上图是版本信息,猛击此处下载这个补丁。
The Art of Unpacking
The Art of Unpacking
by Mark Vincent Yason
=====================================================
=====================================================
Abstract: Unpacking is an art—it is a mental challenge and is one of the most exciting mind
games in the reverse engineering field. In some cases, the reverser needs to know the
internals of the operating system in order to identify or solve very difficult anti-reversing tricks
employed by packers/protectors, patience and cleverness are also major factors in a
successful unpack. This challenge involves researchers creating the packers and on the other
side, the researchers that are determined to bypass these protections.
The main purpose of this paper is to present anti-reversing techniques employed by
executable packers/protectors and also discusses techniques and publicly available tools that
can be used to bypass or disable this protections. This information will allow researchers,
especially, malcode analysts to identify these techniques when utilized by packed malicious
code, and then be able decide the next move when these anti-reversing techniques impede
successful analysis. As a secondary purpose, the information presented can also be used by
researchers that are planning to add some level of protection in their software by slowing
down reversers from analyzing their protected code, but of course, nothing will stop a skilled,
informed, and determined reverser.
Get ASM Code For IDA Pro Source Code
Ollydbg/Immdbg Mem Viewer Source Code
开头先说句废话,有的时候软件更新后发现越更新越烂了,操,比如opera的这次更新。
这个东西是这篇文章中的源代码:http://www.h4ck.org.cn/2012/10/memviewer-1-0-for-ollydbg-v1-0-and-immunity-debugger-v1-8x/
代码地址:http://code.google.com/p/ollydbg-mem-viewer/
下载地址:http://code.google.com/p/ollydbg-mem-viewer/downloads/list
S_B / Black Khonel / Khonel_00 /belajar Cracking Videos
原文请访问这里:http://www.belajar-cracking.tk/2012/10/all-my-tutorial-reupload.html
其实原文的东东基本没看懂的,只是知道是一些录像(就像上面那个图的提示,我就看懂了第一行,剩下的就看不懂鸟。哈哈),并且录像用的是英文,这是最关键的。要不就没法看鸟。嘎嘎。
Tutorial Reversing Newbies by LENA – Team SnD
Tutorial Reversing Newbies by LENA [ Team SnD ]
01. Olly + assembler + patching a basic reverseme
02. Keyfiling the reverseme + assembler
03. Basic nag removal + header problems
04. Basic + aesthetic patching
05. Comparing on changes in cond jumps, animate over/in, breakpoints
06. “The plain stupid patching method”, searching for textstrings
07. Intermediate level patching, Kanal in PEiD
MemViewer 1.0 for OllyDbg v1.0 and Immunity Debugger v1.8x
这个插件的功能,就是创建额外的内存窗口,以便同时查看多个不同地区内存的数据。虽然strongod提供了几个不同的内存地址切换的功能,但是不是非常直观,对于数据的变化也不便于进行实时观察,效果就是上图看得到的这个样子(Immunity Debugger v1.8x)。
功能以及改变:
1.绿色区域是新创建的内存个窗口,这个是没有边界的,不能进行拖放或者设置大小的操作。
2.将左侧的内存窗口的滚动条移到了左边,以便于区分。
3.可以创建其他类型的内存窗口
