万能脱壳工具

- QuickUnpack 2.1 汉化版
2008-04-19 15:56
QuickUnpack是一个通用的脱壳工具，他能够脱绝大部分压缩壳和小部分加密壳。
一般来说，软件作者会给自己准备发布的软件进行加壳处理，这样做一是可以减少软件的体积，二是可以一定程度上的防止软件被逆向工程。
加壳软件一般分为两类，一是压缩壳，例如upx和aspack。另一类是加密壳，例如themida和asprotect。QuickUnpack适合对前者脱壳。
当你要对一个软件进行汉化或者做其他修改时，如果软件被加壳，就需要对先软件进行脱壳处理。脱壳是非常复杂的，需要丰富的软件调试和汇编知识。特别是加密壳，这其实是一个软件破解过程。
QuickUnpack是我用过的最好的脱壳程序，几乎能脱掉大部分的壳。上一个版本2.0 final大约在半年前发布，这次发布的是2.1版本，根据官方说明，可以脱掉以下的壳：
32Lite
AnslymPacker
AREA51 Cryptor
Armadillo (minimal protection)
AsdPack
ASPack
ASProtect (old versions)
BeroEXEPacker
CD-Cops
DDeM
depack
DragonArmor
Exe32Pack
ExeCryptor (old versions)
ExeFog
ExeSax
ExeShield
ExeStealth
fEaRz Crypter
FreeCryptor
FriCryptor
FSG
HidePE
HidePX
hmimys-Packer
JDPack
KByS
kkrunchy
LameCrypt
Manolo
MEW
Minke
NeoLite
NME
NsPack
Orien
PackMan
PECompact
PEDiminisher
PE-PACK
PEncrypt
Perplex PE-Protector
PeTite
PEX
PI Cryptor
PKLite32
PollyBox
PolyEnE
Protection Plus
QrYPt0r NuTraL Poly
QuickPack
RLPack
Sopelka
StealthPE
TeLock (not all versions)
TheMida (minimal protection)
unnamed Scrambler
UPack
UPolyX
UProtector
UPX
WindOfCrypt
WinUPack
WWPack32
Yoda Crypter
Yoda Protector
YZPacker
...many others...
相对于上一个版本，2.1做了如下的改进：
[!] fixed many bugs like crash on some applications while restoration of resources
[!] multithreaded applications are now handled properly
[+] added ability to set end of module when tracing import functions. When a reference to import is found it's analysed if it leads to some space outside of the module (not to trace some internal functions). But some packers redirect import to the last section. This option is intended to aid this problem. This is RVA
[+] added ability to put import table at given RVA instead of adding extra section
[+] added ability to set RDTSC delta for RDTSC hook (see more on rdtsc_delta in Scripts.eng.txt)
[+] Load libraries only option added to import recovery methods. this option doesn't actually recover import it just puts 1 import function from every loaded DLL into the import table. thus dump will be loaded with all the necessary libraries and will use old addresses for import functions which were set by a protector. this option can be used if import redirection is too complicated but the dump will stop working after service pack or some other patch installation
[+] Execute functions while tracing import option is added. by default while tracing import functions are not executed but some protectors need result of these functions to operate correctly so this option can be used
[+] Process call xxx/jmp xxx option is added. some protectors change import calls and jumps from call [xxx]/jmp [xxx] to call xxx/jmp xxx. this option is intended to work also with these redirections
[+] added several new functions and variables for the scripts
[+] UsAr's generic OEP finder now supports DLLs
[+] new Vista manifest added
由于是英文版的，我进行了简单的汉化，这样界面基本上是中文了。要官方英文版的点这里。

软件功能很多，除了对exe文件脱壳，还能通过附加进程的方式对dll文件脱壳。另外除了手动脱壳，还能编写脚本进行自动脱壳。
下载（1.1M）：S.eVxz |纳米盘 |mediafire