脫VM殼的基本方法

原創 钞sir 2020-06-16 14:37

以VMP2.07爲例:
工具:吾愛破解OD

  1. 右鍵選擇FKVMP>>start,點擊OD上方的L按鈕,找到retn,然後記錄rentn的地址;
    start
    retn
  2. 然後CTRL+G快捷鍵對VirtualProtect函數下斷點,按F9運行觀察堆棧區,直到NewProtect=PAGE_READONLY爲止;
    VirtualProtect
    PAGE_READONLY
  3. 之後取消斷點按ALT+M,對代碼段下內存訪問斷點;
    代碼段下內存訪問斷點
  4. 再次按一次F9後取消代碼段的內存訪問斷點,再在retn的地址下斷點;
  5. 再次按一次F9後刪除斷點;
  6. 再在代碼段下的內存訪問斷點,然後F9運行到達OEP處
    最後在用lordpe 轉存下
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章

微信整改地方號;阿里高層大地震;工信部下架違規 App;百度入局元宇宙;Android 遊戲將登陸 Windows;TIOBE 發佈 12 月榜單|架構週報

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"typ

辛晓亮 2021-12-13 11:54:42

Win10新版推送,但接下來每年只提供一次功能更新

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"typ

罗燕珊 2021-11-18 09:28:56

Windows 11 又出新招限制三方瀏覽器

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"typ

辛晓亮 2021-11-12 18:18:53

“MSL”出爐?Ubuntu 發佈 Multipass 對標 WSL

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"typ

辛晓亮 2021-11-12 10:08:56

Facebook 改名爲 Meta;同花順系統崩潰,網友:血虧;字節跳動迴應“抄襲阿里 Ant Design 代碼”:深表歉意

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"typ

闫园园 2021-11-01 13:43:58

“問題孩子”Windows 11來了,WSL 成其最大亮點

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"typ

闫园园 2021-10-08 16:23:55

最大程度的開放:Windows 11即將迎來第三方應用商店

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragr

罗燕珊 2021-09-30 15:08:49

迎來大更新,Edge瀏覽器終於要翻身?

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"typ

闫园园 2021-09-09 17:03:56

Windows 11 預覽版現嚴重 Bug 原來是內置廣告惹的禍

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"typ

辛晓亮 2021-09-08 15:38:56

Windows 11將於10月5日發佈,運行Android應用還要再等

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"typ

闫园园 2021-09-03 17:59:05

70萬行代碼、歷時20年,一名開發人員寫出的史詩般的計算機程序

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragr

核子可乐 2021-08-04 17:18:48

不含TPM芯片?抱歉,你的電腦不能升級Windows 11

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"typ

SUZANNE HUMPHRIES 2021-07-07 14:13:54

Windows 11 發佈,支持原生 Android 應用

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"typ

核子可乐 2021-06-28 16:58:58

揭曉Windows 11如何做到原生支持安卓應用

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"typ

核子可乐 2021-06-28 16:18:56

用了10年Windows後,我最終轉向Linux

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"typ

Shalitha Suranga 2020-11-09 13:58:51