吾爱破解 - LCG - LSG |安卓破解|病毒分析|www.52pojie.cn

 找回密码
 注册[Register]

QQ登录

只需一步,快速开始

查看: 1692|回复: 14
收起左侧

[求助] 想问一下各位大佬 这个有壳吗

[复制链接]
longcy 发表于 2021-9-10 13:30
image.png
这个有没有壳?我想改里面的文字,但是用Restorator 2018啥也找不到,如果有壳怎么脱壳修复呢?

发帖前要善用论坛搜索功能,那里可能会有你要找的答案或者已经有人发布过相同内容了,请勿重复发帖。

huiye123 发表于 2021-9-10 14:36
花生壳。瓜子壳。来脚升一升哈

免费评分

参与人数 1吾爱币 -8 收起 理由
涛之雨 -8 请勿灌水,提高回帖质量是每位会员应尽的义务!

查看全部评分

cghots 发表于 2021-9-10 15:43
风绕柳絮轻敲雪 发表于 2021-9-10 13:40
 楼主| longcy 发表于 2021-9-10 13:46

EXE直接扔进去是这样的


// PE
// 所有树节点都使用十六进制编辑器来修改 PE 文件
//
// 00000000 - 0000003F DOS 头
//
// IMAGE_DOS_HEADER:
// 00000000 - 00000001 5A4D = e_magic
// 00000002 - 00000003 0090 = e_cblp
// 00000004 - 00000005 0003 = e_cp
// 00000006 - 00000007 0000 = e_crlc
// 00000008 - 00000009 0004 = e_cparhdr
// 0000000A - 0000000B 0000 = e_minalloc
// 0000000C - 0000000D FFFF = e_maxalloc
// 0000000E - 0000000F 0000 = e_ss
// 00000010 - 00000011 00B8 = e_sp
// 00000012 - 00000013 0000 = e_csum
// 00000014 - 00000015 0000 = e_ip
// 00000016 - 00000017 0000 = e_cs
// 00000018 - 00000019 0040 = e_lfarlc
// 0000001A - 0000001B 0000 = e_ovno
// 0000001C - 0000001D 0000 = e_res[0]
// 0000001E - 0000001F 0000 = e_res[1]
// 00000020 - 00000021 0000 = e_res[2]
// 00000022 - 00000023 0000 = e_res[3]
// 00000024 - 00000025 0000 = e_oemid
// 00000026 - 00000027 0000 = e_oeminfo
// 00000028 - 00000029 0000 = e_res2[0]
// 0000002A - 0000002B 0000 = e_res2[1]
// 0000002C - 0000002D 0000 = e_res2[2]
// 0000002E - 0000002F 0000 = e_res2[3]
// 00000030 - 00000031 0000 = e_res2[4]
// 00000032 - 00000033 0000 = e_res2[5]
// 00000034 - 00000035 0000 = e_res2[6]
// 00000036 - 00000037 0000 = e_res2[7]
// 00000038 - 00000039 0000 = e_res2[8]
// 0000003A - 0000003B 0000 = e_res2[9]
// 0000003C - 0000003F 00000080 = e_lfanew
//
// 00000084 - 00000097 文件头
//
// IMAGE_FILE_HEADER:
// 00000084 - 00000085 014C = Machine
// 00000086 - 00000087 0005 = NumberOfSections
// 00000088 - 0000008B 5FABBE56 = TimeDateStamp
// 0000008C - 0000008F 00000000 = PointerToSymbolTable
// 00000090 - 00000093 00000000 = NumberOfSymbols
// 00000094 - 00000095 00E0 = SizeOfOptionalHeader
// 00000096 - 00000097 010E = Characteristics
//
// 00000098 - 00000177 可选头(32 -位)
//
// IMAGE_OPTIONAL_HEADER32:
// 00000098 - 00000099 010B = Magic
// 0000009A - 0000009A 06 = MajorLinkerVersion
// 0000009B - 0000009B 00 = MinorLinkerVersion
// 0000009C - 0000009F 0004FA00 = SizeOfCode
// 000000A0 - 000000A3 00001A00 = SizeOfInitializedData
// 000000A4 - 000000A7 00000000 = SizeOfUninitializedData
// 000000A8 - 000000AB 00051862 = AddressOfEntryPoint
// 000000AC - 000000AF 00002000 = BaseOfCode
// 000000B0 - 000000B3 00052000 = BaseOfData
// 000000B4 - 000000B7 00400000 = ImageBase
// 000000B8 - 000000BB 00002000 = SectionAlignment
// 000000BC - 000000BF 00000200 = FileAlignment
// 000000C0 - 000000C1 0004 = MajorOperatingSystemVersion
// 000000C2 - 000000C3 0000 = MinorOperatingSystemVersion
// 000000C4 - 000000C5 0000 = MajorImageVersion
// 000000C6 - 000000C7 0000 = MinorImageVersion
// 000000C8 - 000000C9 0004 = MajorSubsystemVersion
// 000000CA - 000000CB 0000 = MinorSubsystemVersion
// 000000CC - 000000CF 00000000 = Win32VersionValue
// 000000D0 - 000000D3 0009C000 = SizeOfImage
// 000000D4 - 000000D7 00002000 = SizeOfHeaders
// 000000D8 - 000000DB 00000000 = CheckSum
// 000000DC - 000000DD 0002 = Subsystem
// 000000DE - 000000DF 8540 = DllCharacteristics
// 000000E0 - 000000E3 00200000 = SizeOfStackReserve
// 000000E4 - 000000E7 00002000 = SizeOfStackCommit
// 000000E8 - 000000EB 00200000 = SizeOfHeapReserve
// 000000EC - 000000EF 00002000 = SizeOfHeapCommit
// 000000F0 - 000000F3 00000000 = LoaderFlags
// 000000F4 - 000000F7 00000010 = NumberOfRvaAndSizes
// 000000F8 - 000000FB 00000000 = Export.VirtualAddress
// 000000FC - 000000FF 00000000 = Export.Size
// 00000100 - 00000103 00090000 = Import.VirtualAddress
// 00000104 - 00000107 00001406 = Import.Size
// 00000108 - 0000010B 00052000 = Resource.VirtualAddress
// 0000010C - 0000010F 000016BC = Resource.Size
// 00000110 - 00000113 00000000 = Exception.VirtualAddress
// 00000114 - 00000117 00000000 = Exception.Size
// 00000118 - 0000011B 00000000 = Security.VirtualAddress
// 0000011C - 0000011F 00000000 = Security.Size
// 00000120 - 00000123 00098000 = Base Reloc.VirtualAddress
// 00000124 - 00000127 00004000 = Base Reloc.Size
// 00000128 - 0000012B 00000000 = Debug.VirtualAddress
// 0000012C - 0000012F 00000000 = Debug.Size
// 00000130 - 00000133 00000000 = Architecture.VirtualAddress
// 00000134 - 00000137 00000000 = Architecture.Size
// 00000138 - 0000013B 00000000 = Global Ptr.VirtualAddress
// 0000013C - 0000013F 00000000 = Global Ptr.Size
// 00000140 - 00000143 00056000 = TLS.VirtualAddress
// 00000144 - 00000147 00000018 = TLS.Size
// 00000148 - 0000014B 00000000 = Load Config.VirtualAddress
// 0000014C - 0000014F 00000000 = Load Config.Size
// 00000150 - 00000153 00000000 = Bound Import.VirtualAddress
// 00000154 - 00000157 00000000 = Bound Import.Size
// 00000158 - 0000015B 00002000 = IAT.VirtualAddress
// 0000015C - 0000015F 00000008 = IAT.Size
// 00000160 - 00000163 00000000 = Delay Import.VirtualAddress
// 00000164 - 00000167 00000000 = Delay Import.Size
// 00000168 - 0000016B 00000000 = .NET.VirtualAddress
// 0000016C - 0000016F 00000000 = .NET.Size
// 00000170 - 00000173 00000000 = Reserved15.VirtualAddress
// 00000174 - 00000177 00000000 = Reserved15.Size
//
// 00000178 - 0000019F 节 #0: .text
//
// IMAGE_SECTION_HEADER:
// 00000178 - 0000017F .text = Name
// 00000180 - 00000183 0004F868 = VirtualSize
// 00000184 - 00000187 00002000 = VirtualAddress
// 00000188 - 0000018B 0004FA00 = SizeOfRawData
// 0000018C - 0000018F 00000400 = PointerToRawData
// 00000190 - 00000193 00000000 = PointerToRelocations
// 00000194 - 00000197 00000000 = PointerToLinenumbers
// 00000198 - 00000199 0000 = NumberOfRelocations
// 0000019A - 0000019B 0000 = NumberOfLinenumbers
// 0000019C - 0000019F 60000020 = Characteristics
//
// 000001A0 - 000001C7 节 #1: .rsrc
//
// IMAGE_SECTION_HEADER:
// 000001A0 - 000001A7 .rsrc = Name
// 000001A8 - 000001AB 000016BC = VirtualSize
// 000001AC - 000001AF 00052000 = VirtualAddress
// 000001B0 - 000001B3 00001800 = SizeOfRawData
// 000001B4 - 000001B7 0004FE00 = PointerToRawData
// 000001B8 - 000001BB 00000000 = PointerToRelocations
// 000001BC - 000001BF 00000000 = PointerToLinenumbers
// 000001C0 - 000001C1 0000 = NumberOfRelocations
// 000001C2 - 000001C3 0000 = NumberOfLinenumbers
// 000001C4 - 000001C7 40000040 = Characteristics
//
// 000001C8 - 000001EF 节 #2: .reloc
//
// IMAGE_SECTION_HEADER:
// 000001C8 - 000001CF .reloc = Name
// 000001D0 - 000001D3 0000000C = VirtualSize
// 000001D4 - 000001D7 00054000 = VirtualAddress
// 000001D8 - 000001DB 00000200 = SizeOfRawData
// 000001DC - 000001DF 00051600 = PointerToRawData
// 000001E0 - 000001E3 00000000 = PointerToRelocations
// 000001E4 - 000001E7 00000000 = PointerToLinenumbers
// 000001E8 - 000001E9 0000 = NumberOfRelocations
// 000001EA - 000001EB 0000 = NumberOfLinenumbers
// 000001EC - 000001EF 42000040 = Characteristics
//
// 000001F0 - 00000217 节 #3: .enigma1
//
// IMAGE_SECTION_HEADER:
// 000001F0 - 000001F7 .enigma1 = Name
// 000001F8 - 000001FB 00002000 = VirtualSize
// 000001FC - 000001FF 00056000 = VirtualAddress
// 00000200 - 00000203 01B36000 = SizeOfRawData
// 00000204 - 00000207 00051800 = PointerToRawData
// 00000208 - 0000020B 00000000 = PointerToRelocations
// 0000020C - 0000020F 00000000 = PointerToLinenumbers
// 00000210 - 00000211 0000 = NumberOfRelocations
// 00000212 - 00000213 0000 = NumberOfLinenumbers
// 00000214 - 00000217 E0000040 = Characteristics
//
// 00000218 - 0000023F 节 #4: .enigma2
//
// IMAGE_SECTION_HEADER:
// 00000218 - 0000021F .enigma2 = Name
// 00000220 - 00000223 00044000 = VirtualSize
// 00000224 - 00000227 00058000 = VirtualAddress
// 00000228 - 0000022B 00044000 = SizeOfRawData
// 0000022C - 0000022F 01B87800 = PointerToRawData
// 00000230 - 00000233 00000000 = PointerToRelocations
// 00000234 - 00000237 00000000 = PointerToLinenumbers
// 00000238 - 00000239 0000 = NumberOfRelocations
// 0000023A - 0000023B 0000 = NumberOfLinenumbers
// 0000023C - 0000023F E00000E0 = Characteristics
byh3025 发表于 2021-9-10 14:27
net 的,没有壳
 楼主| longcy 发表于 2021-9-10 17:47

那这个我想改里面显示的文本,用什么改啊
byh3025 发表于 2021-9-10 18:21
longcy 发表于 2021-9-10 17:47
那这个我想改里面显示的文本,用什么改啊

放dnspy里,能看到源码
 楼主| longcy 发表于 2021-9-10 21:31
byh3025 发表于 2021-9-10 18:21
放dnspy里,能看到源码

Snipaste_2021-09-10_21-30-33.png
是这样的 不知道怎么改啊

点评

enigma的壳啊,先脱壳  详情 回复 发表于 2021-9-11 09:39
涛之雨 发表于 2021-9-11 09:39
longcy 发表于 2021-9-10 21:31
是这样的 不知道怎么改啊

enigma的壳啊,先脱壳
您需要登录后才可以回帖 登录 | 注册[Register]

本版积分规则 警告:本版块禁止回复与主题无关非技术内容,违者重罚!

快速回复 收藏帖子 返回列表 搜索

RSS订阅|小黑屋|处罚记录|联系我们|吾爱破解 - LCG - LSG ( 京ICP备16042023号 | 京公网安备 11010502030087号 )

GMT+8, 2024-3-29 23:57

Powered by Discuz!

Copyright © 2001-2020, Tencent Cloud.

快速回复 返回顶部 返回列表