其实这个东西也不算是破解掉了，因为外面的那个aspr的壳没有脱掉，于是借助工具创建了一个带壳的loader。其实东西如果脱壳了，那么破解就非常简单了。如果不知道怎么脱这个壳，参考这里。如果已经脱掉壳了。那么破解也就非常简单了。这里就简单的贴几条代码，看懂了就看，看不懂就算了。为了兑现前面说的话，这里不再提供loader下载，大家去别的地方找吧。不好意思。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

00407C8C $- FF25 4CE3E600 jmp dword ptr [E6E34C] ; (initial cpu selection)
00407C92 8BC0 mov eax, eax
00407C94 $- FF25 48E3E600 jmp dword ptr [E6E348]
00407C9A 8BC0 mov eax, eax
00407C9C $- FF25 44E3E600 jmp dword ptr [E6E344]
00407CA2 8BC0 mov eax, eax
00407CA4 $- FF25 40E3E600 jmp dword ptr [E6E340]
00407CAA 8BC0 mov eax, eax
01BB00E1 51 push ecx ;he 01BB00E1
01BB00E2 57 push edi
01BB00E3 9C pushfd
01BB00E4 FC cld
01BB00E5 BF 2201BB01 mov edi, 1BB0122
01BB00EA B9 5E140000 mov ecx, 145E
01BB00EF F3:AA rep stos byte ptr es:[edi]
01BB00F1 9D popfd
01BB00F2 5F pop edi
01BB00F3 59 pop ecx
 
00E414D8 /74 07 je short 00E414E1 ; 跳过提示窗口
00A2B4D8 /0F85 8F000000 jnz 00A2B56D ; 跳转到注册
00A2DAFD /0F85 98000000 jnz 00A2DB9B ; 跳转到注册

相关文章

• CRACKL@B DVD 2011 FULL( 0 )
• MyLanViewer 4.3.3 破解版( 2 )
• iAppMaster 1.0 Nag Removed [Cracked by obaby]( 0 )
• W32Dasm V10 And ImpREC.v1.7c( 0 )
• 阿达宠物园 破解分析( 0 )
• Hide Window Hotkey 破解版( 0 )
• 程序监控专家 破解版( 0 )
• Super turtle 内存清理 破解版( 0 )

Scylla – x64/x86 Imports Reconstruction
=======================================

ImpREC, CHimpREC, Imports Fixer… this are all great tools to rebuild an import table,
but they all have some major disadvantages, so I decided to create my own tool for this job.

Scylla’s key benefits are:

- x64 and x86 support
- full unicode support (probably some russian or chinese will like this )
- written in C/C++
- plugin support
- works great with Windows 7

This tool was designed to be used with Windows 7 x64, so it is recommend to use this operating system.
But it may work with XP and Vista, too.

Source code is licensed under GNU GENERAL PUBLIC LICENSE v3.0

Known Bugs
———-

### Only Windows XP x64:

Windows XP x64 has some API bugs. 100% correct imports reconstruction is impossible.
If you still want to use XP x64, here are some hints:

* EncodePointer/DecodePointer exported by kernel32.dll have both the same VA.
Scylla, CHimpREC and other tools cannot know which API is correct. You need to fix this manually.
Your fixed dump will probably run fine on XP but crash on Vista/7.

### ImpREC plugin support:

Some ImpREC Plugins don’t work with Windows Vista/7 because they don’t “return 1″ in the DllMain function.

Keyboard Shortcuts
——————

- CTRL + D: [D]ump
- CTRL + F: [F]ix Dump
- CTRL + R: PE [R]ebuild
- CTRL + O: L[o]ad Tree
- CTRL + S: [S]ave Tree
- CTRL + T: Auto[t]race
- CTRL + G: [G]et Imports
- CTRL + I: [I]AT Autosearch

Changelog
———

Version 0.5a:

- fixed memory leak
- improved IAT search

Version 0.5:

- added save/load import tree feature
- multi-select in tree view
- fixed black icons problem in tree view
- added keyboard shortcuts
- dll dump + dll dump fix now working
- added support for scattered IATs
- pre select target path in open file dialogs
- improved import resolving engine with api scoring
- api selection dialog
- minor bug fixes and improvements

Version 0.4:

- GUI code improvements
- bug fixes
- imports by ordinal

Version 0.3a:

- Improved import resolving
- fixed buffer overflow errors

Version 0.3:

- ImpREC plugin support
- minor bug fix

Version 0.2a:

- improved disassembler dialog
- improved iat search

Version 0.2:

- improved process detection
- added some options
- new options dialog
- improved source code

click here to download.

相关文章

• ExplorerSuite.13.12.09( 0 )
• Armadillo V6.X Minimum Protection 【脱壳】( 0 )
• 普通壳的脱壳方法和脱壳技巧【转载】( 0 )
• IDA PRO 5.6 Demo( 1 )
• imp64( 0 )
• 文件Hash计算工具（MD5/SHA1/SHA256/CRC32）( 0 )
• Protection ID v0.6.3.5 Public DECEMBER 2009 ( 5 )
• CRACKL@B DvD SHELL 2010( 0 )

Click here to download the file!

相关文章

• VMProtect 1.70.4 破解版( 0 )
• Protection ID v0.6.3.5 Public DECEMBER 2009 ( 5 )
• 加密强壳ZProtect v1.4.1破解版( 0 )
• 南域剑盟文件捆绑器2010( 0 )
• Obsidium v1.3.6.4 【Cracked】( 0 )
• ASProtect SKE 2.51( 1 )
• ( 0 )

程序的壳子：ASProtect 1.23 RC4 – 1.3.08.24 -> Alexey Solodovnikov
用od载入程序，忽略除内存以外的所有异常，如下图。

载入后od会停留在此处：

00401000 >  68 01804B00     push    004B8001
00401005    E8 01000000     call    0040100B
0040100A    C3              retn
0040100B    C3              retn
0040100C    9E              sahf
0040100D    6D              ins     dword ptr es:[edi], dx
0040100E    1963 CD         sbb     dword ptr [ebx-33], esp
00401011    B1 4C           mov     cl, 4C
00401013    FF73 EB         push    dword ptr [ebx-15]
00401016    03D4            add     edx, esp
00401018    E7 48           out     48, eax
0040101A    DA11            ficom   dword ptr [ecx]
0040101C    B3 E7           mov     bl, 0E7
0040101E    66:339D 49B2BC9>xor     bx, word ptr [ebp+9EBCB249]
00401025    A7              cmps    dword ptr [esi], dword ptr es:[e>
00401026    0B49 9E         or      ecx, dword ptr [ecx-62]
00401029    43              inc     ebx

Hideod，否则程序会直接异常退出，不过有的插件隐藏之后会有问题，不知道什么原因。
shift+F9直接运行，注意观察堆栈窗口，出现硬盘指纹（”oBb/DABgLOI=”）的时候就快到最

后一次异常了，当硬盘指纹消失的时候就到达最后一次异常了（据说是26次，不过不知道是

怎么数的我怎么感觉是27次？:)）。

0012FF04 0012FF0C 指向下一个 SEH 记录的指针
0012FF08 00254307 SE处理程序
0012FF0C 0012FFC4 指向下一个 SEH 记录的指针
0012FF10 00254C49 SE处理程序
0012FF14 0012FF58
0012FF18 00240000
0012FF1C 00200000
0012FF20 00254138
0012FF24 01AC4EF8 ASCII “oBb/DABgLOI=”
0012FF28 00000001

最后一次异常会到达下面的地方，注意观察格式会发现类似于：

je xxxxxxxxxx；
……
je yyyyyyyyyy；
……
retn

的这么一个东西，在最后的retn上下f2断点，shift+F9运行，中断后删掉那个F2断点。

002539EC    3100            xor     dword ptr [eax], eax
002539EE    64:8F05 0000000>pop     dword ptr fs:[0]
002539F5    58              pop     eax
002539F6    833D B07E2500 0>cmp     dword ptr [257EB0], 0
002539FD    74 14           je      short 00253A13
002539FF    6A 0C           push    0C
00253A01    B9 B07E2500     mov     ecx, 257EB0
00253A06    8D45 F8         lea     eax, dword ptr [ebp-8]
00253A09    BA 04000000     mov     edx, 4
00253A0E    E8 2DD1FFFF     call    00250B40
00253A13    FF75 FC         push    dword ptr [ebp-4]
00253A16    FF75 F8         push    dword ptr [ebp-8]
00253A19    8B45 F4         mov     eax, dword ptr [ebp-C]
00253A1C    8338 00         cmp     dword ptr [eax], 0
00253A1F    74 02           je      short 00253A23
00253A21    FF30            push    dword ptr [eax]
00253A23    FF75 F0         push    dword ptr [ebp-10]
00253A26    FF75 EC         push    dword ptr [ebp-14]
00253A29    C3              retn	;此处F2断点，shift+F9中断后删除

此时注意观察堆栈窗口：
0012FF24 01AC7228
0012FF28 00400000 iconmake.00400000
0012FF2C A7E1C923
0012FF30 0012FF6C
0012FF34 00240000
0012FF38 00200000
下硬件断点：hr 0012FF30 后直接F9运行会中断到如下的地址处：

01AC7348   /EB 44           jmp     short 01AC738E                   ; F8单步
01AC734A   |EB 01           jmp     short 01AC734D
01AC734C   |9A 51579CFC BF0>call    far 00BF:FC9C5751
01AC7353   |0000            add     byte ptr [eax], al
01AC7355   |00B9 00000000   add     byte ptr [ecx], bh
01AC735B   |F3:AA           rep     stos byte ptr es:[edi]
01AC735D   |9D              popfd
01AC735E   |5F              pop     edi
01AC735F   |59              pop     ecx
01AC7360   |C3              retn
01AC7361   |55              push    ebp
01AC7362   |8BEC            mov     ebp, esp
01AC7364   |53              push    ebx
01AC7365   |56              push    esi
01AC7366   |8B75 0C         mov     esi, dword ptr [ebp+C]
01AC7369   |8B5D 08         mov     ebx, dword ptr [ebp+8]
01AC736C   |EB 11           jmp     short 01AC737F
01AC736E   |0FB703          movzx   eax, word ptr [ebx]
01AC7371   |03C6            add     eax, esi
01AC7373   |83C3 02         add     ebx, 2
01AC7376   |8BD0            mov     edx, eax
01AC7378   |8BC6            mov     eax, esi
01AC737A   |E8 0C000000     call    01AC738B
01AC737F   |66:833B 00      cmp     word ptr [ebx], 0
01AC7383  ^|75 E9           jnz     short 01AC736E
01AC7385   |5E              pop     esi
01AC7386   |5B              pop     ebx
01AC7387   |5D              pop     ebp
01AC7388   |C2 0800         retn    8
01AC738B   |0102            add     dword ptr [edx], eax
01AC738D   |C3              retn
01AC738E   \03C3            add     eax, ebx                         ; F8单步
01AC7390    BB A9000000     mov     ebx, 0A9
01AC7395    0BDB            or      ebx, ebx
01AC7397    75 07           jnz     short 01AC73A0
01AC7399    894424 1C       mov     dword ptr [esp+1C], eax
01AC739D    61              popad
01AC739E    50              push    eax
01AC739F    C3              retn
01AC73A0    E8 00000000     call    01AC73A5
01AC73A5    5D              pop     ebp
01AC73A6    81ED 4DE14B00   sub     ebp, 4BE14D
01AC73AC    8D85 F2E04B00   lea     eax, dword ptr [ebp+4BE0F2]
01AC73B2    8D8D 94E14B00   lea     ecx, dword ptr [ebp+4BE194]
01AC73B8    03CB            add     ecx, ebx
01AC73BA    8941 01         mov     dword ptr [ecx+1], eax
01AC73BD    8D85 36E14B00   lea     eax, dword ptr [ebp+4BE136]
01AC73C3    8D8D FAE04B00   lea     ecx, dword ptr [ebp+4BE0FA]
01AC73C9    8901            mov     dword ptr [ecx], eax
01AC73CB    B8 5E140000     mov     eax, 145E
01AC73D0    8D8D FFE04B00   lea     ecx, dword ptr [ebp+4BE0FF]
01AC73D6    8901            mov     dword ptr [ecx], eax
01AC73D8    8D8D 94E14B00   lea     ecx, dword ptr [ebp+4BE194]
01AC73DE    8D85 94F34B00   lea     eax, dword ptr [ebp+4BF394]
01AC73E4    51              push    ecx
01AC73E5    50              push    eax
01AC73E6    E8 76FFFFFF     call    01AC7361
01AC73EB    61              popad
01AC73EC    EB 02           jmp     short 01AC73F0
01AC73EE    CD20 26EB02CD   vxdjump CD02EB26
01AC73F4    20EB            and     bl, ch
01AC73F6    02CD            add     cl, ch
01AC73F8    208D 6434DD2B   and     byte ptr [ebp+2BDD3464], cl
01AC73FE    E6 83           out     83, al
01AC7400    C41F            les     ebx, fword ptr [edi]
01AC7402    F2:             prefix repne:                            ; 此处F7跟
 
入
01AC7403    EB 01           jmp     short 01AC7406
01AC7405    6989 74240065 E>imul    ecx, dword ptr [ecx+65002474], 8>
01AC740F    C6              ???                                      ; 未知命令
01AC7410    14 FA           adc     al, 0FA
01AC7412    2869 F2         sub     byte ptr [ecx-E], ch
01AC7415    EB 01           jmp     short 01AC7418
01AC7417    E8 BE060000     call    01AC7ADA

直到出现下面的代码停止跟入：

01AC744B    55              push    ebp
01AC744C    8BEC            mov     ebp, esp
01AC744E    6A FF           push    -1
01AC7450    68 881F4700     push    471F88
01AC7455    68 8A624300     push    43628A
01AC745A    64:A1 00000000  mov     eax, dword ptr fs:[0]
01AC7460    EB 02           jmp     short 01AC7464
01AC7462    CD20 50648925   vxdcall 25896450
01AC7468    0000            add     byte ptr [eax], al
01AC746A    0000            add     byte ptr [eax], al
01AC746C    83EC 68         sub     esp, 68
01AC746F    EB 02           jmp     short 01AC7473
01AC7471    CD20 53EB02CD   vxdjump CD02EB53
01AC7477    2056 EB         and     byte ptr [esi-15], dl
01AC747A    02CD            add     cl, ch
01AC747C    2057 89         and     byte ptr [edi-77], dl
01AC747F    65:E8 33DB895D  call    5F364FB8
01AC7485    FC              cld
01AC7486    6A 02           push    2
01AC7488    EB 02           jmp     short 01AC748C
01AC748A    CD20 F2EB010F   vxdjump F01EBF2
01AC7490    68 8F604300     push    43608F
01AC7495    68 4A73AC01     push    1AC734A
01AC749A    C3              retn

复制01AC7460 EB 02 jmp short 01AC7464这一行上面的代码的2进制模

式，如下（stolencode的一部分）：

55 8B EC 6A FF 68 88 1F 47 00 68 8A 62 43 00 64 A1 00 00 00 00
继续F7，复制下面代码到jmp跳转前的二进制模式：

01AC7464    50              push    eax
01AC7465    64:8925 0000000>mov     dword ptr fs:[0], esp
01AC746C    83EC 68         sub     esp, 68

二进制：
50 64 89 25 00 00 00 00 83 EC 68

重复上述操作：

01AC7473    53              push    ebx

二进制：53

01AC7478    56              push    esi

二进制：56
继续F7，复制下面的代码：

01AC747D    57              push    edi
01AC747E    8965 E8         mov     dword ptr [ebp-18], esp
01AC7481    33DB            xor     ebx, ebx
01AC7483    895D FC         mov     dword ptr [ebp-4], ebx
01AC7486    6A 02           push    2

二进制：
57 89 65 E8 33 DB 89 5D FC 6A 02
最后F7到如下的代码处时，开始F8单步往下：

01AC734D    51              push    ecx;开始F8单步
01AC734E    57              push    edi
01AC734F    9C              pushfd
01AC7350    FC              cld
01AC7351    BF 8E73AC01     mov     edi, 1AC738E
01AC7356    B9 5E140000     mov     ecx, 145E
01AC735B    F3:AA           rep     stos byte ptr es:[edi]
01AC735D    9D              popfd
01AC735E    5F              pop     edi
01AC735F    59              pop     ecx
01AC7360    C3              retn

一直往下知道跟踪到最近的一个call停止跟踪：

0043608F    FF15 7CD94600   call    dword ptr [46D97C]               ; F8到此处
 
msvcrt.__set_app_type
00436095    59              pop     ecx
00436096    830D 90A84900 F>or      dword ptr [49A890], FFFFFFFF
0043609D    830D 94A84900 F>or      dword ptr [49A894], FFFFFFFF
004360A4    FF15 78D94600   call    dword ptr [46D978]               ; 
 
msvcrt.__p__fmode

此时网上找就会找到一片零区域，将上面的二进制代码结合到一块最后就是下面的形式：

55 8B EC 6A FF 68 88 1F 47 00 68 8A 62 43 00 64 A1 00 00 00 00 50 64 89 25 00 00

00 00 83 EC 68 53 56 57 89 65 E8 33 DB 89 5D FC 6A 02
将代码以二进制形式粘贴，在代码开始处新建EIP

00436062    55              push    ebp;此处新建EIP
00436063    8BEC            mov     ebp, esp
00436065    6A FF           push    -1
00436067    68 881F4700     push    00471F88
0043606C    68 8A624300     push    0043628A                         ; jmp 到 
 
msvcrt._except_handler3
00436071    64:A1 00000000  mov     eax, dword ptr fs:[0]
00436077    50              push    eax
00436078    64:8925 0000000>mov     dword ptr fs:[0], esp
0043607F    83EC 68         sub     esp, 68
00436082    53              push    ebx
00436083    56              push    esi
00436084    57              push    edi
00436085    8965 E8         mov     dword ptr [ebp-18], esp
00436088    33DB            xor     ebx, ebx
0043608A    895D FC         mov     dword ptr [ebp-4], ebx
0043608D    6A 00           push    0
0043608F    FF15 7CD94600   call    dword ptr [46D97C]               ; 
 
msvcrt.__set_app_type
00436095    59              pop     ecx
00436096    830D 90A84900 F>or      dword ptr [49A890], FFFFFFFF
0043609D    830D 94A84900 F>or      dword ptr [49A894], FFFFFFFF
004360A4    FF15 78D94600   call    dword ptr [46D978]               ; 
 
msvcrt.__p__fmode
004360AA    8B0D 64A54900   mov     ecx, dword ptr [49A564]
004360B0    8908            mov     dword ptr [eax], ecx
004360B2    FF15 74D94600   call    dword ptr [46D974]               ; 
 
msvcrt.__p__commode

最后剩下的就是修复工作了，脱壳最好在xp下进行，因为测试的时候在win7下虽然能够脱壳

，但是修复出来的文件是有问题的，不能正常晕新。～还是xp兼容性好啊！如果有不能识别

的api可以用ASProtect 1.22 插件进行修复，一般的用level 1就能修复了。

相关文章

• IDA + Debug 插件 实现64Bit Exe脱壳( 0 )
• ( 0 )
• Scylla v0.5a- x64/x86 Imports Reconstruction( 0 )
• ( 2 )
• Armadillo V6.X Minimum Protection 【脱壳】( 0 )
• imp64( 0 )
• 普通壳的脱壳方法和脱壳技巧【转载】( 0 )
• 实战IDA PE+ DLL脱壳( 0 )

话说这个东西是前天拿到的，但是当时在家，东西也不全。平直接感觉是加壳了。去peid官方下载了个没有更新特征库的报了个什么都没发现，晕死。

今天重新查壳发现是Armadillo V6.X Minimum Protection -> Silicon Realms Toolworks * Sign.By.fly * 20081227 *，脱壳后发现程序是用bc++写的：

这个文章网上有的，这里只是做个类似笔记的东西，没别的用处（文章本身就是依样画葫芦。）。

1.用od载入程序后，od停在

00660AC2 > $  E8 833C0000   call    0066474A
00660AC7   .^ E9 16FEFFFF   jmp     006608E2
00660ACC  /$  6A 0C         push    0C
00660ACE  |.  68 18436800   push    00684318
00660AD3  |.  E8 641E0000   call    0066293C
00660AD8  |.  8365 E4 00    and     dword ptr [ebp-1C], 0
00660ADC  |.  8B75 08       mov     esi, dword ptr [ebp+8]
00660ADF  |.  3B35 70746800 cmp     esi, dword ptr [687470]
00660AE5  |.  77 22         ja      short 00660B09
00660AE7  |.  6A 04         push    4
00660AE9  |.  E8 C31A0000   call    006625B1
00660AEE  |.  59            pop     ecx
00660AEF  |.  8365 FC 00    and     dword ptr [ebp-4], 0
00660AF3  |.  56            push    esi
00660AF4  |.  E8 01450000   call    00664FFA
00660AF9  |.  59            pop     ecx
00660AFA  |.  8945 E4       mov     dword ptr [ebp-1C], eax
00660AFD  |.  C745 FC FEFFF>mov     dword ptr [ebp-4], -2
00660B04  |.  E8 09000000   call    00660B12
00660B09  |>  8B45 E4       mov     eax, dword ptr [ebp-1C]
00660B0C  |.  E8 701E0000   call    00662981
00660B11  \.  C3            retn

然后利用插件hideod，否则后面的步骤没法执行，会直接弹出检测到调试器的错误提示。下第一个断点BP VirtualProtect，处理IAT加密，下好断点后Shift+F9，注意把握返回时机（缓冲比较大的）。

然后直接alt+F9返回，会跳转到类似下面的代码处：1

00F4D0CC    8B8D C8D5FFFF   mov     ecx, dword ptr [ebp-2A38]
00F4D0D2    51              push    ecx
00F4D0D3    8B95 C4D5FFFF   mov     edx, dword ptr [ebp-2A3C]
00F4D0D9    52              push    edx
00F4D0DA    8B85 74D8FFFF   mov     eax, dword ptr [ebp-278C]
00F4D0E0    0385 C0D5FFFF   add     eax, dword ptr [ebp-2A40]
00F4D0E6    50              push    eax
00F4D0E7    E8 24EA0000     call    00F5BB10
00F4D0EC    83C4 0C         add     esp, 0C
00F4D0EF    8D8D D4D5FFFF   lea     ecx, dword ptr [ebp-2A2C]
00F4D0F5    51              push    ecx
00F4D0F6    8B95 D4D5FFFF   mov     edx, dword ptr [ebp-2A2C]
00F4D0FC    52              push    edx
00F4D0FD    8B85 C8D5FFFF   mov     eax, dword ptr [ebp-2A38]
00F4D103    50              push    eax
00F4D104    8B8D 74D8FFFF   mov     ecx, dword ptr [ebp-278C]
00F4D10A    038D C0D5FFFF   add     ecx, dword ptr [ebp-2A40]
00F4D110    51              push    ecx
00F4D111    FF15 2C31F700   call    dword ptr [F7312C]               ; kernel32.VirtualProtect

在此处搜索命令：push 100，选择整个区段。找到后网上查找push ebp，上面会有甚多的int3中断。类似下面的结构：11

00F0327B    CC              int3
00F0327C    CC              int3
00F0327D    CC              int3
00F0327E    CC              int3
00F0327F    CC              int3
00F03280    55              push    ebp
00F03281    8BEC            mov     ebp, esp
00F03283    83EC 2C         sub     esp, 2C
00F03286    833D 20F6F700 0>cmp     dword ptr [F7F620], 0
00F0328D    75 59           jnz     short 00F032E8
00F0328F    C745 EC D125ACB>mov     dword ptr [ebp-14], BFAC25D1
00F03296    68 00010000     push    100
00F0329B    E8 F6850500     call    00F5B896

修改push ebp为retn，直接返回，然后删除第一个断点。到此第一步结束。
2.下第二个断点BP CreateThread 查找程序OEP Shift+F9一次后会停在下面的代码处：1

7C8106C7 >  8BFF            mov     edi, edi
7C8106C9    55              push    ebp
7C8106CA    8BEC            mov     ebp, esp
7C8106CC    FF75 1C         push    dword ptr [ebp+1C]
7C8106CF    FF75 18         push    dword ptr [ebp+18]
7C8106D2    FF75 14         push    dword ptr [ebp+14]
7C8106D5    FF75 10         push    dword ptr [ebp+10]
7C8106D8    FF75 0C         push    dword ptr [ebp+C]
7C8106DB    FF75 08         push    dword ptr [ebp+8]
7C8106DE    6A FF           push    -1
7C8106E0    E8 D7FDFFFF     call    CreateRemoteThread
7C8106E5    5D              pop     ebp
7C8106E6    C2 1800         retn    18

然后F8单步，直到执行到如下代码处：

00F3658C    50              push    eax
00F3658D    FF15 9032F700   call    dword ptr [F73290]               ; kernel32.CloseHandle
00F36593    5E              pop     esi
00F36594    5B              pop     ebx
00F36595    8BE5            mov     esp, ebp
00F36597    5D              pop     ebp
00F36598    C3              retn

有的文章说alt+f9直接执行到返回，但是我执行时没有效果，所以直接F8单步也可。这里注意观察代码窗口，如果正常的话会出现红色的字体一闪而过，也就是代码正确解压了，否则就是出错了，重复

上面的步骤即可。
然后一直F8在这个调用返回后会执行到如下代码处：

00F53414    83C4 04         add     esp, 4
00F53417    B9 E004F800     mov     ecx, 0F804E0
00F5341C    E8 4F8EFBFF     call    00F0C270
00F53421    0FB6C0          movzx   eax, al
00F53424    85C0            test    eax, eax
00F53426    74 0C           je      short 00F53434
00F53428    6A 01           push    1
00F5342A    B9 E004F800     mov     ecx, 0F804E0
00F5342F    E8 7C7BFCFF     call    00F1AFB0
00F53434    C705 40C7F700 B>mov     dword ptr [F7C740], 0F76EBC
00F5343E    B9 24F6F700     mov     ecx, 0F7F624
00F53443    E8 E8FFFAFF     call    00F03430
00F53448    C745 F0 0000000>mov     dword ptr [ebp-10], 0
00F5344F    8D4D E8         lea     ecx, dword ptr [ebp-18]
00F53452    51              push    ecx
00F53453    68 4035F500     push    0F53540
00F53458    FF15 9801F800   call    dword ptr [F80198]
00F5345E    83C4 08         add     esp, 8
00F53461    8B15 440BF800   mov     edx, dword ptr [F80B44]          ; NB_SMS.00400000
00F53467    8955 E4         mov     dword ptr [ebp-1C], edx
00F5346A    B8 1F000000     mov     eax, 1F
00F5346F    C1E0 02         shl     eax, 2
00F53472    8B0D 2C0BF800   mov     ecx, dword ptr [F80B2C]          ; NB_SMS.0067D398
00F53478    8B15 2C0BF800   mov     edx, dword ptr [F80B2C]          ; NB_SMS.0067D398
00F5347E    8B35 2C0BF800   mov     esi, dword ptr [F80B2C]          ; NB_SMS.0067D398
00F53484    8BB6 88000000   mov     esi, dword ptr [esi+88]
00F5348A    3372 14         xor     esi, dword ptr [edx+14]
00F5348D    333401          xor     esi, dword ptr [ecx+eax]
00F53490    0375 E4         add     esi, dword ptr [ebp-1C]
00F53493    8975 F4         mov     dword ptr [ebp-C], esi
00F53496    8B45 08         mov     eax, dword ptr [ebp+8]
00F53499    8338 00         cmp     dword ptr [eax], 0
00F5349C    75 43           jnz     short 00F534E1
00F5349E    8B0D 2C0BF800   mov     ecx, dword ptr [F80B2C]          ; NB_SMS.0067D398
00F534A4    8B15 2C0BF800   mov     edx, dword ptr [F80B2C]          ; NB_SMS.0067D398
00F534AA    8B81 80000000   mov     eax, dword ptr [ecx+80]
00F534B0    3342 14         xor     eax, dword ptr [edx+14]
00F534B3    8B0D 2C0BF800   mov     ecx, dword ptr [F80B2C]          ; NB_SMS.0067D398
00F534B9    3341 40         xor     eax, dword ptr [ecx+40]
00F534BC    8945 E0         mov     dword ptr [ebp-20], eax
00F534BF    8B55 08         mov     edx, dword ptr [ebp+8]
00F534C2    8B42 18         mov     eax, dword ptr [edx+18]
00F534C5    50              push    eax
00F534C6    8B4D 08         mov     ecx, dword ptr [ebp+8]
00F534C9    8B51 14         mov     edx, dword ptr [ecx+14]
00F534CC    52              push    edx
00F534CD    8B45 08         mov     eax, dword ptr [ebp+8]
00F534D0    8B48 10         mov     ecx, dword ptr [eax+10]
00F534D3    51              push    ecx
00F534D4    8B55 F4         mov     edx, dword ptr [ebp-C]
00F534D7    2B55 E0         sub     edx, dword ptr [ebp-20]
00F534DA    FFD2            call    edx
00F534DC    8945 FC         mov     dword ptr [ebp-4], eax
00F534DF    EB 4B           jmp     short 00F5352C
00F534E1    8B45 08         mov     eax, dword ptr [ebp+8]
00F534E4    8338 01         cmp     dword ptr [eax], 1
00F534E7    75 43           jnz     short 00F5352C
00F534E9    8B0D 2C0BF800   mov     ecx, dword ptr [F80B2C]          ; NB_SMS.0067D398
00F534EF    8B15 2C0BF800   mov     edx, dword ptr [F80B2C]          ; NB_SMS.0067D398
00F534F5    8B81 80000000   mov     eax, dword ptr [ecx+80]
00F534FB    3342 14         xor     eax, dword ptr [edx+14]
00F534FE    8B0D 2C0BF800   mov     ecx, dword ptr [F80B2C]          ; NB_SMS.0067D398
00F53504    3341 40         xor     eax, dword ptr [ecx+40]
00F53507    8945 DC         mov     dword ptr [ebp-24], eax
00F5350A    8B55 08         mov     edx, dword ptr [ebp+8]
00F5350D    8B42 04         mov     eax, dword ptr [edx+4]
00F53510    50              push    eax
00F53511    8B4D 08         mov     ecx, dword ptr [ebp+8]
00F53514    8B51 08         mov     edx, dword ptr [ecx+8]
00F53517    52              push    edx
00F53518    6A 00           push    0
00F5351A    8B45 08         mov     eax, dword ptr [ebp+8]
00F5351D    8B48 0C         mov     ecx, dword ptr [eax+C]
00F53520    51              push    ecx
00F53521    8B55 F4         mov     edx, dword ptr [ebp-C]
00F53524    2B55 DC         sub     edx, dword ptr [ebp-24]
00F53527    FFD2            call    edx                              ; 这里就是程序的入口点，直接F7跟入就到了程序的入口点了
00F53529    8945 FC         mov     dword ptr [ebp-4], eax
00F5352C    8B45 FC         mov     eax, dword ptr [ebp-4]
00F5352F    5E              pop     esi
00F53530    8BE5            mov     esp, ebp
00F53532    5D              pop     ebp
00F53533    C3              retn
00F53534    CC              int3

然后一直F8知道执行的注释中所说的入口点，然后跟入即可：

00401480   /EB 10           jmp     short 00401492
00401482   |66:623A         bound   di, dword ptr [edx]
00401485   |43              inc     ebx
00401486   |2B2B            sub     ebp, dword ptr [ebx]
00401488   |48              dec     eax
00401489   |4F              dec     edi
0040148A   |4F              dec     edi
0040148B   |4B              dec     ebx
0040148C   |90              nop
0040148D  -|E9 98F05100     jmp     0092052A
00401492   \A1 8BF05100     mov     eax, dword ptr [51F08B]
00401497    C1E0 02         shl     eax, 2
0040149A    A3 8FF05100     mov     dword ptr [51F08F], eax
0040149F    52              push    edx
004014A0    6A 00           push    0
004014A2    E8 CFCF1100     call    0051E476                         ; jmp 到 kernel32.GetModuleHandleA
004014A7    8BD0            mov     edx, eax
004014A9    E8 129C0F00     call    004FB0C0
004014AE    5A              pop     edx
004014AF    E8 709B0F00     call    004FB024

到此最主要的工作就完成了，剩下的就是修复了。
3.这里需要说明的是，修复输入表的时候由于输入表不连续直接修复会有很多指针无效：

0051E368  - FF25 20115600   jmp     dword ptr [561120]               ; ADVAPI32.GetUserNameA
0051E36E  - FF25 24115600   jmp     dword ptr [561124]               ; ADVAPI32.RegCloseKey
0051E374  - FF25 28115600   jmp     dword ptr [561128]               ; ADVAPI32.RegCreateKeyExA
0051E37A  - FF25 2C115600   jmp     dword ptr [56112C]               ; ADVAPI32.RegOpenKeyExA
0051E380  - FF25 30115600   jmp     dword ptr [561130]               ; ADVAPI32.RegQueryValueExA
0051E386  - FF25 34115600   jmp     dword ptr [561134]               ; ADVAPI32.RegSetValueExA
0051E38C  - FF25 14135600   jmp     dword ptr [561314]               ; kernel32.Beep
0051E392  - FF25 18135600   jmp     dword ptr [561318]               ; kernel32.CloseHandle
0051E398  - FF25 1C135600   jmp     dword ptr [56131C]               ; kernel32.CompareStringA
0051E39E  - FF25 20135600   jmp     dword ptr [561320]               ; kernel32.CreateDirectoryA
0051E3A4  - FF25 24135600   jmp     dword ptr [561324]               ; kernel32.CreateEventA
0051E3AA  - FF25 28135600   jmp     dword ptr [561328]               ; kernel32.CreateFileA
0051E3B0  - FF25 2C135600   jmp     dword ptr [56132C]               ; kernel32.CreateThread
0051E3B6  - FF25 30135600   jmp     dword ptr [561330]               ; kernel32.DebugBreak
0051E3BC  - FF25 34135600   jmp     dword ptr [561334]               ; ntdll.RtlDeleteCriticalSection
0051E3C2  - FF25 38135600   jmp     dword ptr [561338]               ; kernel32.DeleteFileA
0051E3C8  - FF25 3C135600   jmp     dword ptr [56133C]               ; ntdll.RtlEnterCriticalSection
0051E3CE  - FF25 40135600   jmp     dword ptr [561340]               ; kernel32.EnumCalendarInfoA
0051E3D4  - FF25 44135600   jmp     dword ptr [561344]               ; kernel32.ExitProcess
0051E3DA  - FF25 48135600   jmp     dword ptr [561348]               ; kernel32.FileTimeToDosDateTime
0051E3E0  - FF25 4C135600   jmp     dword ptr [56134C]               ; kernel32.FileTimeToLocalFileTime
0051E3E6  - FF25 50135600   jmp     dword ptr [561350]               ; kernel32.FindClose
0051E3EC  - FF25 54135600   jmp     dword ptr [561354]               ; kernel32.FindFirstFileA
0051E3F2  - FF25 58135600   jmp     dword ptr [561358]               ; kernel32.FindNextFileA
0051E3F8  - FF25 5C135600   jmp     dword ptr [56135C]               ; kernel32.FindResourceA
0051E3FE  - FF25 60135600   jmp     dword ptr [561360]               ; kernel32.FormatMessageA
0051E404  - FF25 64135600   jmp     dword ptr [561364]               ; kernel32.FreeLibrary
0051E40A  - FF25 68135600   jmp     dword ptr [561368]               ; kernel32.FreeResource
0051E410  - FF25 6C135600   jmp     dword ptr [56136C]               ; kernel32.GetACP
0051E416  - FF25 70135600   jmp     dword ptr [561370]               ; kernel32.GetCPInfo
0051E41C  - FF25 74135600   jmp     dword ptr [561374]               ; kernel32.GetCommandLineA
0051E422  - FF25 78135600   jmp     dword ptr [561378]               ; kernel32.GetComputerNameA
0051E428  - FF25 7C135600   jmp     dword ptr [56137C]               ; kernel32.GetCurrentProcessId
0051E42E  - FF25 80135600   jmp     dword ptr [561380]               ; kernel32.GetCurrentThreadId
0051E434  - FF25 84135600   jmp     dword ptr [561384]               ; kernel32.GetDateFormatA
0051E43A  - FF25 88135600   jmp     dword ptr [561388]               ; kernel32.GetDiskFreeSpaceA
0051E440  - FF25 8C135600   jmp     dword ptr [56138C]               ; kernel32.GetEnvironmentStringsA
0051E446  - FF25 90135600   jmp     dword ptr [561390]               ; kernel32.GetEnvironmentVariableA
0051E44C  - FF25 94135600   jmp     dword ptr [561394]               ; kernel32.GetFileAttributesA
0051E452  - FF25 98135600   jmp     dword ptr [561398]               ; kernel32.GetFileSize
0051E458  - FF25 9C135600   jmp     dword ptr [56139C]               ; kernel32.GetFileType
0051E45E  - FF25 A0135600   jmp     dword ptr [5613A0]               ; ntdll.RtlGetLastWin32Error
0051E464  - FF25 A4135600   jmp     dword ptr [5613A4]               ; kernel32.GetLocalTime
0051E46A  - FF25 A8135600   jmp     dword ptr [5613A8]               ; kernel32.GetLocaleInfoA
0051E470  - FF25 AC135600   jmp     dword ptr [5613AC]               ; kernel32.GetModuleFileNameA
0051E476  - FF25 B0135600   jmp     dword ptr [5613B0]               ; kernel32.GetModuleHandleA
0051E47C  - FF25 B4135600   jmp     dword ptr [5613B4]               ; kernel32.GetOEMCP
0051E482  - FF25 B8135600   jmp     dword ptr [5613B8]               ; kernel32.GetPrivateProfileStringA
0051E488  - FF25 BC135600   jmp     dword ptr [5613BC]               ; kernel32.GetProcAddress
0051E48E  - FF25 C0135600   jmp     dword ptr [5613C0]               ; kernel32.GetProcessHeap
0051E494  - FF25 C4135600   jmp     dword ptr [5613C4]               ; kernel32.GetProfileStringA
0051E49A  - FF25 C8135600   jmp     dword ptr [5613C8]               ; kernel32.GetStartupInfoA
0051E4A0  - FF25 CC135600   jmp     dword ptr [5613CC]               ; kernel32.GetStdHandle
0051E4A6  - FF25 D0135600   jmp     dword ptr [5613D0]               ; kernel32.GetStringTypeA
0051E4AC  - FF25 D4135600   jmp     dword ptr [5613D4]               ; kernel32.GetStringTypeExA
0051E4B2  - FF25 D8135600   jmp     dword ptr [5613D8]               ; kernel32.GetStringTypeW
0051E4B8  - FF25 DC135600   jmp     dword ptr [5613DC]               ; kernel32.GetSystemDefaultLangID
0051E4BE  - FF25 E0135600   jmp     dword ptr [5613E0]               ; kernel32.GetSystemInfo
0051E4C4  - FF25 E4135600   jmp     dword ptr [5613E4]               ; kernel32.GetThreadLocale
0051E4CA  - FF25 E8135600   jmp     dword ptr [5613E8]               ; kernel32.GetTickCount
0051E4D0  - FF25 EC135600   jmp     dword ptr [5613EC]               ; kernel32.GetTimeZoneInformation

这里可以发现第一个dll的输入表距离第二个dll的输入表较远，直接修复得到的指针都是无效的，这里需要先修复第一个，然后再修复后面的即可：
第一次按照iat自动搜索的结结果修复即可，长度填100，目标是先修复第一个dll的输入表：
第二次填出第二个dll的起始位置：161314长度填1000直接搜索删除无效指针，修复dump后的文件即可.

相关文章

• ( 0 )
• IDA + Debug 插件 实现64Bit Exe脱壳( 0 )
• 实战IDA PE+ DLL脱壳( 0 )
• imp64( 0 )
• 普通壳的脱壳方法和脱壳技巧【转载】( 0 )
• ( 2 )
• Scylla v0.5a- x64/x86 Imports Reconstruction( 0 )
• ( 0 )

2008-04-05 20:47 220 32Lite 0.03a OEP Finder v0.1.txt
2006-01-15 00:00 218 32Lite 0.03a OEP V0.1.txt
2008-05-18 00:33 218 32LITE 0.03A OEP-FINDER V.0.1.txt
2004-11-14 19:55 218 32Lite 0.03a.txt
2008-05-18 00:33 2,490 ActiveMark 5.4x Level 2 EP Finder + Fix CRC.txt
2008-05-18 00:33 1,380 ActiveMark 5.4x Remove Selfchecks.txt
2008-05-18 00:33 474 ActiveMark 5.xx Level 2 EP Finder.txt
2006-01-15 00:00 801 ActiveMark Level 2 EP Finder.txt
2006-01-15 00:00 441 ActiveMark Patching Script.txt
2008-04-05 20:50 2,648 activemark54x.txt
2008-04-05 20:50 4,919 AddrEnc.txt
2008-04-05 20:50 1,075 AHpack 0.1 OEP Finder .txt
2008-04-05 20:50 1,017 AHTeam EP Protector 0.3a.txt
2008-04-05 20:50 1,227 AHTeam EP Protector 0.3b.txt
2006-01-15 00:00 3,515 Alex Protector 1.0 Beta 2 Fix IAT + Remove Junk Code v0.1.txt
2008-04-05 20:50 3,515 ALEX PROTECTOR 1.0 BETA2 V0.1.txt
2006-01-15 00:00 3,515 ALEX Protector1.0.txt
2008-04-05 20:50 801 AM.level2.ep.finder.txt
2008-04-05 20:51 396 AM.patching.script.txt

2004-07-14 19:44 767 anti-debug_lastex.txt
2004-06-10 12:10 7,207 Arm 3.7Std_release.txt
2008-04-05 20:51 3,301 arm IAT Elimination.txt
2008-04-05 20:51 540 ARM PROTECTOR 0.1 – EXE SHIELD 0.8 OEP FINDER.txt
2006-01-15 00:00 540 ARM Protector 0.1 OEP Finder.txt
2005-02-08 00:53 1,655 Arma-General.txt
2004-07-14 19:44 7,194 arma37.txt
2008-04-05 20:52 359 arma4.30a.txt
2006-01-15 00:00 2,283 Armadillo 3.6x – 4.xx OEP Finder + Fix Magic Jumps.txt
2006-09-10 12:30 7,194 Armadillo 3.70 Unpack.txt
2006-01-15 00:00 4,010 Armadillo 3.xx – 4.00 Nanomites VA Finder v1.0.txt
2006-09-10 12:31 3,001 Armadillo 3.xx DLL Unpack v0.1.txt
2006-01-15 00:00 1,635 Armadillo 3.xx Unpack (Standard Protection) v0.1.txt
2006-01-15 00:00 856 Armadillo 4.20 Public Builds OEP Finder (only for CopyMem2 + Debug Blocker).txt
2008-04-05 20:52 1,820 Armadillo 4.30a – standard script.txt
2006-09-10 12:31 1,715 Armadillo 4.30a Simple Unpacking Script.txt
2008-04-05 20:53 3,009 Armadillo 4.42 CopyMem2 Decrypt Code Sections.txt
2008-04-05 20:53 4,968 Armadillo 4.42 CopyMem2 Detach from Client + Fix Import Table Elimination.txt
2006-09-10 12:31 3,752 Armadillo 4.xx CopyMem2 (Fix IAT).txt
2006-01-15 00:00 853 Armadillo 4.xx OEP Finder.txt
2008-04-05 20:53 319 Armadillo ArmVar.txt
2008-04-05 20:53 6,357 Armadillo CheckFlags v2.txt
2006-01-15 00:00 3,250 Armadillo Detach from Client + Unpack (Hipu 1000 Bytes Method).txt
2006-01-15 00:00 7,272 Armadillo Detach from Client + Unpack (Ricardo 1000 Bytes Method) v0.1.txt
2006-01-15 00:00 8,127 Armadillo Detach from Client + Unpack (Tenketsu 1000 Bytes Method) v0.1.txt
2006-01-15 00:00 1,388 Armadillo Detach from Client.txt
2006-01-15 00:00 941 Armadillo Detach.txt
2006-01-15 00:00 1,018 Armadillo Detective (Debug Blocker or CopyMem2).txt
2006-01-15 00:00 6,625 Armadillo Detective v1.00.txt
2006-01-15 00:00 1,635 Armadillo Find Nag.txt
2006-01-15 00:00 7,684 Armadillo IAT Destruction.txt
2008-04-05 20:54 3,176 Armadillo IAT Eliminator.txt
2008-04-05 20:54 461 Armadillo IAT Script v2.txt
2008-04-05 20:54 274 Armadillo Magic Jump Finder.txt
2008-04-05 20:54 3,870 Armadillo NanoTables v2.txt
2006-01-15 00:00 921 Armadillo OEP Finder (CopyMem2).txt
2006-01-15 00:00 3,083 Armadillo OEP Finder + Fix Magic Jumps + Fix Anti-Dump.txt
2006-01-15 00:00 606 Armadillo OpenMutexA.txt
2006-01-15 00:00 1,468 Armadillo Repair IAT Elimination.txt
2006-01-15 00:00 1,500 Armadillo Standard (Pause).txt
2006-01-15 00:00 1,655 Armadillo Standard Unpack (Specific).txt
2006-01-15 00:00 1,994 Armadillo Standard Unpack + Strategic Code Splicing.txt
2006-01-15 00:00 1,637 Armadillo Standard Unpack.txt
2006-01-15 00:00 5,325 Armadillo V4.0-V4.4.Standard.Protection OEP Finder.txt
2005-11-07 18:19 5,533 Armadillo V4.0-V4.4.Standard.Protection.osc
2004-11-28 20:40 6,625 ARMADiLLO_Detective_v1.00_ollyscript.txt
2003-12-30 03:51 6,625 ARMADiLLO_Detective_v1_ollyscript.txt
2004-07-14 19:44 1,323 arma_detach.txt
2004-07-14 19:44 3,109 arma_unpack.txt
2008-04-05 20:55 921 armcopy2-1.txt
2008-04-05 20:51 3,159 arm_3x_dll.txt
2008-04-05 20:51 1,635 arm_3x_unpack.txt
2008-04-05 20:51 856 arm_4x_debug_blocker_copymem_oep_finder.txt
2008-04-05 20:51 815 arm_4x_oep_finder.txt
2008-04-05 20:51 3,083 arm_anti_dump.txt
2008-04-05 20:51 1,994 arm_code_splicing_unpack.txt
2008-04-05 20:51 921 arm_copymem.txt
2008-04-05 20:51 1,388 arm_detach.txt
2008-04-05 20:51 3,250 arm_detach_1000_bytes_method.txt
2008-04-05 20:51 6,636 arm_detective.txt
2008-04-05 20:51 784 arm_getmodule.txt
2008-04-05 20:51 2,285 arm_magic_jump.txt
2008-04-05 20:51 7,684 arm_oep_finder.txt
2008-04-05 20:51 606 arm_open_mutexa.txt
2008-04-05 20:52 432 arm_script_rica.txt
2008-04-05 20:52 1,655 arm_standard.txt
2008-04-05 20:52 4,010 arm_va_finder.txt
2008-04-05 20:55 219 asp2.1oep.txt
2006-01-15 00:00 391 ASPack (a).txt
2006-01-15 00:00 126 ASPack (b).txt
2006-01-15 00:00 265 ASPack 1.08.02 OEP Finder.txt
2008-04-05 20:55 243 ASPACK 1.X-2.X OEP FINDER V.0.1.txt
2004-11-14 15:40 243 ASpack 1.x-2.x.txt
2006-01-15 00:00 663 ASPack 2.11 OEP Finder.txt
2006-01-15 00:00 1,730 ASPack 2.12 DLL Unpack Finder.txt
2008-04-05 20:55 1,727 ASPACK 2.12 DLL UNPACK SCRIPT.txt
2006-01-15 00:00 612 ASPack 2.12 OEP Finder #1.txt
2006-01-15 00:00 950 ASPack 2.12 OEP Finder #2.txt
2006-01-15 00:00 247 ASPack 2.12 OEP Finder #3.txt
2008-05-18 00:33 948 ASPACK 2.12 [DeAtH HaS cOMe].txt
2008-05-18 00:33 607 ASPACK 2.12 [dOsKey].txt
2008-05-18 00:33 612 ASPACK 2.12 [hacnho[VCT2k4]].txt
2008-05-18 00:33 242 ASPACK 2.12 [Reverend].txt
2005-11-24 02:28 1,726 aspack.212.dll-unpack.txt
2005-11-24 02:28 242 aspack.212.oep.txt
2004-07-14 19:44 113 aspack.txt
2008-04-05 20:55 1,838 ASPACKDLL.txt
2004-07-14 19:44 252 aspack_1.08.02.txt
2004-07-14 19:44 590 aspack_212.txt
2008-04-05 20:55 911 aspoepgen.txt
2004-01-23 19:16 132 ASPR 1.23RC4.txt
2004-05-27 01:28 937 ASPR 1.23RC4findOEP.txt
2006-08-07 15:44 33,902 Aspr2.XX_IATfixer_v2.2s.osc
2007-01-15 09:52 128,069 Aspr2.XX_unpacker_v1.0SC.osc
2008-02-18 15:09 133,459 Aspr2.XX_unpacker_v1.13SC.osc
2004-07-14 19:44 158 asprbp.txt
2008-04-05 20:56 6,536 Aspro2_AIP2.txt
2006-01-15 00:00 182 ASProtect #1 Breakpoint Last Exception.txt
2006-01-15 00:00 259 ASProtect #2 Find Stolen Bytes.txt
2006-01-15 00:00 131 ASProtect #3 Last Exception.txt
2006-01-15 00:00 934 ASProtect #4 OEP Finder.txt
2006-01-15 00:00 822 ASProtect #5 Anti-Debug Last Exception.txt
2008-04-05 20:56 1,167 ASProtect 1.0 OEP Finder.txt
2008-04-05 20:56 1,237 ASPROTECT 1.0 UNPACKING SCRIPT 0.1.txt
2008-04-05 20:56 673 ASPROTECT 1.2 – 1.2c OEP-FINDER.txt
2008-04-05 20:56 301 ASPROTECT 1.2-1.2C OEP FINDER V.0.1.txt
2004-11-22 13:55 301 ASProtect 1.2-1.2c.txt
2006-01-15 00:00 674 ASProtect 1.20 – 1.20c OEP Finder.txt
2006-01-15 00:00 1,044 ASProtect 1.22 – 1.23 Beta 21 – Find OEP and stolen bytes.txt
2006-01-15 00:00 559 ASProtect 1.22 – 1.23 Beta 21 – Find target’s OEP.txt
2008-04-05 20:56 1,044 ASProtect 1.22 – 1.23 Beta 21 OEP Finder and Stolen Bytes.txt
2008-04-05 20:57 740 ASProtect 1.22 – 1.23 Beta 21 OEP Finder v0.1b.txt
2008-04-05 20:57 559 ASProtect 1.22 – 1.23 Beta 21 OEP Finder.txt
2008-05-18 00:33 568 ASPROTECT 1.22 – 1.23 BETA 21 [1].txt
2008-05-18 00:33 1,045 ASPROTECT 1.22 – 1.23 BETA 21 [2].txt
2004-11-22 15:34 794 ASPROTECT 1.22 – 1.23 BETA 21-RC1.txt
2005-03-08 21:30 1,057 ASProtect 1.22 – 1.23 Beta 21.txt
2008-04-05 20:57 767 Asprotect 1.23 RC4 Anti-Debug + Last Exception.txt
2008-04-05 20:57 790 ASPROTECT 1.23 RC4 OEP-FINDER.txt
2004-08-04 04:35 788 Asprotect 1.23 RC4.txt
2008-04-05 20:57 1,159 ASProtect 1.2x – 1(1).txt
2006-01-15 00:00 1,351 ASProtect 1.2x – 1.3x (Registered) OEP Finder & Olly Hide.txt
2008-05-18 00:33 1,324 ASPROTECT 1.2x – 1.3x [REGISTERED] 2.txt
2005-04-17 20:29 1,270 ASPROTECT 1.2x – 1.3x [REGISTERED].txt
2008-04-05 20:57 1,254 ASProtect 1.2x – 1.txt
2008-04-05 20:57 458 ASProtect 1.3 Lite OEP Finder.txt
2008-04-05 20:57 696 ASProtect 1.3 Repair Sto.txt
2006-01-15 00:00 2,064 Asprotect 1.30b Import Recovery + OEP Finder (Delphi & ImageBase 400000).txt
2006-01-15 00:00 1,588 ASProtect 1.30b Stolen Code Finder v0.1.txt
2008-05-18 00:33 1,924 ASPROTECT 1.30b [Mario555].txt
2006-01-15 00:00 2,766 ASProtect 1.31b Import Recovery + OEP Finder (Delphi & Imagebase 400000).txt
2008-04-05 20:58 2,577 ASProtect 1.31b Import Recovery + OEP Finder (Delphi).txt
2008-05-18 00:33 2,577 ASPROTECT 1.31b [Mario555].txt
2008-04-05 20:58 1,588 ASPROTECT 1.3b STOLEN CODE FINDER.txt
2008-04-05 20:58 17,964 ASProtect 1.3x – 2.xx IAT Repair Script v1.02.txt
2008-04-05 20:58 2,297 ASProtect 1.3x – 2.xx OEP Finder v0.1.txt
2006-01-15 00:00 1,343 ASProtect 1.3x OEP Finder #1.txt
2006-01-15 00:00 1,322 ASProtect 1.3x OEP Finder #2.txt
2006-01-15 00:00 2,374 ASProtect 1.3x OEP Finder #3.txt
2008-04-05 20:58 4,706 ASProtect 1.3x OEP Finder + IAT Rebuilder (Call to Call).txt
2008-04-05 20:59 3,799 ASProtect 1.3x OEP Finder + IAT Rebuilder (Call to JMP).txt
2008-04-05 20:59 1,924 ASProtect 1.txt
2008-04-05 20:59 5,623 ASProtect 1.xx Generic OEP Finder + IAT Recovery.txt
2006-01-15 00:00 2,425 ASProtect 2.0 Clear Junk Code + Stop Stolen Code.txt
2006-01-15 00:00 8,462 ASProtect 2.0 Import Recovery + Scrambled Code Recovery (Delphi & Imagebase 400000).txt
2006-01-15 00:00 885 ASProtect 2.0 OEP Finder.txt
2008-04-05 20:59 897 ASPROTECT 2.0 OEP-FINDER .txt
2008-04-05 20:59 2,313 ASProtect 2.0 Stop Stolen Code.txt
2008-05-18 00:33 8,447 ASPROTECT 2.0 UNPACK SCRIPT [DELPHI].txt
2004-12-14 22:19 8,460 ASProtect 2.0 Unpack.txt
2005-01-09 02:11 854 Asprotect 2.00 OEP.txt
2005-01-09 02:10 8,446 Asprotect 2.00 unpacker.txt
2008-04-05 20:59 960 ASProtect 2.0x Automatic SHIFT+F9.txt
2008-04-05 20:59 2,313 ASProtect 2.0x Clear Junk Code + Stop Stolen Code.txt
2008-04-05 20:59 5,149 ASProtect 2.0x Fix IAT with Import Elimination Optimized.txt
2008-04-05 20:59 2,986 ASProtect 2.0x Fix IAT.txt
2008-04-05 20:59 1,670 ASProtect 2.0x Log all HIGHMEM Calls.txt
2008-04-05 20:59 1,468 ASProtect 2.0x OEP Finder + Stolen Code Finder + Fix IAT Jumps.txt
2008-04-05 20:59 2,078 ASProtect 2.0x Patch JMP or CALL.txt
2008-04-05 20:59 3,214 ASProtect 2.0x Rebuild Thunks for VC++.txt
2008-05-18 00:33 3,629 ASProtect 2.0x Resolve API’s To HIGHMEM Calls(1).txt
2008-05-18 00:33 3,629 ASProtect 2.0x Resolve API’s to HIGHMEM Calls.txt
2008-04-05 21:00 199 ASProtect 2.1 OEP Finder.txt
2008-04-05 21:00 3,400 ASProtect 2.3 Build 04.26 OEP Finder v1.01.txt
2008-04-05 21:00 8,022 ASProtect 2.txt
2006-01-15 00:00 6,051 ASProtect 2.x Fix IAT with Import Elimination #1.txt
2006-01-15 00:00 6,536 ASProtect 2.x Fix IAT with Import Elimination #2.txt
2006-01-15 00:00 6,932 ASProtect 2.x Fix IAT with Import Elimination #3.txt
2008-04-05 21:00 2,605 ASProtect 2.x Stop stolen code.txt
2008-04-05 21:00 3,083 ASProtect 2.xx IAT Recovery.txt
2008-04-05 21:00 1,503 ASProtect 2.xx Virtual Machine Jump Redirector.txt
2008-04-05 21:00 36,512 ASProtect 2.xx Virtual Machine Rebuilder.txt
2008-04-05 21:00 158 ASProtect BP.txt
2006-01-15 00:00 5,962 ASProtect Generic OEP Finder and Import Recovery.txt
2008-05-18 00:33 5,962 ASPROTECT GENERIC SCRIPT [Orion].txt
2006-01-15 00:00 1,343 ASProtect Last Exception + OEP.txt
2006-01-15 00:00 833 ASProtect OEP Finder (all versions).txt
2006-01-15 00:00 935 ASProtect OEP Finder.txt
2006-01-15 00:00 259 ASProtect Stolen Code Finder.txt
2008-04-05 21:01 259 ASProtect Stolen Code.txt
2008-04-05 21:01 2,425 ASPROTECT TEST SCRIPT V2.0.txt
2005-11-24 02:29 673 asprotect.12.12c.oep.txt
2008-04-05 21:01 8,470 ASProtect.v2.0.txt
2006-01-15 00:00 1,237 Asprotect1.0.txt
2004-11-18 12:28 694 Asprotect1.x.txt
2004-07-14 19:44 1,485 asprotect_13b_stolen_code.txt
2004-07-14 19:44 855 asprsoep.txt
2004-07-14 19:44 223 asprsto.txt
2005-11-24 02:29 1,045 aspr_1.22-1.23.oep.stolenbytes.txt
2004-07-14 19:44 734 aspr_123_rc4.txt
2004-07-14 19:44 1,924 aspr_130b.txt
2004-07-14 19:44 2,577 aspr_131b.txt
2005-11-24 02:30 897 aspr_2.0.oep.txt
2005-11-24 02:30 8,447 aspr_2.0.unpack.txt
2008-04-05 20:56 6,934 ASPr_API.txt
2004-07-14 19:44 5,623 aspr_generic.txt
2006-01-15 00:00 149 BamBam 0.01 OEP Finder.txt
2008-04-05 21:01 2,282 Beria 0.07 – OEP Finder + Detach Process.txt
2008-04-05 21:01 2,282 Beria 0.07 – OEP Finder.txt
2008-04-05 21:01 1,398 Copy of arm_detach.txt
2008-04-05 21:01 6,513 copymem.txt
2006-01-15 00:00 265 Crunch 5.0.txt
2006-01-15 00:00 333 Crunch v1.0 Heuristic.txt
2004-11-22 11:04 333 Crunch v1.0.txt
2008-04-05 21:01 337 CRUNCHPE HEURISTIC OEP FINDER V.0.1.txt
2008-04-05 21:01 315 CrunchPE Heuristic OEP Finder v0.1.txt
2004-11-26 19:17 337 CrunchPE Heuristic.txt
2006-01-15 00:00 288 Crypt 1.0 OEP Finder & Unpacker.txt
2008-04-05 21:02 288 CRYPT 1.0 OEP-FINDER & UNPACKER.txt
2008-04-05 21:02 288 Crypt 1.txt
2005-11-24 02:30 288 crypt.1.0.txt
2006-01-15 00:00 1,419 DBPE 2.x OEP Finder v0.1.txt
2006-01-15 00:00 2,732 DBPE 2.x OEP Finder v0.2.txt
2006-01-15 00:00 1,779 DBPE 2.x OEP Finder v0.3.txt
2006-01-15 00:00 2,828 DBPE 2.x OEP Finder v0.4.txt
2008-05-18 00:33 2,604 DBPE 2.x OEP-FINDER 0.3 [loveboom].txt
2008-05-18 00:33 2,828 DBPE 2.x OEP-FINDER 0.4 [loveboom].txt
2008-04-05 21:02 1,361 DBPE 2.x Unpack v0.1.txt
2008-04-05 21:02 1,361 DBPE 2.x Unpack.txt
2008-05-18 00:33 1,779 DBPE 2.x [loveboom].txt
2005-11-24 02:30 1,779 DBPE.2x.oep.txt
2004-07-14 19:44 2,604 dbpe2x.txt
2004-07-14 19:44 1,361 dbpe_2.x.txt
2009-08-18 10:00 <DIR> Delphi & VB事件断点查找脚本
2008-04-05 21:02 7,272 DetachFarther_MethodRicardo_hipu_benina.txt
2008-04-05 21:02 8,127 DetachFarther_MethodTenketsu_hipu_benina.txt
2008-04-05 21:02 866 Duals eXe 1.0 OEP Finder.txt
2008-04-05 21:02 214 Dxpack 0.86 OEP Finder v0.1.txt
2006-01-15 00:00 227 DXPACK 0.86.txt
2006-01-15 00:00 1,498 Encrypt PE 2003.5.18 OEP Finder v0.1.txt
2008-04-05 21:02 1,498 ENCRYPTPE 2003.5.18 OEP FINDER 0.1.txt
2009-02-13 11:47 <DIR> EncryptPE V2.2007.4.11.Service UnPacK脚本
2008-04-05 21:02 2,908 Enigma 1.02 OEP Finder.txt
2008-05-18 00:33 3,588 Enigma 1.txt
2008-05-18 00:33 882 Escargot 0.1 OEP Finder.txt
2008-05-18 00:33 479 EXE Shield 0.5 to 0.8 OEP Finder.txt
2006-01-15 00:00 540 Exe Shield 0.8 OEP Finder.txt
2004-11-19 23:32 1,434 EXE Stealth2.72.txt
2004-03-14 19:39 710 EXE Stealth2.74.txt
2006-01-15 00:00 476 Exe32Pack 1.3X OEP Finder.txt
2004-11-24 12:49 476 EXE32Pack 1.3X.txt
2006-01-15 00:00 630 Exe32Pack 1.42 OEP Finder & Unpacker.txt
2008-05-18 00:33 635 EXE32PACK 1.42 OEP FINDER.txt
2006-01-15 00:00 698 Exe32Pack 1.43 OEP Finder & Unpacker.txt
2008-05-18 00:33 698 Exe32Pack 1.43 OEP Finder.txt
2008-05-18 00:33 691 Exe32pack 1.43…, OEP Finder & Unpacker.txt
2008-05-18 00:33 630 Exe32Pack 1.txt
2006-01-15 00:00 929 ExeCryptor 1.53 OEP Finder v0.1.txt
2006-01-15 00:00 955 ExeCryptor 1.5x OEP Finder v0.1.txt
2008-05-18 00:33 901 EXECRYPTOR 1.5x OEP-FINDER.txt
2006-01-15 00:00 2,206 ExeCryptor 2.xx IAT Rebuilder v1.1.txt
2008-05-18 00:33 876 ExeCryptor1.53 OEP Finder v0.1.txt
2004-07-14 19:44 901 execryptor_1.5x.txt
2008-04-17 10:31 9,849 Execryptor_IAT_Fixer_1.01&amp
2008-05-18 00:33 479 EXESHIELD 0.5 – 0.8 (ARM PROTECTOR 0.1).txt
2006-01-15 00:00 499 ExeShield 0.5 to 0.8 OEP Finder.txt
2008-05-18 00:33 513 ExeShield 0.8 OEP Finder.txt
2004-07-14 19:44 479 exeshield_0x.txt
2006-01-15 00:00 458 ExeStealth 2.7 OEP Finder v0.1.txt
2008-05-18 00:33 406 EXESTEALTH 2.7 OEP-FINDER.txt
2006-01-15 00:00 1,434 ExeStealth 2.72 OEP Finder & Patch IAT v0.1.txt
2006-01-15 00:00 682 ExeStealth 2.74 OEP Finder v0.1.txt
2008-05-18 00:33 648 EXESTEALTH 2.74 OEP-FINDER.txt
2006-01-15 00:00 1,053 ExeStealth 3.04 & Morphine 2.7 OEP Finder.txt
2008-05-18 00:33 1,037 EXESTEALTH 3.04 AND MORPHINE 2.7.txt
2004-07-14 19:44 406 exestealth_2.7.txt
2004-07-14 19:44 648 exestealth_2.74.txt
2008-05-18 00:33 1,053 exestealth_3.04_morphie_2.7.txt
2006-01-15 00:00 1,906 eXPressor 1.2 OEP Finder.txt
2008-05-18 00:33 1,839 EXPRESSOR 1.2.0.1 OEP FINDER.txt
2006-01-15 00:00 127 eXPressor 1.3.0.1 OEP Finder.txt
2006-01-15 00:00 589 EZip 1.0 OEP Finder #1.txt
2006-01-15 00:00 546 EZip 1.0 OEP Finder #2.txt
2006-01-15 00:00 519 EZip 1.0 OEP Finder #3.txt
2008-05-18 00:33 569 EZIP 1.0 OEP FINDER.txt
2004-11-14 15:56 295 EZIP 1.0.txt
2004-07-14 19:44 569 ezip_10.txt
2008-04-05 21:02 291 E_ZIP 1.0 OEP-FINDER & UNPACKER.txt
2008-05-18 00:33 590 FatMike DLL Loader Script.txt
2008-05-18 00:33 503 FatMike IAT Resolver Script.txt
2006-01-15 00:00 2,379 Flexlm 7.2 Seedfinder v2.0.txt
2008-05-18 00:33 2,379 FLEXLM 7.2+ SEEDFINDER SCRIPT.txt
2005-11-24 02:31 2,379 flexlm.7.2+.txt
2006-01-15 00:00 2,497 FOR GATHERING IAT INFORMATION.txt
2008-05-18 00:33 177 FRENCH LAYOR 1.81 – OEP FINDER.txt
2008-05-18 00:33 166 French Layor 1.81 OEP Finder.txt
2008-05-18 00:33 220 FSG 1.0 OEP-FINDER.txt
2006-01-15 00:00 220 FSG 1.00 OEP Finder #1.txt
2006-01-15 00:00 852 FSG 1.00 OEP Finder #2.txt
2008-05-18 00:33 207 FSG 1.00 OEP Finder.txt
2008-05-18 00:33 833 FSG 1.33 OEP FINDER 0.2 [loveboom].txt
2006-01-15 00:00 268 FSG 1.33 OEP Finder v0.1 #1.txt
2006-01-15 00:00 649 FSG 1.33 OEP Finder v0.1 #3.txt
2008-05-18 00:33 247 FSG 1.33 OEP Finder v0.1.txt
2006-01-15 00:00 889 FSG 1.33 OEP Finder v0.2 #2.txt
2008-05-18 00:33 833 FSG 1.33 OEP Finder v0.2.txt
2008-05-18 00:33 223 FSG 2.0 OEP Finder.txt
2008-05-18 00:33 239 FSG 2.0 OEP-FINDER.txt
2006-01-15 00:00 223 FSG 2.00 OEP Finder #1.txt
2006-01-15 00:00 622 FSG 2.00 OEP Finder #2.txt
2006-01-15 00:00 722 FSG 2.00 OEP Finder #3.txt
2006-01-15 00:00 666 FSG 2.00 OEP Finder #4.txt
2006-01-15 00:00 227 FSG 2.00 OEP Finder #5.txt
2008-05-18 00:33 757 FSG 2.00 OEP Finder v0.1.txt
2008-05-18 00:33 213 FSG 2.00 OEP Finder.txt
2004-11-17 13:58 278 fsg2.0.txt
2004-07-14 19:44 247 fsg_1.33.txt
2004-07-14 19:44 833 fsg_1.33_2.txt
2004-07-14 19:44 223 fsg_2_0.txt
2006-01-15 00:00 1,120 GameHouse Media Packer OEP Finder.txt
2008-05-18 00:33 1,120 GAMEHOUSE MEDIA PACKER OEP-FINDER.txt
2008-05-18 00:33 1,057 GameHouse Media Protector OEP Finder.txt
2008-05-18 00:33 977 Generic VB OEP Finder.txt
2008-05-18 00:33 5,167 Get Executable PE Information.txt
2008-05-18 00:33 1,059 GHF Protector OEP Finder.txt
2008-05-18 00:33 2,821 Hying PeLock 0.4.x OEP Finder v0.1.txt
2008-05-18 00:33 4,989 Hying PeLock 0.7 OEP Finder v0.1.txt
2006-01-15 00:00 2,979 Hying v0.4x.txt
2006-01-15 00:00 5,295 Hying v0.7x.txt
2008-05-18 00:33 2,979 HYING’PELOCK 0.4.X UNPACK SCRIPT 0.1.txt
2008-05-18 00:33 5,295 HYING’PELOCK 0.7 UNPACK SCRIPT 0.1.txt
2008-05-18 00:33 5,295 HYINGv0.7x.txt
2008-05-18 00:33 1,426 IAT_ Elimination_2.txt
2008-05-18 00:33 2,265 IAT_Elimination.txt
2006-01-15 00:00 670 JDPack – JDProtect OEP Finder v0.1.txt
2008-05-18 00:33 670 JDPACK – JDPROTECT OEP-FINDER.txt
2008-05-18 00:33 1,237 JDPack 0.9 – 1.01 OEP Finder.txt
2006-01-15 00:00 1,014 JDPack 1.01 OEP Finder v0.1.txt
2008-05-18 00:33 1,063 JDPACK 1.01 OEP-FINDER.txt
2004-11-14 18:16 238 JDPack 1.01.txt
2008-05-18 00:33 846 Kagra Armadillo 4.XX oep finder.txt
2008-05-18 00:33 899 KByS Packer 0.28 Beta OEP Finder.txt
2006-01-15 00:00 695 Krypton 0.5 OEP Finder v0.1.txt
2008-05-18 00:33 659 KRYPTON 0.5 OEP-FINDER.txt
2004-06-10 12:22 700 Krypton0.5.txt
2004-07-14 19:44 659 krypton_0.5.txt
2008-05-18 00:33 871 LAMECRYPT 1.0 OEP-FINDER.txt
2006-01-15 00:00 874 LameCrypt v1.0 OEP Finder.txt
2004-07-14 19:44 114 lastex.txt
2008-05-18 00:33 987 Magic Call BP for Delphi.txt
2008-05-18 00:33 293 Magic Jump Finder Script.txt
2008-05-18 00:33 501 MEW 1.0 OEP Finder.txt
2008-05-18 00:33 501 MEW 10 EXE-CODER 1.0 OEP-FINDER.txt
2006-01-15 00:00 501 MEW 10 SE v1.0 OEP Finder #1.txt
2006-01-15 00:00 207 MEW 10 SE v1.0 OEP Finder #2.txt
2008-05-18 00:33 472 MEW 10 SE v1.0 OEP Finder.txt
2008-05-18 00:33 709 MEW 11 SE 1.1 OEP-FINDER.txt
2008-05-18 00:33 231 MEW 11 SE 1.2 [Darus].txt
2008-05-18 00:33 877 MEW 11 SE 1.2 [DeAtH HaS cOMe].txt
2006-01-15 00:00 736 MEW 11 SE v1.1 OEP Finder.txt
2006-01-15 00:00 877 MEW 11 SE v1.2 OEP Finder #1.txt
2006-01-15 00:00 522 MEW 11 SE v1.2 OEP Finder #2.txt
2008-05-18 00:33 215 MEW 11 SE v1.2b OEP Finder.txt
2006-01-15 00:00 231 MEW 11 SE vb1.2 OEP Finder.txt
2005-11-24 02:32 877 mew.1.2.txt
2004-07-14 19:44 501 mew10_1_0.txt
2006-01-15 00:00 1,233 MoleBox 2.3 Pro OEP Finder v0.1.txt
2008-05-18 00:33 538 MoleBox 2.5.7 OEP Finder.txt
2008-05-18 00:33 914 MoleBox 2.x.x Fix IAT + OEP Finder v0.11.txt
2008-05-18 00:33 914 MOLEBOX 2.x.x FIX IAT+OEP-FINDER 0.11.txt
2008-05-18 00:34 990 MOLEBOX 2.x.x FIX IAT+OEP-FINDER 0.2.txt
2008-05-18 00:33 591 MOLEBOX 2.X.X.X OEP FINDER.txt
2006-01-15 00:00 521 MoleBox 2.xx OEP Finder & Patch IAT.txt
2008-05-18 00:34 914 MoleBox 2.xx OEP Finder + Fix IAT v0.11.txt
2008-05-18 00:33 935 MoleBox 2.xx OEP Finder + Fix IAT v0.2.txt
2006-01-15 00:00 967 MoleBox 2.xx OEP Finder + Fix IATv0.11.txt
2006-01-15 00:00 573 MoleBox 2.xx OEP Finder.txt
2008-05-18 00:33 990 MoleBox2.TXT
2004-11-17 19:19 521 MoleBox2.X 跳过IAT加密.TXT
2004-07-14 19:45 914 molebox_2x.txt
2006-01-15 00:00 743 Morphine 1.2 OEP Finder v0.1.txt
2008-05-18 00:34 705 MORPHINE 1.2 OEP-FINDER.txt
2006-01-15 00:00 685 Morphine 1.3 OEP Finder v0.1.txt
2008-05-18 00:34 657 MORPHINE 1.3 OEP-FINDER.txt
2004-07-14 19:45 705 morphine_1.2.txt
2004-07-14 19:45 657 morphine_13.txt
2008-05-18 00:34 2,732 MSLRH 0.31 OEP Finder v6.txt
2008-05-18 00:33 1,730 MSLRH 0.31a OEP Finder v0.1.txt
2006-01-15 00:00 1,823 MSLRH v0.31A Find OEP & Fix IAT.txt
2008-05-18 00:33 1,823 MSLRH v0.31A UNPACK SCRIPT v0.1.txt
2008-05-18 00:33 1,823 MSLRH v0.31A.txt
2008-05-18 00:33 2,950 MSLRH_0.31 UNPACKING SCRIPT.txt
2004-11-17 14:07 273 Neolite 2.0 .txt
2006-01-15 00:00 158 NeoLite 2.0 OEP Finder #1.txt
2006-01-15 00:00 940 NeoLite 2.0 OEP Finder #2.txt
2006-01-15 00:00 179 NeoLite 2.0 OEP Finder #3.txt
2008-05-18 00:34 158 NEOLITE 2.0 [DarK_m00n[CiM]].txt
2008-05-18 00:33 938 NEOLITE 2.0 [DeAtH HaS cOMe].txt
2004-01-23 21:21 179 neolite 2.0.txt
2004-07-14 19:45 98 neolite20.txt
2008-05-18 00:34 1,118 nProtect GameGuard Script.txt
2006-01-15 00:00 513 NsPack 1.3 OEP Finder #1.txt
2006-01-15 00:00 250 NsPack 1.3 OEP Finder #2.txt
2008-05-18 00:34 250 NSPACK 1.3 OEP FINDER V.0.1.txt
2008-05-18 00:33 494 NsPack 1.3 OEP Finder.txt
2004-11-14 15:03 250 NSpack 1.3.txt
2006-01-15 00:00 698 NsPack 2.0 – 2.3 OEP Finder v0.1.txt
2006-01-15 00:00 197 NsPack 2.4 – 2.6 OEP Finder.txt
2006-01-15 00:00 520 NsPack 2.9 OEP Finder.txt
2006-01-15 00:00 160 NsPack 3.4 OEP Finder.txt
2008-05-18 00:34 1,119 NsPack 3.5 OEP Finder.txt
2006-01-15 00:00 1,740 Obsidium 1.061 OEP Finder v0.1 (for VB only).txt
2008-05-18 00:34 1,740 OBSIDIUM 1.061 VB ONLY [loveboom].txt
2006-01-15 00:00 2,505 Obsidium 1.1.1.4 Unpack (not for VB).txt
2008-05-18 00:34 2,588 OBSIDIUM 1.1.1.4.txt
2008-05-18 00:34 2,806 Obsidium114.txt
2004-07-14 19:45 1,638 obsidium_1_0061.txt
2008-05-18 00:34 3,975 ohshit.txt
2008-05-18 00:34 5,488 ohyeah.txt
2008-05-18 00:34 359 Olls Script_Generic_OEP Finder_PECompact_2.xx_by_Max_Zero.txt
2006-01-15 00:00 337 Packman 0.0.0.1 OEP Finder.txt
2008-05-18 00:34 250 PC PESHRINKER 0.71 OEP-FINDER.txt
2008-05-18 00:34 233 PC Shrinker 0.71 OEP Finder v0.1.txt
2004-11-15 12:36 250 PC Shrinker 0.71.txt
2006-01-15 00:00 250 PC Shrinker v0.71 OEP Finder.txt
2006-01-15 00:00 934 PC-Guard 5.0 OEP and Patch IAT v0.1b.txt
2008-05-18 00:34 1,267 PC-GUARD 5.0 OEP FINDER 0.1.txt
2006-01-15 00:00 1,228 PC-Guard 5.0 OEP Finder v0.1.txt
2008-05-18 00:34 1,166 PC-GUARD 5.0 OEP-FINDER.txt
2004-11-22 21:24 934 PC-Guard 5.0.txt
2004-07-14 19:45 1,166 pcguard_150.txt
2008-05-18 00:34 1,267 PCGURAD5.TXT
2008-05-18 00:34 509 Pe Compackt neuste version.txt
2008-05-18 00:34 511 PE COMPACT 0.9x OEP-FINDER.txt
2008-05-18 00:34 154 PE COMPACT 1.76 OEP-FINDER.txt
2008-05-18 00:34 371 PE COMPACT 1.84 OEP-FINDER.txt
2008-05-18 00:34 403 PE COMPACT 2.00-2.38 OEP FINDER.txt
2008-05-18 00:34 442 PE COMPACT 2.40 OEP-FINDER.txt
2008-05-18 00:34 668 PE COMPACT 2.xx OEP-FINDER [2].txt
2008-05-18 00:34 924 PE COMPACT 2.xx OEP-FINDER.txt
2006-01-15 00:00 200 PE Diminisher 0.1 OEP Finder #1.txt
2006-01-15 00:00 323 PE Diminisher 0.1 OEP Finder #2.txt
2008-05-18 00:34 185 PE Diminisher 0.1 OEP Finder.txt
2006-01-15 00:00 628 PE Lock NT 2.04 OEP Finder.txt
2008-05-18 00:34 200 PE-DIMINISHER 1.0 OEP-FINDER.txt
2004-11-22 15:18 433 PE-SHiELD V0.25.txt
2008-05-18 00:34 604 PEBUNDLE 2.0x – 2.4x OEP-FINDER.txt
2006-01-15 00:00 604 PeBundle 2.0x to 2.4x OEP Finder.txt
2008-05-18 00:34 565 PEBundle 2.0x.txt
2006-01-15 00:00 781 PEbundle 2.3 OEP & Patch IAT.txt
2008-05-18 00:34 781 PEBUNDLE 2.3 OEP + PATCH IAT.txt
2008-08-20 19:54 722 PeBundle 2.3 OEP Finder + Patch IAT.osc
2008-05-18 00:34 735 PeBundle 2.3 OEP Finder + Patch IAT.txt
2004-11-24 12:24 781 PEbundle V2.3 Oep+ Patch IAT.txt
2005-01-09 02:48 581 pebundle_2x.txt
2006-01-15 00:00 579 PeCompact 0.9x OEP Finder.txt
2006-01-15 00:00 154 PeCompact 1.76 OEP Finder.txt
2006-01-15 00:00 371 PeCompact 1.84 OEP Finder.txt
2006-01-15 00:00 263 Pecompact 1.x OEP Finder v0.1.txt
2004-11-14 15:40 263 Pecompact 1.x.txt
2006-01-15 00:00 416 PeCompact 2.00 to 2.38 OEP Finder.txt
2006-01-15 00:00 617 PECompact 2.01a OEP Finder.txt
2008-05-18 00:34 441 PeCompact 2.40 OEP Finder v0.1.txt
2005-01-08 22:26 357 PeCompact 2.40 OEP Finder.txt
2006-01-15 00:00 672 PeCompact 2.64 OEP Finder.txt
2008-05-18 00:34 1,049 PeCompact 2.78 OEP Finder.txt
2004-11-17 15:24 668 PECompact 2.x.txt
2006-01-15 00:00 951 PeCompact 2.xx OEP Finder #1.txt
2006-01-15 00:00 668 PECompact 2.xx OEP finder v0.1 #2.txt
2008-05-18 00:34 951 PeCompact 2.xx OEP Finder.txt
2005-01-12 21:55 956 PECompact 2.xx.txt
2006-01-15 00:00 906 PeCompact OEP Finder.txt
2008-05-18 00:34 263 PECOMPACT V.1.X OEP FINDER.txt
2006-01-15 00:00 1,002 Pecompact v2.08 OEP Finder.TXT
2008-05-18 00:34 339 Pecompact.txt
2005-01-09 02:48 540 pecompact2.02.txt
2005-01-08 22:27 865 PeCompact2.xx.OEP.txt
2008-05-18 00:34 1,002 pecompact208.TXT
2004-07-14 19:45 133 pecompact_1_76.txt
2004-07-14 19:45 338 pecompact_1_84.txt
2005-01-04 19:14 883 PeCompact_2.08.txt
2004-11-14 19:14 323 PEDiminishe 0.1.txt
2004-07-14 19:45 185 pediminisher_1_0.txt
2006-01-15 00:00 1,399 PeLock 1.06 Cracked version OEP Founder v1.0 for VB.txt
2006-01-15 00:00 3,254 PeLock 1.06 OEP Finder + Stolen Code + Remove Junk JMP’s & Code.txt
2006-01-15 00:00 2,037 PeLock 1.0x Fix IAT + Junk Code + Stolen Code v0.1.txt
2008-05-18 00:34 4,403 PeLock 1.0x Fix IAT + Junk Code + Stolen Code.txt
2008-05-18 00:34 2,035 PELOCK 1.0x [loveboom].txt
2008-05-18 00:34 3,028 PeLock 1.txt
2008-05-18 00:34 628 PELOCK 2.04 OEP-FINDER.txt
2004-06-10 12:23 1,399 PeLock1.06c.txt
2008-05-18 00:34 2,163 PELock1.x.txt
2004-07-14 19:45 598 pelock_204.txt
2006-01-15 00:00 758 PEncrypt 4.0 Find Oep 0.1b.TXT
2008-05-18 00:34 758 PENCRYPT 4.0 OEP FINDER 0.1B.txt
2004-11-19 16:23 758 PEncrypt 4.0.TXT
2006-01-15 00:00 253 PEPack 1.0 – ANAKiN OEP Finder #3.txt
2006-01-15 00:00 906 PePack 1.0 OEP Finder #1.txt
2006-01-15 00:00 144 PePack 1.0 OEP Finder #2.txt
2008-05-18 00:34 873 PePack 1.0 OEP Finder v0.1.txt
2008-05-18 00:34 131 PePack 1.0 OEP Finder.txt
2008-05-18 00:34 144 PEPACK 1.0 OEP-FINDER II.txt
2008-05-18 00:34 961 PEPACK 1.0 OEP-FINDER.txt
2004-11-16 19:04 253 PEPack 1.0.txt
2008-05-18 00:34 495 PePack1.0.txt
2004-07-14 19:45 131 pepack10.txt
2006-01-15 00:00 2,488 PeShield 0.25 OEP Finder #1.txt
2006-01-15 00:00 433 PeShield 0.25 OEP Finder #2.txt
2008-05-18 00:34 408 PeShield 0.25 OEP Finder v0.1.txt
2008-05-18 00:34 2,379 PeShield 0.25 OEP Finder.txt
2008-05-18 00:34 2,488 PESHIELD 0.25 OEP-FINDER.txt
2008-05-18 00:34 433 PESHIELD 0.25 [2].txt
2004-07-14 19:45 2,379 peshield.txt
2008-05-18 00:34 665 PeSpin 0.0b – 0.3 OEP Finder.txt
2006-01-15 00:00 1,008 PEspin 0.1 stolen OEP and Patch IAT v0.1.txt
2008-05-18 00:34 957 PESPIN 0.3 – 1.0 STOLEN BYTES & OEP FINDER.txt
2008-05-18 00:34 1,713 PESPIN 0.3 AND 0.4 VB UNPACK SCRIPT.txt
2006-01-15 00:00 965 PeSpin 0.3 Stolen Code Finder v0.1.txt
2008-05-18 00:34 965 PESPIN 0.3 STOLEN CODE FINDER.txt
2006-01-15 00:00 1,904 PeSpin 0.3 Unpacker.txt
2006-01-15 00:00 1,713 PeSpin 0.3x to 0.4x Unpack v0.1 (for VB only).txt
2006-01-15 00:00 1,023 PeSpin 0.7 OEP Finder #1.txt
2006-01-15 00:00 1,284 PeSpin 0.7 OEP Finder #2.txt
2008-05-18 00:34 978 PeSpin 0.7 OEP Finder.txt
2008-05-18 00:34 1,282 PESPIN 0.7 OEP-FINDER.txt
2006-01-15 00:00 4,176 PeSpin 0.7 Stolen Code Finder v0.1.txt
2006-01-15 00:00 1,467 PeSpin 0.7 Unpacker.txt
2008-05-18 00:34 1,023 PESPIN 0.7 [hacnho[VCT2k4]].txt
2008-05-18 00:34 4,174 PESPIN 0.7 [loveboom].txt
2008-05-18 00:34 706 PESPIN 0.b – 0.3 OEP FINDER.txt
2006-01-15 00:00 1,863 PeSpin 1.0 – 1.3 Fix Code Redirection Table.txt
2008-05-18 00:34 764 PESPIN 1.0 OEP FINDER.txt
2006-01-15 00:00 2,582 PeSpin 1.0 Unpacker.txt
2006-01-15 00:00 1,134 PeSpin 1.1 – 1.3 Find Encrypted Markers.txt
2008-05-18 00:34 2,512 PESPIN 1.1 STOLEN CODE FINDER 0.1.txt
2008-05-18 00:34 2,387 PeSpin 1.1 Stolen Code Finder v0.1.txt
2006-01-15 00:00 3,054 PeSpin 1.1 Unpacker.txt
2006-01-15 00:00 3,183 PeSpin 1.3 Beta 2 (Private) Debug.txt
2006-01-15 00:00 3,889 PeSpin 1.3 Beta 2 (Private) Detach From Client + Fix Code + Fix Nanomites.txt
2008-05-18 00:34 3,663 PeSpin 1.3 Beta2.txt
2006-01-15 00:00 615 PeSpin 1.3 OEP + Stolen Code Finder.txt
2008-05-18 00:34 2,574 PeSpin 1.3 OEP Finder + Stolen Code Finder + Fix IAT + Junk Code v0.1.txt
2008-05-18 00:34 615 PeSpin 1.3 OEP Finder + Stolen Code Finder.txt
2006-01-15 00:00 3,226 PeSpin 1.3 Unpacker.txt
2008-05-18 00:34 1,281 PeSpin 1.304 – Rebuild Thunks for VC++.txt
2008-05-18 00:34 1,407 PeSpin 1.txt
2008-05-18 00:34 1,397 PeSpin 1.x – Code Redirection Fixer.txt
2006-01-15 00:00 1,487 PeSpin 1.x Delphi & VC++ IAT Repair.txt
2006-01-15 00:00 677 PeSpin Fixed.txt
2004-11-27 19:24 1,008 PESpin V0.1.txt
2008-05-18 00:34 4,479 PESPIN v0.7.TXT
2006-01-15 00:00 2,512 PESpin v1.1 Stolen Code Finder.txt
2008-05-18 00:34 2,512 pespin v1.1.txt
2008-05-18 00:34 2,600 PESpin v1.3 – unpacker.txt
2008-05-18 00:34 1,472 PESpin0.3sc.TXT
2004-07-14 19:45 921 pespin_0.3.txt
2004-07-14 19:45 1,618 pespin_0304_vb.txt
2004-07-14 19:45 978 pespin_07.txt
2006-01-15 00:00 1,044 Petite 2.2 OEP finder & Patch IAT.txt
2006-01-15 00:00 427 Petite 2.2 OEP Finder.txt
2008-05-18 00:34 427 PETITE 2.2 OEP-FINDER.txt
2004-11-22 08:53 1,044 Petite 2.2 Patch IAT.txt
2004-11-20 12:42 303 Petite 2.2.txt
2008-05-18 00:34 324 PETITE 2.3 UNPACKING SCRIPT.txt
2008-05-18 00:34 310 Petite 2.txt
2008-05-18 00:34 1,152 PETITE2.2.txt
2004-07-14 19:45 395 petite22.txt
2006-01-15 00:00 516 PeX 0.99 OEP Finder.txt
2008-05-18 00:34 516 PEX 0.99 OEP-FINDER.txt
2004-07-14 19:45 479 pex_0_99.txt
2006-01-15 00:00 218 PKLite32 1.1 OEP Finder #1.txt
2006-01-15 00:00 180 PKLite32 1.1 OEP Finder #2.txt
2008-05-18 00:34 168 PKLite32 1.1 OEP Finder v0.1.txt
2008-05-18 00:34 205 PKLite32 1.1 OEP Finder.txt
2008-05-18 00:34 180 PKLITE32 1.1 OEP-FINDER [2].txt
2008-05-18 00:34 218 PKLITE32 1.1 OEP-FINDER.txt
2004-11-14 19:51 180 PKLITE32 1.1.txt
2004-07-14 19:45 205 pklite32_1.1.txt
2008-05-18 00:34 541 Pokiemagic_ASPR2_OEP.txt
2008-05-18 00:34 1,343 PolyCrypt OEP Finder.txt
2006-01-15 00:00 357 Protection Plus 4.xx OEP Finder + Import Fixer.txt
2006-01-15 00:00 351 Protection Plus OEP Finder.txt
2008-05-18 00:34 351 PROTECTION PLUS OEP-FINDER.txt
2004-07-14 19:45 319 protection_plus_oep.txt
2005-03-18 21:52 10,001 README.TXT
2008-05-18 00:34 6,312 SDProtect 1.12 OEP Finder.txt
2006-02-03 16:22 6,304 sdprotect.1.12.txt
2008-05-18 00:34 1,132 SecuROM 4.xx – 4.84.75+ (Main Executables) OEP Finder v1.1.txt
2008-05-18 00:34 1,106 SecuROM 4.xx – 4.84.75+ (Other Executable) OEP Finder v1.1.txt
2008-05-18 00:34 1,004 SECUROM CODE SECTION BP SETTER.txt
2008-05-18 00:34 1,184 SECUROM OEP SCRIPT 1.1 [MAIN EXE].txt
2008-05-18 00:34 1,155 SECUROM OEP SCRIPT 1.1 [NOT MAIN EXE].txt
2006-01-15 00:00 720 SLVc0deProtector 0.61 OEP Finder.txt
2008-05-18 00:34 901 SOFTSENTRY 3.0 OEP FINDER 0.1.txt
2006-01-15 00:00 901 SoftSentry 3.0 OEP Finder v0.1.txt
2008-05-18 00:34 901 SoftSentry3.txt
2004-06-10 12:24 261 stolen bytes.txt
2004-06-10 12:24 1,590 Stolen code Finder.txt
2006-01-15 00:00 885 Stone Pe-ExeEncrypter 1.13 OEP Finder.txt
2008-05-18 00:34 790 STONE’S PE ENCRYPTER 1.13 OEP FINDER 0.1.txt
2008-05-18 00:34 2,769 SVK PROTECTOR 1.3x SCRIPT [loveboom].txt
2008-05-18 00:34 609 SVK PROTECTOR OEP-FINDER.txt
2008-05-18 00:34 3,054 svk1.32.TXT
2006-01-15 00:00 2,827 SVKP 1.3x Fix Imports + OEP + Stolen Code v0.2.txt
2008-05-18 00:34 2,642 SVKP 1.3x Stolen Code Finder v0.2.txt
2006-01-15 00:00 609 SVKP 1.4x Stolen Code + OEP Finder.txt
2006-01-15 00:00 981 SVKP IAT Fix.txt
2008-05-18 00:34 542 SVKP OEP Finder.txt
2006-01-15 00:00 609 SVKP Stolen Code + OEP Finder.txt
2004-07-14 19:45 542 svkpoep.txt
2004-07-14 19:45 2,642 svkp_13x.txt
2008-05-18 00:34 949 TELOCK 0.9 – 1.0 (PRIVATE) OEP-FINDER.txt
2006-01-15 00:00 949 tElock 0.9 to 1.0 (private) OEP Finder v0.1.txt
2004-06-10 12:24 999 tElock 0.9-1.0 OEP Finder.txt
2008-05-18 00:34 969 TELOCK 0.9.TXT
2006-01-15 00:00 526 tElock 0.98 OEP Finder v1.0 #1.txt
2006-01-15 00:00 742 tElock 0.98 OEP Finder v1.0 #4.txt
2008-05-18 00:34 526 tElock 0.98 OEP Finder v1.0.txt
2006-01-15 00:00 585 tElock 0.98 OEP Finder v1.1 #2.txt
2008-05-18 00:34 534 tElock 0.98 OEP Finder v1.1.txt
2006-01-15 00:00 609 tElock 0.98 OEP Finder v1.2 #3.txt
2008-05-18 00:34 557 tElock 0.98 OEP Finder v1.2.txt
2008-05-18 00:34 609 TELOCK 0.98 OEP-FINDER 1.2 [SHaG].txt
2005-10-15 00:57 7,877 tELock V0.8X-V0.9X.osc
2006-01-15 00:00 988 telock-forgot.txt
2004-11-20 13:05 742 Telock0.98x.txt
2004-07-18 22:19 609 telock098.osc
2004-07-18 22:19 557 telock098.txt
2004-07-14 19:45 908 telock_0.9.txt
2008-05-18 00:34 276 THE AMAZING UPX OEP-FINDER V2.txt
2006-01-15 00:00 1,120 Thinstall 2.521 OEP Finder.txt
2008-05-18 00:34 2,083 Thinstall.2.521.txt
2008-05-18 00:34 1,120 Thinstall_v2_521.txt
2008-01-23 10:55 27,345 TMDScript-1.9.1+_private_0.7.txt
2005-02-23 20:32 760 ultraprot1_def.txt
2008-05-18 00:34 799 ULTRAPROTECT 1.x – ACPROTECT 1.22 OEP.txt
2008-05-18 00:34 1,171 ULTRAPROTECT 1.x – ACPROTECT 1.22 VB.txt
2006-01-15 00:00 799 UltraProtect 1.xx ACProtect 1.22 OEP Finder (none Delphi).txt
2006-01-15 00:00 1,171 UltraProtect 1.xx ACProtect 1.22 OEP Finder (VB only).txt
2004-07-14 19:45 760 uprot1_def.txt
2004-07-14 19:45 1,112 uprot1_vb.txt
2006-01-15 00:00 902 UPX & UPX Scrambler OEP Finder v0.1.txt
2008-05-18 00:34 902 UPX & UPX-SCRAMBLER OEP FINDER 0.1.txt
2006-01-15 00:00 475 UPX & UPXShit 0.6 OEP Finder.txt
2008-05-18 00:34 344 UPX 1.txt
2004-11-14 14:48 297 Upx 1.x.txt
2006-01-15 00:00 374 UPX 1.xx & UPX Protector 1.0 OEP Finder v0.1.txt
2008-05-18 00:34 374 UPX 1.xx & UPX PROTECTOR 1.0 OEP-FINDER.txt
2006-01-15 00:00 805 UPX Find OEP & Dump.TXT
2008-05-18 00:34 1,045 UPX Lock 1.0 OEP Finder.txt
2006-01-15 00:00 276 UPX OEP Finder v2.0.txt
2008-05-18 00:34 628 UPX OEP Finder.txt
2006-01-15 00:00 534 UPX Protector 1.0x OEP Finder.txt
2008-05-18 00:34 534 UPX PROTECTOR 1.0x OEP-FINDER.txt
2006-01-15 00:00 277 UPX Scrambler RC1.x OEP Finder #1.txt
2008-05-18 00:34 265 UPX Scrambler RC1.x OEP Finder.txt
2008-05-18 00:34 277 UPX SCRAMBLER RC1.x OEP-FINDER.txt
2006-01-15 00:00 268 UPX-Scrambler RC1.x OEP finder v0.1b #2.txt
2004-11-19 12:19 268 UPX-Scrambler RC1.x.txt
2004-01-26 02:52 276 UPX.osc
2004-07-14 19:45 262 UPX.txt
2004-07-14 19:45 511 upxprotector_10x.txt
2004-07-14 19:45 265 upxscr_rc1.txt
2008-05-18 00:34 475 UPXSHIT 0.06 AND UPX OEP-FINDER.txt
2006-01-15 00:00 475 UPXShit 0.6 OEP Finder.txt
2006-01-15 00:00 198 UPXShit 0.x OEP Finder.txt
2004-11-19 11:59 198 UPXShit 0.x.txt
2008-05-18 00:34 475 upxshit.txt
2004-07-14 19:45 444 upxshit006.txt
2004-07-14 19:45 344 upx_upxprot.txt
2008-05-18 00:34 3,950 VAFinder.txt
2008-05-18 00:34 1,611 VCasm Junk Code Removers.txt
2008-05-18 00:34 1,698 VCASM SCRIPT.txt
2006-01-15 00:00 1,698 VCASM.txt
2008-05-18 00:34 912 VGCRYPT 0.75 BETA – OEP FINDER 0.1.txt
2006-01-15 00:00 539 VGCrypt PE Encryptor 0.75 OEP Finder #1.txt
2006-01-15 00:00 347 VGCrypt PE Encryptor 0.75 OEP Finder #2.txt
2006-01-15 00:00 915 VGCrypt PE Encryptor 0.75 OEP Finder #3.txt
2008-05-18 00:34 908 VGCrypt PE Encryptor 0.75 OEP Finder v0.1.txt
2004-11-20 12:54 347 VGCrypt PE Encryptor V0.75.txt
2008-05-18 00:34 508 Virogen Crypt 0.75 OEP Finder.txt
2008-05-18 00:34 539 VIROGEN CRYPT 0.75 OEP-FINDER.txt
2004-07-14 19:45 508 virogen_075.txt
2008-05-18 00:34 784 WINKRIPT 1.0 OEP FINDER 0.1.txt
2006-01-15 00:00 877 WinKripT 1.0 OEP Finder v0.1.txt
2008-05-18 00:34 2,566 WinKripT 1.0 OEP Finder.txt
2006-01-15 00:00 320 WinUpack 0.30 OEP Finder.txt
2006-01-15 00:00 465 WinUpack 0.31 – 0.32 OEP Finder.txt
2006-01-15 00:00 328 WinUpack 0.38 OEP Finder.txt
2006-01-15 00:00 971 WWPack32 1.20 Demo OEP Finder v0.1.txt
2008-05-18 00:34 969 WWPACK32 1.20 DEMO OEP-FINDER.txt
2008-05-18 00:34 971 WWPack32 1.20 OEP Finder v0.1.txt
2006-01-15 00:00 179 WWPack32 1.20 OEP Finder.txt
2008-05-18 00:34 179 WWPACK32 1.20 OEP-FINDER.txt
2008-05-18 00:34 495 WWPACK32 1.x OEP-FINDER V.0.1B.txt
2004-11-22 10:39 495 WWPack32 1.x.txt
2006-01-15 00:00 495 WWPack32 1.xx OEP Finder.txt
2004-07-14 19:45 449 y0da_crypter_1.2.txt
2008-05-18 00:34 507 YODA’S CRYPTER 1.2 OEP-FINDER.txt
2008-05-18 00:34 665 YODA’S CRYPTER 1.3 OEP-FINDER.txt
2008-05-18 00:34 1,808 YODA’S CRYPTER V.1.2-1.3.txt
2008-05-18 00:34 1,502 YODA’S CRYPTER V.1.X MODIFIED.txt
2004-11-20 18:56 1,808 yoda’s Crypter V1.2-1.3.txt
2004-11-20 20:12 1,502 yoda’s cryptor 1.x modified.txt
2008-05-18 00:34 645 YODA’S PROTECTOR 1.02 OEP FINDER.txt
2008-05-18 00:34 562 YODA’S PROTECTOR 1.0b OEP-FINDER.txt
2007-08-12 19:38 3,592 yoda’s Protector V1.03.X.osc
2008-05-18 00:34 1,715 Yodas Crypter 1.2 OEP + Patch IAT v0.1.txt
2006-01-15 00:00 1,808 Yodas Crypter 1.2 OEP and Patch IAT v0.1.txt
2006-01-15 00:00 507 Yodas Crypter 1.2 OEP Finder v0.1.txt
2006-01-15 00:00 668 Yodas Crypter 1.3 OEP Finder.txt
2008-05-18 00:34 1,421 Yodas Crypter 1.x (Modified) OEP Finder + Patch IAT v0.1b.txt
2006-01-15 00:00 1,502 Yodas cryptor 1.x modified OEP and Patch IAT v0.1b.txt
2006-01-15 00:00 649 Yodas Protector 1.02 OEP Finder.txt
2006-01-15 00:00 2,090 Yodas Protector 1.03.x Unpack.txt
2006-01-15 00:00 475 Yodas Protector 1.0b OEP Finder.txt
2006-01-15 00:00 3,243 _Call Magicas Delphi.txt
2006-01-15 00:00 2,020 _Punto magico VC++.txt
2004-02-25 13:59 11,843 中文ReadMe.txt
2004-02-25 00:55 247 变形fsg1.33.txt
2004-02-25 14:12 996 普通fsg1.33.txt
2004-11-17 13:55 649 普通变形 fsg1.33.txt

相关文章

• Ollydbg插件( 0 )
• ( 0 )
• PluginFix v1.01[By BoB / Team PEiD]( 0 )
• 强大的修改版本OllyDbg:OllyDRX 1.0( 0 )
• OD Unicode String Format Convert v0.1( 0 )
• OllySubScript 1.4.1汉化版( 0 )
• OllyDbg 2.01 intermediate alpha( 0 )
• OllyDbg 2.0 beta 2 (200j) ( 0 )

ExeInfo PE ver. 0.0.2.4 by A.S.L ( c ) 2006.03 – 2009.xx

freeware version for Windows XP

Windows 32 PE executable file checker , compilators, exe packers ….

with solve hint for unpack / internal exe tools / rippers

___________________________________________________________________________
猛击此处下载！

Internal Tools Menu :
———————

- overlay remover – generate new file without overlay data
- save overlay as external file
- EP Corrector ( for Delphi / C++ 5/6 ) – generate many exe file with Entry Point
- EP Corrector ( for Delphi v.5 ) Runtime – correct EP
- XoR permutator (xor,or,shl..) - create one file with xor data ( 255×2000 bytes )
- Section splitter - save exe sections as files & exe header
- 8 / 16 bit string finder - enter 8 bit string = searching 16 bit strings & 8 bit ( F7 key )
- REGistry call finder + CLSID - find registry call & regedit.exe strings
- overlay xor uncrypter - uncrypt one byte crypted exe in ovl.
- External exe file runner - ( from exeinfopeRUN.cfg ) – txt user file list to run

File Menu :
——————–

+ Rename file
+ Copy file As.. *.bak
+ Execute – create executable process ( exe )
+ Execute – windows ext. associate ( dll ,zip … )
+ Delete file ( ALt+Del) – work in multiscan mode
+ Run multifile scanner mode ( Directory scan )
+ – view global log file ( c:\Raport-exeinfo-log.txt )
- delete global log file ( no confirm )

Rippers Menu :
——————–

- www address searcher inside exe – work on any file

- ExE inside ExE ( Win32 Pe windows executable) – work on any file

Archives ripper :
- Zip archives inside ExE www.winzip.com – work on any file
- Rar archives inside ExE www.rarlab.com – work on any file
- 7z archives inside ExE www.7-zip.org – work on any file
- CAB MS archives inside ExE (for MSI installers ) – work on any file

- SWF flash Adobe animation files ( internal length fixer for non exe files )
- ICO nonstandard icon ripper

Graphics ripper submenu :
BMP , PNG , JPG ( JFIF only !!! ) , GIF ( static pic. only )

- ( All in one ) – for lazy boys ( without ‘www address’ )

keys :

F1 key – keyboard help
F2 key – Multiple file scanner for *.exe files
F3 key – external view ( hiewdemo.exe or hiew32.exe ) path directory
F4 key – external test ( peid.exe ) path directory
F5 key – external test RDG Packer Detector ( I read location from Win registry )
F6 key – external test DiE.exe Detect it Easy ( I read location from Win registry – shell integration req.)
F7 key – 8 / 16 bit String finder
F9 key – UPX pack
F10 key – UPX unpack
Alt+S – ZOOM Window x2 !

Alt+Delete – delete file

“+” ,”-” – Numeric KEY = adjust transparent Form

Non executable file detection :

Image file – jpg , png , mng ,gif (87/89) , bmp , tiff
Sound file – mp3 (ID3/noID) ,wma , ogg
Video file – avi (divx/xvid) , wmv , mpg , 3GP , mov , mp4/m4v
Archive file – 7zip ,zip ,rar , gzip , bzip

other : chm (Microsoft HTML Help), msi , pdf , xml , fws , cws , php , html , hlp , mdb , lnk ,reg.

Overlay detector :

01. zip archives
02. cab archives
03. SWF Flash object ( packed & unpacked format )
04. Executable PE file
05. 7zip archives
06. RAR archives
07. MSI/DOC/XLS

- Plugins like a Peid.exe ( 70 % compatible )

————————-

Multiscaner use – command line :

- Exeinfope *.sys ( show all .sys files )

- Exeinfope *.* /s ( Show All PE files and sent to log file ( s = silent mode no GUI ! -> !ExEinfo-Multiscan.log )
Exeinfope *.exe /s

————————-

*ACM – anti cheat mechanism ( anti fake sign )

_______________________________________________________________________

www site : www.exeinfo.xwp.pl

Mirror : www.exeinfo.cjb.net

_______________________________________________________________________

ExeInfo detection list :
———————————————-

001. RealArcade Wrapper ( Microsoft Visual C++ ) 50% detection not all versions
002. Borland Delphi ( 2.0 – 7.0 )
003. Microsoft Visual C++ ver. 5.0 ~ 6.0 ( exe )
004. Microsoft Visual C++ ver. 7.x ( exe ,dll)
005. PEtite 2.x -> Ian Luck
006. UPX exe 0.89.6 – 1.02 / 1.05 – 1.93B -> Markus & Laszlo
007. UPX dll file – 1.93Beta -> Markus & Laszlo
008. Aspack v2.12 -> Alexey Solodovnikov
009. EXECryptor v.2.3.1-6 ( www.strongbit.com )
010. Morphine ver.2.7b ( plugin Peid.exe )

011. AC protect 2.0 by RIScO Software Inc. ( www.ultraprotect.com )
012. ASprotect 2.1 reg ( www.aspack.com/asprotect.htm ) only exe files DLL files detect as ASpack
013. AHTeam EP Protector ver.0.3 priv
014. WinUpack 0.39 final by Dwing ( http://dwing.51.net ) :-((
015. Software Compress ver. 1.2 Lite – www.bgsopt.com
016. PEcompact ver.2.78a – 2.98 – www.bitsum.com
017. nsPack ver.2.3 unreg – by North Star – www.nsdsn.com
018. nsPack ver.3.0 – 4.1 reg – by North Star – www.nsdsn.com
019. Mole Box 2.5.7 by Teggo. – www.molebox.com

020. Microsoft Visual C++ ver. 8 ( ??? )
021. EXE Guarder 1.8 – 2.1 (2006/2008 unreg) www.exeicon.com/exeguarder
022. EXE Wrapper ver. 2.3-2.5 ( www.533soft.com/exewrapper ) – how to remove password
023. Exe password protector 1.0.5.100 (protect/unprotect)
024. TASM / MASM
025. MS Visual Basic 5.0-6.0 dll
026. MS Visual Basic 5.0-6.0 exe

027. Armadillo 4.4x – 4.62 32bit – www.siliconrealms.com ( effectiveness = 60% )
028. Enigma protector v1.1x – www.enigma.izmuroma.ru ?Sukhov Vladimir 2004-2006
029. SVK-Protector v1.32 demo – Pavol Cerven – www.anticracking.sk

030. Generic check : ASprotect 1.? old version ( www.aspack.com/asprotect.htm ) exe only
031. Generic check – AC protect 1.? by RIScO Software Inc. ( www.ultraprotect.com )
032. Packman v1.0 Brandon LaCombe ( http://packman.cjb.net )
033. modified exe , EP code = Borland Delphi ( 2.0 – 7.0 )
034. ExeStealth V2.76 www.webtoolmaster.com
035. FSG v2.0 F[ast] S[mall] G[ood] – www.xtreeme.prv.pl

036. Generic check – Aspack v2.1x -> Alexey Solodovnikov
037. Aspack v2.12b? -> Alexey Solodovnikov
038. Program protector v2.1unreg ( exe password – DECODE PASS ! ) – www.blumentals.net
039. Obsidium v1.3 software protection system (demo) – www.obsidium.de
040. ARMprotector v0.1 by SMOKE 2004
041. ARMprotector v0.3 by SMOKE 2004
042. SDProtector Profesional Edition v1.12 ( 2003 ) – www.sdprotector.com

043. Themida 1.0 -1.3? – Adv.Win.Software Protection System (c) 2004-2005 Oreans Technologies – www.oreans.com
044. yodas Protector v1.03.3 – http://yodap.has.it 2004-2006
045. yoda’s Crypter v1.3 – Ashkbiz Danehkar 2004-2005
046. PE-Pack v0.99 (c) 1998 by ANAKiN
047. WATCOM C/C++ 1988-1995
048. Microsoft CAB SFX module
049. Generic check : Microsoft Visual C++ vx.x
050. UPX -> Markus & Laszlo ver. [ 2.00 ] <- version info from file
051. PeSpin v1.304 public by CyberBob – http://pespin.w.interia.pl
052. UPX -> Markus & Laszlo ver. [ ] – EXE modified!!!
053. UPX -> with extra sections – Real EP resolver ( [ ] – required Fast scan unchecked )
054. PolyEnE v0.01+ Polymorphic Encryptor (c) 2001 Lennart Hedlund ( [ ] – required Fast scan unchecked )
055. Nullsoft PiMP Stub – ( read from Ovl : NullsoftInst3″ )
056. eXpressor PE Packer v1.4.5.1 – www.cgsoftlabs.ro ( exe , dll )
057. Thinstall 2.4x – 2.5x -> Jitit Software – www.thinstall.com
058. Thinstall 2.7x -> Jitit Software – www.thinstall.com
059. Nullsoft scriptable install system 2.xx – ( read from Ovl : NullsoftInst )
060. Inno Setup Module [SFX] – Borland Delphi Inno Setup Module [unknown]

061. Private EXE Protector 1.7 ( 2003-2006 ) www.setisoft.com
062. Excalibur v1.03r (c) by forgot -> read from file [ Excalibur (c) DFCG ] , http://www.breezer.ful.cn
063. MSLRH v.032a – SISTEMA DE PROTECCION ANTICRACKEO
064. ShareGuard Loader V3.6 Zapper Software – www.zapperSoftware.com
065. Borland C++ 1999
066. Zip Sfx Archive
067. Rar Sfx Archive
068. 7-Zip Sfx Archive
069. WinZip Sfx ver. 8.x www.winzip.com
070. Zylom Game Installer zip Sfx ( MS Visual C++ 7.0 )
071. Borland C++ 2002 /2005 – Copyright 200X Borland Corporation
072. WinZip Sfx ( generic check ) www.winzip.com
073. Lock Express 2.0 Build 9.2 – 1997-2006 Sciensoft Research Inc
074. FreeBASIC Compiler v0.14-0.17 (c) 2004-2006 Andre Victor T.Vicentini – console App.
075. generic check : InstallShield 2003 ( MS Visual C++ 5/6.0 )

076. InstallAware Setup Squeezer InstallShield – www.installaware.com ( 7zip archive )
077. Installer Nullsoft PiMP Stub ( UPX pack )
078. Generic check : Nullsoft PiMP Stub installer
079. ASprotect 1.1c old version ( www.aspack.com/asprotect.htm )
080. Microsoft Visual C# / Basic.NET
081. Setup Dev INSTALLER ?Version 1.3 ?Shere Khan ?November 2005 ( MS Visual C++ 5/6.0 )
082. Dev-C++ Compiler v4.9.9.2 – Bloodshed Software ( www.bloodshed.net )
083. Generic check : EXE STICKER like DotFix FakeSigner
084. DotFix FakeSigner v3.4 ( ASPR Stub ) http://fakesigner.dotfix.net
085. PeLock v.1.x Bartosz W骿cik www.pelock.prv.pl
086. MS IExpress 2.0 – Win32 Cabinet Self-Extractor
087. generic check : MS IExpress x.x – CAB installer ( in section II )
088. InstallShield (R) Setup Launcher v.7.x CAB file ( MS Visual C++ 5/6.0 )
089. PEcompact ver.1.41 – v1.84 – www.bitsum.com
090. ORiEN ver.2.11~2.12 – ( 1994-2003 http://zalexf.narod.ru )
091. VMProtect v.1.2x (demo) 2003-2006 PolyTech – www.polytech.ural.ru ( only EP protection )
092. FASM ver. 1.67 50% detection
093. Private exe Protector v1.9x – www.setisoft.com ( morph )
094. Krypton The Krypter ver.0.3 by Yado – www.lockless.com
095. MEW 11 SE 1.2 by Northfox (2004) – Northfox.uw.hu
096. PEncrypt 4.0 Public Release / 4.0 Phi -> junkcode – www.junkcode.cjb.net
097. SDProtector Pro Edition v.1.16 ( 1.1 SDP! ) <- info from file. www.sdprotector.com
098. PE Diminisher v.0.1 ( 1999 ) – www.phrozencrew.com/~teraphy
099. !EP (EXE Pack) v1.0 g-l-u-k [TeaM - X] 2005 – www.softprot.cjb.net
100. [G!X]‘s Protector v1.2 – http://breezer.ys168.com
101. Active PE Scrambler / APES / v. 1.0 (2005) [TeaM - X] – www.team-x.ru
102. (UPX) PowerArchiver 2006 [ ZIP/ CAB/ unknown ] SFX v.9.63.x – www.powerarchiver.com
103. GameHouse.com installer ( MS Visual C++ ) inside Wise Installer
104. Dev-C++ Compiler v4.9.9.2 ( MINGW 32 v5.x.x ) – Bloodshed Software ( www.bloodshed.net )
105. Hide&Protect v1.0x ( 2005 ) – www.SoftWar-protect.com
106. WWPack32 ver 1.xx ( 1997,98 ) by P. Warezak and R.Wierzbicki
107. CHAOS Self Extractor 3.9 (1998-2006) ( WWPack-ed ) http://safeSofthome.com
!108. Xtreme-Protector v.1.08 (c) 2003 www.oreans.com/xprotector/xprot.htm
109. LCC Win32 v1.x ( Jacob Navia ) http://www.cs.virginia.edu/~lcc-win32/
110. LCC Win32 v1.x DLL ( Jacob Navia ) www.cs.virginia.edu/~lcc-win32
111. Hmimys-Packer v1.0
112. ExeFog v.1.1x – 2005 – www.bagie.xost.ru
113. PolyCrypt PE v.2.1.x ( 2004-2005 ) – www.jlabsoftware.com (exe/dll)
114. SimplePack v1.0 – 1.2 ( LZMA / APLIB – Packman compression library 1999-2005 Igor Pavlov )
115. SimplePack v1.11 – 1.2x ( Method 2 NT )
116. Unopix Version 1.10 Final 2006 Scrambler for PE files ( exe/dll )
!117. PPC PROTECT ver 1.1 ( 2006 ) Alexey Gorchakov www.ppc-protect.com
118. Inno Setup Uninstaller – Borland Delphi
119. Armadillo v2.5x – v2.6x – www.siliconrealms.com
120. DotFix NiceProtect v1.2 by GPcH Soft ( 2006 ) – www.niceprotect.com
121. CreateInstall v4.x Gentee ( 2004 – 2008 ) – www.createinstall.com ( free/light/full)
122. Gentee Programming Language ?2004-2006 www.gentee.com
123. RLPack v.1.11 BasicEdition ( uses aPLib 0.42 ) http://ap0x.jezgra.net
124. ReversingLabsProtector 0.7.4beta http://ap0x.headcoders.net
125. Install Creator Pro ver.2.0 ( 2003 ) – www.clickteam.com
126. PowerBasic /CC 3.0x/CC 4.0/Win 7.0x/Win 8.0x – www.powerbasic.com
127. WinUHA ver.2.0 Sfx Archive – www.winuha.com ( UPX )
128. ZipGenius 6.0.x Sfx Archive – www.zipgenius.it ( Borland Delphi )
129. PEbundle ver.3.20 ( 2003 ) Jeremy Collake – www.bitsum.com /
/ Alloy Executable Compressor v.4.x- Copyright ?2000-2006 PGWARE – www.pgware.com
130. Lazy Assembler Version 0.53 (26 Sep 2006) Freeware (c) 2000-2006 Stepan Polovnikov
131. nPack v1.1.300 (aPlib ) by NEOx ( 2006 ) www.uinc.ru
132. Installer – Setup Factory 6.0 – 7.0 Indigo Rose Corporation ( 2006 ) MS V C++ 6.0
133. dePack by deNULL – www.ooooQ.cn
134. Goat’s PE Mutilator v.1.6 ( 2005 ) – www.geocities.com/killereaglesoftware
135. RLPack v.1.14-1.18 BasicEdition ( uses aPLib 0.43 / LZMA 4.30 ) http://ap0x.jezgra.net
136. VBOWatch protector v2.0 Copyright [c] 2006 MoonLight – www.ooooQ.cn
137. Generic check : build like – Private exe Protector v2.0 – www.setisoft.com
138. Easy Code v.1.0x ( GUI for assembler ) Ramon Sala – www.easycoder.org
139. Mole Box 2.6.1 by Teggo. – www.molebox.com
140. SLVcOdeProtector v.1.12 by SLV – www.ooooQ.cn
141. Exewrap MFC Application v.1.0 ( 2003 )
142. Microsoft Visual C++ 8 compiler ( 2006 )
143. RosAsm -V2.039c – http://betov.free.fr ( effectiveness 80 % )
144. Software Compress ver. 1.4 Lite – www.bgsopt.com
145. Intel (R) C++ Compiler
146. FreePascal ver : FPC 1 – 2 Win32 -> (Berczi Gabor, Pierre Muller & Peter Vreman)
147. Open WATCOM C/C++32 Portions Copyright (c) Sybase 1988-2002
148. File2Pack SFX v.2.0 2006 (F2P Self Extractor ) SHOW PASSWORD! – www.mental9production.com ( MS VB5/6 )
149. PV Logiciels dotNet Protector 4.0 2003-2005 http://dotnetprotector.pvlog.com
150. ReflexiveArcade Game wrapped file ( *.RWG )
151. DAStub Dragon Armor (BamBam0.0.4.1) from Orient 2006 www.ooooQ.cn
152. Akala EXE Lock ver.3.20 www.zero2000.com (Aspack v2.12 -> Alexey Solodovnikov) – PASSWORD DECODER(N) OR HOW TO REMOVE PASSWORD
153. BeRoEXEPacker – Version 1.00 – Copyright (C) 2006, Benjamin BeRo Rosseaux ( Exe/DLL )
154. EXE Password Protector v.1.1 (MSV C++ v7) – www.eltima.com/products/exe-password – INFO HOW TO REMOVE PASSWORD
155. AGInstaller 1.9.12 ( UPX pack ) Copyright (c) 2001-2006 Agentix Software – www.aginstaller.com
156. CreateInstall v2003.3.5 www.createinstall.com/www.gentee.com ( EP check & OVL )
157. Protection PLUS – Instant plus (software key) 2.0.98.0 (2005) – www.softwarekey.com Concept Software
158. Wise Installation System! std/pro 9.02 (c) Wise Solutions Inc. – www.wise.com
159. Wise Installation System! ver. ?.? (c) Wise Solutions Inc. – www.wise.com
160. Wise Uninstaller Wizard (sec3) – www.wise.com – MS Visual C++ ver.6
161. m9P Editor Plus v.1.0.300 Distributable Executable Rich Text – DERT?X ﹎ental9Production, 2005 – www.mental9Production.com – INFO HOW TO REMOVE PASSWORD
162. Nullsoft uninstaller – www.nullsoft.com – ( UPX packed )
163. Nullsoft uninstaller – www.nullsoft.com
164. Softwrap (XTREAMLOK) ver. 1.x~3.x – www.softwrap.com ( exe/dll )
165. RLPack v.1.14-16 Full Edition – False signatures unichecker
166. RLPack v.1.14-16 Full Edition ( uses aPLib 0.43 / LZMA 4.3x ) http://ap0x.jezgra.net
167. Salfeld Computer EXE Password 2004 v 7.114.0.0 trial – www.salfeld.com ( Borland Delphi )
168. Wise for Windows Installer pro 4.21 ( CAB ) – www.wise.com
169. Tarma Installer ver. 2.99.xx (2005) Tarma Software Research Pty Ltd. – www.tarma.com ( MS Visual C++ )
170. NTkrnl Secure Suite v.01 packer or protector – www.ntkrnl.com ( exe )
171. NTkrnl Secure Suite v.01 packer or protector – www.ntkrnl.com ( dll )
172. [dUP2 -> diablo2oo2] v.2.1x patchengine ( patch ) – Mircosoft MacroAssembler – http://diablo2oo2.cjb.net
173. [dUP2 -> diablo2oo2] v.2.1x patchengine ( loader installer ) – Mircosoft MacroAssembler – http://diablo2oo2.cjb.net
174. PE password encryptor 31-01-2000 by SMT ( asm ) – [ OEP finder included ]
175. WinUDA 0.271 sfx ( 2004 ) by Dwing http://dwing.51.net
176. kkrunchy 0.1x >> radical exe packer – www.farbrausch.de/~fg/kkrunchy OR www.farb-rausch.com
177. kkrunchy 0.23 alpha 2 >> radical exe packer (c) f. giesen 2003-2005 – www.farbrausch.de/~fg/kkrunchy
178. CyberInstaller Suite 2006 1.1 – SilverCyberTech 2003-2007
179. Eurora3D – free installator – www.extramedia.co.yu/eurora3d ( ASM )
180. Microsoft Visual C++ ver. 7.1 [DEBUG] exe
181. Fucking Fake File 1.0 by wspomagacz 2005.11( EXE Binder exe,jpg hidden inside] )
182. Anskya Polymorphic Packer V 1.3 Code By Anskya
183. Self-Extracting Archive Utility (SEAU) ver. 15.0 2006 ( Aspack v2.12 -> Alexey Solodovnikov ) – http://gammadyne.com
184. PE-Pack v 1.0 (c) 1998 by ANAKiN
185. PKLITE32(tm) – Version 1.1 02-15-1999 ( exe )
186. PKLITE32(tm) – Version 1.1 02-15-1999 ( DLL )
187. EncryptPE V2.2006.10.25 China Cracking Group – www.encryptpe.com
188. CC386 Version 3.28.1.6 Copyright (C) (GPL) LADSoft 1994-2006
189. PC Guard for Win32 V5.01 – www.sofpro.com
190. JDPack ver 1.01 ( 2005 ) – www.tlzj18.com ???
191. Netopsystems AG INSTALLER FEAD(R) SFX (MS C++) – www.netopsystems.com ( packed UPX & not packed )
192. Borland C++ 1995~1998 – www.borland.com
193. eXpressor PE Packer v1.5.0.1 – www.cgsoftlabs.ro
194. Excelsior Installer v1.0 2003-2007 ( MS Visual C++ 6.0 ) – www.excelsior-usa.com
195. tElock v0.98 Freeware PE-Compressor/Encryptor (c) 2000-2001 by tE!
196. UPX Lock v1.02 (2007.02) – www.team-x.ru
197. softSENTRY 3.00 1999 – 20/20 Software Inc. www.twenty.com ( site closed )
198. DxPack ver 0.86 ( 2001.06 )
199. Neolite 2.0 -> Neoworx Inc. ( 1999.03.20 ) – www.neoworx.com ( site closed )
200. ZipWorx SecureEXE v3.0 (2004-2007) www.zipworx.com (Neolite packed)
201. [ PE-DIY Tools V1.10 2004 ] by A.Young (PoJieYong) – www.w-yong.com ( how to unprotect,oep info )
!202. aUS v0.5 beta ( upx scrambler 2005.08 ) – http://ap0x.headcoders.net ( bad link? )
203. EXE protector 2.01a Eyhab Hillail ( 1998-2003 )- http://oxygen72.tripod.com ( how unprotect pass )
204. 32Lite 0.03a -> Oleg Prokhorov www.????
205. aPackage SFX v.1.14 2001-2002 Joergen Ibsen [32Lite v0.03a packed]
206. NTPacker V2.1 by ErazerZ (2005.12) ErazerZ@gmail.com ( zPlib / XOR / aPlib+xor )
207. WinHKI v1.77 SFX 2000-2007 by Hanspeter Imp ( hki archive only ) www.winhki.com (packed PEcompact ver.2.7x)
208. nBinder 5.1.0 ( 24.03.2007 MSV C++ 8.0 ) NKProds Software – www.nkprods.com
.209. (Basic check) : Securom 7.1 -> Sony DADC – www.securom.com
210. Cexe Executable Compressor v1.0b Copyright 1999, Tinyware, Inc. – www.tinyware.com by Scott Ludwig
211. ASprotect 2.3 SKE ( www.aspack.com/asprotect.htm ) 25%
212. Easypano Virtual Tour player ( MSV C++ ) – www.easypano.com
213. PeX v0.99 bart/CrackPl (2000) (APLib 0.26 by J.Ibsen) – longdiy.myrice.com
214. YZPack v.2.0b.aplib (c) UsAr ( 2007.03 )
215. YZPack v.1.1 LZMA (c) UsAr ( 2006.08 )
216. YZPack v.1.2 aplib/LZMA (c) UsAr ( 2007.03 )
217. ExeStealth V2.72 (Share.ver) – www.webtoolmaster.com
218. Generic check : ExeStealth V?.? (share.ver) – www.webtoolmaster.com
219. ExeStealth V2.x (Regg.ver) – www.webtoolmaster.com
220. nsPack ver.1.x – x.x by North Star – www.nsdsn.com
221. Microsoft Visual C++ 6 DLL
222. exe32pack 1.42 Copyright 1999-2004 www.SteelBytes.com
223. Protect Exe 0.4 Beta ( PROEX ) 2002 – www.dpaehl.de.cx ( UPX packed )
224. SexyPacker v.1.0.1.0 ( c ) 2001 – www.smalleranimals.com ( SFX ) MSV C++ 5.0
225. ID Executable Password 1.2 (c) 2005 Fastlink2 Build: 08/08/2005 – www.idsecuritysuite.com – !SHOW PASSWORD!
226. ID Application Protector v.1.2 Unreg (c) 2005 Fastlink2 – www.idsecuritysuite.com ( OEP info ,how to clear TRIAL)
227. Pelles C for Windows v2.xx – 4.50 ExE ( 1999-2006 ) – www.smorgasbordet.com/pellesc
228. Wise for Windows Installer pro ?.?? ( CAB in section 4 ) MS C++ – www.wise.com
229. WinUtilities 5.2 EXE Protector 1.0 ( 2002-2007 ) YL Computing Inc. – www.ylcomputing.com – ( Info how Pass remove/unprotect )
230. [section protection] VMProtect v.1.25 – 1.x (demo) 2003-2006 PolyTech – www.polytech.ural.ru
231. REALbasic 2007 R2 Standard Edition ( 1997-2007 REAL Software ) – www.realbasic.com ( exe only )
232. UPX 3.0 -> Markus & Laszlo ver. [ 3.00 ] <- info from file. ( sign for DEV C++ compiler )
233. Microsoft Visual C++ ver. 7.1 EXE/DLL (3 bytes sign – easy to false)
234. Beria v0.07 public WIP ( 2005 ) – symbiont ( aPlib )
235. NoodleCrypt version 2 by NoodleSpa ( 2000.08 )
236. VPacker v0.02.10 by tt.t (exe only 2006.04 aPlib)
237. Private exe Protector v.2.00-2.15 ( 18.04.2007 ) www.setisoft.com
238. Free Pascal Compiler v.2.1.4 i386 GUI APP ( 11.05.2007 ) Berczi Gabor – www.freepascal.org
239. Free Pascal Compiler v.2.1.4 i386 CON APP ( 11.05.2007 ) Berczi Gabor – www.freepascal.org
240. Free Pascal Compiler v.2.1.4 i386 DLL APP ( 11.05.2007 ) Berczi Gabor – www.freepascal.org
241. Installshield v.12 (MSV C++ ) www.installshield.com / www.macrovision.com
242. generic check2 : InstallShield v.12-14 2008 ( MS Visual C++) www.installshield.com / www.macrovision.com
243. FASM ( 1.3x -1.67 ) 2004-2007 http://flatassembler.net – Tomasz Grysztar
244. Thinstall VS 3.0.x -> Jitit Software – www.thinstall.com
245. Astrum InstallWizard v2.24.20 ( 1999-2006 ) – www.thraexsoftware.com ( MS Visual C++ )
246. WinZip SelfExtractor 3.0 ( MSV C++ v7 ) 1996-2006 WinZip Int. LCC – www.winzip.com
247. Wise Instalation Express v7.0 2006 (SFX CAB) MSV C++ – wise.com / ALTIRIS
248. VisageSoft Installer ? WISE for Win/.msi ( MSCF CAB ) Borland C++ – www.visagesoft.com

249. ST Protector v1.5 SE ( 2006 ) – Silent Software – www. ???
250. (exe) Visual Protect v2.5.7 ( 2000.12 www.visagesoft.com
251. (dll) Visual Protect v2.5.7 ( 2000.12 www.visagesoft.com
252. eXpressor PE Packer v1.5.0.1 (MODE: Protection) – www.cgsoftlabs.ro
253. The Enigma Protector 1.31 unreg (2007.06.15) – Vladimir Sukhov – www.enigmaprotector.com ( exe/dll )
254. generic check: (exe) Visual Protect ( 2000? ) www.visagesoft.com
255. RCryptor 1.6d by Vaska ( 2007.01 ) only exe file protector – ( OEP info )
256. Polymorph Crypter,Beta Morphnah (c) puccxak.com ( 2007.05 ) – ( OEP info )
257. Pohernah v1.0.3 puccxak.com ( 2007.03 )
258. QIP[Crypt] ( 2007.06 ) Borland Delphi Crypter
259. SimbiOZ (RUS) ! Rootkit exe hider ! ( OEP info – for C++/Delphi )
260. AsdPack2 ( EP overflow exe – Delphi or C++ detector ) [ detection 75% ]
261. QSetup Instalation Suite 8.5.0.4 – 26.05.2007 – www.pantaray.com
262. Perplex PE-protector v1.01devel 2002-2003 by [tc] GiveMe5/BliZZaRD
263. Mole Box 2.6.4 by Teggo. – www.molebox.com
264. !EP (exe pack) v1.4 (lite) final – Team-X ( 2007.04 ) www.team-x.ru , http://exetools.blog.com.cn
265. DalKrypt 1.0 by DalKiT – www.dalkit.fr.st (26.10.2003) Anti-SI, Anti-Debug, Anti-Dump
266. NackedPacker v1.0 by BigBoote ( 2004.01-2007.06? )- www.PEArmor.com
267. WATCOM C/C++32 Run-Time system (c) Sybase Inc, 1988-2000
268. MS Visual C++ v.5 DLL Method 1 ( MS VBasic kit library ) ACM*
269. Open Source Code Crypter 1.0 by p0ke (9.06.2007) – www.swerat.com – http://unnamed.bot.nu ( Borland Delphi )
270. Private Personal Packer (PPP) Version 1.0.2 (13.03.2007) – www.ConquestOfTroy.com ACM*
271. Wise for Windows Installer v.?.?? ( CAB in section 4 ) MS C++ 7.0
272. Inteli check : unknown Installer – MSCF Cab file
273. Armadillo x.x ~ 5.0 32bit [exe -low protection only]
274. Armadillo x.x ~ 5.0 32bit [Dll-std protection]
275. Inteli check : MASM assembler ( no signature )
276. Inteli check : unknown ver. WATCOM C/C++32 (c) Sybase 1988-200?
277. inteli check : Dev – ( MINGW 32 v ?.?.? ) – Bloodshed Software ( www.bloodshed.net )
278. Borland Delphi 2006 ? – www.borland.com
279. Borland C++ – ( DLL ) Copyright 1994/96 , 1999 Borland Intl.
280. CRYPToCRACk’s PE Protector 0.9.3 (2007.01) Lukas Fleischer – cryptocrack.de
281. Break-Into-Pattern, a.k.a BIP, v0.1 (2006.01) – http://n0name.exmuros.net http://undergroundkonnekt.net
282. DotFix NiceProtect 2.5 (with internal packer) GPcH Soft – www.niceprotect.com
283. DotFix NiceProtect 2.5 (Krypton sign) GPcH Soft – www.niceprotect.com
284. DotFix NiceProtect 2.5 (SVKP 1.3x sign) GPcH Soft – www.niceprotect.com
285. DotFix NiceProtect 2.5 (Visual C++ sign) GPcH Soft – www.niceprotect.com
286. Borland Delphi ( Component ) xxxx – www.borland.com
287. Microsoft Visual C++ ver. x.x DLL (5-8)
288. Microsoft Visual C++ ver. 8.0 DLL ( 83 ) ACM*
289. Microsoft Visual C++ ver. 7.xx DLL ( 83 )

290. Private exe Protector v.2.25 ( 28.06.2007 ) www.setisoft.com
291. Microsoft Visual C++ ver. 9.0 exe ( E8 )
292. Microsoft Visual C++ ver. 9.0 DLL ( 8B )
293. PEiD Plugin -> Exe Converter v.1.00 ( BobSoft )
294. MarjinZ EXE-Scrambler SE ( MS Visual C++ 8.0 )
295. Microsoft Visual C++ v7.10/8.0/9.0 DLL ( 8B )
296. Borland VCL Component for .NET ( Borland Developer Studio 4 (c) 2006 v.10.0.2 )
297. PDF2EXE v1.0 CoolPDF Software – www.pdf2exe.com ( 2006.10 ) – PASSWORD DECODER
298. RealBasic v.?.? ExE – www.realbasic.com
299. RealBasic v.?.? DLL – www.realbasic.com
300. Generic check – Aspack vx.x -> Alexey Solodovnikov
301. generic ckeck : FreePascal ver : FPC 1.x.x
302. UPX -> (exe) Markus & Laszlo ver. 0.72 OBSOLETE VER. ( 12.05.1999 ) ACM*
303. UPX -> (dll) Markus & Laszlo ver. 0.72 OBSOLETE VER. ( 12.05.1999 ) ACM*
304. ScanTime UnDetectable by MarjinZ ( STUD RC4 1.0 ) Marjinz-Crypter.exe
305. Free Pascal Compiler version 2.0.4 [2006/08/21] for i386 ACM*
306. Active Basic v4.24.00 ?2006.04.08 (exe) Discoversoft – www.activebasic.com ( Japan ) *ACM
307. Aspack v2.0/2.001 -> Alexey Solodovnikov – www.aspack.com
308. Play Basic v.1.0x – 1.63 ( 2D game creator ) www.playbasic.com

309. (exe) UPX obsolete ver. 0.50 – 0.72 -> Markus & Laszlo
310. ANDpakk2 v0.06 (Jul 18 2006) Dmitry “AND” Andreev – http://and.intercon.ru
311. ANDpakk2 v0.18 (Jul 16 2007) 2006,2007 Dmitry “AND” Andreev – http://and.intercon.ru
312. PEiD-Bundle v1.03 by BoB (2007.03.30) – www.secretashell.com/BobSoft
313. Exe Stealth Packer or Protector v.3.16 – www.webtoolmaster.com (NTkrnl)
314. 20to4 v2004.04.18 Copyright 2001-2004 20to4.net
315. Borland C++ 1995 DLL *ACM
316. nBinder LIMITED v4.0 2006 – www.nkprod.ro ( MSV C++ 8.0 )
317. mkfpack llydd (aPlib) 28.05.2007
318. KByS 0.28 beta EXE ( shoooo ) china 2006.05.23 *ACM
319. KByS 0.28 beta DLL ( shoooo ) china 2006.05.23 *ACM
320. Microsoft Visual C++ ver. 8.0 DEBUG / Visual Studio 2005 (FF) *ACM
321. mPack – mario PACKer version 0.0.2 (c) DeltaAziz
322. WinUDA 0.291 clasic sfx 2005 by Dwing http://dwing.51.net
323. Cryptic v2.1 – EXE Crypter Copyright [c] 2007.09.26 Tughack ( MS Visual Basic exe stub )
324. aSm Protector v1.0 Copyright [c] 2007.09.29 AT4RE
325. AverCryptor v.1.02beta by Sec|Null os1r1s ( 2007.08.23 ) – www.secnull.org
326. Muckis Protector 2 coded 2007 by Mucki *ACM
327. Rewolf DLL packager v1.0 V.2007 http://rewolf.prv.pl ( OEP info )
328. x86 Virtualizer ReWolf ( VIII.2007 ) – http://rewolf.pl

329. BeRo Tiny Pascal Compiler ( EXE ) http://bero.0ok.de
330. CDS SS V1.0 beta1 (c) CyberDoom [Team-X member] ( 2005.12.18 ) *ACM
331. [dUP2 -> diablo2oo2] v.2.16 patchengine ( loader installer ) – Microsoft MacroAssembler – http://diablo2oo2.cjb.net
332. Borland C++ 2002 & 2005 DLL – www.borland.com
333. WinUpack 0.37-0.39 by Dwing — http://dwing.51.net (BE&60 sign)
334. Flash2X EXE Packager ver.2.1.0 2007 – http://flash2x.net/exepackager ( Borland Delphi ) – RIP HINTs
335. D1S1G PEiD Plugin by D1N ( 10-24-2007 ) PEiD Signature and PE Overlay Tool ( only OVL protection )
336. WinUtilities EXE Protect 2.1 – www.ylcomputing.com (MS C++ 6.0) ( how to pass remove )
337. Hacker’s Patcher version 0.07 Veacheslav Patkov ( 2007.09.21 ) – http://patkov-site.narod.ru/eng.html
338. Enigma Protector 1.35 (2007.10.12)- www.enigmaprotector.com ,Vladimir Sukhov
339. FSG v1.33 F[ast] S[mall] G[ood] – www.xtreeme.prv.pl *ACM
340. FishPE Shield v.1.1x Crypt by HellFish ( http://hellfish.ys168.com ) – sign NOT TESTED trojan
341. Microsoft Visual C++ v4.2 DLL *ACM

342. 32lite DLL [32Lite v0.03a]
343. FishPE Shield v.2.0.x Crypt by HellFish ( http://hellfish.ys168.com )
344. SmartE protection -> Microsoft ( trial/CD check/…)
345. Microsoft Visual Basic v6.0 DLL
346. Dev-C++ Compiler v4 old – Bloodshed Software ( www.bloodshed.net )
347. Dev-C++ DLL ( MINGW 32 v x.x.x )- Bloodshed Software ( www.bloodshed.net ) ASLsign
348. PhrozenCrew PE Shrinker (c)1999 by Virogen version 0.71 beta 06/27/99
349. DarkCrypt v1.2 priv by DMX (2007.12.25)
350. yoda’s Crypter 1.2 http://yodap.has.it ( 2001.01.14 ) *ACM
351. yoda’s Crypter 1.1 http://yodap.has.it ( 2000.12.29 ) *ACM
352. XPack : freeware packer (c)2007 JoKo, Version 0.98 02/18/2007 – www.soft-lab.de/joko/ExePack.htm
353. XComp : freeware packer (c)2007 JoKo, Version 0.98 02/18/2007 – www.soft-lab.de/joko/ExePack.htm
354. Microsoft Visual C++ ver. 8.0 DLL (83_II)
355. VMProtect v.1.6x (demo) 2003-2008 PolyTech – www.vmprotect.ru
356. SIS-Crypt ( 2005.10.29 )
357. Microsoft Visual C++ ver. 3.x (3~4)
358. ExeSax v.0.9.1 EXE encryptor ( CAVE Method only ) 2006.09.18
359. Luck007 2.7 GUI (exe) by Luckliuliu@yahoo.com ( 2007.06.07 ) str( 60%)
360. WinKrypt v1.0 Copyright ?1999 MrCrimson/[WkT!99] *ACM
361. HASP HL Protection V1.X -> Aladdin – www.aladdin.co.il
362. Setup Factory for Win Installer v.1.1.1017 (21.11.2007) www.IndigoRose.com
363. PECRC ver.0.88chn
364. Microsoft Visual C++ ver. x.x DLL (55-10b)
365. (U/R) Private exe Protector v.2.5 ( 12.01.2008 ) www.setisoft.com
366. PeSpin v1.32 (2008.03.09) by CyberBob – http://pespin.w.interia.pl
367. Thunderbolt 0.02 deXep (2005.04.15)
368. Hying’s Armor v0.765 – China Cracking Group (2000-2001) (no options)
369. Hying’s Armor v0.765 – China Cracking Group (2000-2001) (option: VC6++ sign)
370. Generic check : Hying’s Armor v0.765 – China Cracking Group (2000-2001)
371. ZProtect v1.3.0.0 26.02.2008 (demo) 2006-2008 Lifeengines – www.zprotect.cn (exe/dll)
372. Armadillo v1.xx – v2.xx or 2.51 – 3.xx DLL Stub -> Silicon Realms Toolworks
373. Obsidium v1.3.5.4 (exe/dll) – 2008.02.04 Obsidium Software – www.obsidium.de
374. Obsidium v1.2.5.8 Obsidium Software – www.obsidium.de
375. nPack v1.1.800.2008 / 2.0.100 by NEOx (03.03.2008) – www.uinc.ru *ACM

376. eXpressor PE Packer v1.6.0.1 (08.03.2008) – www.cgsoftlabs.ro
377. Smart Install Maker v5.0x www.sminstall.com ( delphi stub )
378. morph EXECryptor v.2.2.x-2.4.x (IAT) ( www.strongbit.com )
379. UPX-Scrambler Release Candidate 1.03 by ㎡nT畂L (2001.04.08) exe
380. STL Packer 1.3 – By Stel128 *ACM
381. tElock 0.99 – 1.0 private -> tE!
382. Borland Delphi DLL ( 2.0 – 3.0 ) *ACM 1992 – www.borland.com
383. mPack – mario PACKer version 0.0.3 (c) DeltaAziz *ACM
384. Themida/Winlicense v.1.9.x.x (compress) -> Oreans Technologies – www.oreans.com
385. MPRESS v0.77 – MATCODE comPRESSor for executables (C) 2007,2008, MATCODE Software – www.matcode.com
386. MPRESS v0.75b – MATCODE comPRESSor for executables (C) 2007,2008, MATCODE Software – www.matcode.com

387. Microsoft Visual C++ v9.0 ( e8 ) www.microsoft.com
388. ActiveMARK 5.x – 6.x -> Trymedia Systems – www.trymedia.com *ACM
389. (E8) Microsoft Visual C++ 9.0 – Visual Studio 2008
390. Microsoft Visual C# / Basic.NET / MS Visual Basic 2005/2008
391. TTProtect 1.0 – 2007/2008 – www.ttprotect.com (.net/dll)
392. TTProtect 1.0 – 2007/2008 – www.ttprotect.com (exe)
393. MPRESS v1.05 – MATCODE comPRESSor for executables (C) 2007,2008, MATCODE Software – www.matcode.com
394. MPRESS v1.07 – MATCODE comPRESSor for executables (C) 2007,2008, MATCODE Software – www.matcode.com
395. EncryptPE V2.2008.6.18 China Cracking Group – www.encryptpe.com
396. Empathy 2.1 Exe password 2007.08 (using : PE-Inject Engine 1.0 by M.Strechovsky ) ( pass decode max.12 char)
397. Microsoft Visual Basic v4.0-6.0 DLL (5A)
398. Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 (4xFF25)
399. Borland C++ Copyright ( No Copyr. sign )
400. !EPack 1.4 lite final – by 6aHguT / Team-X 2006.08
401. Securom 7.3x.xxxx -> Sony DADC – www.securom.com
402. Securom 7.xx.xxxx * -> Sony DADC – www.securom.com
403. *Safedisc V4.50.000 -> Macrovision Corporation

404. X-Crypter 2.0 by X-zero (Delphi stub) 2008.07 – WL-group.net
405. AT4RE Protector v1.0 By Mouradpr *ACM
406. Russian_Cryptor_v1.0 by master3 (2007.05)
407. Obsidium v1.3.6.3 – www.obsidium.de
408. RLPack v.1.20.1 Full Edition stub (EXE- aPLib 0.43 / LZMA 4.3x ) http://ap0x.jezgra.net *ACM
409. RLPack v.1.20.1 Full Edition stub (DLL- aPLib 0.43 / LZMA 4.3x ) http://ap0x.jezgra.net
410. Generic check : RLPack 1.20 with fake signature
411. Flashback Protector v1.0 beta1/3 ( no fake sign ) build 2008.08.17 – http://www.team-x.ru/Fashback/Protector
412. Flashback Protector v1.0 beta1/3 (with FAKE sign) build 2008.08.17 – http://www.team-x.ru/Fashback/Protector
413. SecurePE 1.5 RC4 – www.deepzone.org?
414. Morphnah Beta2 (c) puccxak.com ( 2007.05 )
415. EXECryptor v2.1x (No protEP) *** -> softcomplete.com
416. Aspack Scrambler v0.2 KuNgBiM / [CCG] – 08.01.2008
417. Cobol compiler (417) exe

418. WinAce / SFX Factory v2.x 32-bit (PEtite 2.x Stub)
419. Armadillo 6.0x EXE 32bit – www.siliconrealms.com *ACM
420. Armadillo 6.x DLL 32bit – www.siliconrealms.com *ACM
421. InstallStation Installer v.1.0.5 – http://installstation.com
422. fEaRz Packer v0.3 (Private-1) RC4 Encrypt ( Delphi )
423. RDG packer v.0.x ( VB Crypter ) 2008.09 *ACM
424. Macromedia Flash Player 8.0 (2005) – www.macromedia.com *ACM
425. REAL Basic 2008 ( MS Visual C++ 8.0 stub ) www.realsoftware.com
426. Themida & WinLicense 2.0.x.0 – struct (Hide from PE scanners type II,III,IV,V)
427. Lindersoft SetupBuilder Developer v6.7 (2008) – Lindersoft.com
428. Clarion v.6.0 (1993-2006) – www.Softvelocity.com
429. Advanced Installer v.6.x 2003-2008 by www.caphyon.com ( MSC++ ) .MSI only ovl
430. Poly!Crypt v.2.8 (2007.03) by [BUNG] – *structure lame detector ( 75% )
431. Tarma?Installer v.4.5 www.tarma.com – 1990-2008 Tarma Software Research Pty Ltd ( MSC++ stub ) ver.fromfile
432. The Enigma Protector 1.5x – 1.6.1 [1.52] (2008.08/12) – Vladimir Sukhov – www.enigmaprotector.com
433. Themida & WinLicense 2.0 – struct* (Hide from PE scanners typeI)
434. Angel’s Crypteur v0.2 2008.10.25 (C++ stub) – www.idyliccoderz.fr.cr
435. Fearz crypter 2.2.0 – by fEaRz ( Delphi stub ) *ACM
436. Saddam crypter v2.0 By 4bo3tb ( 2008.09.25 ) Delphi stub *ACM
437. Hack Hound – HH Crypter 2.2 by Hydrargirum for www.hackhound.org ( 2008.11.02 Delphi stub ) *ACM
438. InstallShield?2009 v15 Pro – www.installshield.com – Acresso Software Inc. (MSC++)
439. Hack Hound – HH Crypter 1.0.4 (Mod.Huex) by Hydrargirum for www.hackhound.org ( 2008.08.08 Delphi stub ) *ACM
440. TTProtect 1.0.5 – 2008.08.17 (max/obf) – www.ttprotect.com *ACM
441. TTProtect 1.0.5 – 2008.08.17 (std/max/net) – www.ttprotect.com *ACM
442. TTProtect 1.0.5 dll – 2008.08.17 (max/obf) – www.ttprotect.com *ACM
443. Secure Shade 1.8 by Kizar 02-07-2008 (C++ stub)
444. skD Undetectabler 2.0 pro (Delphi stub) – (C) White Fire Crew 2006-2007 ( *unprotect)

445. Obsidium V1.3.0.0 – 1.3.5.2 Obsidium Software – www.obsidium.de (6s) *ACM
446. ZProtect v1.4.0.0 ( 18.10.2008 demo ) 2006-2008 Lifeengines – www.zprotect.cn (exe/dll)
447. PureBasic 4.20 (05/23/2008) – www.purebasic.com Fantaisie Software *ACM exe
448. PureBasic 4.20 (05/23/2008) – www.purebasic.com Fantaisie Software *ACM DLL
449. Intel Chipset Device Software installer v1.1.15.0 ( MSV C++ )
450. N.C.P.H Packer v1.2 by HK2005 ( sign as Aspack 2.12 fake ) *ACM
451. Securom 7.1 (and new release version detector) -> Sony DADC – www.securom.com
452. ZProtect v1.4.3.2 (demo) 04.12.2008 – 2006-2008 Lifeengines – www.zprotect.cn (exe/dll)
453. Obsidium V1.3.?.? – ?.?.?.? Obsidium Software – www.obsidium.de ( unknown ver. )
454. IcebergLock 3.10.x.xx – Iceberg Software Lab – www.ibsoftlab.com *ACM
455. EncryptPE V2.2007.4.11 China Cracking Group – www.encryptpe.com *ACM

456. Free Pascal Lazarus Project v0.9.26 beta 2008-10-05 – http://sourceforge.net/projects/lazarus
457. DRPU Setup Creator v.2.0.1.5 ( C++ ) – www.setupcreator.com *ACM
458. ST Ultra Pack 2 v0.6s (2008.10.30) Created by Silent Software & Silent Shield – www.ssoft.wz.cz *ACM
459. Ionic Wind Software Compiler *EXE (Aurora 1.0 / Emergence Basic v1.67 ) – www.ionicwind.com
460. Ionic Wind Software Compiler *DLL (Aurora 1.0 / Emergence Basic v1.67 ) – www.ionicwind.com
461. Armadillo ver.4.20 min. compress – www.siliconrealms.com (exe)
462. GoAsm.Exe Version 0.56.4m – Copyright Jeremy Gordon 2001/9 – www.GoDevTool.com (exe)
463. Mew 10 packer v1.0 Coded by Northfox 2004.03.06 ( AVir : malicious packer ) – http://northfox.uw.hu *ACM
464. www.elefun-games.com GameWrapper ( MSV C++ 8.0 ) v.1.0.0.1
465. RDG Tejon Crypter v0.4 ( MS VB 6.1 ) – www.rdgsoft.8k.com *ACM
466. NonstandarD – Microsoft Visual Basic 5.0 -6.x www.microsoft.com
467. DCrypt v.0.9b – drmist ( cryper )
468. HipACryp – 0.0.1 Coded By Departure! ( 2008.11.08 ) – www.Cheesydoodle.com *ACM
469. Armadillo ver.4.xx min. compress – Generic Detector – www.siliconrealms.com
470. Hying’s PE-Armor v0.75 – www.ccg.org.cn

471. Setup Factory 8.0 – ( 06.12.2008 ) ( MSV C++ 8.0 ) www.indigorose.com
472. Autoit v3.3.0.0 ?999-2008 Jonathan Bennett & AutoIt Team ( 24.12.2008 ) – www.autoitscript.com/autoit3
473. Steam Stub – www.valvesoftware.com – Steam is a digital distribution, digital rights management, multiplayer
474. RoguePack v4.0 BETA 1 by The Rogue ( C++ v6.0 stub / 21.11.2008 ) www.descargashack.com
475. RDG Tejon Crypter v0.5 – 2009.01.22 ( MS VB 6.1 ) – www.rdgsoft.8k.com *ACM
476. McAfee Download Manager SelfExtractor v.2.x – 3.x ( MSVC++ 8.0 ) www.mcafee.com
477. RDG Tejon Crypter v0.6 – 2009.02.01 ( MS VB 6.1 ) – www.rdgsoft.8k.com *ACM
478. Generic detector ( add fake sections ) – Flashback scrambler 1.3.1
479. AZProtect 0×0001 by AlexZ aka AZCRC (2006.05.27 ) azsoft@nm.ru *ACM
480. CryptExe v1.0 ( 07.12.2008 – Delphi v7 stub ) – http://pasotech.altervista.org
481. S.Crypter ( 2008.07.12 – MS VBasic v6 stub + ovl ) EP Drunked *ACM
482. Gamehouse Installer v.1.0/1 ( MSV C++ v7 ) www.gamehouse.com
483. Gamehouse Trial wrapper ( .garr ) www.gamehouse.com (noTrial info)
484. RAR SFX stub ( Borland C++ 1999 )
485. Private exe Protector v.3.0.1 unr. ( 18.02.2009 ) – www.setisoft.com
486. RDG Tejon Crypter v0.7 – 2009.03.11 ( MS VB 6.1 ) – http://rdgsoft.8k.com/Tejon.html *ACM
487. RDG Tejon Crypter v0.8 – 2009.03.16 ( MS VB 6.1 ) – http://rdgsoft.8k.com/Tejon.html *ACM
488. RDG Tejon Crypter v0.9 – 2009.03.29 ( MS VB 6.1 ) – http://rdgsoft.8k.com/Tejon.html *ACM
489. RDG PolyPack v.0.1 Beta / v.1.1 – www.RDGSoFT.8k.com *ACM – ver from file
490. VMProtect 1.70.4 – 1.8 ( 2009.02/04 ) NoNS.opt. Detector – PolyTech – www.vmprotect.ru
491. [dUP2 -> diablo2oo2] v.2.19 patchengine ( patch ) – MASM – http://diablo2oo2.cjb.net
492. [ loader installer ] – diablo2oo2′s Universal Patcher [dUP] Version: 2.19 ( 27.03.2009 ) – http://diablo2oo2.cjb.net
493. [ simple loader ] – diablo2oo2′s Universal Patcher [dUP] Version: 2.19 ( 27.03.2009 ) – http://diablo2oo2.cjb.net
494. MoleBox Pro 2.3640 prod.ver 2.7.0 Teggo Software Ltd. – www.molebox.com
495. Drony Application Protect v3.0 beta9 ( 22 Nov 2005 ) dronyx@gmail.com
496. Gentee installer custom – www.gentee.com
497. MPRESS v2.05 -> [v2.05] – MATCODE comPRESSor for executables (C) 2007,2009, MATCODE Software – www.matcode.com
498. Ghost Installer Studio v.4.7 – www.ethalone.com – Copyright (C) 2008 Ethalone Solutions, Inc ( xor only – UPX & not UPX-ed )
499. Oberon Media Game Runner v.1.0.0.8 MS C++8.0 ( Extracts and runs the game setup ) – http://corp.oberon-media.com
500. ZProtect v1.4.8.0 Demo ( 23 III 2009 ) – www.peguard.com – 2006-2009 Lifeengines – www.zprotect.cn (exe/dll)
501. MEW exe-packer v0.1 beta (2004.02.11) alias > Mew5 exe-coder 0.1 beta / ver.1.0 – http://Northfox.uw.hu *ACM
502. ExeDefender v1.0 by InternalBytes software (2009.05.04 open-source) – www.internalbytes.net
503. EXECryptor v.2.3.8-2.4.1 noPack-noImp ( www.strongbit.com )
504. Digital Mars D Compiler v2.029 (c) 1999-2009 by Digital Mars – www.digitalmars.com ( exe )
505. Virtual Pascal v2.1 ( 2004.10.18 ) Copyright (C) 1996-2000 www.vpascal.com-bad link
506. ASProtect V2.X DLL -> Alexey Solodovnikov
507. StealthPE v2.2 – STE@LTh PE by Flashback/Team-X – 2008.05.19
508. VMware ThinApp 4.0.2 – 20.02.2009 – Copyright 2006-2009 VMware, Inc. www.thinstal.com / www.vmware.com
509. MPRESS v2.12 -> [v2.12] – MATCODE comPRESSor for executables (C) 2007,2009.05.11, MATCODE Software – www.matcode.com
510. WildTangent Game wrapper 2.2.0.xx – www.wildtangent.com www.wildgames.com
511. RealArcade Wrapper (.garr) www.realarcade.com
512. GPScript Programming Language v5.0 – 2007.11.20 – Copyright(C) 2001 – 2003, GPcH Soft – www.dotfix.net
513. QuickPack NT 0.1 alpha 07.09.2007 ( aPlib )
514. NoobyProtect SE 1.5.8.0 (c) 2009 Nooby – www.safengine.com

_______________________________________________________________________

www.exeinfo.go.pl
_______________________________________________________________________

2009.06.28 ( c ) A.S.L.

相关文章

• VMProtect 1.70.4 破解版( 0 )
• uPPP.v0.6.Retail Patch Creater by UFO-pu55y( 0 )
• PE头移位工具 v1.0( 0 )
• ExplorerSuite.13.12.09( 0 )
• dUP 2.21 BETA 9( 0 )
• WinHex 16.0 SR-2 【share】( 1 )
• Ultra Compare 7.0 序列号( 0 )
• .Net静态反编译工具 ILSpy and Reflector( 0 )

用od载入后忽略所有异常，对code段下F2断点，F9运行，注意观察堆栈窗口，直到出现Se handle


跟入处理的数据，ctrl+g转到61390B

0061390B     55                   push ebp  ;F2断点
0061390C     8BEC                 mov ebp,esp
0061390E     57                   push edi
0061390F     36:8B45 10           mov eax,dword ptr ss:[ebp+10]
00613913     3E:8BB8 C4000000     mov edi,dword ptr ds:[eax+C4]
0061391A     3E:FF37              push dword ptr ds:[edi]
0061391D     33FF                 xor edi,edi
0061391F     64:8F07              pop dword ptr fs:[edi]
00613922     3E:8380 C4000000 08  add dword ptr ds:[eax+C4],8
0061392A     3E:8BB8 A4000000     mov edi,dword ptr ds:[eax+A4]
00613931     C1C7 07              rol edi,7
00613934     3E:89B8 B8000000     mov dword ptr ds:[eax+B8],edi                 ; edi就是程序入口点
0061393B     B8 00000000          mov eax,0
00613940     5F                   pop edi
00613941     C9                   leave
00613942     C3                   retn

下F2断点，shift+F9运行，中断后开始单步运行，注意寄存器窗口，标注的edi就是程序入口点，直接转到edi数值。F2下断。shift+F9运行，中断后即可用LordPe脱壳。

0052F814     55                   push ebp ;F2断点
0052F815     8BEC                 mov ebp,esp
0052F817     83C4 E4              add esp,-1C
0052F81A     33C0                 xor eax,eax
0052F81C     8945 E4              mov dword ptr ss:[ebp-1C],eax
0052F81F     8945 E8              mov dword ptr ss:[ebp-18],eax
0052F822     8945 EC              mov dword ptr ss:[ebp-14],eax
0052F825     B8 FCF35200          mov eax,Agama.0052F3FC
0052F82A     E8 E975EDFF          call Agama.00406E18
0052F82F     33C0                 xor eax,eax
0052F831     55                   push ebp
0052F832     68 31FB5200          push Agama.0052FB31
0052F837     64:FF30              push dword ptr fs:[eax]
0052F83A     64:8920              mov dword ptr fs:[eax],esp
0052F83D     B9 34655300          mov ecx,Agama.00536534
0052F842     BA 30655300          mov edx,Agama.00536530
0052F847     B8 2C655300          mov eax,Agama.0053652C
0052F84C     E8 EFEDFFFF          call Agama.0052E640
0052F851     833D 2C655300 10     cmp dword ptr ds:[53652C],10
0052F858     7C 0C                jl short Agama.0052F866
0052F85A     813D 30655300 240300>cmp dword ptr ds:[536530],324
0052F864     7D 0F                jge short Agama.0052F875
0052F866     B8 48FB5200          mov eax,Agama.0052FB48                        ; ASCII "This software requires 16 bit colors adapter and 800x640 resolution as the minimu!"

猛击此处下载测试程序！

相关文章

• Scylla v0.5a- x64/x86 Imports Reconstruction( 0 )
• IDA + Debug 插件 实现64Bit Exe脱壳( 0 )
• imp64( 0 )
• ( 2 )
• 实战IDA PE+ DLL脱壳( 0 )
• Armadillo V6.X Minimum Protection 【脱壳】( 0 )
• 普通壳的脱壳方法和脱壳技巧【转载】( 0 )
• ( 0 )