您的位置:来自:中国网络技术中心
玩牧马就要学会怎么下马,更重要的是保护好自己的马儿。学点加密解密的技术,对我们新手很重要!
下面是我整理ProcDump32脚本,其中UPX-Scrambler RC1.x脱壳后需用LoadPE重建PE。将以下内容保存为Script.ini,放在ProcDump.exe同个文件夹里即可。
------------------------------------------------------------------------------------
[OPTIONS]
CAPTION=ProcDump32 (C) 1998, 1999, 2000 G-RoM, Lorian & Stone
BHRAMA=ProcDump32 - Dumper Server
OPTL1=00000000
OPTL2=01000101
OPTL3=01010001
OPTL4=00010000
OPTL5=00000000
[INDEX]
P1=Aspack<108
P2=Aspack108
P3=Aspack108.2
P4=Aspack108.3
P5=Aspack108.4
P6=Aspack2000
p37=Aspack2.??-2.1
P33=Aspack2.12
P7=CodeSafe 3.X
p35=Crunch 1.1
p3A=EZIP 1.0
P8=Hasiuk/NeoLite
P9=Manolo
PA=Neolite2
PB=PCGUARD v2.10
PC=PCShrink
PD=PCShrink II
PE=PECompact
PF=PECompact 0.971 b
P10=PECompact 0.975 b
p3B=PECompact1.25
P11=PECompact v1.34
P12=PESHiELD
P13=PESHiELD Secure
P14=PEPack
P15=Petite 1.x
P16=Petite 2.0
P17=Petite 2.1
P18=Petite<1.3
P19=PKLiTE
p38=Sentinel
P1A=Shrinker 3.x
P1B=Shrinker 3.2
P1C=Shrinker 3.3
P1D=Shrinker 3.4
P1E=SoftSentry 2.11
P1F=SoftSentry 3.0
P20=Standard
P21=STNPE Encrypter 1.xx
p39=UPX
P22=UPX<0.7X
P23=UPX 0.7X-0.8X
P24=UPX 0.89.6
p36=Upx 1.01
P34=UPX-Scrambler RC1.x
P25=VBOX Dialog
P26=VBOX Std
P27=VGCrypt 0.75
P28=Wwpack32
P29=Wwpack32 I
P2A=Wwpack32 II
P2B=EXE32Pack1.3x
P2C=彩虹Sentinel狗
P2D=飞天公司Rockey加密狗
P2E=深思III加密狗
P2F=金天地GS加密狗
p30=坚石狗ROCKEY
p31=铁甲2.01
p32=铁甲1.09
[Aspack<108]
L1=OBJR
L2=LOOK 75,00,E9
L3=BP
L4=WALK
L5=WALK
L6=OBJR
L7=LOOK 61,FF,E0
L8=ADD 1
L9=BP
LA=STEP
OPTL1=00000000
OPTL2=01010001
OPTL3=01010001
OPTL4=00030000
OPTL5=00000000
[Aspack108]
L1=OBJR
L2=LOOK E9
L3=BP
L4=WALK
L5=OBJR
L6=LOOK AC,AA,58
L7=BP
L8=STEP
OPTL1=00000000
OPTL2=01010001
OPTL3=01010001
OPTL4=00030000
OPTL5=00000000
[Aspack108.2]
L1=OBJR
L2=LOOK E9
L3=BP
L4=WALK
L5=OBJR
L6=LOOK E8,8A,02,00,00,E8
L7=BP
L8=MOVE 0F
L9=STEP
OPTL1=00000000
OPTL2=01010001
OPTL3=01010001
OPTL4=00030000
OPTL5=00000000
[Aspack108.3]
L1=OBJR
L2=LOOK 6A,00,50
L3=JZ 5
L4=QUIT
L5=BP
L6=OBJR
L7=LOOK 50,C3
L8=ADD 1
L9=BP
LA=WALK
LB=OBJR
LC=LOOK 50,C3
LD=ADD 1
LE=BP
LF=STEP
OPTL1=00000000
OPTL2=01000001
OPTL3=01010001
OPTL4=00030000
OPTL5=00000000
[Aspack108.4]
L1=OBJR
L2=LOOK ?,C3
L3=JZ 5
L4=QUIT
L5=BP
L6=OBJR
L7=LOOK 5B,0B,DB
L8=BP
L9=OBJR
LA=LOOK C3
LB=BP
LC=STEP
OPTL1=00000000
OPTL2=01010001
OPTL3=01010001
OPTL4=00030000
OPTL5=00000000
[Aspack2000]
L1=OBJR
L2=LOOK 68,?,?,?,?,C3
L3=JZ 5
L4=QUIT
L5=BP
L6=STEP
OPTL1=00000000
OPTL2=01010001
OPTL3=01010001
OPTL4=00030000
OPTL5=00000000
[CodeSafe 3.X]
L1=LOOK 89,04,8A
L2=ADD 5
L3=BP
L4=LOOK FF,E1,C3
L5=BP
L6=STEP
OPTL1=00000000
OPTL2=01010001
OPTL3=01010001
OPTL4=00010000
OPTL5=00000000
[Hasiuk/NeoLite]
L1=LOOK 50,FF,25
L2=BP
L3=BPR EAX
L4=EIP
L5=STEP
OPTL1=00000000
OPTL2=01000001
OPTL3=01010001
OPTL4=00010100
OPTL5=00000000
[Manolo]
L1=BPX 181
L2=STEP
OPTL1=00000000
OPTL2=01000001
OPTL3=01000001
OPTL4=00010000
OPTL5=00000000
[Neolite2]
L1=OBJR
L2=LOOK FF,E0,80,3D
L3=BP
L4=STEP
OPTL1=00000000
OPTL2=01010001
OPTL3=01010001
OPTL4=00030000
OPTL5=00000000
[PCGUARD v2.10]
; Layer1
L1=LOOK 86,07,47,C3
L2=BP
L3=WALK
L4=LOOK 86,07,47,C3
L5=BP
L6=WALK
L7=OBJR
L8=LOOK FC,8D
L9=BP
; Layer2
LA=LOOK 86,07,47,C3
LB=BP
LC=WALK
LD=LOOK 86,07,47,C3
LE=BP
LF=WALK
L10=OBJR
L11=LOOK FC,8D
L12=BP
; Layer3
L13=LOOK 86,07,EB,01
L14=BP
L15=WALK
L16=LOOK 86,07,EB,01
L17=BP
L18=WALK
L19=OBJR
L1A=LOOK FC,8D
L1B=BP
; Layer4
L1C=LOOK 86,07,EB,01
L1D=BP
L1E=WALK
L1F=LOOK 86,07,EB,01
L20=BP
L21=WALK
L22=OBJR
L23=LOOK FC,8D
L24=BP
; Layer5
L25=LOOK 86,07,EB,01
L26=BP
L27=WALK
L28=LOOK 86,07,EB,01
L29=BP
L2A=WALK
L2B=OBJR
L2C=LOOK FC,60
L2D=BP
; GET RID OF DEBUG API CHECK
L2E=LOOK 0F,84,07,01,00,00
L2F=REPL 90,E9
; FIND CLEARUP
L30=LOOK F3,AA,8B,85
L31=ADD 2
L32=BP
L33=OBJR
; FIND JUMP BACK
L34=LOOK 61,C3
L35=BP
L36=STEP
OPTL1=00000000
OPTL2=01010001
OPTL3=01010001
OPTL4=00020000
OPTL5=00000000
[PCShrink]
L1=LOOK FF,E2
L2=BP
L3=STEP
OPTL1=00000000
OPTL2=01000101
OPTL3=01010001
OPTL4=00030000
OPTL5=00000000
[PCShrink II]
L1=LOOK 5F,FF,E7
L2=JZ 4
L3=QUIT
L4=ADD 1
L5=BP
L6=WALK
L7=OBJR
L8=LOOK 5F,F3,A4,E9
L9=ADD 3
LA=BP
LB=WALK
LC=LOOK 61,9D,BA
LD=BP
LE=STEP
OPTL1=00000000
OPTL2=01010001
OPTL3=01010001
OPTL4=00030000
OPTL5=00000000
[PECompact]
L1=LOOK 5A,FF,E2
L2=JZ 4
L3=QUIT
L4=ADD 1
L5=BP
L6=WALK
L7=OBJR
L8=LOOK 5F,F3,A4,E9
L9=ADD 3
LA=BP
LB=WALK
LC=LOOK 61,9D,68
LD=BP
LE=STEP
OPTL1=00000000
OPTL2=01010001
OPTL3=01010001
OPTL4=00030000
OPTL5=00000000
[PECompact 0.971 b]
L1=LOOK 5A,FF,E2
L2=WALK
L3=WALK
L4=BP
L5=LOOK F3,A4,E9
L6=WALK
L7=WALK
L8=BP
L9=STEP
OPTL2=01010001
OPTL3=01010001
OPTL4=00030000
OPTL5=00000000
[PECompact 0.975 b]
L1=LOOK 5F,FF,E7
L2=WALK
L3=WALK
L4=BP
L5=LOOK F3,A4,E9
L6=WALK
L7=WALK
L8=BP
L9=STEP
OPTL2=01010001
OPTL3=01010001
OPTL4=00030000
OPTL5=00000000
[PEPack]
L1=LOOK 61,FF,E0
L2=BP
L3=STEP
OPTL1=00000000
OPTL2=01000001
OPTL3=01010001
OPTL4=00030000
OPTL5=00000000
[PESHiELD]
L1=LOOK 0F,85
L2=BPF Z
L3=LOOK FF,E0,00
L4=BP
L5=STEP
OPTL1=00000000
OPTL2=01000001
OPTL3=01000001
OPTL4=00010000
OPTL5=00000000
[PESHiELD Secure]
L1=LOOK 0F,85
L2=BPF Z
L3=LOOK CB,8D,B5
L4=ADD 1
L5=BP
L6=STEP
OPTL1=00000000
OPTL2=01000001
OPTL3=01000001
OPTL4=00010000
OPTL5=00000000
[Petite<1.3]
L1=LOOK 5E,5B,C9,C3,E8
L2=JN 7
L2=ADD 4
L3=BP
L4=WALK
L5=OBJR
L6=LOOK 61,66,9D
L7=JZ 9
L8=QUIT
L9=BP
LA=STEP
OPTL1=00000000
OPTL2=01000001
OPTL3=01010001
OPTL4=00030000
OPTL5=00000000
[Petite 1.x]
L1=LOOK 5E,5B,C9,C3,E8
L2=ADD 4
L3=BP
L4=WALK
L5=OBJR
L6=LOOK 61,66,9D
L7=ADD 3
L8=BP
L9=WALK
LA=EIP
LB=STEP
OPTL1=00000000
OPTL2=01010001
OPTL3=01010001
OPTL4=00030000
OPTL5=00000000
[Petite 2.0]
L1=OBJR
L2=LOOK 83,3A,00,0F,84
L3=ADD 3
L4=BPF z
L5=WALK
L6=WALK
L7=WALK
L8=OBJR
L9=LOOK 83,3E,00,0F,84
LA=ADD 3
LB=BPF Z
LC=LOOK F3,AA,FD,33,C0,B9
LD=BP
LE=OBJR
LF=STEP
OPTL1=00000000
OPTL2=01010001
OPTL3=01010001
OPTL4=00030000
OPTL5=00000000
[Petite 2.1]
L1=STEP
OPTL1=00000000
OPTL2=01010001
OPTL3=01010001
OPTL4=00030000
OPTL5=00000000
[PKLiTE]
L1=LOOK 68,00,00,00,00,E8
L2=ADD 0A
L3=BP
L4=STEP
OPTL1=00000000
OPTL2=01010001
OPTL3=01010001
OPTL4=00010000
OPTL5=00000000
[Shrinker 3.x]
L1=LOOK 8D,4D,E4,51,6A,02,FF,35
L2=JN 5
L3=ADD 14
L4=REPL 90,90
L5=LOOK FF,75,10,FF,75,0C,FF,75,08,FF,55
L6=JZ 8
L7=QUIT
L8=BP
L9=STEP
OPTL1=00000000
OPTL2=01010001
OPTL3=01010001
OPTL4=00020000
OPTL5=00000000
[Shrinker 3.2]
L1=BPX 2672
L2=STEP
OPTL1=00000000
OPTL2=01010001
OPTL3=01010001
OPTL4=00020000
OPTL5=00000000
[Shrinker 3.3]
L1=LOOK FF,75,10,FF,75,0C,FF,75,08,FF,55
L2=BP
L3=STEP
OPTL1=00000000
OPTL2=01010001
OPTL3=01010001
OPTL4=00010000
OPTL5=00000000
[Shrinker 3.4]
L1=LOOK 8D,4D,E4,51,6A,02,FF,35
L2=ADD 14
L3=REPL 90,90
L4=LOOK FF,75,10,FF,75,0C,FF,75,08,FF,55
L5=BP
L6=STEP
OPTL1=00000000
OPTL2=01010001
OPTL3=01010001
OPTL4=00010000
OPTL5=00000000
[SoftSentry 2.11]
L1=OBJR
L2=LOOK 0F,85,2E,00,00,00
L3=REPL 90,90,90,90,90,90
L4=OBJR
L5=LOOK 0F,84,1D,00,00,00
L6=REPL 90,90,90,90,90,90
L7=OBJR
L8=LOOK FF,D7,6A,00
L9=BP
LA=STEP
OPTL1=00000000
OPTL2=01010001
OPTL3=01010001
OPTL4=00030000
OPTL5=00000000
[SoftSentry 3.0]
L1=OBJR
L2=LOOK 0F,84,28,01,00,00
L3=REPL 0F,85
L4=OBJR
L5=LOOK FF,D6,5F,5E,5D
L6=BP
L7=STEP
OPTL1=00000000
OPTL2=01010001
OPTL3=01010001
OPTL4=00030000
OPTL5=00000000
[Standard]
L1=LOOK FF,E0
L2=BP
L3=STEP
OPTL1=00000000
OPTL2=01000001
OPTL3=01010001
OPTL4=00010000
OPTL5=00000000
[STNPE Encrypter 1.xx]
L1=LOOK FF,E0
L2=BP
L3=STEP
OPTL1=00000000
OPTL2=01010001
OPTL3=01010001
OPTL4=00030000
OPTL5=00000000
[UPX<0.7X]
L1=LOOK 61,E9
L2=BP
L3=STEP
OPTL1=00000000
OPTL2=01010001
OPTL3=01010001
OPTL4=00010000
OPTL5=00000000
[UPX 0.7X-0.8X]
L1=OBJR
L2=LOOK EB,10
L3=BP
L4=WALK
L5=OBJR
L6=LOOK 61,E9
L7=BP
L8=STEP
OPTL1=00000001
OPTL2=01010101
OPTL3=01010001
OPTL4=00010000
OPTL5=00000000
[UPX 0.89.6]
L1=OBJR
L2=LOOK EB,0E
L3=BP
L4=WALK
L5=OBJR
L6=LOOK 61,E9
L7=BP
L8=STEP
OPTL1=00000001
OPTL2=01010101
OPTL3=01010001
OPTL4=00010000
OPTL5=00000000
[VBOX Dialog]
L1=LOOK FF,D0
L2=BP
L3=BPR EAX
L4=OBJR
L5=LOOK FF,D0
L6=BP
L7=STEP
OPTL1=00
(责任编辑:笑虎)
其他文章
- 上一篇文章: SC的介绍和教程
- 下一篇文章: 经典——破解tools大全