,29
ASM Asmaddr,"CALL kernel32.TlsSetValue"
add Asmaddr,$RESULT
MOV [Asmaddr],#58c20800#,4
ADD Asmaddr,4
ASM Asmaddr,"mov edx, dword ptr fs:[18]"
add Asmaddr,$RESULT
ASM Asmaddr,"mov edx, dword ptr ds:[edx+24h]"
add Asmaddr,$RESULT
mov str,"cmp edx,"
add str,MainTid
ASM Asmaddr,str
add Asmaddr,$RESULT
mov [Asmaddr],1B75,2
add Asmaddr,2
ASM Asmaddr,"cmp eax,25"
add Asmaddr,$RESULT
mov [Asmaddr],0875,2
add Asmaddr,2
mov Addr5,Asmaddr
ASM Asmaddr,"mov eax,25"
add Asmaddr,$RESULT
mov [Asmaddr],0EEB,2
add Asmaddr,2
ASM Asmaddr,"cmp eax,B7"
add Asmaddr,$RESULT
mov [Asmaddr],0675,2
add Asmaddr,2
mov Addr6,Asmaddr
ASM Asmaddr,"mov eax,B7"
add Asmaddr,$RESULT
ASM Asmaddr,"mov edx,esp"
add Asmaddr,$RESULT
ASM Asmaddr,"sysenter"
add Asmaddr,$RESULT
GPA "NtCreateEvent","ntdll.dll"
mov JAddr,$RESULT
add JAddr,6
mov JAddr,[JAddr],4
mov JAddr,[JAddr],4
mov CallRetAddr,JAddr,4
mov CallRetStr,[CallRetAddr],10
mov [JAddr],03EB,2
mov str,"jmp "
add str,Addr2
add JAddr,5
ASM JAddr,str



没试过,不知道能不能行,!

免费评分

参与人数 2吾爱币 0 收起 理由
asd9988 + 1 楼下别扣分啊
chinasmu -1 用心讨论,共获提升!

查看全部评分

发帖前要善用论坛搜索功能,那里可能会有你要找的答案或者已经有人发布过相同内容了,请勿重复发帖。

Pizza 发表于 2017-4-30 19:33
当年SafengineChallenge的脚本 早就用不了了
何必再恋。 发表于 2017-4-30 19:29
hongge 发表于 2017-4-30 20:26
protea_ban 发表于 2017-4-30 21:35
没试就发是不是不太好
初音ミク 发表于 2017-4-30 22:19
没试过。。。。厉害了
笑颜一如从前Q 发表于 2017-4-30 23:05
感谢分享
rmgb 发表于 2017-5-1 01:04

没试就发是不是不太好
yhxing 发表于 2017-5-1 06:45
时间长了的肯定没有用了 因为现在这个正热火着呢……
 楼主| swallow52o 发表于 2017-5-1 11:43
试试就知道了.我没得这个壳.有个Safengine Protector 2.3.9版的壳...不会脱....找教程都找不到.!!!!
您需要登录后才可以回帖 登录 | 注册[Register]

本版积分规则

返回列表

RSS订阅|小黑屋|处罚记录|联系我们|吾爱破解 - LCG - LSG ( 京ICP备16042023号 | 京公网安备 11010502030087号 )

GMT+8, 2024-12-23 10:56

Powered by Discuz!

Copyright © 2001-2020, Tencent Cloud.

快速回复 返回顶部 返回列表