万能脱壳工具 - QuickUnpack 2.1 汉化版
2008-04-19 15:56
QuickUnpack是我用过的最好的脱壳程序,几乎能脱掉大部分的壳。上一个版本2.0 final大约在半年前发布,这次发布的是2.1版本,根据官方说明,可以脱掉以下的壳:
32Lite AnslymPacker AREA51 Cryptor Armadillo (minimal protection) AsdPack ASPack ASProtect (old versions) BeroEXEPacker CD-Cops DDeM depack DragonArmor Exe32Pack ExeCryptor (old versions) ExeFog ExeSax ExeShield ExeStealth fEaRz Crypter FreeCryptor FriCryptor FSG HidePE HidePX hmimys-Packer JDPack KByS kkrunchy LameCrypt Manolo MEW Minke NeoLite NME NsPack Orien PackMan PECompact PEDiminisher PE-PACK PEncrypt Perplex PE-Protector PeTite PEX PI Cryptor PKLite32 PollyBox PolyEnE Protection Plus QrYPt0r NuTraL Poly QuickPack RLPack Sopelka StealthPE TeLock (not all versions) TheMida (minimal protection) unnamed Scrambler UPack UPolyX UProtector UPX WindOfCrypt WinUPack WWPack32 Yoda Crypter Yoda Protector YZPacker ...many others...
[!] fixed many bugs like crash on some applications while restoration of resources [!] multithreaded applications are now handled properly [+] added ability to set end of module when tracing import functions. When a reference to import is found it\'s analysed if it leads to some space outside of the module (not to trace some internal functions). But some packers redirect import to the last section. This option is intended to aid this problem. This is RVA [+] added ability to put import table at given RVA instead of adding extra section [+] added ability to set RDTSC delta for RDTSC hook (see more on rdtsc_delta in Scripts.eng.txt) [+] Load libraries only option added to import recovery methods. this option doesn\'t actually recover import it just puts 1 import function from every loaded DLL into the import table. thus dump will be loaded with all the necessary libraries and will use old addresses for import functions which were set by a protector. this option can be used if import redirection is too complicated but the dump will stop working after service pack or some other patch installation [+] Execute functions while tracing import option is added. by default while tracing import functions are not executed but some protectors need result of these functions to operate correctly so this option can be used [+] Process call xxx/jmp xxx option is added. some protectors change import calls and jumps from call [xxx]/jmp [xxx] to call xxx/jmp xxx. this option is intended to work also with these redirections [+] added several new functions and variables for the scripts [+] UsAr\'s generic OEP finder now supports DLLs [+] new Vista manifest added

下载(1.1M):S.eVxz | 纳米盘 | mediafire |