表现为选择服务器后,进入全屏状态数秒后直接退出,(如果JIT不是静默的华生的话,会报 ntdll!KiFastSystemCallRet 错误)
主程序做过加壳,也做过变形,郁闷的是居然伪装为安博士的段名.
peid检查是upx,用upxripper脱壳失败,
OD载入后,按照UPX壳处理,断在5EF2B1,Dump下来可以运行,证明是UPX的壳没错.
估计是因为code段没有020(execute)属性引发DEP强烈抗议,推测添加后将不必去禁用DEP
可以在 系统属性->高级->性能->设置->数据执行保护 中将DEP设置为 “只为关键的Windows程序和服务启用数据执行保护”
(如果有硬件DEP的话,请在BIOS中禁止non execute protection)
对于喜欢Q&D方式的人,请移步来到c:\boot.ini,将你当前系统的启动项的/noexecute修改为OptIn(同上效果)或者AlwaysOff(完全禁用)
对于网吧或者家庭用户,如果感到上面的操作很郁闷,
请卸载SP2/SP1,或者格式化机器,华丽地安装2000/98.
做小工具去修改….
对之前的我或许早就提供下载了,不过目前我还是抓紧时间补觉的好….
这个故事告诉我们,玩壳不慎必自焚.
资料参考:
http://support.microsoft.com/default.aspx/kb/875352
http://www.microsoft.com/technet/prodtechnol/winxppro/zh-chs/maintain/sp2mempr.mspx
How add your site to technorats?
I am pretty grateful to discover this information that I had been looking for some time. This made me very glad… This great site has provided all of us fairly valuable info. Thank you
Hey, I just desired to let you know, I really like the written substance on your website. But I am utilising Chromium on a machine running version 9.04 of Ubuntu and the seem and sense aren’t really satisfying. Not a strong deal, I can still essentially read the articles and search for info, but just desired to inform you about that. The navigation bar is kind of challenging to use while using config I’m running. Continue to keep up the superb perform!
I just wanna thank you for sharing your information and your site. I’ve learned something today. Thanks!