Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > hacker course > Content
Hot Articles
SmoothWall Introduces Lo
Travel of the JSP+Oracle
Hacker skill: Gains Webs
Breaks through the Inter
MYSQL database injection
The Tomcat backstage tak
Breaks through the Inter
The hacker teaches you a
WinHex pursues the code
How does the hacker dest
How teaches you to take
The SQL injection revise
mssql SA jurisdiction ne
Microsoft SQL Server SA
The bored Css cross stat
Recommend Articles
The SQL injection revise
How does the hacker dest
The new military recruit
Union inquires the small
MYSQL database injection
Invades under new skill
How does the website scr
Smells searches works as
How in does the net seep
Microsoft SQL Server SA
A simple invasion, does
The mainstream raises th
The bored Css cross stat
The random combined comm
The hacker teaches you a
New Articles
Check Point offers compa
The malware spreads Cali
Full Disk Encryption pro
Cardholders should take
U.S. still more spam tha
Strong encryption L?solu
ConvexSoft DJ Audio Mixe
Few companies k?can be i
IT professionals can kee
k the media?can not by s
k the media?can not by s
Google Custom Search Eng
Users of the iPhone and
Gateshead College offers
Manchester obtained pass
The random combined command achieves exempts kills(4)
  Add date: 07/15/2008   Publishing date: 07/15/2008   Hits: 7
Total 5 pages, Current page:4, Jump to page:
 

1. adds the Beidou memory to exempt kills the compression shell
2. has added the auspicious star catalog surface special-purpose encryption tool.
3. uses maskPE to encrypt the tool encryption.
1.POP 0
POP 0
2.PUSH ebp
pop ebp
3.nop ----Generally inserts in among
a 4.jmp jmp address
jmp…
5.add esp,1 ----The digit may change
sub esp,1
6. add esp,1
add esp,-1
7.sub esp,1
sub esp,-1
8.push esi
push edi
9.inc ecx
dec ecx
10 sub eax,-2
dec eax
dec eax
11. (should exempt kills colored instruction classics, compression may move, exempts Caba)
push ebp
mov ebp, esp
pop esp
jmp original entrypoint address -

jmp equally in:
PUSH
RETN

12. Exempts kills Caba the colored instruction:
push ebx
push ebx
push ebx
pop ebx
pop ebx
pop ebx
jmp jumps to the next address
add esp,1
add esp,-1
push entrypoint address
retn

*************
12. (with on)
push ebp
push esp
pop ebp
pop esp
jmp original entrypoint address
13. the most new section multi-purpose exempts kills the colored instruction:
push ebp
push esp
pop ebp
add esp,-0C
add esp,0C
push eax
jmp entrance

14. exempts kills the colored instruction
push ebp
mov ebp, esp
add esp,-0C
add esp,0C
push eax
mov eax, entry point address
jmp eax
nop
15.
jmp alters to: Jg (is bigger than shift), JL (is smaller than shift)
Or alters to: jb (is smaller than shift), jnb (is bigger than or is equal to shift)
16. writes the Caba flower instruction to jump do not jump directly with jmp, otherwise, must kill directly
jmp ---Is killed directly
Altering to
jb
jnb
Or alters to:
push entry point address
retn
Or alters to:
mov eax, entry point address
jmp eax

17.1 sections exempt kill Caba the colored instruction:
push ebx
push ebx
pop ebx
pop ebx
add esp,1
add esp,-1
push entry point address
retn
*****************************************************************
Exempts kills the experience:
1. adds the area, after adding the flower, then encrypts, may quite easy Caba----If encryption tool vmprotect
Has peeled off the shell wooden horse---Adds the flowered instruction, or adds the area to add the flower---Encryption---Adds the compression shell---Adds the area to add the flower again to refer to
Making
2. solely Canada exempted kills the flowered instruction already not to be able Caba, after certainly must coordinate Canada exempted the flower, to add the compression shell, could get up exempts kills Caba the effect.
vmprotect encryption----Adds the flower again-----But Caba:
3. adds the double-decked flowered instruction to exempt kills the law----Exempts Caba
4. encryption---007 memories exempt----Compression ---Exempts Caba or the memory.
5. double-decked encrypts (maskpE)---Compression ----But Caba.
6.maskpe encryption---asppack adds the shell ---Changes the entrypoint to add 1---But Caba
7. encrypts maskpe----Adds the flower or adds the area to add the flower (with tool)-----Adds the compression shell---Exempts Caba

 

Other pages: : <<Prev * 1 * 2 * 3 * 4 * 5 * Next>>
Prev:The bored Css cross station hangs the horse Next:The hacker teaches you anything is the SQL injection method attack

Comment:

Category: Home > hacker course
Home