{"id":46,"date":"2008-09-01T08:55:01","date_gmt":"2008-09-01T08:55:01","guid":{"rendered":"http:\/\/kumouse.aafox.com\/?p=46"},"modified":"2008-09-01T08:55:01","modified_gmt":"2008-09-01T08:55:01","slug":"%e9%80%86%e5%90%91%e7%9b%b8%e5%85%b3%e5%b7%a5%e5%85%b7","status":"publish","type":"post","link":"https:\/\/www.kumouse.com\/?p=46","title":{"rendered":"\u9006\u5411\u76f8\u5173\u5de5\u5177"},"content":{"rendered":"<p><span style=\"color:Red\">LordPE DLX\u589e\u5f3a\u7248<\/span><\/p>\n<p>2008.5.31<br \/>\u8d44\u6e90\u540d\u6ea2\u51fa\u6f0f\u6d1e\u3002\u7f13\u51b2\u533a\u957f\u5ea6\u68c0\u6d4b\u662fchar,\u4f46\u662f\u62f7\u8d1d\u7684\u65f6\u5019\u662fwchar\uff0c\u6240\u4ee5\u6ea2\u51fa\u4e86\u3002by somuch<\/p>\n<p>2006.11.30\u66f4\u65b0<br \/>freecat\u5236\u4f5c\u7684\u529f\u80fd\u63d2\u4ef6LordPeFix.dll\uff0c\u4fee\u6b63LordPE\u53ea\u663e\u793a60\u4e2a\u8fdb\u7a0b\u7684bug<\/p>\n<p>2005.10.15<br \/>(1) \u4e3aLordPE\u67e5\u770b\u8f93\u5165\u8868\u90e8\u5206\u52a0\u4e0a\u641c\u7d22\u529f\u80fd <br \/>(2) \u4e3aLordPE\u67e5\u770b\u8f93\u5165\u8868\u90e8\u5206\u52a0\u53f3\u952e\u83dc\u5355(\u590d\u5236ThunkRVA\/FirstThunk\u5217).<br \/>(3) \u5f53\u70b9\u51fbLordPE\u67e5\u770b\u8f93\u5165\u8868\u90e8\u5206\u4e2d&quot;View always FirstThunk&quot;,\u4fdd\u6301\u5149\u6761\u5728\u539f\u6765\u4f4d\u7f6e.(LordPE\u9ed8\u8ba4\u4f1a\u5c06\u5149\u6761\u7f6e\u52300\u884c)<br \/>(4) \u4fee\u6539FLC(File Location Calulator)\u7a97\u53e3\u4e2d\u5404\u4e2a\u6587\u672c\u6846(VA,RVA,Offset)\u4e3a\u53ea\u8bfb\u5c5e\u6027,\u6b64\u65f6\u53ef\u4ee5\u7528\u9f20\u6807\u590d\u5236\u91cc\u9762\u7684\u6587\u672c<\/p>\n<p><a href=\"uploads\/200809\/01_085746_lpedlx.rar\" title=\"uploads\/200809\/01_085746_lpedlx.rar\" target=\"_blank\">\u70b9\u51fb\u4e0b\u8f7d1 LordPE DLX\u589e\u5f3a\u7248<\/a><br \/><a href=\"http:\/\/www.pediy.com\/tools\/PE_tools\/Lordpe\/LPE-DLX.rar\" title=\"http:\/\/www.pediy.com\/tools\/PE_tools\/Lordpe\/LPE-DLX.rar\" target=\"_blank\">\u70b9\u51fb\u4e0b\u8f7d2 LordPE DLX\u589e\u5f3a\u7248<\/a><\/p>\n<p><span style=\"color:Red\">OllyICE(OllyDbg)<\/span><\/p>\n<p>OllyICE v1.10 \u4fee\u6539\u7248(OllyDbg) [2008.1.1]<\/p>\n<p>\u7531\u4e8eOllyDBG 1.1(<a href=\"http:\/\/www.ollydbg.de\" title=\"http:\/\/www.ollydbg.de\" target=\"_blank\">http:\/\/www.ollydbg.de<\/a>)\u5b98\u65b9\u5f88\u957f\u4e00\u6bb5\u65f6\u95f4\u6ca1\u66f4\u65b0\uff0c\u6545\u4e00\u4e9b\u7231\u597d\u8005\u5bf9OllyDBG\u4fee\u6539\uff0c\u65b0\u589e\u4e86\u4e00\u4e9b\u529f\u80fd\u6216\u4fee\u6b63\u4e00\u4e9bbug\uff0cOllyICE\u5c31\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u4fee\u6539\u7248\uff0c\u53d6\u540dOllyICE\u53ea\u662f\u4fbf\u4e8e\u533a\u5206\uff0c\u5176\u5b9e\u8d28\u8fd8\u662fOllyDBG\uff0c\u7248\u6743\u5f52OllyDBG\u5b98\u65b9\u6240\u6709\u3002<\/p>\n<p>\u6587\u4ef6\u7ec4\u6210\uff1a<br \/>OllyICE.EXE \u4e2d\u6587\u6c49\u5316\u7248\uff0c\u662f\u5728cao_cong\u6c49\u5316\u7b2c\u4e8c\u7248\u57fa\u7840\u4e0a\u4fee\u6539\u7684\u3002<br \/>OLLYDBG.EXE \u82f1\u6587\u4fee\u6539\u7248\uff0c\u4fee\u6539\u7684\u5730\u65b9\u4e0eOllyICE.exe\u4e00\u6837\u3002<\/p>\n<p>OllyICE.EXE\u4e0eOLLYDBG.EXE\u540c\u65f6\u505a\u4e86\u5982\u4e0b\u4fee\u6539\uff1a<br \/>1.\u7a97\u53e3\u3001\u7c7b\u540d\u7b49\u5e38\u89c1\u4fee\u6539\uff1b<br \/>2.\u683c\u5f0f\u5316\u5b57\u7b26\u4e32\u7684\u6f0f\u6d1e[OutPutDebugString]\u8865\u4e01\uff1b<br \/>3.\u53c2\u8003dyk158\u7684ODbyDYK v1.10 \uff0c\u81ea\u52a8\u914d\u7f6eUDD\u3001PLUGIN\u4e3a\u7edd\u5bf9\u8def\u5f84\uff1b<br \/>4.\u53c2\u8003nbw\u7684&quot;OD\u590d\u5236BUG\u5206\u6790\u548c\u4fee\u6b63&quot;\u4e00\u6587,\u4fee\u6b63\u4ece\u5185\u5b58\u533a\u590d\u5236\u6570\u636e\u65f6,\u6709\u65f6\u65e0\u6cd5\u5c06\u6240\u6709\u7684\u6570\u636e\u90fd\u590d\u5236\u5230\u526a\u8d34\u677f\u7684bug\u3002<br \/>5.\u53c2\u8003ohuangkeo\u201c\u4e0d\u88abOD\u5206\u6790\u539f\u56e0\u4e4b\u4e00\u548c\u4fee\u8865\u65b9\u6cd5\u201d\uff0c\u7a0d\u6539\u8fdb\u4e86OD\u8bc6\u522bPE\u683c\u5f0f\u80fd\u529b(\u53ef\u80fd\u4ecd\u62a5\u662f\u975ePE\u6587\u4ef6\uff0c\u4f46\u5df1\u53ef\u8c03\u8bd5\u4e86)\u3002<br \/>6.\u4fee\u6b63OllyScript.dll\u63d2\u4ef6bpwm\u547d\u4ee4\u5185\u5b58\u8bfb\u5199\u90fd\u4e2d\u65ad\u7684\u95ee\u9898\u3002<br \/>7.jingulong\u7684Loaddll.exe\uff0c\u53ef\u4ee5\u65b9\u4fbf\u8ba9OllDbg\u4e2d\u65ad\u5728dll\u7684\u5165\u53e3\u3002<br \/>8.\u611f\u8c22DarkBul\u544a\u77e5SHIFT+F2\u6761\u4ef6\u7a97\u53e3\u663e\u793a\u7684bug\u53ca\u4fee\u590d\u3002<br \/>9.\u611f\u8c22dreaman\u4fee\u590dFindlabel,Findname,Findnextname\u4e09\u4e2a\u51fd\u6570\u5904\u7406\u5b57\u7b26\u4e32\u4f1a\u6ea2\u51fa\u7684bug\u3002<br \/>10.\u6539\u5584sprintf\u51fd\u6570\u663e\u793a\u67d0\u4e9b\u6d6e\u70b9\u6570\u4f1a\u5d29\u6e83\u7684bug\uff0c\u8fd9\u91cc\u7684\u4fee\u590d\u4ee3\u7801\u76f4\u63a5\u5f15\u7528heXer\u7684\u4ee3\u7801\u3002<br \/>11.\u8be5\u4fee\u6539\u7248\uff0c\u914d\u5408HideOD\u63d2\u4ef6\uff0c\u53ef\u4ee5\u5f88\u597d\u5730\u9690\u85cfOD\u3002<br \/>12.\u65b0\u589e\u5b9e\u7528\u7684\u5feb\u6377\u952e\u529f\u80fd<br \/>13.\u4fee\u6b63Themida v1.9.x.x\u68c0\u6d4bOllyICE\u7684Anti\uff0c\u914d\u5408HideToolz\u5373\u53ef\u8c03\u8bd5Themida v1.9.x.x\u52a0\u58f3\u7a0b\u5e8f\u3002 <br \/>14.LOCKLOSE\u6dfb\u52a0\u4e86\u90e8\u5206API\u548c\u7ed3\u6784\u4f53\u4fe1\u606f\u3002<br \/><a href=\"ftp:\/\/ftp.aafox.com\/asm\/OllyICE.rar\" title=\"ftp:\/\/ftp.aafox.com\/asm\/OllyICE.rar\" target=\"_blank\">\u70b9\u51fb\u4e0b\u8f7d OllyICE(OllyDbg)<\/a><\/p>\n<p><span style=\"color:Red\">VC\u81ea\u5e26\u7684\u5c0f\u5de5\u5177 Spy++<\/span><br \/><a href=\"uploads\/200809\/01_091701_spy.rar\" title=\"uploads\/200809\/01_091701_spy.rar\" target=\"_blank\">\u70b9\u51fb\u4e0b\u8f7d Spy++<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>LordPE DLX\u589e\u5f3a\u7248 2008.5.31\u8d44\u6e90\u540d\u6ea2\u51fa\u6f0f\u6d1e\u3002\u7f13\u51b2\u533a\u957f\u5ea6\u68c0\u6d4b\u662fchar,\u4f46\u662f\u62f7\u8d1d\u7684\u65f6\u5019\u662fwch [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12],"tags":[],"class_list":["post-46","post","type-post","status-publish","format-standard","hentry","category-12"],"_links":{"self":[{"href":"https:\/\/www.kumouse.com\/index.php?rest_route=\/wp\/v2\/posts\/46","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kumouse.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kumouse.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kumouse.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kumouse.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=46"}],"version-history":[{"count":0,"href":"https:\/\/www.kumouse.com\/index.php?rest_route=\/wp\/v2\/posts\/46\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.kumouse.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=46"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kumouse.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=46"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kumouse.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=46"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}