¡¾VMProtect¡¿ÅäºÏ¡¾PESpinµÄSDK¼ÓÃÜ¡¿µÄÁíÒ»·½·¨
Anskya ʹÓÃVMProtectµÄSDK·½Ê½ÅäºÏASProtectµÄSDKʵʩ±£»¤£»ÎÒ±ã²ÉÓÃVMProtecµÄÁíÒ»·½Ê½
£¨ÔÚ¹¤³Ì±àÒëÑ¡ÏîÖÐ:Project->Options->Linker Ñ¡ÏÖÐµÄ Map File Ñ¡ÏîÖУ¬½«µ¥Ñ¡¿òÑ¡ÔñDetailed£¬È»ºóÔÚVMProtectÌí¼Ó±£»¤´úÂëÖÐ
»á¿´µ½º¯ÊýµØÖ·£©ÅäºÏPESpinµÄSDKʵʩ±£»¤¡£
Ä¿±ê£º
ʹÓá¾VMProtect¡¿ÅäºÏ¡¾PESpinµÄSDK¼ÓÃÜ¡¿¶ÔÒ»¸öʹÓÃdelphi±àÒëµÄÀý×Óʵʩ±£»¤£¡²»Öª×Ô¼ºÀí½âµÄ¶Ô·ñ£¬»¹Çë¸÷λÌáÌáÒâ¼û£¡
¹ý³Ì£º
¡ù 1¡£Ê¹ÓÃdelphi´ò¿ªProject1.DPRÎļþ£¬È»ºóµã»÷delphiµÄProject²Ëµ¥ÏµÄOptions...Ñ¡ÏÔÚµ¯³öµÄ¶Ô»°´°¿ÚÖеã»÷LinkerÒ³Ã棬ÔÚ¸ÃÒ³ÃæÖÐÑ¡ÔñMap fileϵÄDetailedÕâÒ»ÏÒÔ±ã´ò¿ªÍ¬Ê±Éú³ÉÍêÈ«MAPÎļþµÄÕâÒ»¹¦ÄÜ£¬ÒòΪÔÚVMProtectÖÐҪʹÓÃMAPÎļþÓë¶ÔÓ¦µÄeXeÎļþ×ö±È½Ï£¬ÒÔ·½±ãVMProtect¶ÔÆä½øÐмÓÃÜ¡£
¡ù 2¡£Íê³ÉÉÏÃæµÄ²Ù×÷ºó£¬±ã°´F9¼ü½øÐбàÒ룬ÔÚĿ¼Ï±ãÉú³ÉÁËeXe¼°MapÎļþ£»Ê¹ÓÃDeDe¶Ô¸ÃeXeÎļþ½øÐз´»ã±à¡£
¡ù 3¡£ÓÃVMProtect´ò¿ªÉú³ÉµÄÕâ¸öeXeÎļþºó£¬µã»÷¡°Project¡±²Ëµ¥Ïµġ°New procedure¡±»òÕßÊÇ µã»÷¹¤¾ßÀ¸Öеġ°New procedure¡±°´Å¥£¬ÔÚµ¯³öµÄÌí¼ÓµØÖ·´°¿ÚÖÐ
ÕÒµ½£ºTForm1.Button1Click ÕâÒ»ÐУ¬È»ºóµã»÷¡°OK¡±°´Å¥£¬
ÕÒµ½£ºTForm1.FormCreate ÕâÒ»ÐУ¬È»ºóµã»÷¡°OK¡±°´Å¥£¬
ÕÒµ½£ºTForm1.Image1Click ÕâÒ»ÐУ¬È»ºóµã»÷¡°OK¡±°´Å¥£¬
ÔÚVMProtect×ó±ßµÄ´°¿ÚÖбã»áÁгöÒÔÕâÈý´¦Îª¿ªÊ¼µØÖ·£¬¿ÉÒÔ±»VMProtect±£»¤µÄÕâÈý¶ÎÏà¹Ø´úÂëÓÐÄÄЩ¡£
¡ù 4¡£ÔÚVMProtectÖУ¬µã»÷×ó±ß´°¿ÚÖÐµÄ TForm1.FormCreate ÕâÒ»Ðкó£¬ÅäºÏDeDe¶ÔeXeÎļþµÄ·´»ã±à£¬¿´µ½ÆäÏàÓ¦µÄ´úÂëºÍÐéÄâµØַΪ£º
¡£¡£¡£
00443A04 EB24 jmp 00443A2A //Õâ¸öJMPÃüÁîµÄ»úÆ÷Âë EB24 ±ãÊÇ
00443A06 FB sti //PESpinµÄ Crypt markers µÄ SDK {$I clear_start.inc}
00443A07 FB sti //µÄ¿ªÊ¼±êÖ¾
00443A08 FB sti //
00443A09 FB sti //
00443A0A FB sti //
00443A0B FB sti //
00443A0C FB sti //
00443A0D FB sti //
00443A0E FB sti //
00443A0F FB sti //
00443A10 FB sti //
00443A11 FB sti //
00443A12 FB sti //
00443A13 FB sti //
00443A14 FB sti //
00443A15 FB sti //
00443A16 FB sti //
00443A17 FB sti //
00443A18 FB sti //
00443A19 FB sti //
00443A1A FB sti //
00443A1B FB sti //
00443A1C FB sti //
00443A1D FB sti //
00443A1E FB sti //
00443A1F FB sti //
00443A20 FB sti //
00443A21 FB sti //
00443A22 FB sti //
00443A23 FB sti //
00443A24 FB sti //
00443A25 FB sti //PESpinµÄ Crypt markers µÄ SDK {$I clear_start.inc}
00443A26 66BD0000 mov bp, $0000 //µÄ½áÊø±êÖ¾
* Possible String Reference to: 'PESpin Markers Test'
|
00443A2A BA743A4400 mov edx, $00443A74 //¡Á ×¼±¸ÔÚ´Ë´¦ ¡Á¿ªÊ¼¡Á VMProtectµÄ±£»¤ ¡Á//Ïê¼û¡¾4A¡¿
* Reference to: controls.TControl.SetText(TControl;TCaption);
|
00443A2F E89C02FEFF call 00423CD0 //¡Á ×¼±¸ÔÚ´Ë´¦ ¡Á½áÊø¡Á VMProtectµÄ±£»¤ ¡Á//Ïê¼û¡¾4B¡¿
00443A34 EB33 jmp 00443A69 //Õâ¸öJMPÃüÁîµÄ»úÆ÷Âë EB33 ±ãÊÇ
00443A36 FA cli //PESpinµÄ Crypt markers µÄ SDK {$I clear_end.inc}
00443A37 FA cli //µÄ¿ªÊ¼±êÖ¾
00443A38 FA cli //
00443A39 FA cli //
00443A3A FA cli //
00443A3B FA cli //
00443A3C FA cli //
00443A3D FA cli //
00443A3E FA cli //
00443A3F FA cli //
00443A40 FA cli //
00443A41 FA cli //
00443A42 FA cli //
00443A43 FA cli //
00443A44 FA cli //
00443A45 FA cli //
00443A46 FA cli //
00443A47 FA cli //
00443A48 FA cli //
00443A49 FA cli //
00443A4A FA cli //
00443A4B FA cli //
00443A4C FA cli //
00443A4D FA cli //
00443A4E FA cli //
00443A4F FA cli //
00443A50 FA cli //
00443A51 FA cli //
00443A52 FA cli //
00443A53 FA cli //
00443A54 FA cli //
00443A55 FA cli //
00443A56 FA cli //
00443A57 FA cli //
00443A58 FA cli //
00443A59 FA cli //
00443A5A FA cli //
00443A5B FA cli //
00443A5C FA cli //
00443A5D FA cli //
00443A5E FA cli //
00443A5F FA cli //
00443A60 FA cli //
00443A61 FA cli //
00443A62 FA cli //
00443A63 FA cli //
00443A64 FA cli //PESpinµÄ Crypt markers µÄ SDK {$I clear_end.inc}
00443A65 66BD0000 mov bp, $0000 //µÄ½áÊø±êÖ¾
00443A69 C3 ret
¡£¡£¡£
¡¾4A¡¿¡£µã»÷¡°Project¡±²Ëµ¥Ïµġ°New procedure¡±»òÕßÊǵã»÷¹¤¾ßÀ¸Öеġ°New procedure¡±°´Å¥£¬ÔÚµ¯³öµÄÌí¼ÓµØÖ·´°¿ÚÖÐÊäÈë 00443A2A ºó£¬µã»÷¡°OK¡±°´Å¥£¬VMProtect±ãÓÖ»á×Ô¶¯ÁгöÐéÄâµØÖ·£º00443A2A ºóÃæµÄ´úÂ룻
¡¾4B¡¿¡£ÔÚ²Ù×÷ÁË¡¾4A¡¿Ö®ºó£¬VMProtect×ó±ß´°¿ÚÖбã¶àÁËÒ»¸öÒÔ 00443A2A Õ⴦Ϊ¿ªÊ¼µØÖ·£¬¿ÉÒÔ±»VMProtect±£»¤µÄÕâ¶ÎÏà¹Ø´úÂëÓÐÄÄЩ¡£µã»÷ÕâÐкóÓÖ·¢ÏÖ£¬ÔÚÁгöµÄ¿É±»±£»¤´úÂëÖУ¬ÐéÄâµØÖ·£º00443A34 ÕâÒ»ÐеĴúÂë²¢²»Ïë±»VMProtect±£»¤£»Òò´Ë£¬ÔÚÓұߴ°¿ÚÁгöµÄ¿É±»±£»¤´úÂëÖУ¬ÕÒµ½²¢Ñ¡¶¨£º¡°00443A34 EB33 jmp 00443A69¡± ÕâÒ»ÐУ¬µ¥»÷Êó±êÓÒ¼ü£¬ÔÚµ¯³öµÄ²Ëµ¥ÖÐÑ¡Ôñ£º¡°End of procedure¡±»òÊÇ °´£ºCtrl+B ¼ü£» ÕâʱÐéÄâµØÖ·£º00443A34 ÒÔ¼°ËüºóÃæµÄ´úÂ붼±ä³ÉÁË»ÒÉ«£» ±íʾÕâЩ»ÒÉ«´úÂë²»ÔÙ±»VMProtect±£»¤£»
Òò´Ë£¬TForm1.FormCreate ʼþ±»·Ö³ÉÁËÈý¿é£¬ÆäÖУ¬Öм佫Ҫ±»PeSpinµÄSDKËù±£»¤µÄÕâÒ»¿é£¬Ïȱ»VMProtect±£»¤ÁË¡£
¡ù 5¡£ÔÚVMProtectÖеã»÷×ó±ß´°¿ÚÖÐµÄ TForm1.Button1Click ÕâÒ»Ðкó£¬ÅäºÏDeDe¶ÔeXeÎļþµÄ·´»ã±à£¬¿´µ½ÆäÏàÓ¦µÄ´úÂëºÍÐéÄâµØַΪ£º
¡£¡£¡£
00443A88 55 push ebp
00443A89 8BEC mov ebp, esp
00443A8B 6A00 push $00
00443A8D 6A00 push $00
00443A8F 6A00 push $00
00443A91 53 push ebx
00443A92 56 push esi
00443A93 57 push edi
00443A94 8BF8 mov edi, eax
00443A96 33C0 xor eax, eax
00443A98 55 push ebp
* Possible String Reference to: 'éì÷ûÿëë_^[‹å]?
|
00443A99 68873B4400 push $00443B87
***** TRY
|
00443A9E 64FF30 push dword ptr fs:[eax]
00443AA1 648920 mov fs:[eax], esp
00443AA4 8D55FC lea edx, [ebp-$04]
00443AA7 8B87D4020000 mov eax, [edi+$02D4]
* Reference to: controls.TControl.GetText(TControl):TCaption;
|
00443AAD E8EE01FEFF call 00423CA0
00443AB2 8B45FC mov eax, [ebp-$04]
* Reference to: system.@LStrLen:Integer;
| or: system.@DynArrayLength;
| or: system.DynArraySize(Pointer):Integer;
|
00443AB5 E8A600FCFF call 00403B60
00443ABA 85C0 test eax, eax
00443ABC 0F84AA000000 jz 00443B6C
00443AC2 EB08 jmp 00443ACC //Õâ¸öJMPÃüÁîµÄ»úÆ÷Âë EB08 ±ãÊÇ
00443AC4 FC cld //PESpinµÄ Crypt markers µÄ SDK {$I crypt_start.inc}
00443AC5 FC cld //µÄ¿ªÊ¼±êÖ¾
00443AC6 FC cld //
00443AC7 FC cld //
00443AC8 FC cld //
00443AC9 FC cld //
00443ACA 27 daa //PESpinµÄ Crypt markers µÄ SDK {$I crypt_start.inc}
00443ACB 54 push esp //µÄ½áÊø±êÖ¾
00443ACC 33DB xor ebx, ebx //¡Á ×¼±¸ÔÚ´Ë´¦ ¡Á¿ªÊ¼¡Á VMProtectµÄ±£»¤ ¡Á//Ïê¼û¡¾5A¡¿
00443ACE 33F6 xor esi, esi
00443AD0 43 inc ebx
00443AD1 8D55F8 lea edx, [ebp-$08]
00443AD4 8B87D4020000 mov eax, [edi+$02D4]
* Reference to: controls.TControl.GetText(TControl):TCaption;
|
00443ADA E8C101FEFF call 00423CA0
00443ADF 8B45F8 mov eax, [ebp-$08]
00443AE2 0FB64418FF movzx eax, byte ptr [eax+ebx-$01]
00443AE7 03F0 add esi, eax
00443AE9 8D55F4 lea edx, [ebp-$0C]
00443AEC 8B87D4020000 mov eax, [edi+$02D4]
* Reference to: controls.TControl.GetText(TControl):TCaption;
|
00443AF2 E8A901FEFF call 00423CA0
00443AF7 8B45F4 mov eax, [ebp-$0C]
* Reference to: system.@LStrLen:Integer;
| or: system.@DynArrayLength;
| or: system.DynArraySize(Pointer):Integer;
|
00443AFA E86100FCFF call 00403B60
00443AFF 3BD8 cmp ebx, eax
00443B01 7CCD jl 00443AD0
00443B03 83EE43 sub esi, +$43
00443B06 83C610 add esi, +$10
00443B09 81F69A020000 xor esi, $0000029A
00443B0F 81F609030000 xor esi, $00000309
00443B15 C1E602 shl esi, $02
00443B18 33DB xor ebx, ebx
00443B1A 43 inc ebx
00443B1B 8BC3 mov eax, ebx
00443B1D 03C0 add eax, eax
00443B1F 33C3 xor eax, ebx
00443B21 F7EE imul esi
00443B23 8BF0 mov esi, eax
00443B25 83FB06 cmp ebx, +$06
00443B28 7CF0 jl 00443B1A //¡Á ×¼±¸ÔÚ´Ë´¦ ¡Á½áÊø¡Á VMProtectµÄ±£»¤ ¡Á//Ïê¼û¡¾5B¡¿
00443B2A EB08 jmp 00443B34 //Õâ¸öJMPÃüÁîµÄ»úÆ÷Âë EB08 ±ãÊÇ
00443B2C FD std //PESpinµÄ Crypt markers µÄ SDK {$I crypt_end.inc}
00443B2D FD std //µÄ¿ªÊ¼±êÖ¾
00443B2E FD std //
00443B2F FD std //
00443B30 FD std //
00443B31 FD std //
00443B32 54 push esp //PESpinµÄ Crypt markers µÄ SDK {$I crypt_end.inc}
00443B33 37 aaa //µÄ½áÊø±êÖ¾
00443B34 81FEC0884904 cmp esi, $044988C0
00443B3A 7408 jz 00443B44
00443B3C 81FEC0884904 cmp esi, $044988C0
00443B42 7515 jnz 00443B59
00443B44 6A00 push $00
* Possible String Reference to: 'Example Markers'
|
00443B46 68983B4400 push $00443B98
* Possible String Reference to: 'Good pass :D'
|
00443B4B 68A83B4400 push $00443BA8
00443B50 6A00 push $00
* Reference to: user32.MessageBoxA()
|
00443B52 E8192BFCFF call 00406670
00443B57 EB13 jmp 00443B6C
00443B59 6A00 push $00
* Possible String Reference to: 'Example Markers'
|
00443B5B 68983B4400 push $00443B98
* Possible String Reference to: 'Bad password. Try: PESpin'
|
00443B60 68B83B4400 push $00443BB8
00443B65 6A00 push $00
* Reference to: user32.MessageBoxA()
|
00443B67 E8042BFCFF call 00406670
00443B6C 33C0 xor eax, eax
00443B6E 5A pop edx
00443B6F 59 pop ecx
00443B70 59 pop ecx
00443B71 648910 mov fs:[eax], edx
****** FINALLY
|
* Possible String Reference to: '_^[‹å]?
|
00443B74 688E3B4400 push $00443B8E
00443B79 8D45F4 lea eax, [ebp-$0C]
00443B7C BA03000000 mov edx, $00000003
* Reference to: system.@LStrArrayClr;
|
00443B81 E87EFDFBFF call 00403904
00443B86 C3 ret
* Reference to: system.@HandleFinally;
|
00443B87 E9ECF7FBFF jmp 00403378
00443B8C EBEB jmp 00443B79
****** END
|
00443B8E 5F pop edi
00443B8F 5E pop esi
00443B90 5B pop ebx
00443B91 8BE5 mov esp, ebp
00443B93 5D pop ebp
00443B94 C3 ret
¡£¡£¡£
¡¾5A¡¿¡£µã»÷¡°Project¡±²Ëµ¥Ïµġ°New procedure¡±»òÕßÊǵã»÷¹¤¾ßÀ¸Öеġ°New procedure¡±°´Å¥£¬ÔÚµ¯³öµÄÌí¼ÓµØÖ·´°¿ÚÖÐÊäÈë 00443ACC ºó£¬µã»÷¡°OK¡±°´Å¥£¬VMProtect±ãÓÖ»á×Ô¶¯ÁгöÐéÄâµØÖ·£º00443ACC ºóÃæµÄ´úÂ룻
¡¾5B¡¿¡£ÔÚ²Ù×÷ÁË¡¾5A¡¿Ö®ºó£¬VMProtect×ó±ß´°¿ÚÖбã¶àÁËÒ»¸öÒÔ 00443ACC Õ⴦Ϊ¿ªÊ¼µØÖ·£¬¿ÉÒÔ±»VMProtect±£»¤µÄÕâ¶ÎÏà¹Ø´úÂëÓÐÄÄЩ¡£µã»÷ÕâÐкóÓÖ·¢ÏÖ£¬ÔÚÁгöµÄ¿É±»±£»¤´úÂëÖУ¬ÐéÄâµØÖ·£º00443B2A ÕâÒ»Ðм°ºóÃæµÄ´úÂë²¢²»Ïë±»VMProtect±£»¤£»Òò´Ë£¬ÔÚÓұߴ°¿ÚÁгöµÄ¿É±»±£»¤´úÂëÖУ¬ÕÒµ½²¢Ñ¡¶¨£º¡°00443B2A EB08 jmp 00443B34¡± ÕâÒ»ÐУ¬µ¥»÷Êó±êÓÒ¼ü£¬ÔÚµ¯³öµÄ²Ëµ¥ÖÐÑ¡Ôñ£º¡°End of procedure¡±»òÊÇ °´£ºCtrl+B ¼ü£» ÕâʱÐéÄâµØÖ·£º00443B2A ÒÔ¼°ËüºóÃæµÄ´úÂ붼±ä³ÉÁË»ÒÉ«£» ±íʾÕâЩ»ÒÉ«´úÂë²»ÔÙ±»VMProtect±£»¤£»
Òò´Ë£¬TForm1.FormCreate ʼþ±»·Ö³ÉÁËÈý¿é£¬ÆäÖУ¬Öм佫Ҫ±»PeSpinµÄSDKËù±£»¤µÄÕâÒ»¿é£¬Ïȱ»VMProtect±£»¤ÁË¡£
¡ù 6¡£ÔÚVMProtectÖеã»÷×ó±ß´°¿ÚÖÐµÄ TForm1.Image1Click ÕâÒ»Ðкó£¬ÅäºÏDeDe¶ÔeXeÎļþµÄ·´»ã±à£¬¿´µ½ÆäÏàÓ¦µÄ´úÂëºÍÐéÄâµØַΪ£º
¡£¡£¡£
00443BD4 53 push ebx
00443BD5 8BD8 mov ebx, eax
00443BD7 EB08 jmp 00443BE1 //Õâ¸öJMPÃüÁîµÄ»úÆ÷Âë EB08 ±ãÊÇ
00443BD9 FC cld //PESpinµÄ Crypt markers µÄ SDK {$I crypt_start.inc}
00443BDA FC cld //µÄ¿ªÊ¼±êÖ¾
00443BDB FC cld //
00443BDC FC cld //
00443BDD FC cld //
00443BDE FC cld //
00443BDF 27 daa //PESpinµÄ Crypt markers µÄ SDK {$I crypt_start.inc}
00443BE0 54 push esp //µÄ½áÊø±êÖ¾
00443BE1 6A00 push $00 //¡Á ×¼±¸ÔÚ´Ë´¦ ¡Á¿ªÊ¼¡Á VMProtectµÄ±£»¤ ¡Á//Ïê¼û¡¾6A¡¿
* Possible String Reference to: 'Example Markers...'
|
00443BE3 68083C4400 push $00443C08
* Possible String Reference to: 'Example in Delphi by reywen^htb'
|
00443BE8 681C3C4400 push $00443C1C
00443BED 8BC3 mov eax, ebx
* Reference to: controls.TWinControl.GetHandle(TWinControl):HWND;
|
00443BEF E87C61FEFF call 00429D70
00443BF4 50 push eax
* Reference to: user32.MessageBoxA()
|
00443BF5 E8762AFCFF call 00406670 //¡Á ×¼±¸ÔÚ´Ë´¦ ¡Á½áÊø¡Á VMProtectµÄ±£»¤ ¡Á//Ïê¼û¡¾6B¡¿
00443BFA EB08 jmp 00443C04 //Õâ¸öJMPÃüÁîµÄ»úÆ÷Âë EB08 ±ãÊÇ
00443BFC FD std //PESpinµÄ Crypt markers µÄ SDK {$I crypt_end.inc}
00443BFD FD std //µÄ¿ªÊ¼±êÖ¾
00443BFE FD std //
00443BFF FD std //
00443C00 FD std //
00443C01 FD std //
00443C02 54 push esp //PESpinµÄ Crypt markers µÄ SDK {$I crypt_end.inc}
00443C03 37 aaa //µÄ½áÊø±êÖ¾
00443C04 5B pop ebx
00443C05 C3 ret
¡£¡£¡£
¡¾6A¡¿¡£µã»÷¡°Project¡±²Ëµ¥Ïµġ°New procedure¡±»òÕßÊǵã»÷¹¤¾ßÀ¸Öеġ°New procedure¡±°´Å¥£¬ÔÚµ¯³öµÄÌí¼ÓµØÖ·´°¿ÚÖÐÊäÈë 00443BE1 ºó£¬µã»÷¡°OK¡±°´Å¥£¬VMProtect±ãÓÖ»á×Ô¶¯ÁгöÐéÄâµØÖ·£º00443BE1 ºóÃæµÄ´úÂ룻
¡¾6B¡¿¡£ÔÚ²Ù×÷ÁË¡¾6A¡¿Ö®ºó£¬VMProtect×ó±ß´°¿ÚÖбã¶àÁËÒ»¸öÒÔ 00443BE1 Õ⴦Ϊ¿ªÊ¼µØÖ·£¬¿ÉÒÔ±»VMProtect±£»¤µÄÕâ¶ÎÏà¹Ø´úÂëÓÐÄÄЩ¡£µã»÷ÕâÐкóÓÖ·¢ÏÖ£¬ÔÚÁгöµÄ¿É±»±£»¤´úÂëÖУ¬ÐéÄâµØÖ·£º00443BFA ÕâÒ»ÐеĴúÂë²¢²»Ïë±»VMProtect±£»¤£»Òò´Ë£¬ÔÚÓұߴ°¿ÚÁгöµÄ¿É±»±£»¤´úÂëÖУ¬ÕÒµ½²¢Ñ¡¶¨£º¡°00443BFA EB08 jmp 00443C04¡± ÕâÒ»ÐУ¬µ¥»÷Êó±êÓÒ¼ü£¬ÔÚµ¯³öµÄ²Ëµ¥ÖÐÑ¡Ôñ£º¡°End of procedure¡±»òÊÇ °´£ºCtrl+B ¼ü£»ÕâʱÐéÄâµØÖ·£º00443BFA ÒÔ¼°ËüºóÃæµÄ´úÂ붼±ä³ÉÁË»ÒÉ«£» ±íʾÕâЩ»ÒÉ«´úÂë²»ÔÙ±»VMProtect±£»¤£»
Òò´Ë£¬TForm1.Image1Click ʼþ±»·Ö³ÉÁËÈý¿é£¬ÆäÖУ¬Öм佫Ҫ±»PeSpinµÄSDKËù±£»¤µÄÕâÒ»¿é£¬Ïȱ»VMProtect±£»¤ÁË¡£
¡ù 7¡£È»ºóÔÚVMProtectµÄ¡°Options¡±´°¿ÚÖÐÉèÖÃÏàÓ¦µÄÑ¡Ï×îºóµã»÷¹¤¾ßÀ¸Öеġ°Compilation (F9)¡±°´Å¥£¬±ã¿É£¡
¡ù 8¡£ÔÙÓÃPESpin´ò¿ª±»VMProtect±£»¤Á˵ÄeXeÎļþ£¬¶Ô¸ÃeXeÎļþ½øÐмÓÃÜ£¬¼´¿É£¡