1. Trang chủ
  2. » Công Nghệ Thông Tin

Cracker Handbook 1.0 part 87 docx

5 272 1

Đang tải... (xem toàn văn)

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 5
Dung lượng 67,45 KB

Nội dung

00499E39 |. 55 PUSH EBP 00499E3A |. 68 909E4900 PUSH unpacked.00499E90 00499E3F |. 64:FF30 PUSH DWORD PTR FS:[EAX] 00499E42 |. 64:8920 MOV DWORD PTR FS:[EAX],ESP 00499E45 |. B3 01 MOV BL,1 00499E47 |. 8D55 F8 LEA EDX,DWORD PTR SS:[EBP-8] 00499E4A |. 8B86 DC010000 MOV EAX,DWORD PTR DS:[ESI+1DC] 00499E50 |. E8 9F95F8FF CALL unpacked.004233F4 00499E55 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] 00499E58 |. 8D55 FC LEA EDX,DWORD PTR SS:[EBP-4] 00499E5B |. E8 E8E1F6FF CALL unpacked.00408048 < Gọi hàm kiểm tra name nhập vào! 00499E60 |. 837D FC 00 CMP DWORD PTR SS:[EBP-4],0 00499E64 |. 75 0C JNZ SHORT unpacked.00499E72 < Nhảy nếu không bắng. 00499E66 |. B8 A89E4900 MOV EAX,unpacked.00499EA8 ; ASCII "Please enter your User ID." 00499E6B |. E8 3881FAFF CALL unpacked.00441FA8 00499E70 |. 33DB XOR EBX,EBX 00499E72 |> 33C0 XOR EAX,EAX 00499E74 |. 5A POP EDX 00499E75 |. 59 POP ECX 00499E76 |. 59 POP ECX 00499E77 |. 64:8910 MOV DWORD PTR FS:[EAX],EDX 00499E7A |. 68 979E4900 PUSH unpacked.00499E97 00499E7F |> 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-8] 00499E82 |. E8 799DF6FF CALL unpacked.00403C00 00499E87 |. 8D45 FC LEA EAX,DWORD PTR SS:[EBP-4] 00499E8A |. E8 719DF6FF CALL unpacked.00403C00 00499E8F \. C3 RETN He he, vì soft được code bằng Delphi6 nên ta không thể đặt breakpoint là getdlgitemtexta hay getwindowtexta được. Nhưng hacnho nhận thấy dòng 00499E2C /$ 55 PUSH EBP là nơi bắt đầu doạn mã kiểm tra nên chúng ta đặt breakpoint tại đây xem sao . Okie nhấn F2 để set breakpoint. Nhấn F9 để chạy chương trình. Nhập name và serial như trên. OllyDBG liền ice tại đây. Nhấn F8 để trace downward tới dòng 00499E8F \. C3 RETN nó sẽ đưa bạn tới chỗ này: 0049A81F |. 84C0 TEST AL,AL 0049A821 |. 0F84 2E010000 JE unpacked.0049A955 0049A827 |. A1 6CB15100 MOV EAX,DWORD PTR DS:[51B16C] 0049A82C |. 8038 00 CMP BYTE PTR DS:[EAX],0 0049A82F |. 74 39 JE SHORT unpacked.0049A86A 0049A831 |. 8D55 E8 LEA EDX,DWORD PTR SS:[EBP-18] 0049A834 |. 8B83 DC010000 MOV EAX,DWORD PTR DS:[EBX+1DC] 0049A83A |. E8 B58BF8FF CALL unpacked.004233F4 0049A83F |. 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18] 0049A842 |. 8D4D F8 LEA ECX,DWORD PTR SS:[EBP-8] 0049A845 |. BA 05000000 MOV EDX,5 0049A84A |. E8 C14FFFFF CALL unpacked.0048F810 0049A84F |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] 0049A852 |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4] 0049A855 |. E8 3297F6FF CALL unpacked.00403F8C 0049A85A |. 0F85 9A000000 JNZ unpacked.0049A8FA 0049A860 |. BE 05000000 MOV ESI,5 0049A865 |. E9 90000000 JMP unpacked.0049A8FA 0049A86A |> 8D55 E8 LEA EDX,DWORD PTR SS:[EBP-18] 0049A86D |. 8B83 DC010000 MOV EAX,DWORD PTR DS:[EBX+1DC] 0049A873 |. E8 7C8BF8FF CALL unpacked.004233F4 0049A878 |. 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18] 0049A87B |. 8D4D F8 LEA ECX,DWORD PTR SS:[EBP-8] 0049A87E |. BA 01000000 MOV EDX,1 0049A883 |. E8 884FFFFF CALL unpacked.0048F810 0049A888 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] 0049A88B |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4] 0049A88E |. E8 F996F6FF CALL unpacked.00403F8C 0049A893 |. 75 05 JNZ SHORT unpacked.0049A89A 0049A895 |. BE 01000000 MOV ESI,1 0049A89A |> 8D55 E8 LEA EDX,DWORD PTR SS:[EBP-18] 0049A89D |. 8B83 DC010000 MOV EAX,DWORD PTR DS:[EBX+1DC] 0049A8A3 |. E8 4C8BF8FF CALL unpacked.004233F4 0049A8A8 |. 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18] 0049A8AB |. 8D4D F8 LEA ECX,DWORD PTR SS:[EBP-8] 0049A8AE |. BA 02000000 MOV EDX,2 0049A8B3 |. E8 584FFFFF CALL unpacked.0048F810 0049A8B8 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] 0049A8BB |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4] 0049A8BE |. E8 C996F6FF CALL unpacked.00403F8C 0049A8C3 |. 75 05 JNZ SHORT unpacked.0049A8CA 0049A8C5 |. BE 02000000 MOV ESI,2 0049A8CA |> 8D55 E8 LEA EDX,DWORD PTR SS:[EBP-18] 0049A8CD |. 8B83 DC010000 MOV EAX,DWORD PTR DS:[EBX+1DC] 0049A8D3 |. E8 1C8BF8FF CALL unpacked.004233F4 0049A8D8 |. 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-18] 0049A8DB |. 8D4D F8 LEA ECX,DWORD PTR SS:[EBP-8] 0049A8DE |. BA 03000000 MOV EDX,3 0049A8E3 |. E8 284FFFFF CALL unpacked.0048F810 0049A8E8 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] 0049A8EB |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4] 0049A8EE |. E8 9996F6FF CALL unpacked.00403F8C 0049A8F3 |. 75 05 JNZ SHORT unpacked.0049A8FA 0049A8F5 |. BE 03000000 MOV ESI,3 0049A8FA |> 4E DEC ESI ; Switch (cases 1 5) 0049A8FB |. 74 0D JE SHORT unpacked.0049A90A 0049A8FD |. 4E DEC ESI 0049A8FE |. 74 1B JE SHORT unpacked.0049A91B 0049A900 |. 4E DEC ESI 0049A901 |. 74 29 JE SHORT unpacked.0049A92C 0049A903 |. 83EE 02 SUB ESI,2 0049A906 |. 74 35 JE SHORT unpacked.0049A93D 0049A908 |. EB 44 JMP SHORT unpacked.0049A94E 0049A90A |> 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; Case 1 of switch 0049A8FA 0049A90D |. BA 01000000 MOV EDX,1 0049A912 |. 8BC3 MOV EAX,EBX 0049A914 |. E8 B3F7FFFF CALL unpacked.0049A0CC 0049A919 |. EB 3A JMP SHORT unpacked.0049A955 0049A91B |> 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; Case 2 of switch 0049A8FA 0049A91E |. BA 02000000 MOV EDX,2 0049A923 |. 8BC3 MOV EAX,EBX 0049A925 |. E8 A2F7FFFF CALL unpacked.0049A0CC 0049A92A |. EB 29 JMP SHORT unpacked.0049A955 0049A92C |> 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; Case 3 of switch 0049A8FA 0049A92F |. BA 03000000 MOV EDX,3 0049A934 |. 8BC3 MOV EAX,EBX 0049A936 |. E8 91F7FFFF CALL unpacked.0049A0CC 0049A93B |. EB 18 JMP SHORT unpacked.0049A955 0049A93D |> 8B4D FC MOV ECX,DWORD PTR SS:[EBP-4] ; Case 5 of switch 0049A8FA 0049A940 |. BA 05000000 MOV EDX,5 0049A945 |. 8BC3 MOV EAX,EBX 0049A947 |. E8 80F7FFFF CALL unpacked.0049A0CC 0049A94C |. EB 07 JMP SHORT unpacked.0049A955 0049A94E |> 8BC3 MOV EAX,EBX ; Default case of switch 0049A8FA 0049A950 |. E8 7BF5FFFF CALL unpacked.00499ED0 0049A955 |> 33C0 XOR EAX,EAX 0049A957 |. 5A POP EDX 0049A958 |. 59 POP ECX 0049A959 |. 59 POP ECX 0049A95A |. 64:8910 MOV DWORD PTR FS:[EAX],EDX 0049A95D |. 68 7FA94900 PUSH unpacked.0049A97F 0049A962 |> 8D45 E8 LEA EAX,DWORD PTR SS:[EBP-18] 0049A965 |. E8 9692F6FF CALL unpacked.00403C00 0049A96A |. 8D45 EC LEA EAX,DWORD PTR SS:[EBP-14] 0049A96D |. BA 05000000 MOV EDX,5 0049A972 |. E8 AD92F6FF CALL unpacked.00403C24 0049A977 \. C3 RETN Nhấn F8 để trace downward đến đoạn 0049A87E |. BA 01000000 MOV EDX,1 0049A883 |. E8 884FFFFF CALL unpacked.0048F810 0049A888 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] 0049A88B |. 8B55 FC MOV EDX,DWORD PTR SS:[EBP-4] Wow, hào quang sáng chói : chúng ta thấy gì nhỉ, số serial được bắn vào đỉnh SS (stack). D eax tại dòng 0049A888 |. 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-8] sẽ thấy được số serial là 0012F75C 00B1E508 ASCII "54858-ST651-2796663615"< Standard Edition. Nhìn ở dưới của sổ thứ 4 của OllyDBG bạn sẽ thấy các đối số so sánh như sau : 0012F748 00B28470 0012F74C 00B28080 ASCII "hacnho" 0012F750 00B1E294 ASCII "1234567890" 0012F754 00B2865C ASCII "67890" 0012F758 00B238FC ASCII "12345" 0012F75C 00B1E508 ASCII "54858-ST651-2796663615" . 0 012 F748 00 B284 70 0 012 F74C 00 B2 808 0 ASCII "hacnho" 0 012 F7 50 00B1E294 ASCII " ;12 345678 90& quot; 0 012 F754 00 B2865C ASCII "678 90& quot; 0 012 F758 00 B238FC ASCII " ;12 345". JNZ unpacked .00 49A8FA 00 49A8 60 |. BE 05 000 000 MOV ESI,5 00 49A865 |. E9 900 000 00 JMP unpacked .00 49A8FA 00 49A86A |> 8D55 E8 LEA EDX,DWORD PTR SS:[EBP -18 ] 00 49A86D |. 8B83 DC 01 0 00 0 MOV EAX,DWORD. SS:[EBP -14 ] 00 49A96D |. BA 05 000 000 MOV EDX,5 00 49A972 |. E8 AD92F6FF CALL unpacked .00 403 C24 00 49A977 . C3 RETN Nhấn F8 để trace downward đến đoạn 00 49A87E |. BA 01 0 00 000 MOV EDX ,1 00 49A883

Ngày đăng: 03/07/2014, 17:20

Xem thêm

TỪ KHÓA LIÊN QUAN

TÀI LIỆU CÙNG NGƯỜI DÙNG

TÀI LIỆU LIÊN QUAN