
׼дȽͨõѿǻʵںܶһͨԵѿǻǻCPUģƵģ
Ҳ⣬Ƿ̶ȵĲͬǽǵȻĽȽǿ
ҲûбҪд......CPUֶ֧̣߳򵥵Ķ̵ԣĽӦ
㡰͡ⶼڼ׶Σ֪Ҫż൱ĸߣ˱
Ǳѧϰо̬ȣдɣ˶......

CPUĽǻЧʿ϶Ƚϵͣ˽Ż㷨ʹܾĿ......


ɫ:
	1.C
	2.ԼдڴڴƬЧڴƬ
	3.óֲԭCPUcache
	4.ݽṹһùϣȽϸЧ
	5.Ϊ˸ЧѿǣCPUܶطûмЩѿǷȽϱĳԣ
		ֲض쳣

311ţ
	ĳԭ򣬰һlinuxںоѿǻĿ

328ǰ:
	x86ʶ

48ǰ:
	д ring 3 x86 cpu룬ûвԣûм

415ǰ:
	CPU bugܽUPXˣд˸dumpģ飬Ŀǰһã

423ǰ:
	ʱ䣬dumpģ飬ԡ˿ǡͨõdumpģճʱģSEH쳣
	ʼ֧쳣(չʽSEH)ŻCPUָϵܣĲλȫʵ

52ǰ:
	ϸҲûа취ˣڵԿǵĹУ˲bugҲΪһЩǣ˲µԣ
	ҪdumpģһЩbugIATݵȹܣһԡ˿ǡȽͨõdumpģ
	ĳʱֳִйУлջݿռˣCPUƵʱΪЧʣûаѶջ
	ڴռͳһ̡ռ䣬Ҳͳһˣ˶ջ߽ж
	petiteʱöջִмջռͳһˣ
	petiteʱ򣬷FSεľֲܣSEH
	ջҲٴεˣЩϵͳloadʱѹĶջ(ѹֵǵPE load
	ûгܣ֮)

52ţ3:
	petite v2.xе㺴˿ɶڴд쳣쳣EIP0쳣˶Щ쳣Ĳ
	⣬ǶIATĴǰѵĿǲͬԼPEļģˣҪģҲ򵥣
	Ŀǰѳ...пǧѸҪҡҡ׹

54賿
	winkript 1.0  pklite32 1.1Ǻûʲô˵
54Ű:
	pepack 0.99  pepack 1.0APIòjmp [x]ʽ
	pcshrinker 0.71Ǵָ޸ָ޸ʱcacheʧЧһbug,ʱˢcacheָ
	wwpack32 1.2 demoǺSHLDָCPU˶SHLD/SHRDָ֧

55磺
	Ϸupack v0.32ʱPE loadģشbugupack v0.32PEͷң˺ܶ
	Ϣ......оwindows loaḍջ(http://bbs.pediy.com/showthread.php?t=43928)
	bugupack v0.32ѣעصѹЧûʲôص
5521:42ǰ
	upack v0.36ﻹǼоPE loadģ飬ڵĶ
	21:49upack v0.37Ǹupack v0.36һ
	21:53upack v0.38Ǹupack v0.36һ
	21:58upack v0.39Ǹupack v0.36һ
	22:01upack v0.399Ǹupack v0.36һ
	23:10upack v0.23CMPS,SCANSָûǰ׺ȴдECXֵbugѷupack v0.32һ

56ţ
	1:36rlpack Basic Edition v1.18Ǻܼ򵥣dump¼ӽںPEͷСǷ³޷bug
	1:45rlpack Basic Edition v1.11
	1:49rlpack Basic Edition v1.12ѷrlpack Basic Edition v1.11һ
	1:54rlpack Basic Edition v1.13ѷrlpack Basic Edition v1.11һ
	1:57rlpack Basic Edition v1.14ѷrlpack Basic Edition v1.11һ
	2:00rlpack Basic Edition v1.15ѷrlpack Basic Edition v1.18һ
	2:03rlpack Basic Edition v1.16ѷrlpack Basic Edition v1.18һ
	2:42rlpack Basic Edition v1.17ѷrlpack Basic Edition v1.18һ

	16:16exe32pack v1.42IsDebuggerPresentǷ񱻵ԣȡIsDebuggerPresentַ
	һֽжǷ0xccǷIsDebuggerPresent¶ϵˣԷAPIַռ䣬ǻƻPEͷ
	ǷѿǺԭPEͷ(ϵпǵĵͰ汾ûЧIsDebuggerPresentǷ¶ϵ㣬ӦҲܸ㶨
	ûҵӿǹߣ޷֤)ADD(0x00)ָһbugloadģҲ˶DllӦһFirstThunkĴ
	22:17kbys v0.28ǱȽϼ򵥣VirtualFreeͨretnִУret
	ʵӦÿִָк󣬶ҪĴЧʣĿǰֻkbysôãֻretnô

57ţ
	1:15aspackϵµпǣɱ֮
	13:00upxϵµĿǣɱ֮
	22:18fsg v1.0 v2.0v2.0ϵͳԶɨ赽IATֻźַdllַû0
	д˸dumpdumpʵ½IATʧcall/jmpϵͳ⣬һЩָͨ
	ϵͳAPIûа취ˣòƳֹ⣬޷,ͨ޸ЧAPIַΪ0
	

58ţ
	morphine v1.3 v1.6ǣ뱻ܳ޷dump

59ţ
	morphine v2.7ǣTEBûз棬û꣬ʵѾˣ
	ƫnSizeBaseʼɨ輴ɣ޷dump
	23:37PECompactϵµĿǣɱ

513ţ
	02:18yoda's protector v1.02Ǹܿǣ6SEH쳣(5int3,1η0ַ쳣)
	IsDebuggerPresent 3Σsofticeȵ,öٽб⸸Ϣ(⸸ǷΪ
	EXPLORER.EXE)жǷ񱻵ԣWaitForInputIdle豸ȡļЧ......
	21:00yoda's protector v1.03.2Ǳv1.02쭺BlockInpuṭSetWindowLongA
	winAPI
	0:53yoda's crypt v1.2 v1.3޸ģһbugypycûѶ

514ţ
	22:20EXE Stealth v2.75a v2.76Ǹycһģ
	22:54EXE Stealth v2.72 v2.73 v2.74ѷv2.75aһ
	
515ţ
	00:25bjfnt v1.2,ESPѿǣûãֻESPˣ
	00:30bjfnt v1.3ѷbjfnt v1.2һ (ڵ)
	20:43HidePE v1.1ֻǼ˼ָƭPEID,HidePE v1.0ѷһ

516ţ
	00:40jdpack v1.01,PE loadģһbug,ģַµһ޸bug
	20:39jdpack v2.0,ǣֻ˵fk,ʾint3쳣38,OD޷Ҳûпĵԭ
	20:48jdpack v2.13ѷjdpack v1.01һ
	21:32PEncrypt v3.1, so easy!

517ţ
	00:39PEncrypt v4.0,ûɶжʲô˰
	20:03PEncrypt4.0ѷOEPʶѿǣΪpopafԵ쳣ļ
	20:25Stone's PE Crypt v1.13, so easy!

518ţ
	20:48telock v0.42

519ţ
	00:40ǰ뷴ģרڴ棬ޣִֹĳЩʱڴ
	14:16telock v0.51,IATԤtelock v0.51IAT
	15:40telock v0.60
	18:15telock v0.700쳣
	telock v0.80Լkernel32.dll޷
	23:49ezip v1.0SetFilePointernegָڱ־λӰϵbug

520
	00:49hmimys-packer v1.0, so easy!
	1:24jdprotect v0.9b, so easy! lstrcmp
	16:44lamecryptѷezipһ
	19:11UPolyX v0.51ѷUPXһ
	19:41StealthPE 1.01
	21:01StealthPE 2.2
	22:57depack
	23:17ѹ(kbysһ)

521
	20:22polyene 0.01
	21:21DragonArmour
	21:44EP Protector v0.3ֻڵ
	23:09BeRoEXEPacker
	0001PackItBitch

523
	23:27ľ,ֻǸڵ۸Ĺ

526
	01:43Żģ
	17:57ŻCPUѰַϵͳ

62
	01:24PEIDĹ(ǵ׼ȷʶ),upx,aspackѿǷʹ֮ʶ𲻾ȷȿ£,
	һֿҪٵѿǺΪʶ𵽰汾ĲȷԾ

65
	00:14ѿǹв̬IATʱѿƻϢ޷ؽ,
	д˸ѿǰȫݵģ,bjfntϵпǵȫû

66
	00:10дpetite1.3ģ飬ѿǹûж̬뺯ҸIATǺ
	ãдĵؽģ

69
	17:25ĿǰѿǵȫԶѿǣʶ𵽵öӦѿǣȫԶ(⼸ȣ)
	15:36mkfpack,ܼ򵥵һѹ

611
	21:41anti007 v2.5,˼ϵͳdllܣ֧ԼdllһֿԱ
	21:40anti007 v2.6,LoadLibraryA("bqo.dll")

612
	00:49upack v3.5kernel32.dllԶ(ͨEDX)
	22:14yzpack v1.1,һkernel32.dllַԶ(ͨTEB),pe loadĺbug
	22:57yzpack v1.2,cmovccϵָ
	23:20yzpack v2.0beta, so easy!
	23:47spack_method1 v1.1, so easy!

613
	20:53spack_method2 v1.1,int2e
	21:19spack_method1 v1.2,spack_method2 v1.2
	21:22spack_method1 v1.21,spack_method2 v1.21
	21:29spack v1.0
	23:02ɽ1001,ѷyc1.2һ
	23:10ɽ1000,ѷyc1.2һ
	23:19ɽѩ԰,ѷyc1.2һ

614
	00:36ɽ1003,ѷyc1.2һ,_lopen,ڿʼʱpf=1дjpeԺҪPF?
	22:03xpal4(ɽ-ɵĻ4)
	23:46ɽ-ѩMDȻÿAPIЧǰ8ֽǷ0xcc

615
	00:39ɽ-,lock cmpxchg8b eax쳣,ָǲܲĴ
	22:25petite v2.2,,Ѻ,hoho

616
	01:27petite v2.3,Ѻ
	12:48telock v0.80
	12:49telock v0.85,ʸtelock v0.80һ
	15:07telock v.90,ʸtelock v0.80һIATܷʽѾͬˣĴ

617
	00:55telock v.92,õԼĴ쳣MD̫ǿ
	11:35telock v.95,ʸtelock v.92һ,IATܷʽͬ,ǿ,дִIATܺAPI
	11:49telock v.96,ʸtelock v.95һ
	11:57telock v.98,ʸtelock v.95һ
	17:34telock v.99,ʸtelock v.95һ,ǰ汾CRCЧֻļж,ǻloadЧ,MD,ģʱ
	ҰdllƸĳСд,MD,CRCЧ鲻,Ҫҡҡ׹

618
	00:56mslrh0.31,MD,rdtsc,oep steal code,ԭ˱͵
	20:42mslrh0.32,MD,ѵ˳OEPȽϸӣûлԭdump
	20:55[G!X]'s Protect(òmslrh0.2)

619
	23:47ɸϸĶջЧ飬ɱʶ
