一步一步教你加密解密技术——动态分析技术(2)

;注意分号后是描述语言，不被执行。
PENTIUM=ON;<=Pentium Op-Codes
NMI=ON
ECHOKEYS=OFF
NOLEDS=OFF
NOPAGE=OFF
SIWVIDRANGE=ON
THREADP=ON
LOWERCASE=OFF
WDMEXPORTS=OFF
MONITOR=0

PHYSMB=128;<=这个值是你的物理内存大小
SYM=1024
HST=256;<=历史缓冲区为256K
TRA=8
MACROS=32;<=宏操作的最大个数，此处是32个
DRAWSIZE=2048;<= 我的显卡内存是2MB ，此处值是你显卡内存大小

INIT=" wd 2;wc 20;FAULTS OFF; IXHERE OFF; IYHERE OFF; set font 2;lines 40;code on;x;";<=初始化，此处默认的是800＊600分分辨率
;如你是全屏请换上：lines 57

F1="h;"
F2="^wr;"
F3="^src;"
F4="^rs;"
F5="^x;"
F6="^ec;"
F7="^here;"
F8="^t;"
F9="^bpx;"
F10="^p;"
F11="^G @SS:ESP;"
F12="^p ret;"
SF3="^format;"
CF8="^XT;"
CF9="TRACE OFF;"
CF10="^XP;"
CF11="SHOW B;"
CF12="TRACE B;"
AF1="^wr;"
AF2="^wd;"
AF3="^S 0 L FFFFFFFF 8B,CA,F3,A6,74,01,9F,92,8D,5E,08;";<=VB3特征字符串
AF4="^s 0 l ffffffff 56,57,8B,7C,24,10,8B,74,24,0C,8B,4C,24,14,33,C0,F3,66,A7;" ;<=VB4特征字符串
AF5="^s 0 l ffffffff FF,75,E0,E8,85,EF,FF,FF,DC,1D,28,10,40,00,DF,E0,9E,75,03;" ;<=VB5特征字符串
　
AF8="^XT R;"
AF11="^dd dataaddr->0;"
AF12="^dd dataaddr->4;"
CF1="altscr off; lines 60; wc 32; wd 8;"
CF2="^wr;^wd;^wc;"

;<=以下是宏操作命令：
MACRO s7878="S 30:0 L ffffffff '78787878' "
MACRO sname="S 0 L FFFFFFFF 'toye' "
MACRO swide="s 0 l FFFFFFFF '7','8,'7','8,'7','8,'7','8,'7','8,'7','8,'7','8','7','8' "
MACRO reg="bpx regqueryvalueexa if *(esp->8)>='Soft' do "d(esp->14)" "
MACRO bpxpe="bpx loadlibrarya do "dd esp->4" "
MACRO bpxgeta="bpx GetDlgItemTextA; bpx getwindowtexta; bpx getdlgitemint; bpx getdlgitemtext;"

; ***** Examples of sym files that can be included if you have the SDK *****
; Change the path to the appropriate drive and directory
;LOAD=c:\windows\system\user.exe
;LOAD=c:\windows\system\gdi.exe
;LOAD=c:\windows\system\krnl386.exe
;LOAD=c:\windows\system\mmsystem.dll
;LOAD=c:\windows\system\win386.exe

; Exports - change the path to the appropriate drive and directory

EXP=c:\windows\system\advapi32.dll ;<=这四行前不要加分号,否则不被装载，SOFTICE可能什么也拦不到 :
EXP=c:\windows\system\kernel32.dll
EXP=c:\windows\system\user32.dll
exp=c:\windows\system\gdi32.dll
exp=c:\windows\system\comctl32.dll ;

; 如你要破解VB程序，下面的VB运行库将要装载，SOFTICE默认值是没有这几行，你需手动加上。

;EXP=c:\windows\system\msvbvm60.dll;<= Visual Basic 6 具体参考第十五课VB破解
EXP=c:\windows\system\msvbvm50.dll ;<= Visual Basic 5 注意在这五个DLL中最好不要同时装载2个以上
; EXP=c:\windows\system\vb40032.dll;<= Visual Basic 4（32bit)
; EXP=c:\windows\system\vb40016.dll;<=Visual Basic 4(16-bit)较少见
; EXP=c:\windows\system\vbrun300.dll;<=Visual Basic 3

;EXP=c:\windows\system\vga.drv;
;EXP=c:\windows\system\vga.3gr
;EXP=c:\windows\system\sound.drv
;EXP=c:\windows\system\mouse.drv
;EXP=c:\windows\system\netware.drv
;EXP=c:\windows\system\system.drv
;EXP=c:\windows\system\keyboard.drv
;EXP=c:\windows\system\toolhelp.dll
;EXP=c:\windows\system\shell.dll
;EXP=c:\windows\system\commdlg.dll
;EXP=c:\windows\system\olesvr.dll
;EXP=c:\windows\system\olecli.dll
;EXP=c:\windows\system\mmsystem.dll
;EXP=c:\windows\system\winoldap.mod
;EXP=c:\windows\progman.exe
;EXP=c:\windows\drwatson.exe
; ***** Examples of export symbols that can be included for Windows 95 *****
; Change the path to the appropriate drive and directory
EXP=c:\windows\system\kernel32.dll
EXP=c:\windows\system\user32.dll
EXP=c:\windows\system\gdi32.dll
EXP=c:\windows\system\comdlg32.dll
EXP=c:\windows\system\shell32.dll
EXP=c:\windows\system\advapi32.dll
EXP=c:\windows\system\shell232.dll
EXP=c:\windows\system\comctl32.dll
;EXP=c:\windows\system\crtdll.dll
;EXP=c:\windows\system\version.dll
EXP=c:\windows\system\netlib32.dll
;EXP=c:\windows\system\msshrui.dll
EXP=c:\windows\system\msnet32.dll
EXP=c:\windows\system\mspwl32.dll
;EXP=c:\windows\system\mpr.dll