亚洲色一色噜一噜噜噜_在线国产精品一区二区_91国自产拍 精品_国产伦三级一区二区

<object id="nlumt"><tt id="nlumt"><pre id="nlumt"></pre></tt></object>

<legend id="nlumt"><mark id="nlumt"></mark></legend>

<pre id="nlumt"><tt id="nlumt"><rt id="nlumt"></rt></tt></pre>

<bdo id="nlumt"><delect id="nlumt"></delect></bdo>

<ruby id="ef1ly"></ruby>

<object id="ef1ly"></object>

<ul id="ef1ly"><td id="ef1ly"></td></ul>

汶上信息港

標(biāo)題: 實現(xiàn)調(diào)用加殼的外殼中的子程序的一點見解 [打印本頁]

---

作者: hbhdgpyz    時間: 2008-9-28 16:31
標(biāo)題: 實現(xiàn)調(diào)用加殼的外殼中的子程序的一點見解
<P class=MsoNormal><SPAN style="FONT-FAMILY: 宋體; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'">加殼往往是實現(xiàn)對原</SPAN><SPAN lang=EN-US>PE</SPAN><SPAN style="FONT-FAMILY: 宋體; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'">的節(jié)數(shù)據(jù)加密、壓縮，若能加殼的同時，讓加殼后的程序調(diào)用殼中的某些子程序，那加殼強度大大增加。這樣處理后，即使脫掉了殼，程序執(zhí)行也肯定不正常，因為脫殼的同時也將這些子程序脫掉了！</SPAN><SPAN lang=EN-US> </SPAN></P>
<P class=MsoNormal><SPAN lang=EN-US><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN style="FONT-FAMILY: 宋體; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'">怎樣實現(xiàn)呢？作為探討性的介紹，還是搞一個最基本的來說（假設(shè)現(xiàn)在您已經(jīng)會寫</SPAN><SPAN lang=EN-US>PE-exe</SPAN><SPAN style="FONT-FAMILY: 宋體; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'">、</SPAN><SPAN lang=EN-US>PE-dll</SPAN><SPAN style="FONT-FAMILY: 宋體; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'">等</SPAN><SPAN lang=EN-US>PE</SPAN><SPAN style="FONT-FAMILY: 宋體; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'">加殼程序）：</SPAN><SPAN lang=EN-US> </SPAN></P>
<P class=MsoNormal><SPAN lang=EN-US><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN style="FONT-FAMILY: 宋體; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'">我的實現(xiàn)是這樣的：作為一個</SPAN><SPAN lang=EN-US>PE</SPAN><SPAN style="FONT-FAMILY: 宋體; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'">文件，多多少少程序中會有</SPAN><SPAN lang=EN-US>mov eax,1</SPAN><SPAN style="FONT-FAMILY: 宋體; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'">或</SPAN><SPAN lang=EN-US>mov eax,0</SPAN><SPAN style="FONT-FAMILY: 宋體; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'">的語句，就是從這里開刀，因為</SPAN><SPAN lang=EN-US>mov eax,xxxxxxxx</SPAN><SPAN style="FONT-FAMILY: 宋體; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'">這樣的指令長度正好與</SPAN><SPAN lang=EN-US>Call xxxxxxxx</SPAN><SPAN style="FONT-FAMILY: 宋體; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'">指令的長度一樣，處理起來相對簡單。在加殼程序加殼時，查找這些語句統(tǒng)統(tǒng)換成：</SPAN><SPAN lang=EN-US> </SPAN></P>
$ v% y" Q6 t/ p9 M<P class=MsoNormal><SPAN lang=EN-US>call shellSub </SPAN></P>
4 a- q+ B+ h5 x* Y  }5 C9 p9 m<P class=MsoNormal><SPAN lang=EN-US>// </SPAN></P>
) p- |4 c$ |5 U: \1 H) R4 o) U+ `% X<P class=MsoNormal><SPAN lang=EN-US>shellSub</SPAN><SPAN style="FONT-FAMILY: 宋體; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'">實現(xiàn)如下：</SPAN><SPAN lang=EN-US> </SPAN></P>
7 f$ F2 B/ L; j* [8 e<P class=MsoNormal><SPAN lang=EN-US>shellSub() </SPAN></P>
8 `3 n# X3 l! N8 H1 s4 U0 N8 k<P class=MsoNormal><SPAN lang=EN-US>{ </SPAN></P>
<P class=MsoNormal><SPAN lang=EN-US><SPAN style="mso-spacerun: yes">&nbsp; </SPAN>mov eax,1 </SPAN><SPAN style="FONT-FAMILY: 宋體; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'">或</SPAN><SPAN lang=EN-US> mov eax,0 </SPAN></P>
. `7 d0 }0 r0 C) U' L3 m<P class=MsoNormal><SPAN lang=EN-US>} </SPAN></P>
<P class=MsoNormal><SPAN lang=EN-US><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN style="FONT-FAMILY: 宋體; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'">當(dāng)然，這里有個問題是怎樣計算這個</SPAN><SPAN lang=EN-US>Call xxxxxxxx</SPAN><SPAN style="FONT-FAMILY: 宋體; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'">的</SPAN><SPAN lang=EN-US>xxxxxxxx</SPAN><SPAN style="FONT-FAMILY: 宋體; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'">，其實想一想也很簡單，加殼時候我們已經(jīng)計算出了外殼程序的入口</SPAN><SPAN lang=EN-US>RVA</SPAN><SPAN style="FONT-FAMILY: 宋體; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'">，只要以這個</SPAN><SPAN lang=EN-US>RVA</SPAN><SPAN style="FONT-FAMILY: 宋體; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'">為基準(zhǔn)，就可以得到</SPAN><SPAN lang=EN-US>:(shellSub</SPAN><SPAN style="FONT-FAMILY: 宋體; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'">的</SPAN><SPAN lang=EN-US>RVA)-(mov eax,1</SPAN><SPAN style="FONT-FAMILY: 宋體; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'">的</SPAN><SPAN lang=EN-US>RVA)</SPAN><SPAN style="FONT-FAMILY: 宋體; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'">的差值，這個差值再減去</SPAN><SPAN lang=EN-US>5</SPAN><SPAN style="FONT-FAMILY: 宋體; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'">（</SPAN><SPAN lang=EN-US>Call</SPAN><SPAN style="FONT-FAMILY: 宋體; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'">的指令長度）就是</SPAN><SPAN lang=EN-US>xxxxxxxx</SPAN><SPAN style="FONT-FAMILY: 宋體; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'">。</SPAN><SPAN lang=EN-US> </SPAN></P>
5 u/ \! N7 c/ y/ `# o3 V( ]<P class=MsoNormal><SPAN lang=EN-US><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN style="FONT-FAMILY: 宋體; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'">這里僅僅拋磚引玉的介紹了最基本的方法，其實通過變化，可以對原程序的很多特定語句實現(xiàn)改成調(diào)用外殼中不同的</SPAN><SPAN lang=EN-US>sub</SPAN><SPAN style="FONT-FAMILY: 宋體; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'">，大大增加了外殼的保密強度。</SPAN><SPAN lang=EN-US> </SPAN></P>
<P class=MsoNormal><SPAN lang=EN-US><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN style="FONT-FAMILY: 宋體; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'">這樣處理后，可想而知，脫殼后的運行情況：</SPAN><SPAN lang=EN-US>Windows</SPAN><SPAN style="FONT-FAMILY: 宋體; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'">錯誤，某個地址不能為讀或?qū)?。。呵呵，要的就是這個效果?。。?lt;/SPAN><SPAN lang=EN-US> </SPAN></P>
6 s' k& s, J9 e- U0 Y<P class=MsoNormal><SPAN lang=EN-US><SPAN style="mso-spacerun: yes">&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN style="FONT-FAMILY: 宋體; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'">錯誤之處，懇請各位高手指正！</SPAN><SPAN lang=EN-US> </SPAN></P>

---

歡迎光臨 汶上信息港 (http://www.loveproblemguru.com/)

Powered by Discuz! X3.5

亚洲色一色噜一噜噜噜_在线国产精品一区二区_91国自产拍 精品_国产伦三级一区二区

<object id="nlumt"><tt id="nlumt"><pre id="nlumt"></pre></tt></object>

<legend id="nlumt"><mark id="nlumt"></mark></legend>

<pre id="nlumt"><tt id="nlumt"><rt id="nlumt"></rt></tt></pre>

<bdo id="nlumt"><delect id="nlumt"></delect></bdo>

日本一本2019道国产香蕉 亚洲女人被黑人巨大进入 女同欧洲亚洲一区二区 日本一区不卡高清更新二区 大伊香蕉精品视频在线3

<dfn id="lffye"><td id="lffye"></td></dfn>

<span id="lffye"></span>

<strike id="lffye"></strike>

<ol id="lffye"><th id="lffye"><b id="lffye"></b></th></ol>

<menu id="lffye"></menu>