菜鸟驿站正式开启送货上门服务啦,昨日官方已经正式发布通知,目前只在几个城市开放,还没有覆盖到全国。那么菜鸟驿站免费送货上门首批开启城市有哪些?怎么进行免费送货上门的操作,操作端口在哪,下面就来详细说明下。
软件目标:http://count.skycn.com/softdown.php?id=9987&;url=http://hndown.skycn.com/down/cookbookxchy.exe(名称自己去看吧) 软件大小:1380 KB 应用平台: Win95/98/NT/2000/XP 破解工具:ollydbg 1.09汉化版、peid8cn、Hex Workshop 4.0、peditor、Lordpe工作平台WINXP(98死得惨) 破解方法:学习如何脱壳 声明:此文仅用于学习之用,转载请注明出处。本人对读者阅读本文之后的行为不负任何责任。 脱壳过程: 一、查壳找入口点,用peid8cn打开主程序,结果是telock0.98,入口点:5a172c(关键入口点用PEID8CN右下下拉菜单中的OEP查找搞定) 二、用OLLYDBG载入主程序,第一对话框点确定,第二对话框点否,来到这儿 0064FBD6 >^E9 25E4FFFF JMP cookbook.0064E000 0064FBDB 0000 ADD BYTE PTR DS:[EAX],AL 0064FBDD 003E ADD BYTE PTR DS:[ESI],BH 0064FBDF 4F DEC EDI 0064FBE0 BB B71EFC24 MOV EBX,24FC1EB7 0064FBE5 0000 ADD BYTE PTR DS:[EAX],AL 0064FBE7 0000 ADD BYTE PTR DS:[EAX],AL 0064FBE9 0000 ADD BYTE PTR DS:[EAX],AL 0064FBEB 0000 ADD BYTE PTR DS:[EAX],AL 0064FBED 003E ADD BYTE PTR DS:[ESI],BH 0064FBEF FC CLD 0064FBF0 24 00 AND AL,0 0064FBF2 2E:FC CLD ; Superfluous prefix 0064FBF4 24 00 AND AL,0 0064FBF6 26:FC CLD ; Superfluous prefix 0064FBF8 24 00 AND AL,0 0064FBFA 0000 ADD BYTE PTR DS:[EAX],AL 0064FBFC 0000 ADD BYTE PTR DS:[EAX],AL 0064FBFE 0000 ADD BYTE PTR DS:[EAX],AL 0064FC00 0000 ADD BYTE PTR DS:[EAX],AL 0064FC02 4B DEC EBX 0064FC03 FC CLD 0064FC04 24 00 AND AL,0 0064FC06 36:FC CLD ; Superfluous prefix 0064FC08 24 00 AND AL,0 0064FC0A 0000 ADD BYTE PTR DS:[EAX],AL 0064FC0C 0000 ADD BYTE PTR DS:[EAX],AL F9运行,SHIFT+F9进行到这时停下 0064EBA6 CD 68 INT 68 //记住此处一定不要过了,否则不好玩 0064EBA8 66:05 7B0C ADD AX,0C7B 0064EBAC 66:48 DEC AX 0064EBAE 74 55 JE SHORT cookbook.0064EC05 0064EBB0 8D85 450B0000 LEA EAX,DWORD PTR SS:[EBP+B45] 0064EBB6 894424 04 MOV DWORD PTR SS:[ESP+4],EAX 0064EBBA 64:67:8926 0000 MOV DWORD PTR FS:[0],ESP 0064EBC0 EB 1F JMP SHORT cookbook.0064EBE1 0064EBC2 CD20 8B642408 VxDCall 824648B 0064EBC8 8B6C24 08 MOV EBP,DWORD PTR SS:[ESP+8] 0064EBCC 8D85 7A0B0000 LEA EAX,DWORD PTR SS:[EBP+B7A] 0064EBD2 50 PUSH EAX 0064EBD3 EB 01 JMP SHORT cookbook.0064EBD6 0064EBD5 E8 81AD591C CALL 1CBE995B 0064EBDA 0000 ADD BYTE PTR DS:[EAX],AL 0064EBDC 88B465 CCC3EB01 MOV BYTE PTR SS:[EBP+1EBC3CC],DH 0064EBE3 EB 33 JMP SHORT cookbook.0064EC18 0064EBE5 DB ??? ; Unknown command 0064EBE6 8BC3 MOV EAX,EBX 0064EBE8 66:BE 4746 MOV SI,4647 0064EBEC 66:BF 4D4A MOV DI,4A4D 0064EBF0 CC INT3 0064EBF1 90 NOP 0064EBF2 66:81FE 4746 CMP SI,4647 0064EBF7 75 0C JNZ SHORT cookbook.0064EC05 0064EBF9 64:67:8F06 0000 POP DWORD PTR FS:[0] 0064EBFF 83C4 04 ADD ESP,4 按CTRL+F查找TEST ESI,ESI到这儿(我们要找的可不是这儿) 0064F17D 85F6 TEST ESI,ESI 0064F17F 0F84 8B000000 JE cookbook.0064F210 0064F185 8B95 62D34000 MOV EDX,DWORD PTR SS:[EBP+40D362] 0064F18B 03F2 ADD ESI,EDX 0064F18D 2B95 66D34000 SUB EDX,DWORD PTR SS:[EBP+40D366] 0064F193 74 7B JE SHORT cookbook.0064F210 0064F195 8BDA MOV EBX,EDX 0064F197 C1EB 10 SHR EBX,10 0064F19A 8B06 MOV EAX,DWORD PTR DS:[ESI] 0064F19C 85C0 TEST EAX,EAX 0064F19E 74 70 JE SHORT cookbook.0064F210 0064F1A0 8B4E 04 MOV ECX,DWORD PTR DS:[ESI+4] 0064F1A3 83E9 08 SUB ECX,8 0064F1A6 D1E9 SHR ECX,1 0064F1A8 8BBD 62D34000 MOV EDI,DWORD PTR SS:[EBP+40D362] 0064F1AE 03F8 ADD EDI,EAX 0064F1B0 83C6 08 ADD ESI,8 0064F1B3 0FB706 MOVZX EAX,WORD PTR DS:[ESI] 0064F1B6 C1C8 0C ROR EAX,0C 0064F1B9 FEC8 DEC AL 0064F1BB 78 4C JS SHORT cookbook.0064F209 0064F1BD 74 0E JE SHORT cookbook.0064F1CD 0064F1BF FEC8 DEC AL 0064F1C1 74 13 JE SHORT cookbook.0064F1D6 0064F1C3 FEC8 DEC AL 0064F1C5 74 3C JE SHORT cookbook.0064F203 0064F1C7 FEC8 DEC AL 再来一次CRTL+L到此 0064F21C 85F6 TEST ESI,ESI //关键部位到了F2设断切记,目的是DUM出完好的输入表 0064F21E 0F84 06040000 JE cookbook.0064F62A 0064F224 03F2 ADD ESI,EDX 0064F226 83A5 52D44000 00 AND DWORD PTR SS:[EBP+40D452],0 0064F22D 8B46 0C MOV EAX,DWORD PTR DS:[ESI+C] 0064F230 8366 0C 00 AND DWORD PTR DS:[ESI+C],0 //telock加壳死穴,亦可查找此关键点 0064F234 85C0 TEST EAX,EAX 0064F236 0F84 EE030000 JE cookbook.0064F62A 0064F23C 03C2 ADD EAX,EDX 0064F23E 8BD8 MOV EBX,EAX 0064F240 50 PUSH EAX 0064F241 FF95 D0D24000 CALL DWORD PTR SS:[EBP+40D2D0] 0064F247 85C0 TEST EAX,EAX 0064F249 0F85 BA000000 JNZ cookbook.0064F309 0064F24F 53 PUSH EBX 0064F250 FF95 E4BA4000 CALL DWORD PTR SS:[EBP+40BAE4] 0064F256 85C0 TEST EAX,EAX 0064F258 0F85 AB000000 JNZ cookbook.0064F309 0064F25E 8B95 62D34000 MOV EDX,DWORD PTR SS:[EBP+40D362] 0064F264 0195 2AD34000 ADD DWORD PTR SS:[EBP+40D32A],EDX 0064F26A 0195 36D34000 ADD DWORD PTR SS:[EBP+40D336],EDX 0064F270 6A 30 PUSH 30 0064F272 53 PUSH EBX 0064F273 FFB5 36D34000 PUSH DWORD PTR SS:[EBP+40D336] 0064F279 EB 53 JMP SHORT cookbook.0064F2CE 0064F27B 8B95 62D34000 MOV EDX,DWORD PTR SS:[EBP+40D362] 0064F281 0195 2AD34000 ADD DWORD PTR SS:[EBP+40D32A],EDX 按SHIFT+F9运行到此处,查看ESI的值为001AA000 然后在OLLYDBG左下角下命令D 005AA000(001AA000+400000)然后向下查找后面全部为00的地方来到5AD0F0 用系统自带计算器计算5AD0F0-5AA000=30F0,为什么到这呢,而不是其它地方,向下太多会出错,向上也会出错,不能太多,也不能太少哦 起动LordPe先主程序进程。点右键选部份脱壳,填上005AA000-------000030F0脱出输入表30F0.DMP备用,退出LORDPE,切换到OLLYDBG,F2取消断点,按SHIFT+F9继续到这 0064F6F1 8DC0 LEA EAX,EAX ; Illegal use of register 0064F6F3 EB 01 JMP SHORT cookbook.0064F6F6 0064F6F5 EB 68 JMP SHORT cookbook.0064F75F 0064F6F7 33C0 XOR EAX,EAX 0064F6F9 -EB FE JMP SHORT cookbook.0064F6F9 0064F6FB FFE4 JMP ESP 0064F6FD CD20 8B642408 VxDCall 824648B 0064F703 33C0 XOR EAX,EAX 0064F705 FF6424 08 JMP DWORD PTR SS:[ESP+8] 0064F709 -E9 58508304 JMP 04E84766 0064F70E 24 37 AND AL,37 0064F710 FFE0 JMP EAX 0064F712 CD20 648F0058 VxDCall 58008F64 0064F718 EB 02 JMP SHORT cookbook.0064F71C 0064F71A -E9 01585DEB JMP EBC24F20 0064F71F 01B8 E8780000 ADD DWORD PTR DS:[EAX+78E8],EDI 0064F725 008F 5C55DB03 ADD BYTE PTR DS:[EDI+3DB555C],CL 0064F72B 9E SAHF 0064F72C 79 22 JNS SHORT cookbook.0064F750 0064F72E 9A 26E92B6E 913F CALL FAR 3F91:6E2BE926 ; Far call 0064F735 26:A0 1342047E MOV AL,BYTE PTR ES:[7E044213] 0064F73B 40 INC EAX 0064F73C 0B03 OR EAX,DWORD PTR DS:[EBX] 0064F73E 2208 AND CL,BYTE PTR DS:[EAX] 0064F740 BC 923FBB1B MOV ESP,1BBB3F92 0064F745 D223 SHL BYTE PTR DS:[EBX],CL 0064F747 5C POP ESP 在左下角命令框下BP 5A172C(入口点哦)按SHIFT+F9运行到入口处,再次起动LORDPE选主程序点右键选完全脱壳脱出文件UNPACKED.EXE,退出OLLYDBG, 三、置入输入表 起动HEXWORKSHOP程序分别打开刚脱出的两个文件,在30F0文件按CRTL+ACOPY,然后选打开的UNPACKED文件按CRTL+G填001AA000,在HEXWORKSHOP编辑菜单下选中选择块填入1AD0F0,然后粘贴保存退出 四、修正入口点和输入表位置 起动揫PEDITOR,载入文件UNPACKED.EXE将入口改为001A172C,输入表位置改为001AA000,点重建输入表 五、试运行文件,一切正常,OK收活路,其它你想搞什么你自己玩去,886