Usually in the process of cracking software, program code has been encountered confusion confusion, this confusion can be called a shell, the shell can be divided into compressed shell (common with UPX, Compass, ASDPack, Npack, PECompact, etc. ) and a protective shell (such as strong shell Safengine, vMprotect, winlicense, Themida the like), the compression effect of the shell is to program the volume reduction process, the protective shell main role is to prevent others from confusing or reverse encrypted code program, crackers. We can be identified by a number of reconnaissance shell program, but some shells will use camouflage to confuse the investigation shell program.
Will use a variety of different tools to complete the shelling, first download these good courseware, we'll open out!
DIE check shell tool: https: //files.cnblogs.com/files/LyShark/DiE_0.64.zip ImportREC: https: //files.cnblogs.com/files/LyShark/ImportREC_1.7.zip LoadPE: https://files.cnblogs.com/files/LyShark/LoadPe.zip Increase over the shell program: https: //files.cnblogs.com/files/LyShark/Zprotect.zip
1. The old way, OD loader, direct F9 let the program up and running.
2. Look stack, locate the SE handler, right click and choose to follow the disassembly window.
3. In the disassembly window, right selection, analysis deleted from the analysis module.
4. After deletion analysis, see the stack has been found parentheses.
5. Stack window drag up, drag down first, followed by right-disassembly window. This is not a OEP, the second no.
6. direct look at the third part of the red, dragged the first paragraph, found SE handler, this is the OEP.
7. Select disassembly OEP at the window, right-click to select the data window to follow -> Select. Then the data window, and the next execution of hardware breakpoint.
8. reload the program, click on the run, let the program run, will be automatically broken down.
9.