liberize
发表于 2015-10-17 01:48:22
yurunghost 发表于 2015-10-17 01:23
求解密 一直解不成功
额,没有快压,解压不了
yurunghost
发表于 2015-10-17 01:57:52
liberize 发表于 2015-10-17 01:48
额,没有快压,解压不了
yurunghost
发表于 2015-10-17 02:20:47
liberize 发表于 2015-10-17 01:48
额,没有快压,解压不了
以上传RAR格式 求解密
2012qz
发表于 2015-10-17 07:36:25
本帖最后由 2012qz 于 2015-10-17 07:48 编辑
liberize 发表于 2015-10-17 01:07
我试了,没问题啊
FIND MEM384,RAMD ImDisk,L125,NTFS,Z:,虚拟盘!RAMD ImDisk,L35,NTFS,Z:,虚拟盘
经测试,旧版本成功了,新版本解出来空白
青青草
发表于 2015-10-17 08:12:48
yurunghost 发表于 2015-10-17 02:20
以上传RAR格式 求解密
让我来帮你吧!
//初始化
EXEC Winpeshl
INIT U
REGI HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Systemrestore\DisableConfig=#1
REGI HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Systemrestore\DisableSR=#1
REGI $HKCR\DRIVE\SHELL\CHANGE-PASSPHRASE\COMMAND\=%SYSTEMROOT%\System32\BDECPW.CMD %%1
REGI $HKCR\DRIVE\SHELL\MANAGE-BDE\COMMAND\=%SYSTEMROOT%\System32\BDEOFF.CMD %%1
TEAM FILE %public%\desktop\desktop.ini|FILE %desktop%\desktop.ini|FILE X:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup|FILE X:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
REGI HKLM\SOFTWARE\Classes\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\Attributes=#10940064
SHOW -1,-1
REGI HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons\29=X:\Windows\System32\ht.ico,0
EXEC !X:\Program Files\Imagine\Imagine64.EXE /assocext /regcontextmenu
EXEC !=X:\Program Files\Freeime\registry.exe /s
EXEC !%WinDir%\System32\EjectUSB.EXE
FORX *.ocx,Regocx,0,CALL $%Regocx%
FORX msxml*.dll,Regdll,0,CALL $%Regdll%
DEVI %SystemRoot%\inf\usb.inf
DEVI %SystemRoot%\inf\usbport.inf
DEVI $%SystemRoot%\System32\SRS_8x64.CAB,,%Temp%
EXEC %Windir%\System32\CTFMON.EXE
EXEC @REG DELETE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /VA /F
EXEC @REG DELETE HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /VA /F
REGI HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Audit\!
SHEL %SystemRoot%\explorer.exe
EXEC =!X:\Program Files\Tools\REGDOC.cmd
EXEC =!X:\Program Files\Unlocker\setup.cmd
EXEC !regsvr32.exe /s "%ProgramFiles%\FastCopy\FastEx64.dll"
REGI HKCR\*\ShellEx\ContextMenuHandlers\FastCopy\FastCopyMenuFlags2=#0xfff13fff
SITE %Startup%,+H+R
EXEC !=X:\Program Files\Tools\Order.exe
HOTK #112,PECMD.EXE
HOTK #120,PECMD EXEC !X:\Windows\System32\Killep.cmd `F9刷新系统
HOTK #121,PECMD EXEC !X:\Windows\System32\CLEANTEMP.CMD`F10 清除临时文件
HOTK #122,PECMD EXEC X:\Windows\System32\WinSnap64.exe `F11 截图工具
HOTK Ctrl + #0x47,%ProgramFiles%\Ghost\Ghost64.exe `Ctrl+G 手动Ghost
HOTK Ctrl + #0x4d,%ProgramFiles%\Tools\mouse.exe `Ctrl+M 键盘控制鼠标
yurunghost
发表于 2015-10-17 09:07:39
青青草 发表于 2015-10-17 08:12
让我来帮你吧!
//初始化
谢谢 但是我解出来的跟你解出来的不一样呢?
青青草
发表于 2015-10-17 10:09:02
yurunghost 发表于 2015-10-17 09:07
谢谢 但是我解出来的跟你解出来的不一样呢?
是吗?怎么会呢?
你觉得哪个比较完整呢?
gylgw
发表于 2015-10-17 10:48:41
我这边测试1.1的版本比之前的版本要完整,而且没有多余的代码和乱码。
但是对于下面此PECMD.INI文件还是没有办法处理。
yurunghost
发表于 2015-10-17 10:50:02
青青草 发表于 2015-10-17 10:09
是吗?怎么会呢?
你觉得哪个比较完整呢?
不对我错了 我这个PECMD.EXE是执行的内置脚本 求不会执行内置脚本的 pecmd.exe
yurunghost
发表于 2015-10-17 11:54:56
青青草 发表于 2015-10-17 10:09
是吗?怎么会呢?
你觉得哪个比较完整呢?
为毛我的就不自动生成 original.ini这个文件呢
yurunghost
发表于 2015-10-17 11:56:25
大神为毛我的就不自动生成 original.ini这个文件呢 难道姿势不对(见70楼)
yurunghost
发表于 2015-10-17 12:03:37
求大神帮解:pecmd.exe+pecmd.ini
my9823
发表于 2015-10-17 12:17:54
m大改进算法,估计那些盈利的pe,为系统添加垃圾的pe们又笑了,从pe作者角度希望自己的pe不被修改,当然盈利者的这种想法更加强烈,但用户角度最痛恨这种盈利性的pe,真是两边不讨好!其实我无所谓,因为我已经很少使用pe,就算是用只是帮人家装一下系统而已,大不了直接用安装盘的iso写入U盘连pe都省了!个人观点,不吐不快,如有得罪之处,就当我放了个屁!
青青草
发表于 2015-10-17 12:31:11
yurunghost 发表于 2015-10-17 12:03
求大神帮解:pecmd.exe+pecmd.ini
//初始化
EXEC Winpeshl
INIT U
REGI HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Systemrestore\DisableConfig=#1
REGI HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Systemrestore\DisableSR=#1
REGI $HKCR\DRIVE\SHELL\CHANGE-PASSPHRASE\COMMAND\=%SYSTEMROOT%\System32\BDECPW.CMD %%1
REGI $HKCR\DRIVE\SHELL\MANAGE-BDE\COMMAND\=%SYSTEMROOT%\System32\BDEOFF.CMD %%1
TEAM FILE %public%\desktop\desktop.ini|FILE %desktop%\desktop.ini|FILE X:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup|FILE X:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
REGI HKLM\SOFTWARE\Classes\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder\Attributes=#10940064
SHOW -1,-1
REGI HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons\29=X:\Windows\System32\ht.ico,0
EXEC !X:\Program Files\Imagine\Imagine64.EXE /assocext /regcontextmenu
EXEC !=X:\Program Files\Freeime\registry.exe /s
EXEC !%WinDir%\System32\EjectUSB.EXE
FORX *.ocx,Regocx,0,CALL $%Regocx%
FORX msxml*.dll,Regdll,0,CALL $%Regdll%
DEVI %SystemRoot%\inf\usb.inf
DEVI %SystemRoot%\inf\usbport.inf
DEVI $%SystemRoot%\System32\SRS_8x64.CAB,,%Temp%
EXEC %Windir%\System32\CTFMON.EXE
EXEC @REG DELETE HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /VA /F
EXEC @REG DELETE HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /VA /F
REGI HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Audit\!
SHEL %SystemRoot%\explorer.exe
EXEC =!X:\Program Files\Tools\REGDOC.cmd
EXEC =!X:\Program Files\Unlocker\setup.cmd
EXEC !regsvr32.exe /s "%ProgramFiles%\FastCopy\FastEx64.dll"
REGI HKCR\*\ShellEx\ContextMenuHandlers\FastCopy\FastCopyMenuFlags2=#0xfff13fff
SITE %Startup%,+H+R
EXEC !=X:\Program Files\Tools\Order.exe
HOTK #112,PECMD.EXE
HOTK #120,PECMD EXEC !X:\Windows\System32\Killep.cmd `F9刷新系统
HOTK #121,PECMD EXEC !X:\Windows\System32\CLEANTEMP.CMD`F10 清除临时文件
HOTK #122,PECMD EXEC X:\Windows\System32\WinSnap64.exe `F11 截图工具
HOTK Ctrl + #0x47,%ProgramFiles%\Ghost\Ghost64.exe `Ctrl+G 手动Ghost
HOTK Ctrl + #0x4d,%ProgramFiles%\Tools\mouse.exe `Ctrl+M 键盘控制鼠标
yurunghost
发表于 2015-10-17 12:35:27
青青草 发表于 2015-10-17 12:31
//初始化
EXEC Winpeshl
大神为毛我的就不自动生成 original.ini这个文件呢 难道姿势不对(见70楼)
rengrancunzai
发表于 2015-10-17 13:17:50
哈哈,神仙开调研会
gylgw
发表于 2015-10-17 13:42:42
yurunghost 发表于 2015-10-17 11:54
为毛我的就不自动生成 original.ini这个文件呢
你文件倒数第三个不就是生成的INI文件吗?
Gowim
发表于 2015-10-17 15:50:25
本帖最后由 Gowim 于 2015-10-17 16:16 编辑
这个一直解不开,请帮忙看看
Gowim
发表于 2015-10-17 16:22:44
zds1210 发表于 2015-10-16 16:32
加我群。。人才
解不开啊,不能用的吧。,http://bbs.wuyou.net/forum.php?mod=viewthread&tid=372396&extra=page%3D1
2012jc天马行空
发表于 2015-10-17 19:12:43
晕死了,用最新版的这个试着帮此贴http://bbs.wuyou.net/forum.php?mod=viewthread&tid=372396破解,结果把我的所有数据都删了,
andos
发表于 2015-10-17 20:42:12
好像不能破解这个?
http://bbs.wuyou.net/forum.php?mod=viewthread&tid=371427&extra=page%3D2
xzf680
发表于 2015-10-18 00:33:05
本帖最后由 xzf680 于 2015-10-18 02:47 编辑
测试过了,有些会乱码,以下为电脑店配置:
#!PECMD
#!code=936
@LOGS **ON=0
FIND $%&__LOGS%=, IFEX XU.LOG, LOGS **ON=1 **2 **nl=1 * XU.LOG
ENVI^ EnviMode=1//閬垮厤鎰忓閿欒锛岀┖鍙橀噺锛屽閮ㄥ彉閲忥紝
ENVI^ ForceLocal=1
SET$ &NL=0D0A
SET$ &TAB=09
//{TP_MBR=1, TP_OS=2, TP_PEOUT=3, TP_DISK=4, TP_PE_PART=5, TP_PE_DISK, TP_PE_ISO=7, TP_PART, TP_DATA=9, TP_ISO=10, TP_RAW, TP_LIST, TP_FILE, TP_XFILE};
SET-def TP_MBR=0x01
SET-def TP_PE_ISO=0x07
SET-def TP_DATA=0x09
SET-def TP_ISO=0x0A
SET-def TP_SYSBAK=0xF0
SET-def TP_EFILDR=0xF1
SET-def TP_BIOSBOT=0xF3
TEAM ENVI &&SZ=-1| ENVI &&OFF=-1| ENVI &&FAT=-1| SET &PART_TP=hd| SET &BEFI=0
TEAM SET&PART0=| SET&PARTS=| SET&PARTX=| SETPARTN=0
SET-def SECPARAM=65 //鎬诲弬鏁拌〃
SET &mhide=0
SET &mall=0
SET &mountdrvs=
SET &mnom=0
SET &OnlyOne=0
SET &OnlySoft=0
SET &ClearTmp=0//娓呴櫎涓存椂MBROS鍚姩鍔犺浇
SET &umount=0
CALC -base=16 #&&CLEARMBROSTAGOFF=36s + 0x1C3
CALC -base=16 #&&CLEARMBROSTAGLEN=11
CALC -base=16 #&&CLEARMBROSTAGOFF2=36s + 0x1CE//澶囦唤鐨勫垎鍖鸿〃
SET-defCLEARMBROSTAG=0x43 0x4C 0x45 0x41 0x52 0x4D 0x42 0x52 0x4F 0x73 0x00//CLEARMBROs\0
SET-def CLEARMBROSTAG2=0x43 0x4C 0x45 0x41 0x52 0x4D 0x42 0x52 0x4F 0x53 0x00//CLEARMBROS\0
SET-def CLEARMBROSTAG3=0x43 0x4C 0x45 0x41 0x52 0x4D 0x42 0x52 0x4F 0x70 0x00//CLEARMBROp\0
SET-def CLEARMBROSTAG4=0x43 0x4C 0x45 0x41 0x52 0x4D 0x42 0x52 0x4F 0x50 0x00//CLEARMBROP\0
SET &va=%~1
FIND $%va%=ClearTmpMBROSAll, TEAM ClearTmpMBROSAll| EXIT FILE
FIND $%va%=moun, SET &va=mount
//MOUNT [-m] [-w] [-u|-ud|-uh|-muh|-muhg] [-mall] [-mhide] [-onlys] [-Cleartmp] \\.\PhysicalDrive1Z:
FIND $%va%=mount,
{*
SET &mountdrvs=ZYXWVUTSRQPONMLKJIHGFEBAD //榛樿鍙嶅簭
SET &_exe=
SET &mountop=-o ro
SET &retv=
SET &BWin=0
ENVI &&I=2
ENVI &&umount=0
SET &retnm=
SET &udmid=-0x8000000
SET &udid=-0x8000000
SET &_uplus=0
SET &_w=0
SET &_udfs=0
SET &_udm_=0
SET &udimg=
SET &udmask=0
SET &_mh=-0x8000
LOOP #1=1,
{
MSTR &&va=<~%I%>%*
LSTR &&c1=1,%va%
FIND $%c1%<>-, EXIT LOOP
FIND $-exe=%va%, SET _exe=-exe
FIND $-udfs=%va%, SET _udfs=1
FIND $-udm-=%va%, SET _udm_=1
FIND $-m=%va%, SET BWin=m
FIND $-w=%va%, TEAM SET mountop=| SET _w=1
FIND $-u=%va%, SET umount=1//鍜?ud鍚屼簡
FIND $-ud=%va%, SET umount=1
FIND $-uh=%va%, SET umount=2
FIND $-muh=%va%, SET umount=0x22
FIND $-muhg=%va%, SET umount=0x62//杞厜鐩樹篃鍗歌浇
FIND $-mhide=%va%,SET mhide=1
FIND $-mhide-=%va%,SET mhide=0
FIND $-mall=%va%, SET mall=1
FIND $-mnom=%va%, SET mnom=1
FIND $-onlys=%va%, SET OnlySoft=1
FIND $-Cleartmp=%va%, CALC #ClearTmp=%ClearTmp% | 1
FIND $-CleartmpOnly=%va%, SET ClearTmp=2
FIND $[ -ret:=%va% | -ret=%va% ], TEAM CALC I=%I% + 1| MSTR retnm=<~%I%>%*
FIND $-udmid:=%va%, TEAM CALC I=%I% + 1| MSTR udmid=<~%I%>%*
FIND $-udid:=%va%, TEAM CALC I=%I% + 1| MSTR udid=<~%I%>%*
FIND $-udimg:=%va%, TEAM CALC I=%I% + 1| MSTR udimg=<~%I%>%*
FIND $-udmask:=%va%, TEAM CALC I=%I% + 1| MSTR udmask=<~%I%>%*
FIND $-mh:=%va%, TEAM CALC I=%I% + 1| MSTR _mh=<~%I%>%*
FIND $-u+=%va%, SET _uplus=1
CALC &I=%I% + 1
}
FIND $%_mh%=efi, SET _mh=-1
FIND $%_mh%=auto, SET _mh=0
CALC -err=-0x8000 #_mh=(%_mh%) + 0
--udmid[%udmid%]
MSTR &&DEV=<~%I%>%*
CALC &I=%I% + 1
MSTR &&drv=<~%I%>%*
CALL ParseDrviList
TEAM SET &MountDrv=| GetFreeDrive &MountDrv
IFEX $[ %_udfs%>0 & ( %hd%>=0 | %_mh%<-1 ) ], MAPUD"%&DEV%""%&drv%"&retv
IFEX $%_uplus%>0,MountUplus "%&DEV%""%&MountDrv%"%_w%
IFEX $%_uplus%>0, IFEX $[ %udmid%<>-0x8000000 && %udmid%<0 ], EXIT FILE
//THREAD+$ MESS. @debug
IFEX $%_udm_%<1, CALL MountMBROS "%mountop%" "%&DEV%""%&drv%"&retv%_exe%
FIND $%retnm%<>,ENVI-ret %retnm%=%&retv%
EXIT= 0
EXIT FILE
}
// listudm-ret: 杩斿洖鍚? 璁惧鍚?
//////////////// listudm ////
FIND $%~1=listudm,
{*
SET &retnm=
SET &I=2
MSTR &&va=<~%I%>%*
FIND $[ -ret:=%va% | -ret=%va% ], TEAM CALC I=%I% + 1| MSTR retnm=<~%I%>%*| CALC I=%I% + 1
MSTR &&IMG=<~%I%>%*
ChekHD&&hd "%IMG%"
--IMG[%IMG%] hd[%hd%]
SET &FN=%IMG%
SET &MBROS=%IMG%
SET &PARTS=
SET &PARTN=0
SET &PARTX=
SET &PART0=
SET &PARTN=0
EXIT= 0
FIND $%IMG%<>,GetUDPart %IMG%"" //all
ENVI-ret %retnm%=%PARTX%
EXIT FILE
}
FIND $%~1=listud,
{*
SET &retnm=
SET &I=2
MSTR &&va=<~%I%>%*
FIND $[ -ret:=%va% | -ret=%va% ], TEAM CALC I=%I% + 1| MSTR retnm=<~%I%>%*| CALC I=%I% + 1
MSTR &&IMG=<~%I%>%*
ChekHD&&hd "%IMG%"
--IMG[%IMG%] hd[%hd%]
EXIT= 0
SET&Vlist=
IFEX $%hd%>=0, GETPUDMAP \\.\PhysicalDrive%hd%&Vlist
ENVI-ret %retnm%=%Vlist%
EXIT FILE
}
FIND $%~1=sync,
{*SET&&_cmd=%*
EXIT= 0
%&_cmd%
EXIT FILE
}
EXIT FILE
_SUB GetCFG *
SET &IMG=%~1
SET &EFIBOOTOFF=-1//閿欒鍊?
SET &EFIBOOTSZ=-1
CALC -base=16 &&p=%SECPARAM%s + 3
GETF %&IMG%,%p%#10,&&DAT
FIND $%DAT%<>0x4D 0x42 0x52 0x4F 0x53 0x50 0x41 0x52 0x41 0x4D,EXIT //MBROSOPARAM
GETF#%&IMG%,%SECPARAM%s#0x40,&&DAT
FIND $0xFFFFFFFF=%DAT%, EXIT
SET?long&DAT=&EFIBOOTOFF:0x28//EFIBOOT浣嶇疆 锛?x3F01锛?
SET?long&DAT=&EFIBOOTSZ:0x2C //EFIBOOT闀垮害 锛?x821=0x800+33锛?//1M
_END
_SUB ParseDrviList
MSTR &&c1=1,1,%drv%
MSTR &&c2=2,1,%drv%
FIND $%c2%=:, TEAM SET c2=| SET OnlyOne=1
FIND $%c1%<>, FIND $%c2%=,SET mountdrvs=%c1%
FIND $%c2%<>,FIND $%c2%<>-, SET mountdrvs=%drv%
FIND $%c1%<>, SET drv=%c1%://鍒濆DRIVE
FIND $%c2%=-,
{
SET mountdrvs=
FORX * A B C D E F G H I J K L M N O P Q R S T U V W Y Z,&&d, FIND $%d%>=%c1%, SET mountdrvs=%mountdrvs%%d%
}
_END
//ChekHD 杩斿洖鍚?鏂囦欢鍚?
_SUB ChekHD
LSTR &&LDEV=17,%~2
ENVI &&hd=-0x8000
SET &&c1=
FIND $\\.\PhysicalDrive=%&LDEV%, MSTR &&c1=18,1,%&MBROS%
MSTR &&c2=19,1,%&MBROS%
MSTR &&c3=20,1,%&MBROS%
CALC #&hd=%&hd%
FIND $%&c1%>9, TEAM SET c1=
FIND $%&c2%>9, TEAM SET c2=
FIND $%&c3%>9, TEAM SET c3=
FIND $%&c1%<0, TEAM SET c2=| SET c3=|
FIND $%&c2%<0, TEAM SET c3=|
FIND $%&c1%>=0, CALC #&hd=%c1%
FIND $%&c2%>=0, CALC #&hd=%&hd% * 10 + %&c2%
FIND $%&c3%>=0, CALC #&hd=%&hd% * 10 + %&c3%
ENVI-ret %~1=%&hd%
_END
// GetWimName Name dev Off Len
_SUB GetWimName *
ENVI %~1=%~2#%~3#%~4$
//%s#%s#%sp, sOff, sLen
_END
//FINDImdiskid鍚? 鐩樼鍚?鏂囦欢鍚?
_SUB FINDImdisk
SET-def id=-1
SET-def drv=
SET-def FN=%~3
STRL &&len=%FN%
CALC &&len2=%len% - 1//鏃х増
SET&FN2=%FN%
LSTR &&L4=4,%FN%
FIND $\??\=%L4%, SET len=0! LSTR FN2=%len2%,%FN%
RAMD ImDisk*&&all-n -l
SET-def vi=
SET-def nm=
FORX * %&all%,&&i,
{
RAMD ImDisk*&&v-n -l -u %&i%
READ-*,1,&vi,&v
//Z: = \BaseNamedObjects\Global\PhysicalDrive1#aaa_bbb
//Z: = \??\D:\MDY\DESKTOP\ttt\MBROS.MOS
MSTR &nm=6,%len%,%&vi%
FIND $%&FN%=%&nm%,! FIND $%&FN2%=%&nm%,! EXIT -
MSTR &drv=1,2,%&vi%
ENVI &id=%&i%
EXIT FORX
}
ENVI-ret %~1=%&id%
ENVI-ret %~2=%&drv%
_END
// GetUDPart 鏂囦欢鍚?鍋忕Щ鍚?闀垮害鍚?
_SUBGetUDPart
ENVI^ForceLocal=1
ENVI &&FN=%~1
SET&un=%~2
//MESS. un=[%un%]
GETF %FN%,0x7E36#5,&&V
FIND $0x46 0x41 0x54 0x31 0x36=%V%, ENVI &FAT=16//FAT16
FIND $0x46 0x41 0x54 0x31 0x32=%V%, ENVI &FAT=12//FAT12
GETF %FN%,0x7E52#5,&&V
FIND $0x46 0x41 0x54 0x33 0x32=%V%, ENVI &FAT=32//FAT32
IFEX $%FAT%>0,
{ GETF %FN%,0x7E20#4,&V //ts32
FIND $0x00 0x00 0x00 0x00=%V%,GETF %FN%,0x7E13#2,&V//ts16
MSTR &&V1,&&V2,&&V3,&&v4=<1*>%V% 0 0 0 0
CALC #&SZ=%V1% + %V2% * 0x100 + %V3% * 0x10000 + %V4% * 0x1000000
GETF %FN%,0x7E1C#2,&V//nhs_pre
MSTR &&V1,&&V2,&&V3,&&v4=<1*>%V% 0 0
CALC #&OFF=%V1% + %V2% * 0x100
}
GETF%FN%,0x7FFE#2,&&V
FIND $0x55 0xAA=%V%,!ENVI &SZ=-1
GETF%FN%,0x7FB4#4,&&V
FIND $0x4D 0x42 0x52 0x53=%V%,!ENVI &SZ=-1//"MBRS"
SETPARTN=0
SET &init1=0
IFEX $%SZ%>0, SET &init1=1
//FIND $%un%=-u,!!SET &init1=0
FIND $%&&init1%=1,
{
CALL *GetWimName&&WimNamePhysicalDrive%hd%%OFF% %SZ%
FINDImdisk&&id&&drvm"\BaseNamedObjects\Global\%&WimName%"
CALC&&SZK=%SZ% / 2
SETPART0=鏍稿績UDM鍒嗗尯 %SZK%K MBROS//[%OFF% %SZ% 0x00]
SETPARTS=%PART0%
SETPARTX=鏍稿績UDM鍒嗗尯 %OFF% %SZ% 0x01 0x00 "MBROS" "%&drvm%" 鏍稿績UDM鍒嗗尯
SETPARTN=1
//THREAD+$ MESS %&PARTX% @1111
}
SET &FNx=%FN%
SET &SECUMBR=66
@TEAM SET &bUPARAM=0
CALC -base=16 &&addr=65s +0x3
GETF %FN%,%addr%#10,&&V
FIND $%V%=0x4D 0x42 0x52 0x4F 0x53 0x50 0x41 0x52 0x41 0x4D, SET bUPARAM=1
CALC -base=16 &&addr=65s +0xE
GETF %FN%,%addr%#1,&&V
IFEX $%bUPARAM%>0, IFEX $%V%>=4, SET bUPARAM=4
IFEX $%bUPARAM%>=4, SET &SZ1=0x40! SET &SZ1=0x20
CALC #&&SZP=1s / %SZ1% - 1
CALC -base=16 &&addr=65s +0x14
GETF %FN%,%addr%#4,&&V
MSTR &&V1,&&V2,&&V3,&&v4=<1*>%V% 0 0 0 0
CALC #&NPS=%V1%+ %V2% * 0x100
IFEX $%NPS%>0x40, SET NPS=0x40
SET &MAX=0
CALC #&&len=%SZP% * %SZ1%
GETF %FN%,%SECUMBR%s#0x10,&V
SET &I=0
CALC -base=16 &&addr0=%SECUMBR%s
LOOP #%I%<%NPS%,
{*CALC -base=16 &&addr=%SECUMBR%s + %I%s +0x3
GETF %FN%,%addr%#9,&&V1
CALC -base=16 #&&addr=%SECUMBR%s + %I%s + 0x10
CALC I=%I% + 1
FIND $%V1%<>0x4D 0x42 0x52 0x4F 0x53 0x50 0x41 0x52 0x54,EXIT
GETF %FN%,%addr%#%len%,&V1
@SET<V= %V1%
CALC #&MAX=%MAX% + %SZP%
}
SET &bUMBR=%MAX%
SET &I=0
CALC &&IOF=0x11 - %SZ1%
CALC &&ISZ=0x15 - %SZ1%
CALC &&ITP=0x19 - %SZ1% //FSTP 绫诲瀷 灞炴
vaf
发表于 2015-10-18 13:04:08
牛淫, 能淫.
liubt
发表于 2015-10-18 15:00:16
提取USM_PE能帮破解看看么, 破解PECMD.ini会重启。
gylgw
发表于 2015-10-20 20:35:00
楼主还在更新吗?有办法解决那些有验证的配置文件不?
netmjwork
发表于 2015-10-24 12:44:57
xp系统不能运行吗?
运行不了……
xzf680
发表于 2015-10-25 16:43:37
netmjwork 发表于 2015-10-24 12:44
xp系统不能运行吗?
运行不了……
果然牛人,xp也能运行,去pe下测试吧、
netmjwork
发表于 2015-10-26 14:45:19
xzf680 发表于 2015-10-25 16:43
果然牛人,xp也能运行,去pe下测试吧、
win8_64位的PE和实机都试了,输出的文件大小是0,看来还是有些加密方式不太好弄
thtf
发表于 2015-10-27 07:47:44
首先,非常感谢楼主的付出,用它解密了自由天空PE的文件(RamOSinit.POST和RamOSinit.pre),其中RamOSinit.POST解密出来完成正常,用load装载运行完全一样,可是RamOSinit.pre解密出来的运行不了,就算把Exit File删掉也得不到原来的结果。原文件(RamOSinit.pre)只有5K,解密出来的文件有5K的86K,87K,88K,差距非常大,这完全取决于运行的环境(PE的版本,PECMD的版本)。请楼主抽点时间看看,谢谢了……附件里有原来的RamOSinit.pre(改名为pecmd.ini),还有解密出来的三个版本的文件。再次谢谢……
thtf
发表于 2015-10-27 07:48:57
netmjwork 发表于 2015-10-26 14:45
win8_64位的PE和实机都试了,输出的文件大小是0,看来还是有些加密方式不太好弄
你可以换换PE,换换PECMD.exe,我的也是这样,后来终于解开了