看这像什么
公司产品的激活部分,被人破解了,发了一个小工具出来,不是很意外,但是我想看看这个小工具是怎样的,所以,我开始观察这个小工具。
观察了两天,我放弃了。我能使用的方法,都用上了,可能是我落后了,我的调试器还处在上个世纪九十年代的水平。。。
程序加了个VMP壳,做了TLS回调,能预知双机调试。
OD加载它直接退出,IDA只能静态反汇编,动态的话,跟不了几步也是被提示有调试器存在,然后退出。
WinDBG倒是能跟好几步,但是线路太复杂,如上图,我曾问别人,这像什么。有人回答我,这是电路图。
擦,这是那个被VMP加壳的小程序的结构图,还只是一部分。。。可怜,可怜。。。
我水平不行,能做的,都做了。。。甚至TLS段都给抹掉了,但是这玩意,竟然告诉我程序损坏。
我真的要放弃了,就如一个哥们跟我说的。见到VMP的程序,直接放弃。费不起这脑细胞。
一共7个区段,我最恨TLS段,无奈,水平不行。
哪位大哥有幸看到的话,也是有缘,帮帮忙,不用动手,想想主意就行,馊主意就算了。
typedef struct _IMAGE_SECTION_HEADER {
BYTE Name[IMAGE_SIZEOF_SHORT_NAME];
// = 2e 74 65 78 74 00 00 00
// = . t e x t
union { //
DWORD PhysicalAddress;/* = 0000e326 */
DWORD VirtualSize;/* = 0000e326 */
} Misc;
DWORD VirtualAddress;/* = 00001000 *///
DWORD SizeOfRawData;/* = 00000000 *///
DWORD PointerToRawData;/* = 00000000 *///
DWORD PointerToRelocations;/* = 00000000
DWORD PointerToLinenumbers;/* = 00000000
WORD NumberOfRelocations;/* = 0000
WORD NumberOfLinenumbers;/* = 0000
DWORD Characteristics;/* = 60000020 *///
} IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER;
BYTE Name[IMAGE_SIZEOF_SHORT_NAME];
// = 2e 74 65 78 74 00 00 00
// = . t e x t
union { //
DWORD PhysicalAddress;/* = 0000e326 */
DWORD VirtualSize;/* = 0000e326 */
} Misc;
DWORD VirtualAddress;/* = 00001000 *///
DWORD SizeOfRawData;/* = 00000000 *///
DWORD PointerToRawData;/* = 00000000 *///
DWORD PointerToRelocations;/* = 00000000
DWORD PointerToLinenumbers;/* = 00000000
WORD NumberOfRelocations;/* = 0000
WORD NumberOfLinenumbers;/* = 0000
DWORD Characteristics;/* = 60000020 *///
} IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER;
typedef struct _IMAGE_SECTION_HEADER {
BYTE Name[IMAGE_SIZEOF_SHORT_NAME];
// = 2e 72 64 61 74 61 00 00
// = . r d a t a
union { //
DWORD PhysicalAddress;/* = 00003b96 */
DWORD VirtualSize;/* = 00003b96 */
} Misc;
DWORD VirtualAddress;/* = 00010000 *///
DWORD SizeOfRawData;/* = 00000000 *///
DWORD PointerToRawData;/* = 00000000 *///
DWORD PointerToRelocations;/* = 00000000
DWORD PointerToLinenumbers;/* = 00000000
WORD NumberOfRelocations;/* = 0000
WORD NumberOfLinenumbers;/* = 0000
DWORD Characteristics;/* = 40000040 *///
} IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER;
BYTE Name[IMAGE_SIZEOF_SHORT_NAME];
// = 2e 72 64 61 74 61 00 00
// = . r d a t a
union { //
DWORD PhysicalAddress;/* = 00003b96 */
DWORD VirtualSize;/* = 00003b96 */
} Misc;
DWORD VirtualAddress;/* = 00010000 *///
DWORD SizeOfRawData;/* = 00000000 *///
DWORD PointerToRawData;/* = 00000000 *///
DWORD PointerToRelocations;/* = 00000000
DWORD PointerToLinenumbers;/* = 00000000
WORD NumberOfRelocations;/* = 0000
WORD NumberOfLinenumbers;/* = 0000
DWORD Characteristics;/* = 40000040 *///
} IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER;
typedef struct _IMAGE_SECTION_HEADER {
BYTE Name[IMAGE_SIZEOF_SHORT_NAME];
// = 2e 64 61 74 61 00 00 00
// = . d a t a
union { //
DWORD PhysicalAddress;/* = 0000149c */
DWORD VirtualSize;/* = 0000149c */
} Misc;
DWORD VirtualAddress;/* = 00014000 *///
DWORD SizeOfRawData;/* = 00000000 *///
DWORD PointerToRawData;/* = 00000000 *///
DWORD PointerToRelocations;/* = 00000000
DWORD PointerToLinenumbers;/* = 00000000
WORD NumberOfRelocations;/* = 0000
WORD NumberOfLinenumbers;/* = 0000
DWORD Characteristics;/* = c0000040 *///
} IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER;
BYTE Name[IMAGE_SIZEOF_SHORT_NAME];
// = 2e 64 61 74 61 00 00 00
// = . d a t a
union { //
DWORD PhysicalAddress;/* = 0000149c */
DWORD VirtualSize;/* = 0000149c */
} Misc;
DWORD VirtualAddress;/* = 00014000 *///
DWORD SizeOfRawData;/* = 00000000 *///
DWORD PointerToRawData;/* = 00000000 *///
DWORD PointerToRelocations;/* = 00000000
DWORD PointerToLinenumbers;/* = 00000000
WORD NumberOfRelocations;/* = 0000
WORD NumberOfLinenumbers;/* = 0000
DWORD Characteristics;/* = c0000040 *///
} IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER;
typedef struct _IMAGE_SECTION_HEADER {
BYTE Name[IMAGE_SIZEOF_SHORT_NAME];
// = 2e 76 6d 70 30 00 00 00
// = . v m p 0
union { //
DWORD PhysicalAddress;/* = 0008c2ac */
DWORD VirtualSize;/* = 0008c2ac */
} Misc;
DWORD VirtualAddress;/* = 00016000 *///
DWORD SizeOfRawData;/* = 00000000 *///
DWORD PointerToRawData;/* = 00000000 *///
DWORD PointerToRelocations;/* = 00000000
DWORD PointerToLinenumbers;/* = 00000000
WORD NumberOfRelocations;/* = 0000
WORD NumberOfLinenumbers;/* = 0000
DWORD Characteristics;/* = e0000060 *///
} IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER;
BYTE Name[IMAGE_SIZEOF_SHORT_NAME];
// = 2e 76 6d 70 30 00 00 00
// = . v m p 0
union { //
DWORD PhysicalAddress;/* = 0008c2ac */
DWORD VirtualSize;/* = 0008c2ac */
} Misc;
DWORD VirtualAddress;/* = 00016000 *///
DWORD SizeOfRawData;/* = 00000000 *///
DWORD PointerToRawData;/* = 00000000 *///
DWORD PointerToRelocations;/* = 00000000
DWORD PointerToLinenumbers;/* = 00000000
WORD NumberOfRelocations;/* = 0000
WORD NumberOfLinenumbers;/* = 0000
DWORD Characteristics;/* = e0000060 *///
} IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER;
typedef struct _IMAGE_SECTION_HEADER {
BYTE Name[IMAGE_SIZEOF_SHORT_NAME];
// = 2e 74 6c 73 00 00 00 00
// = . t l s
union { //
DWORD PhysicalAddress;/* = 00000018 */
DWORD VirtualSize;/* = 00000018 */
} Misc;
DWORD VirtualAddress;/* = 000a3000 *///
DWORD SizeOfRawData;/* = 00000200 *///
DWORD PointerToRawData;/* = 00000400 *///
DWORD PointerToRelocations;/* = 00000000
DWORD PointerToLinenumbers;/* = 00000000
WORD NumberOfRelocations;/* = 0000
WORD NumberOfLinenumbers;/* = 0000
DWORD Characteristics;/* = c0000040 *///
} IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER;
BYTE Name[IMAGE_SIZEOF_SHORT_NAME];
// = 2e 74 6c 73 00 00 00 00
// = . t l s
union { //
DWORD PhysicalAddress;/* = 00000018 */
DWORD VirtualSize;/* = 00000018 */
} Misc;
DWORD VirtualAddress;/* = 000a3000 *///
DWORD SizeOfRawData;/* = 00000200 *///
DWORD PointerToRawData;/* = 00000400 *///
DWORD PointerToRelocations;/* = 00000000
DWORD PointerToLinenumbers;/* = 00000000
WORD NumberOfRelocations;/* = 0000
WORD NumberOfLinenumbers;/* = 0000
DWORD Characteristics;/* = c0000040 *///
} IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER;
typedef struct _IMAGE_SECTION_HEADER {
BYTE Name[IMAGE_SIZEOF_SHORT_NAME];
// = 2e 76 6d 70 31 00 00 00
// = . v m p 1
union { //
DWORD PhysicalAddress;/* = 00085b23 */
DWORD VirtualSize;/* = 00085b23 */
} Misc;
DWORD VirtualAddress;/* = 000a4000 *///
DWORD SizeOfRawData;/* = 00085c00 *///
DWORD PointerToRawData;/* = 00000600 *///
DWORD PointerToRelocations;/* = 00000000
DWORD PointerToLinenumbers;/* = 00000000
WORD NumberOfRelocations;/* = 0000
WORD NumberOfLinenumbers;/* = 0000
DWORD Characteristics;/* = e0000060 *///
} IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER;
BYTE Name[IMAGE_SIZEOF_SHORT_NAME];
// = 2e 76 6d 70 31 00 00 00
// = . v m p 1
union { //
DWORD PhysicalAddress;/* = 00085b23 */
DWORD VirtualSize;/* = 00085b23 */
} Misc;
DWORD VirtualAddress;/* = 000a4000 *///
DWORD SizeOfRawData;/* = 00085c00 *///
DWORD PointerToRawData;/* = 00000600 *///
DWORD PointerToRelocations;/* = 00000000
DWORD PointerToLinenumbers;/* = 00000000
WORD NumberOfRelocations;/* = 0000
WORD NumberOfLinenumbers;/* = 0000
DWORD Characteristics;/* = e0000060 *///
} IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER;
typedef struct _IMAGE_SECTION_HEADER {
BYTE Name[IMAGE_SIZEOF_SHORT_NAME];
// = 2e 72 73 72 63 00 00 00
// = . r s r c
union { //
DWORD PhysicalAddress;/* = 000024c6 */
DWORD VirtualSize;/* = 000024c6 */
} Misc;
DWORD VirtualAddress;/* = 0012a000 *///
DWORD SizeOfRawData;/* = 00002600 *///
DWORD PointerToRawData;/* = 00086200 *///
DWORD PointerToRelocations;/* = 00000000
DWORD PointerToLinenumbers;/* = 00000000
WORD NumberOfRelocations;/* = 0000
WORD NumberOfLinenumbers;/* = 0000
DWORD Characteristics;/* = 40000040 *///
} IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER;
BYTE Name[IMAGE_SIZEOF_SHORT_NAME];
// = 2e 72 73 72 63 00 00 00
// = . r s r c
union { //
DWORD PhysicalAddress;/* = 000024c6 */
DWORD VirtualSize;/* = 000024c6 */
} Misc;
DWORD VirtualAddress;/* = 0012a000 *///
DWORD SizeOfRawData;/* = 00002600 *///
DWORD PointerToRawData;/* = 00086200 *///
DWORD PointerToRelocations;/* = 00000000
DWORD PointerToLinenumbers;/* = 00000000
WORD NumberOfRelocations;/* = 0000
WORD NumberOfLinenumbers;/* = 0000
DWORD Characteristics;/* = 40000040 *///
} IMAGE_SECTION_HEADER, *PIMAGE_SECTION_HEADER;
