1, upx shell, official website address https://upx.github.io/
This case is very common, should be the technology has been very skillful, packers, using the tools shelling official website can be easily achieved.
Program parameters are as follows:
To test:
Packers: (you will be prompted if the shell has been added to the program has increased over upx, tools found no secondary shell)
Shelling: (If the program does not increase over upx shell, tool tips, will not be shelling)
2, MPRESS shell, official website address http://www.matcode.com/mpress.htm
This program provides the only official website shell shell function without shelling function, but you can easily use the OD + esp law of shelling
A: PUSHAD performed, the value of the data found in the window esp address, the hardware access this value at breakpoint (breakpoint read)
Two, F9 to run to the breakpoint at the top, if you encounter jmp instruction has been F8 Step over, until it encounters the real program entry
Third, plug ---> OllyDump ---> shelling in the current commissioning process, click shelling (digital panel do not understand the meaning of words, try not to modify) , to the program after the shelling choose a save location, election a new name to complete the shelling.
Reference Address:
https://blog.csdn.net/wangyunfeis/article/details/77454038
https://bbs.pediy.com/thread-224537.htm