¡¾ÎÄÕ±êÌâ¡¿: ±ùµãÃÜÂëÆƽâ
¡¾ÎÄÕÂ×÷Õß¡¿: figo
¡¾×÷ÕßÓÊÏä¡¿: yangtengfei@56.com
¡¾×÷ÕßQQºÅ¡¿: 382174647
¡¾Èí¼þÃû³Æ¡¿: ±ùµã6.00.220.1692 ÆóÒµ°æ
¡¾¼Ó¿Ç·½Ê½¡¿: δ֪¿Ç
¡¾±£»¤·½Ê½¡¿: ANIT DEBUG,¼Ó¿Ç
¡¾±àдÓïÑÔ¡¿: C , ASM32
¡¾Ê¹Óù¤¾ß¡¿: SOFTICE MASM32 VC++ 6.0
¡¾²Ù×÷ƽ̨¡¿: WINXP
¡¾×÷ÕßÉùÃ÷¡¿: ´¿¼¼Êõ½»Á÷,²»Õë¶ÔÈκÎÈí¼þ.ÇëÎðÓÃÓÚ¶ñÒâÆÆ»µµÈ·Ç·¨ÓÃ;,
·ñÔò¸ø×Ô¼º»òËûÈË´øÀ´ÑÏÖغó¹û,¸ÅÓë±¾ÈËÎÞ¹Ø.ʧÎóÖ®´¦¿ÒÇëÅúÆÀÖ¸Õý,
»òÓиüºÃµÄ·½·¨»òÕß¼¼ÇÉ,»¶Ó»¥ÏཻÁ÷.
--------------------------------------------------------------------------------
¡¾Èí¼þ½éÉÜ¡¿:
Deep Freeze ÊÇÒ»¿îÀàËÆÓÚ»¹Ô¾«ÁéµÄϵͳ»¹ÔÈí¼þ,µ«Ëü±È»¹Ô¾«ÁéÇ¿º·,ÎÞÂÛ¼ÓÃÜÇ¿¶È»ò°²È«ÐÔ.
¾Ý½éÉÜÕâÈí¼þÎÞ½â,ÖÁ½ñΪÕÒµ½Æƽⷽ·¨.Ò»µ©Åª¶ªÁ˹ÜÀíÃÜÂë,Ö»Äܸñʽ»¯´ÅÅÌÖØа²×°ÏµÍ³ÁË.
±ÊÕß·¢²¼´ËÎÄÕÂÖ»ÊÇΪÁ˽»Á÷¼¼Êõ,²¢ÎÞÆäËüÄ¿µÄ,Çë²»ÒªÓÃÓÚ¶ñÒâÆÆ»µµÈ·Ç·¨ÓÃ;.
Èç¹ûÎÄÕÂÄܶªÊ§ÎªÃÜÂëµÄÓû§´øÀ´Ò»µã°ïÖúµÄ»°,±ÊÕß»áÊ®·ÖÐÀοµÄ,±Ï¾¹ºÃ¼¸ÌìµÄŬÁ¦²ÅÍê³ÉÕâÎÄÕµÄ,
Deep Freeze µÄÏÂÔصØÖ·Ò²²»ÌṩÁË,ÍøÉϵ½´¦¶¼ÊÇ,°æ±¾ÊÇ 6.00.220.1692
¡¾Ïêϸ¹ý³Ì¡¿
ÆƽâÇ°µÄ×¼±¸:
ÏÈ°²×°ºÃ ±ùµã ºÍ SOFTICE,±ÊÕßÓÃµÄ DS3.2 ÖÐµÄ SOFTICE. »¹ÓÐ IceExt 0.70 ²å¼þµÄ°²×°(Õâ²¢²»ÊDZØÐëµÄ,
Ö»ÊÇдÎÄÕµÄʱºòÒªÓõ½,ºóÃæ»á½éÉÜ IceExt ²å¼þµÄÃîÓÃ).×°ºÃ±ùµãºó,°Ñ¿Í»§¶ËµÄÃÜÂëÉèÖÃΪ:382174647
(ºÇºÇ,ÕâÊÇÎÒµÄQQºÅ, µ±È»,ÄãÒ²¿ÉÒÔÉèÖÃΪÈÎÒâÃÜÂë ),°Ñ»¹ÔµÄÅÌÉèΪ Z ÅÌ(Ò²¿ÉÒÔÈÎÒâ,
µ«Ò»°ã²»ÉèΪ×Ô¼ºµÄÓ²ÅÌ·ÖÇø),×îºó°²×°¿Í»§¶Ë.
¿ªÊ¼·ÖÎö:
Ê×ÏÈ,°´×¡¼üÅÌÉ쵀 CTRL + ALT + SHIFT + F6 Ëĸö¼ü,µ÷³ö±ùµãµÄÃÜÂëÊäÈë¶Ô»°¿ò. ÊäÈëÈÎÒâÃÜÂë,Èç: 234234.
CTRL + D µ÷³ö SOFTICE. ´Ëʱ,Äã¿ÉǧÍò±ðÖ¸ÍûÄÜÔÚÄÚ´æÖÐÕÒµ½ '234234' µÄÊý¾Ý,²¢Ööϵã.
Óà S Ö¸ÁîËѱéÕû¸ö 4G ¿Õ¼äÒ²Ò»Ñù,¾ÍËãÕÒµ½ÁË,ÄÇÒ²²»ÊÇÃÜÂëÎı¾¿òµÄ.
ÒòΪµ±¸Ä±äÎı¾¿òµÄÄÚÈÝʱ,¸ÃÎı¾¿ò»á×Ô¶¯µ÷Óà NT µÄ Native API :RtlRunEncodeUnicodeString º¯Êý ½øÐмÓÃÜ.
µ±Ó¦ÓóÌÐòÏë»ñÈ¡Îı¾ÄÚÈÝʱ,¸ÃÎı¾¿òÓÖ»áµ÷Óà RtlRunDecodeUnicodeString º¯Êý½øÐнâÃÜ.
¹ØÓÚ RtlRunEncodeUnicodeString ºÍ RtlRunDecodeUnicodeString µÄÔ´´úÂë¿ÉÒÔÔÚ NT Ô´´úÂëÖÐµÄ sertl.c ÎļþÖÐÕÒµ½.
Æäʵ RtlRunEncodeUnicodeString Ö»ÊǶÔÊý¾Ý½øÐмòµ¥µÄ XOR ÔËËã,¾¡¹Ü¼ÓÃÜËã·¨¼òµ¥,È´ºÜÓÐЧµÄ·ÀÖ¹ÔÚÄÚ´æÖб»ÕÒ³öÃ÷Âë.
ËäÈ»ÎÒÃÇ¿ÉÒÔ²»ÓÃÖªµÀ RtlRunDecodeUnicodeString µÄ¾ßÌåËã·¨,µ«ÎªÁËÀûÓÚÆƽâ,ÎÒÃÇ»¹ÊÇÓбØÒªÖªµÀËüµÄ¶¨Òå:
VOID RtlRunDecodeUnicodeString( UCHAR Seed, PUNICODE_STRING String )
µÚÒ»¸ö²ÎÊýÊÇ :
×Ö½ÚÀàÐÍ, ¼ÓÃܵÄÖÖ×ÓµÄÖµ.
µÚ¶þ¸ö²ÎÊýÊÇ:
ÊǸö PUNICODE_STRING Êý¾ÝÀàÐÍ
Ö¸Ïò±»½âÃܵÄÊý¾ÝµÄµØÖ·(×¢ÒâÁË,ÊÇË«ÖØÖ¸Õë)
ºÃÁË,ͨ¹ýÉÏÃæµÄ·ÖÎö,ÎÒÃÇ¿ªÊ¼¶Ô RtlRunDecodeUnicodeString ϶ϵã,µã»÷ OK °´Å¦,³ÌÐò±»ÖжÏÔÚÈçÏ´úÂë:
EAX=0000002A EBX=00000006 ECX=7C822E07 EDX=00140608 ESI=0014C2A8
EDI=0014CDB0 EBP=0012F088 ESP=0012F06C EIP=7C94EF8B o d I s Z a P c
CS=001B DS=0023 SS=0023 ES=0023 FS=003B GS=0000
--------------------------------------------------byte--------------PROT---(0)--
0023:00E20034 B0 CD 14 00 03 00 00 00-28 CF 14 00 68 00 E2 00 ........(...h.?
0023:00E20044 00 00 00 00 03 00 01 00-90 A5 15 00 03 00 01 00 ........`À......
0023:00E20054 B0 65 17 00 03 00 01 00-D0 25 19 00 03 00 01 00 .e.......%......
0023:00E20064 F0 E5 1A 00 70 00 E2 00-00 00 00 00 78 00 E2 00 .?.p.?....x.?
------ntdll!RtlRunEncodeUnicodeString+004D-------------------------------PROT32-
ntdll!RtlRunDecodeUnicodeString
001B:7C94EF8B 8BFF MOV EDI,EDI
001B:7C94EF8D 55 PUSH EBP
001B:7C94EF8E 8BEC MOV EBP,ESP
¸Õ²ÅÎÒÃÇÁ˽⵽ RtlRunDecodeUnicodeString µÄµÚ¶þ¸ö²ÎÊýÊÇÖ¸ÏòÃÜÎĵÄË«ÖØÖ¸Õë,ÊäÈë:
D *(ESP - 08)
Õâʱ,ÃÜÎĵĵØÖ·ÈçÉÏÃæDATA ´°¿ÚËùʾ,Ϊ 14CDB0H.
²»Òª¼±×Å϶ϵã,ÒªµÈµ½Ëü½âÃÜÍê±Ï.
P RET ,Ìø³ö RtlRunDecodeUnicodeString
È»ºó D 14CDB0
--------------------------------------------------byte--------------PROT---(0)--
0023:0014CDB0 32 33 34 32 33 34 00 00-00 00 00 00 00 00 00 00 234234..........
0023:0014CDC0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
¿ÉÒÔ¿´µ½Ã÷ÂëÒѾ³öÏÖÔÚÎÒÃÇÃæÇ°. ºÃÁË,¿ÉÒÔ¶ÔËüÏÂÓ²¼þ¶Á¶Ïµã
bpm 14CDB0 R
G ÔËÐÐ. ³ÌÐò±»ÖжÏÔÚÈçÏ´úÂë:
------USER32!EditWndProc+0566--------------------------------------------PROT32-
001B:77D3352D F3A5 REPZ MOVSD
001B:77D3352F 8BC8 MOV ECX,EAX
001B:77D33531 83E103 AND ECX,03
001B:77D33534 F3A4 REPZ MOVSB
001B:77D33536 E8E3FBFFFF CALL 77D3311E
001B:77D3353B 5F POP EDI
001B:77D3353C 5E POP ESI
001B:77D3353D 8BC3 MOV EAX,EBX
001B:77D3353F 5B POP EBX
001B:77D33540 5D POP EBP
001B:77D33541 C21000 RET 0010
²»ÄÑ¿´³ö,Õâ¶Î´úÂëÖ÷ÒªÊÇʵÏÖÊý¾ÝµÄ¸´ÖÆ
ÕâʱµÄ EDI = 00BC932C, ¶ø ESI ÔòÊǸղÅÃ÷ÂëµÄµØÖ·, ESI = 0014CDB0H
ͬÑù,¶Ô 00BC932CH ÏÂÓ²¼þ¶Á¶Ïµã.G ÔËÐÐ .
½ÓÏÂÀ´,³ÌÐòÔÙ´ÎÖжÏÔÚ RtlRunDecodeUnicodeString ÉÏ,ÎÒÃÇÔÙ´ÎÖظ´ÉÏÃæÕâÒ»¹ý³Ì.
Ψһ²»Í¬µÄÊÇ,Õâ´ÎÃ÷ÂëÊDZ»¸´ÖƵ½ 00BCA488H ´¦.ÓÚÊÇ¶Ô 00BCA488H ÔÙÏÂÒ»¸öÓ²¼þ¶Á¶Ïµã.
G ÔËÐÐ .
³ÌÐòÖжÏÔÚÈçÏ´úÂë:
AX=00BCA488 EBX=00BCA488 ECX=0012F348 EDX=32343332 ESI=0012F33C
EDI=00BCAE11 EBP=0012F284 ESP=0012F254 EIP=004961F2 o d I s Z a P c
CS=001B DS=0023 SS=0023 ES=0023 FS=003B GS=0000
--------------------------------------------------byte--------------PROT---(0)--
0023:00BCA488 32 33 34 32 33 34 00 00-26 00 00 00 EC 9C BC 00 234234..&...—™..
0023:00BCA498 00 00 00 00 34 9D BC 00-00 00 00 00 13 00 00 00 ....4?.........
0023:00BCA4A8 00 00 00 00 01 00 00 00-24 00 00 00 16 00 00 00 ........$.......
0023:00BCA4B8 EC 46 BC 00 24 AA BC 00-4F 70 74 69 14 00 00 00 —'..$?.Opti....
-------------------------------------------------------------------------PROT32-
001B:004961F0 8B10 MOV EDX,[EAX]
001B:004961F2 83C004 ADD EAX,04
001B:004961F5 8BCA MOV ECX,EDX
001B:004961F7 81EA01010101 SUB EDX,01010101
001B:004961FD 81E280808080 AND EDX,80808080
001B:00496203 74EB JZ 004961F0
001B:00496205 F7D1 NOT ECX
001B:00496207 23D1 AND EDX,ECX
001B:00496209 74E5 JZ 004961F0
¶Ôÿ¸ö×Ö½Ú¼õ 1 ,ÔÙÅжÏÊÇ·ñΪ¸º,Õâ¶Î´úÂëÓ¦¸ÃÊDzâÊÔ×Ö·û´®³¤¶ÈµÄ. ¿´¿´Ëü·µ»ØµÄÊÇʲôֵ?
P RET
´úÂëÈçÏÂ:
EAX=00000006 EBX=00BCA488 ECX=00BCA488 EDX=80800000 ESI=0012F33C
EDI=00BCAE11 EBP=0012F284 ESP=0012F25C EIP=0040BF90 o d I s z a P c
CS=001B DS=0023 SS=0023 ES=0023 FS=003B GS=0000 DS:00BCAE11=0014
-------------------------------------------------------------------------------
001B:0040BF87 E85CA20800 CALL 004961E8
001B:0040BF8C 59 POP ECX
001B:0040BF8D 8945FC MOV [EBP-04],EAX
001B:0040BF90 0FB707 MOVZX EAX,WORD PTR [EDI]
001B:0040BF93 85C0 TEST EAX,EAX
001B:0040BF95 7513 JNZ 0040BFAA
EAX ·µ»Ø 6,û²Â´í,¹ûÈ»ÊDzâ×Ö·û´®³¤¶ÈµÄ. EAX ±£´æÔÚ EBP -4 ´¦,ÔÙ¶Ô EBP -4 ÏÂÒ»¸öÓ²¼þ¶Á¶Ïµã.
G ÔËÐÐ.
³ÌÐòÖжÏÔÚÈçÏ´úÂë:
001B:0040BFB4 3B45FC CMP EAX,[EBP-04]
001B:0040BFB7 7407 JZ 0040BFC0 (NO JUMP)
001B:0040BFB9 33C0 XOR EAX,EAX
001B:0040BFBB E989000000 JMP 0040C049
´ËʱµÄ EAX = 9 (ÔÀ´ÃÜÂëµÄ³¤¶È) ,[EBP -4] = 6 (ÊäÈëÃÜÂëµÄ³¤¶È)
²»ÏàµÈ¾ÍÇåÁã EAX ,²¢Ìøµ½ 40C049
ÔÙ¿´¿´ 40C049 ´¦µÄ´úÂë:
001B:0040C049 5F POP EDI
001B:0040C04A 5E POP ESI
001B:0040C04B 5B POP EBX
001B:0040C04C 8BE5 MOV ESP,EBP
001B:0040C04E 5D POP EBP
001B:0040C04F C3 RET
ÕâÊÇ×Ó¹ý³Ì½áÊøµÄ±ê×¼Óï¾ä.
CMP EAX,[EBP-04] ºÍ JZ 0040BFC0 ÊÇÅжÏÊäÈëÃÜÂëºÍÔÃÜÂëµÄ³¤¶ÈÊÇ·ñÏà·û.
ÕâÁ½¾äºÜÖØÒª,Çë¼ÇסËü,дÃÜÂëÆƽâ³ÌÐòʱҪÓõ½Ëü.
ΪÁ˼ÌÐøµ÷ÊÔ,°Ñ Z λ Öà 1,µ¥²½..
´úÂëÈçÏÂ:
EAX=00000009 EBX=00BCA488 ECX=00BCA488 EDX=80800000 ESI=0012F33C
EDI=00BCAE11 EBP=0012F284 ESP=0012F25C EIP=0040BFC0 o d I s Z a P c
CS=001B DS=0023 SS=0023 ES=0023 FS=003B GS=0000 DS:0012F33C=9F448C62
--------------------------------------------------byte--------------PROT---(0)--
0023:00BCA488 32 33 34 32 33 34 00 00-26 00 00 00 EC 9C BC 00 234234..&...—™..
0023:00BCA498 00 00 00 00 34 9D BC 00-00 00 00 00 13 00 00 00 ....4?.........
0023:00BCA4A8 00 00 00 00 01 00 00 00-24 00 00 00 16 00 00 00 ........$.......
0023:00BCA4B8 EC 46 BC 00 24 AA BC 00-4F 70 74 69 14 00 00 00 —'..$?.Opti....
-------------------------------------------------------------------------PROT32-
001B:0040BFC0 8B16 MOV EDX,[ESI]
001B:0040BFC2 895604 MOV [ESI+04],EDX
001B:0040BFC5 33C9 XOR ECX,ECX
001B:0040BFC7 8BD3 MOV EDX,EBX
001B:0040BFC9 894DF8 MOV [EBP-08],ECX
001B:0040BFCC 8D4702 LEA EAX,[EDI+02]
001B:0040BFCF C745F402000000 MOV DWORD PTR [EBP-0C],00000002
001B:0040BFD6 8955E4 MOV [EBP-1C],EDX
001B:0040BFD9 8BF8 MOV EDI,EAX
001B:0040BFDB 8B4DF8 MOV ECX,[EBP-08] ;ÒѾÓëÃÜÂë±È½Ï¹ýµÄ×Ö½ÚÊý
001B:0040BFDE 3B4DFC CMP ECX,[EBP-04] ;ÃÜÂëµÄ³¤¶È
001B:0040BFE1 7D64 JGE 0040C047 ;´Ë´¦¸ÄΪ JMP 0040C047,Ò²¿ÉʵÏÖ±©ÆÆ
001B:0040BFE3 56 PUSH ESI
001B:0040BFE4 E8B7FEFFFF CALL 0040BEA0
;ÃÜÂëËã·¨µÄ¹Ø¼ü CALL ,ϲ»¶Ñо¿Ëã·¨µÄÅóÓÑ¿ÉÒÔ¸ú½øÇÆÇÆ,²»¹ýÒ²ÎÞÒâÒå,µÈϽâÊÍΪʲô.
001B:0040BFE9 59 POP ECX
001B:0040BFEA 8B45E4 MOV EAX,[EBP-1C] ;Ö¸ÏòÊäÈëµÄÃÜÂëµÄµÚN¸ö×Ö½Ú,N = [EBP - 8]
001B:0040BFED 8A18 MOV BL,[EAX]
001B:0040BFEF 8A07 MOV AL,[EDI]
001B:0040BFF1 324604 XOR AL,[ESI+04] ;½âÃܳöÔÃÜÂëµÄµÚN¸ö×Ö½Ú
001B:0040BFF4 8845F3 MOV [EBP-0D],AL ;ÔÝ´æ
001B:0040BFF7 807D1400 CMP BYTE PTR [EBP+14],00
001B:0040BFFB 7409 JZ 0040C006
001B:0040BFFD 3A5DF3 CMP BL,[EBP-0D]
001B:0040C000 742F JZ 0040C031
001B:0040C002 33C0 XOR EAX,EAX
001B:0040C004 EB43 JMP 0040C049
001B:0040C006 0FBED3 MOVSX EDX,BL
001B:0040C009 8955EC MOV [EBP-14],EDX
001B:0040C00C 8B4DEC MOV ECX,[EBP-14]
001B:0040C00F 51 PUSH ECX
001B:0040C010 E873D40800 CALL 00499488
001B:0040C015 59 POP ECX
001B:0040C016 50 PUSH EAX
001B:0040C017 0FBE45F3 MOVSX EAX,BYTE PTR [EBP-0D]
001B:0040C01B 8945E8 MOV [EBP-18],EAX
001B:0040C01E 8B55E8 MOV EDX,[EBP-18]
001B:0040C021 52 PUSH EDX
001B:0040C022 E861D40800 CALL 00499488
001B:0040C027 59 POP ECX
001B:0040C028 59 POP ECX
001B:0040C029 3BC8 CMP ECX,EAX ; ¿ªÊ¼¶Ô±È,EAX ΪÔÃÜÂëµÄµÚN¸ö×Ö½Ú
001B:0040C02B 7404 JZ 0040C031 ; ¹Ø¼üÌøת,ºÜÖØÒª,дÆƽâ³ÌÐòʱ,ÒªÓõ½Ëü.
001B:0040C02D 33C0 XOR EAX,EAX
001B:0040C02F EB18 JMP 0040C049
001B:0040C031 FF45E4 INC DWORD PTR [EBP-1C]
001B:0040C034 FF45F8 INC DWORD PTR [EBP-08] ;¶Ô±ÈµÄ×Ö½ÚµØÖ·¼Ó 1
001B:0040C037 47 INC EDI
001B:0040C038 FF45F4 INC DWORD PTR [EBP-0C]
001B:0040C03B 47 INC EDI
001B:0040C03C FF45F4 INC DWORD PTR [EBP-0C]
001B:0040C03F 8B55F8 MOV EDX,[EBP-08]
001B:0040C042 3B55FC CMP EDX,[EBP-04]
001B:0040C045 7C9C JL 0040BFE3 ;ÅжÏÊÇ·ñ¶Ô±ÈÍê±Ï.δÍêÔò¼ÌÐø.
001B:0040C047 B001 MOV AL,01
001B:0040C049 5F POP EDI
001B:0040C04A 5E POP ESI
001B:0040C04B 5B POP EBX
001B:0040C04C 8BE5 MOV ESP,EBP
001B:0040C04E 5D POP EBP
001B:0040C04F C3 RET
Õâ¶Î´úÂë±ãÊÇÃÜÂë±È½ÏµÄ×îÖØÒª²¿·Ö,ÓÉÓÚ´úÂ볤¶ø¸´ÔÓ,ÓÚÊǾÍÓÃ×¢ÊÍÀ´´úÌæ¸ú×Ù.
¶Ô±ùµãÃÜÂëËã·¨¸ÐÐËȤµÄÅóÓÑ,¿ÉÒÔÖ±½Ó¶Ô 40BDC0H Ööϵã,²¢ÒÀÕÕ×¢ÊÍ×Ô¼º¸ú×Ùµ÷ÊÔÒ»ÏÂ.
½âÃÜÆ÷µÄ±àд˼· :
¼ÈÈ»³ÌÐò¿ÉÒÔ°ÑÔÃÜÂë½âÃܳöµ¥×Ö½Ú²¢ÓëÊäÈëÃÜÂë½øÐÐÑ»·±È½Ï,ÎÒÃÇ¿ÉÒÔдһ¸ö³ÌÐò,
¶Ô³ÌÐòÿ´Î½â³öµÄµ¥×Ö½ÚÃÜÂë½øÐÐÆ´½Ó.
Èç¹û°Ñ 40C029 ¡ª 40C030 Ö®¼ä8¸ö×Ö½ÚÈ«²¿Óà NOP Ìî³ä,¿ÉÒÔʵÏÖ±¬ÆÆ.
Õâ˵Ã÷ 40C029 ¡ª 40C030 Ö®¼äÓÐ8¸ö×Ö½Ú¿ÉÒÔÀûÓÃ.¶ø²»Ô¶´¦
0040C03F ÓÐ MOV EDX,[EBP-08] ÕâôһÌõÖ¸Áî,˵Ã÷EDX Ò²¿ÉÒÔÀûÓÃ.
ÓÚÊǽâÃܳÌÐòÏÈΪ ±ùµã ½ø³ÌÔ¶³Ì·ÖÅäÒ»¶ÎÄÚ´æ,È»ºó°ÑÔ¶³Ì´úÂëдÈëÄÚ´æ.
×îºóÔÚ 40C029 ¡ª 40C030 Ö®¼äдÈçÏ´úÂë:
NOP
MOV EDX,XXXXXXXX
CALL EDX
XXXXXXXX ΪԶ³Ì´úÂëµÄÆðʼµØÖ·,±àÒë³É×Ö½ÚÂëÈçÏÂ:
90,BA XXXXXXXX ,FF D2 . ¸ÕºÃ8¸ö×Ö½Ú.
д´Ë³ÌÐòÓö¼ûµÄµÚÒ»¸öÎÊÌâ¾ÍÊÇ: ÈçºÎÈ·¶¨ÔÃÜÂëµÄ³¤¶È?
Ò²ÐíÄã»á˵[EBP -4] ²»¾ÍÊÇÂð? ²»ÊǵÄ,[EBP - 4]ÆäʵÊÇÎÒÃÇÊäÈëÃÜÂëµÄ³¤¶È.
Õâʱ,Äã¿ÉÄܸüÄÉÃÆÁË,Èç¹ûÃÜÂëÑ»·±È½ÏÊÇÓÉÊäÈëµÄÃÜÂëµÄ³¤¶È¾ö¶¨,ÄdzÌÐòµÄ°²È«ÐÔ²»¾ÍÖ»ÓÐÒ»¸ö×Ö½ÚÁË?
±ðÍüÁË,ÎÒÃǽøÈëÕâ¶Î´úÂëÊÇͨ¹ýÇ¿ÖÆÌøתµÄ,Õý³£Çé¿öÏÂ,Ö»ÓÐ[EBP - 4]µÈÓëÔÃÜÂëµÄ³¤¶È²Å½øÐбȽÏ.
¾ÍËãʹÓôúÂë²¹¶¡½øÈëÃÜÂë±È½ÏÄãÒ²ÎÞ·¨ÖªµÀÔÃÜÂëµÄ³¤¶È,ΨһµÄ°ì·¨¾ÍÊÇÈÃ[EBP - 4] µÈÓÚÔÃÜÂëµÄ³¤¶È,
È»ºóÔÙÇ¿ÐÐÌøת.ÓÚÊÇÎÒÃǾÍÔÚ 40BFB4H ´¦µÄ CMP EAX,[EBP-04] ºÍ JZ 0040BFC0 ÏÂÎÄÕÂ.
°ÑËü¸ÄΪ MOV [EBP-04],EAX ºÍ JMP 0040BFC0 ¾Í¿ÉÒÔÍêÃÀ½â¾ö.
¾ßÌå´úÂëʵÏÖ:
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;code.inc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
.486
.model flat, stdcall
option casemap :none
include \masm32\include\windows.inc
include \masm32\include\masm32.inc
include \masm32\include\kernel32.inc
include \masm32\include\advapi32.inc
include \masm32\include\user32.inc
includelib \masm32\lib\masm32.lib
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\advapi32.lib
includelib \masm32\lib\user32.lib
GetPidFromProcName proto :DWORD
WritePMem proto :DWORD,:DWORD,:DWORD,:DWORD
.data
procname db 'FrzState2k.exe' ,00
mempatch db 0ebh,089h,045h,0fch
farcall db 90h,0bah,0ffh,0d2h
funadd dd ?
szMsgBox db 'MessageBoxA',0
szuserdll db 'user32.dll',0
lpMsgfun dd ?
szsvrname db 'MyServerName1',0
szstr1 db '±ùµãÆƽâ³ÌÐò',0
szstr2 db 'ÔËÐд˳ÌÐòºó,°´ CTRL + SHIFT + ALT + F6,µ÷³öÃÜÂëÊäÈë¶Ô»°¿ò',13,10
db '¿ÉÒÔ²»ÓÃÊäÈëÃÜÂë,»òÊäÈëÈÎÒâÃÜÂë.',13,10
db 'µã»÷ OK ,¼´¿ÉÏÔʾÃÜÂë,²¢½øÈë¿ØÖƽçÃæ!',13,10
db '±¾³ÌÐòÆƽâʱ,Ô¶³Ì·ÖÅäµÄ¿Õ¼ä²¢²»ÊÍ·Å.',13,10
db '¶à´ÎÔËÐкóÇëÖØÆð!',13,10,13,10
db 'by figo (×··çÕß)',13, 10, 'QQ : 382174647',0
buf1 db 120h dup (00)
buf2 db 124h dup (00)
szfmt db '"%s"',0
var1 db ' sys',0
.code
mycode:
lpmsg dd ?
sztil db 'ÃÜÂëΪ: ',0
szstr db 'password is '
szpwd db 70h dup (0)
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
startcode:
pushad
call l1
l1:
pop ebx
sub ebx,offset l1
;ºÜ¾µäµÄ´úÂë×Ô¶¨Î»¼¼Êõ,²»Ä°Éú°É!
lea edi, [ebx + offset szpwd]
mov edx,[ebp - 8]
add edi,edx
mov byte ptr [edi],al
inc edx
mov eax,[ebp -4]
cmp edx,eax
jl ext1
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
push MB_OK or MB_SERVICE_NOTIFICATION
;ÓÉÓÚ±ùµã»á²»¶Ï°ÑÃÜÂëÊäÈë¶Ô»°¿òÖÃÇ°,ËùÒÔÖ»ÄܼÓÉÏ MB_SERVICE_NOTIFICATION ³£Êý.
lea edi ,[ebx + offset sztil]
push edi
lea edi ,[ebx + offset szpwd]
push edi
push 0
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
mov eax,[ebx + offset lpmsg]
call eax
ext1:
popad
ret
codeend:
GetPidFromProcName proc lpProcName:DWORD
LOCAL stProcess : PROCESSENTRY32
LOCAL hSnapshot
LOCAL dwProcessID
mov dwProcessID, 0
invoke RtlZeroMemory, addr stProcess, sizeof stProcess
mov stProcess.dwSize, sizeof stProcess
invoke CreateToolhelp32Snapshot, TH32CS_SNAPPROCESS, 0
mov hSnapshot, eax
invoke Process32First, hSnapshot, addr stProcess
.while eax
invoke lstrcmpi, lpProcName, addr stProcess.szExeFile
.if eax==0
mov eax, stProcess.th32ProcessID
mov dwProcessID, eax
.break
.endif
invoke Process32Next, hSnapshot, addr stProcess
.endw
invoke CloseHandle, hSnapshot
mov eax, dwProcessID
ret
GetPidFromProcName endp
WritePMem proc hproc:DWORD, rwadd:DWORD ,lpbuff:DWORD, nsize:DWORD
local dwrwcnt
local oldpct
invoke VirtualProtectEx,hproc,lpbuff,4096,PAGE_EXECUTE_READWRITE,addr oldpct
.if !eax
ret
.endif
invoke WriteProcessMemory ,hproc,rwadd,lpbuff,nsize,addr dwrwcnt
invoke VirtualProtectEx,hproc,lpbuff,4096,oldpct,addr oldpct
mov eax, dwrwcnt
ret
WritePMem endp
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;code.inc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;deep.asm;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
include code.inc
start:
Main proc
local hproc1
local hSCManager
local hService
;//////////ÌáȨ///////////////////////////////////////////////////////////
invoke GetCommandLine
mov esi,eax
invoke GetModuleFileName,NULL,addr buf1,255
invoke wsprintf,addr buf2,addr szfmt,addr buf1
;Èç¹û²»½«Îļþ·¾¶¼ÓÉÏË«ÒýºÅ,ÔòÎÞÔÚ´øÓпոñµÄ·¾¶ÃûÖÐÕý³£ÔËÐÐ.
invoke lstrcat,addr buf2,addr var1
invoke lstrcmpi,addr buf2,esi
jz startmain
invoke OpenSCManager, NULL, NULL, SC_MANAGER_CREATE_SERVICE
.if eax
mov hSCManager, eax
invoke OpenService, hSCManager, addr szsvrname , DELETE
.if eax!=0
mov hService, eax
invoke DeleteService, hService
invoke CloseServiceHandle,hService
.endif
invoke CreateService, hSCManager,addr szsvrname, addr szsvrname, \
SERVICE_START + SERVICE_QUERY_STATUS + DELETE, \
SERVICE_WIN32_OWN_PROCESS + SERVICE_INTERACTIVE_PROCESS, SERVICE_DEMAND_START, \
SERVICE_ERROR_IGNORE, addr buf2, NULL, NULL, NULL, NULL, NULL
.if eax!=0
mov hService, eax
invoke StartService, hService, 0, NULL
invoke DeleteService, hService
invoke CloseServiceHandle, hService
.endif
invoke CloseServiceHandle, hSCManager
.endif
invoke ExitProcess,0
;////////////////////ÒÔ·þÎñµÄ·½Ê½ÔËÐÐ×ÔÉí////////////////////////////////////////
startmain:
invoke GetPidFromProcName ,addr procname
invoke OpenProcess,PROCESS_ALL_ACCESS,NULL,eax
mov hproc1,eax
lea esi,mempatch
invoke WritePMem,hproc1,0040bfb7h,esi,1
invoke WritePMem,hproc1,0040c02bh,esi,1
inc esi
invoke WritePMem,hproc1,0040bfb4h,esi,3
invoke GetModuleHandle, addr szuserdll
invoke GetProcAddress,eax,addr szMsgBox
mov lpMsgfun,eax
invoke VirtualAllocEx,hproc1,NULL,1024,MEM_COMMIT,PAGE_EXECUTE_READWRITE
.if eax
mov esi,eax
invoke WritePMem,hproc1,esi,offset mycode,offset codeend - offset mycode
invoke WritePMem,hproc1,esi,offset lpMsgfun ,4
mov edi,offset startcode - offset mycode
add esi,edi
mov funadd,esi
mov esi,0040c029h
invoke WritePMem,hproc1,esi,offset farcall,2
inc esi
inc esi
invoke WritePMem,hproc1,esi,offset funadd,4
add esi ,4
invoke WritePMem,hproc1,esi,offset farcall + 2 ,2
.endif
invoke MessageBox,NULL,addr szstr2,addr szstr1,MB_OK
;×¢ÒâÕâ¾ä,±ÊÕßµÄÓÃÒâ¿É²»Êǽö½öΪÁËÌáʾÓû§,¶øÊDZØÐëÒªÓÐÕâô¸öº¯Êý.
invoke ExitProcess,0
Main endp
end start;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;deep.asm;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
ÓÉÓÚ±ùµãÊÇÒÔ·þÎñµÄ·½Ê½ÔËÐÐ,½ø³Ì¾ßÓÐSYSTEM ȨÏÞ.Òª¶ÔËü½øÐÐÄÚ´æµÄ¶ÁдÓë·ÖÅä,Ðë½øÐÐÌáȨ.
ÌáȨµÄ·½·¨ÓкܶàÖÖ,ΪÁ˼õС´úÂëµÄƪ·ù,Ö»ºÃÑ¡×î¼òµ¥µÄÌáȨ·½Ê½:
ÒÔ·þÎñµÄ·½Ê½ÔËÐÐ×ÔÉí,ÕâÑù¾Í¿ÉÒԺܷ½±ãµÃµ½SYSTEM ȨÏÞ.
ΨһµÄȱº¶¾ÍÊÇÁí´´½ø³Ì,ÕâÔÚ´úÂëµ÷ÊÔʱ,¸ø OD ´øÀ´²»Ð¡µÄÂé·³.
Ò»´ÎÐÔÃÜÂëµÄËã·¨£º
G ¼ÌÐøÔËÐбùµã³ÌÐò,³ÌÐòÓÖ±»ÖжÏ.....,ÄÇÊÇ¿ªÊ¼±È½ÏÒ»´ÎÐÔÃÜÂë.
¾ßÌåµ÷ÊÔ·½·¨ÓëÉÏÃæÀàËÆ,ÕâÀï¾Í²»ÔÙÖظ´ÁË,Ò²¿ÉÒÔ°ÑÉÏÃæµÄ´úÂëÉÔ¼ÓÐÞ¸Ä,ÓÃÓÚ½âÒ»´ÎÐÔÃÜÂë.
½âÒ»´ÎÐÔÃÜÂë½ÏΪÀíÖǵķ½·¨¾ÍÊÇ·ÖÎö·þÎñ¶ËµÄÖ÷³ÌÐò,ÏÂÃæÒ»´ÎÐÔÃÜÂëµÄËã·¨¾ÍÊǸú×Ù·þÎñ¶Ë³ÌÐòµÃÀ´µÄ.
ÓÉÓÚƪ·ùµÄÔÒò,ÎÒÖ»Ìù³öËã·¨,¾ßÌåµ÷ÊÔ·½·¨¾Í²»Ð´ÁË.ÒòΪ·ÖÎöÒ»´ÎÐÔÃÜÂëËã·¨Ô¶Ô¶¸´ÔÓÓÚ½â¿Í»§¶ËÃÜÂë,
µ¥µ¥Ò»´ÎÐÔÃÜÂëµÄ·ÖÎö,¾Í¿ÉÒÔÔÙд³ÉһƪÎÄÕÂ.
¾ßÌåËã·¨ÈçÏÂ:
///////////////////////////////OT.CPP////////////////////////////////////
#include "stdio.h"
#include "stdlib.h"
#include "string.h"
#define UL unsigned long
#define SI signed short int
#define SL signed long
UL pwd(UL a,UL b,UL c);
SI hl(SI srt);
UL cr(char str1[] );
void main(int argc, char* argv[])
{
UL pwd1,pwd2,pwd3;
char *cstcode = new char[0x80];
char etystr[] = {"Igor Zagoruchenko"} ;
printf("\t\t One Time Password Generation System \n\n by figo \n\n");
printf("\nPlease enter the customization code: \n");
if(!(scanf("%s",cstcode)))
return;
printf("\nPlease enter OTP Token : \n");
if(!(scanf("%8x",&pwd1)))
return;
pwd2 = cr(etystr);
pwd3 = cr(cstcode);
pwd1 = pwd(pwd1,pwd2,pwd3);
printf("\n\nThe One Time Password is : \n\n");
printf("%8X (Password valid for one use only)\n\n\n\n",pwd1);
ltoa(pwd1,cstcode,16);
pwd2 = cr(cstcode);
ltoa(pwd2,cstcode,16);
cstcode = strupr(cstcode );
printf("%4.4s-%8X (Password valid for multiple uses ) \n\n\n\n\n",cstcode,pwd1);
delete cstcode;
system("pause");
}
UL pwd(UL a,UL b,UL c)
{
SI s1,s2,s3;
a ^= b;
a ^= c;
b = a << 0x10;
b >>= 0x10;
c = a >> 0x10;
a = b^c;
s1 = (SI)a;
s2 = (SI)b;
s3 = (SI)c;
s1 = hl (s1);
s3 = hl (s3);
s3 ^= s2;
a= s1;
a <<= 0x10;
a += s3;
return a;
}
SI hl(SI srt)
{
SL a,b,c;
a = srt;
b = a;
a /= 0xb1;
b = b%0xb1;
c = b * 0xab;
a += a;
c -= a;
a = c;
b = a;
a <<= 0x0f;
a -= b;
srt = (SI)a;
return srt;
}
UL cr(char str1[] )
{
int i = 0 ,k =0;
char c1;
unsigned long rst = 0,l1,l2;
while (!(str1[i] == 0))
{
c1 = str1[i];
if( (c1 >= 'A') && (c1<='Z' ) )
c1 |= 0x20;
else
c1 = c1;
l1 = c1;
rst <<= 4;
l1 += rst;
rst = l1;
l1 &= 0xf0000000;
if(l1)
{
l2 = l1 >> 0x18;
rst ^= l2;
}
l1 = ~l1;
rst &= l1;
i++;
}
return rst;
}
////////////OT.CPP///////////////////////////////////////////////////////////////////
ÉÏÃæ´úÂëÊÇÄ£Äâ±ùµãµÄÒ»´ÎÐÔÃÜÂëÉú³Éϵͳ, Ö»ÊÇΪÁËÄ£ÄâÑÝʾËã·¨,ËùÒÔÐèÒªÊäÈëÓû§µÄ×Ô¶¨ÒåÂë.
Ö±½ÓÔÚ¿Í»§¶Ë½â³öÒ»´ÎÐÔÃÜÂë¶ø²»ÓÃÓû§×Ô¶¨ÒåÂëµÄÏêϸ´úÂë¼û¸½¼þ(Ò»¶¨Òª°²×°±ùµã¿Í»§¶Ë²ÅÄܽâ³öÒ»´ÎÐÔÃÜÂë).
±ùµãµÄ·ÖÎöµ½´ËΪֹ.ÎÄÕµĿªÊ¼ÎÒÃÇÌáµ½²å¼þ IceExt 0.70.ÏÂÃæ½²½â IceExt 0.70µÄÃîÓÃ.
ÎÒÃǶ¼ÖªµÀ SOFTICE ÎÞ·¨Ïó OD Ò»ÑùÓÐÇ¿´óµÄÎı¾¸´Öƹ¦ÄÜ.µ«ÊÇдÆÆÎĵÄʱºòÓõ½µÄÄÇЩ´úÂëƬ¶ÎÔõô°ìÄØ?
Èç¹û˵ÊÇ°ÑËü³ÏÂÀ´,È»ºóÔÙÊÖ¶¯ÊäÈë³ÉÎÄÕÂ,ÄÇÕâÑùµÄÆÆÎÄÎÒÊDz»»áдµÄ.
IceExt 0.70 ²å¼þÖÐÓиöת´æÆÁÄ»µÄ¹¦ÄÜ,µ«Ëü±£´æµÄÊÇRAW ¸ñʽµÄÎļþ,¶ø²»ÊÇÎı¾.
ÓÃÊ®Áù½øÖƱà¼Æ÷´ò¿ªIceExt 0.70 ת´æµÄÎļþ,·¢ÏÖ RAW ¸ñʽÆäʵºÜ¼òµ¥:
ÿ¸ö×Ö·ûÓÃ2¸ö×Ö½Ú±£´æ:
µÚÒ»¸ö×Ö½Ú±£´æ×Ö·ûµÄÖµ.
µÚ¶þ¸ö×Ö½Ú±£´æ×Ö·ûµÄÊôÐÔ,µÍËÄλΪǰ¾°É«,¸ßËÄλΪ±³¾°É«.
Íæ¹ýÊ®Áùλ»ã±àµÄÅóÓÑ,Èç¹ûÓг¢ÊÔÔÚÏÔʾ»º³åÇøÄÚдÈë²ÊÉ«×ÖµÄ,Ó¦¸Ã¶Ô´Ë²»Ä°Éú°É!
ÔÙ¿´Ò»ÏÂÎļþµÄ³¤¶È,¸ÕºÃµÈÓÚ WIDTH µÄÖµ * LINES µÄÖµ * 2
ÏÂÃæÎҾͰÑÌáÈ¡RAWÖÐ×Ö·ûµÄ´úÂëÌùÒ»ÏÂ:
///////////////////////duptxt.cpp//////////////////////////////
/*//2007.6.7 by figo (×··çÕß) QQ: 382174647
½öÓÃÓÚѧϰ½»Á÷,´úÂëÖÐÓÐÈκÎÎÊÌâÇëÁªÏµÎÒ...
³ÌÐòÓ÷¨:
duptxt.exe rawfilename [width]
rawfilename ΪIceExt Dump ³öÀ´µÄRAW ¸ñʽµÄÎļþ.
width ΪSOFTICE ÖÐ width Ö¸ÁîµÄÉèÖÃÖµ,ĬÈÏΪ 80¡£
³ÌÐòÔËÐгɹ¦,»áÔÚ rawfilename ÎļþµÄĿ¼ÏÂÉú³É rawfilename.txt Îļþ...
//*/
#include "stdio.h"
#include "afx.h"
void main(int argc, char* argv[])
{
CFile f1,f2;
CString txtfn1;
int width = 80,lines, i,k;
unsigned int cr=0x0a0d;
unsigned char tmp;
if( argc < 2)
{
printf("ÕýÈ·²ÎÊý¸ñʽΪ:\n ");
printf("%s rawfilename [width] \n",argv[0]);
return;
}
else if(argc > 2)
{
width = atoi( argv[2] );
}
if (!(f1.Open(argv[1],CFile::modeRead )))
{
printf("%s Îļþ´ò¿ªÊ§°Ü!\n",argv[1]);
return;
}
txtfn1 = argv[1];
txtfn1 += ".txt";
if(!(f2.Open(txtfn1, CFile::modeWrite | CFile::modeCreate )))
{
printf(" %s Îļþ´´½¨Ê§°Ü!\n",txtfn1);
return ;
}
f1.SeekToBegin ();
f2.SeekToBegin ();
lines = f1.GetLength ();
lines /= width * 2;
for(k=0 ;k<lines;k++)
{
for(i =0 ; i<width;i++)
{
f1.Read (&tmp,1);
//////////////////
if (tmp == 0xc4)
tmp = '-';
else if((tmp >= 0x10)&&(tmp <0x20))
tmp = 0x20;
/////////////////
f2.Write (&tmp,1);
f1.Seek (1,CFile::current);
}
f2.Write (&cr,2);
}
f1.Close ();
f2.Close ();
}
//////////////////////////////duptxt.cpp///////////////////////////////////////////
±àÒëÉÏÃæ´úÂëʱ,ҪעÒâÔÚ¹¤³ÌÉèÖÃÖÐÑ¡Ôñ Use MFC in a Shared DLL .
´úÂëʹÓõÄÊÇMFCÀà,ËùÒÔÖ»ÒªÉÔ¼ÓÐÞ¸Ä,¾Í¿ÉÒÆÖ²µ½ MFC³ÌÐòÖÐ.
Æäʵ֪µÀRAW ÎļþµÄ¸ñʽ,ÍêÈ«¿ÉÒÔ³¢ÊÔ×Ô¼º±àдһ¸ö,Ò²ÏàÐÅÄãÃÇ»áдµÄ±ÈÎÒ¸üºÃ.
--------------------------------------------------------------------------------
¡¾¾Ñé×ܽ᡿
¹ØÓÚ±ùµã:
±ùµãÎÞ½â! ¾ÝÍøÉϽéÉÜ˵´ËÈí¼þÖÁ½ñΪÕÒµ½Æƽⷽ·¨.
ÆäʵÕâ»°²»¼Ù,±ùµãµÄ¼ÓÃܵÄÈ·Ç¿º·.Ç¿¿Ç,·´¼ÓÔØ,·´µ÷ÊÔ,¶¨Ê±¼ì²â,ÒÔ·þÎñ½ø³ÌÔËÐÐ,ÄÜÀ¹½ØIO...µÈ¼¼Êõ
×ãÒÔÈÃÖÚ¶àµÄ Cracker Íû¶øÈ´²½,×ÝÈ»ÊÇ ÍѿǸßÊÖ + ¾²Ì¬·ÖÎö¸ßÊÖ,Ò²ºÜÎÞÄÎ.
ÒòΪÎÞ·¨¼ÓÔØËü,ËüÐèÒªÒÔ·þÎñµÄÐÎʽÔËÐÐ.²¢Çһ᲻¶Ï°Ñ´°ÌåÖÃÇ°,ÒÔ¸ÉÈŵ÷ÊÔ.
²ÉÓöàÏ̶߳¨Ê±Æ÷±£»¤,µ±Ä³¸öÏ̼߳ì²âµ½×Ô¼º»òÁíÒ»¸öÏ̱߳»ÔÝÍ£,¾ÍÍ˳ö½ø³Ì.
ÒÔÉÏÕâЩ¼¼Êõ¶Ô¸¶ OD ºÜÊÇ×àЧ,ËùÒÔºÜÓбØÒªÈÏʶÁíÒ»¿î¹¦ÄÜÇ¿º·µ÷ÊÔÆ÷ SOFTICE
Ò»µã²¹³ä:
Æäʵ±ùµã6.00.XXX.XXXX (ÆóÒµ°æ)µÄ¼ÓÃÜ·½·¨Ò»Ñù,Ö»ÊÇ°æ±¾µÄ²»Í¬,ʹ´úÂëµÄÆ«ÒÆλÖÃÒ²²»Í¬.
ËùÒÔ½âÃÜÆ÷Ö»Õë¶ÔÓë 6.00.220.1692 °æ,ÄãÒ²¿ÉÒÔʹÓÃÉÏÃæµÄ¸ú×Ù·½·¨À´¸ú×ÙÆäËü°æµÄ±ùµã.
ÕÒ³öÆ«ÒƵØÖ·²î,Ö»ÒªÉÔ΢ÐÞ¸ÄһϴúÂë,¾ÍÄܰѽâÃÜÆ÷ÓÃÓÚÆäËü°æ±¾......
ÎÄÕµÄÄ¿µÄÊÇΪÁËѧϰµ÷ÊÔ·½·¨ºÍÃÜÂëËã·¨,ËùÒÔ²»Ï뻨¹ý¶àµÄʱ¼äȥдһ¸öͨÓÃÓëÆäËû°æ±¾µÄ½âÃÜÆ÷.
ÎÒҲϣÍûÅóÓÑÃÇ¿´ÕâƪÎÄÕµÄʱºòµÄÊÕ»ñÊÇѧ»áÓà SOFTICE µ÷ÊÔ±ùµã,¶ø²»Êǵõ½±ùµãµÄ½âÃÜÆ÷....
ÔÚ´úÂëµÄ×¢ÊÍÖÐÎÒÌáµ½: ÃÜÂëËã·¨µÄ¹Ø¼ü CALL,¾ÍËã¸ú½øÒ²ÎÞÒâÒå......
ÔÚ´ËÎÒ×öһϽâÊÍ:
ÒòΪ¾ÍËãÖªµÀ±ùµãµÄÃÜÂëËã·¨ÄãÒ²ºÜÄÑ×ö³É×¢²á»ú,ËüµÄËã·¨²¢²»ÄÑ.
Ö»ÊÇ,±ùµã°ÑÃÜÎÄÊý¾ÝѹËõ²¢Ð´ÈëÎļþ, Äã¿ÉÄÜÖªµÀѹËõºóµÄλÖÃ,µ«È´ÎÞ·¨ÖªµÀËü½âѹºóµÄÊý¾ÝµØÖ·»ò½âѹËü
(Ó¦¸Ã²»»áÈ¥¸ú×ÙËüÊÇÓÃÄÄÒ»ÖÖѹËõÒýÇæѹËõµÄ°É? ÍòÒ»·¢ÏÖÄÇѹËõÒýÇæÊÇ×ÔдµÄÄØ?).
ÖªµÀËã·¨ÄÜÄÎËüºÎ? °¦..............
¹ØÓÚµ÷ÊÔÆ÷:
OllyDbg ,Ò×Óöø¹¦ÄÜÇ¿´óµÄµ÷ÊÔÆ÷,³ýÁ˵÷ÊÔÓëϵͳµ×²ãÏà¹ØµÄһЩ³ÌÐò(±ÈÈç Çý¶¯,ROOTKITS,RING0 ³ÌÐòµÈ)
OD ¼¸ºõÎÞËù²»ÄÜ,ÆäÇ¿´óµÄ´úÂëÖÇÄÜ·ÖÎö¹¦ÄÜÊÇÆäËüÖÚ¶àµ÷ÊÔÆ÷ËùÎÞ·¨±ÈÄâµÄ.²»¿É·ñÈÏOD ÊÇ×îÇ¿Óû§¼¶µ÷ÊÔÆ÷.
Cracker ÃÇËƺõ½¥½¥ÍüµôÔø¾µ÷ÊÔÆ÷ÖеÄÍõÕß -- SOFTICE,¡¶¿´Ñ©ÂÛ̳¾«»ª¡·Öн¥½¥Ã»Á˹ØÓÚ SOFTICE ÆƽâµÄÎÄÕÂ.
µ«Ïó±ùµãÕâÖÖÈí¼þÈ´Ö»ÄÜÓÃSOFTICE À´½â,SOTFICE ÊÇÄں˼¶µ÷ÊÔÆ÷,ÖжÏʱÁ¬ÏµÍ³Ê±ÖÓÒ²Ò»ÆðÍ£ÁË.
¿ÉÒÔ²»Óõ£ÐĶ¨Ê±Æ÷¼ì²â,ËùÓÐÏ̶߳¼±»¹ÒÆð,²Ù×÷ϵͳҲ²»ÀýÍâ,ËùÒÔÒ²²»Óõ£ÐÄ´°¿ÚÖÃÇ°µÄ¸ÉÈÅ.
SOFTICE ÊǼ´Ê±ºô³ö,±ùµãµÄ·´¼ÓÔغ͵÷ÊÔÆ÷µÄÀ¦°óʧ°Ü,²»ÊÇÄãËù¿¼ÂǵÄÎÊÌâ,ÄãֻҪרÐÄÖúöϵã¾ÍÐÐ.
ºÜÄÑÏàÐÅÓà OD ¿ÉÒÔ½âµô´ËÀàÈí¼þ,±ÊÕßÒ²³¢ÊÔ×ÅOD À´½â±ùµã,½á¹ûÅöµÄÒ»±Ç×Ó»Ò.
ËäÈ»Ëæ×ÅÐéÄâ¼ÆËã»ú¼¼ÊõµÄ²»¶Ï³ÉÊìºÍ¼ÆËã»úÓ²¼þµÄÐÔÄÜÔ½À´Ô½ºÃ,¼Û¸ñÈ´Ô½À´Ô½±ãÒË(±ÊÕßѧ¼ÆËã»ú½üÎåÄêÁË,
ÒÀÈ»¼ÇµÃµ±³õ×Ô¼ºµÄ 2500+ ±ÈÏÖÔÚµÄ 3800+ ¹ó N ¶à,°¦....,¿ÉŵÄĦ¶û¶¨ÂÉ...)
SOFTICE ºÜ¿ÉÄܻᱻ¹¦ÄܸüΪǿ´óµÄË«»úÄں˵÷ÊÔÆ÷ WINDBG ,VISUAL SOFTICE ËùÌæ´ú.
µ«ÖÁÉÙÔÚ½ñÌì,SOFTICE µÄÇ¿´óµ÷ÊÔ¹¦ÄÜ,Áé»î,Îȶ¨.¶¼ºÜÖµµÃÎÒÃÇ»¨Ò»Ð©Ê±¼äѧËü,²¢Ê¹ÓÃËü.
ÎÄÕµ½´Ë½áÊø,Ê×ÏÈ,ллÄãÄÜ¿´µ½ÕâÀï. µ±È»,ÓÉÓÚÎÄÕÂдµÄ²Ö´Ù´íÎóÔÚËùÄÑÃâ.
¶ÔÎÄÕÂÖ¸ÕýÓ뽨ÒéÊÇÄã¶ÔÎÒ×÷Æ·×î´óµÄÖ§³ÖÓë¿Ï¶¨,ллÄã..............
--------------------------------------------------------------------------------
¡¾°æȨÉùÃ÷¡¿: ±¾ÎÄÔ´´ÓÚ¿´Ñ©¼¼ÊõÂÛ̳, תÔØÇë×¢Ã÷×÷ÕßÓë³ö´¦²¢±£³ÖÎÄÕµÄÍêÕû, лл!
2007Äê06ÔÂ12ÈÕ ÉÏÎç 09:36:06
- ±ê Ì⣺ ±ùµãÃÜÂëÆƽ⠡ª Ç¿º·µÄµ÷ÊÔÆ÷ SOFTICE
- ×÷ Õߣºfigo
- ʱ ¼ä£º2007-06-11 15:17
- ¸½ ¼þ£ºdeep.rar
- Á´ ½Ó£ºhttp://bbs.pediy.com/showthread.php?t=46153