Cracker Handbook 1.0 part 306 potx

Trace into 004EABA8 /$ 55 PUSH EBP 004EABA9 |. 8BEC MOV EBP, ESP 004EABAB |. 51 PUSH ECX 004EABAC |. B9 04000000 MOV ECX, 4 ==> i = 4 004EABB1 |> 6A 00 /PUSH 0 004EABB3 |. 6A 00 |PUSH 0 004EABB5 |. 49 |DEC ECX 004EABB6 |.^ 75 F9 \JNZ SHORT unpacked.004EABB1 004EABB8 |. 51 PUSH ECX 004EABB9 |. 874D FC XCHG [LOCAL.1], ECX 004EABBC |. 53 PUSH EBX 004EABBD |. 56 PUSH ESI 004EABBE |. 57 PUSH EDI 004EABBF |. 8BF9 MOV EDI, ECX 004EABC1 |. 8955 FC MOV [LOCAL.1], EDX ==> đưa FU vào EDX 004EABC4 |. 8B45 FC MOV EAX, [LOCAL.1] ==> đưa FU vào EAX 004EABC7 |. E8 78A0F1FF CALL unpacked.00404C44 004EABCC |. 33C0 XOR EAX, EAX 004EABCE |. 55 PUSH EBP 004EABCF |. 68 69AD4E00 PUSH unpacked.004EAD69 004EABD4 |. 64:FF30 PUSH DWORD PTR FS:[EAX] 004EABD7 |. 64:8920 MOV DWORD PTR FS:[EAX], ESP 004EABDA |. 8BC7 MOV EAX, EDI 004EABDC |. E8 C39BF1FF CALL unpacked.004047A4 004EABE1 |. 8B45 FC MOV EAX, [LOCAL.1] 004EABE4 |. E8 739EF1FF CALL unpacked.00404A5C 004EABE9 |. 8BF0 MOV ESI, EAX 004EABEB |. 85F6 TEST ESI, ESI 004EABED |. 7E 26 JLE SHORT unpacked.004EAC15 004EABEF |. BB 01000000 MOV EBX, 1 =============Loop============ 004EABF4 |> 8D4D EC /LEA ECX, [LOCAL.5] 004EABF7 |. 8B45 FC |MOV EAX, [LOCAL.1] 004EABFA |. 0FB64418 FF |MOVZX EAX, BYTE PTR DS:[EAX+EBX-1] ==> đưa S[i] của FU vào EAX 004EABFF |. 33D2 |XOR EDX, EDX 004EAC01 |. E8 76E4F1FF |CALL unpacked.0040907C 004EAC06 |. 8B55 EC |MOV EDX, [LOCAL.5] ==> đưa S[i] dưới dạng Hexa vào EDX 004EAC09 |. 8D45 F8 |LEA EAX, [LOCAL.2] 004EAC0C |. E8 539EF1FF |CALL unpacked.00404A64 004EAC11 |. 43 |INC EBX ==> tăng EBX lên 1 004EAC12 |. 4E |DEC ESI ==> if ESI # 0 004EAC13 |.^ 75 DF \JNZ SHORT unpacked.004EABF4 ==> then continue loop End Loop 004EAC15 |> 8B45 F8 MOV EAX, [LOCAL.2] 004EAC18 |. E8 3F9EF1FF CALL unpacked.00404A5C 004EAC1D |. 8BF0 MOV ESI, EAX 004EAC1F |. 85F6 TEST ESI, ESI 004EAC21 |. 7E 2C JLE SHORT unpacked.004EAC4F 004EAC23 |. BB 01000000 MOV EBX, 1 ============Loop========== 004EAC28 |> 8B45 F8 /MOV EAX, [LOCAL.2] ==> đưa FU sau khi đã chuyển sang hệ Hexa vào EAX 004EAC2B |. E8 2C9EF1FF |CALL unpacked.00404A5C 004EAC30 |. 2BC3 |SUB EAX, EBX 004EAC32 |. 8B55 F8 |MOV EDX, [LOCAL.2] ==> đưa FU sau khi đã chuyển sang hệ Hexa vào EDX 004EAC35 |. 8A1402 |MOV DL, BYTE PTR DS:[EDX+EAX] ==> đưa S[i’] vào DL 004EAC38 |. 8D45 E8 |LEA EAX, [LOCAL.6] 004EAC3B |. E8 449DF1FF |CALL unpacked.00404984 004EAC40 |. 8B55 E8 |MOV EDX, [LOCAL.6] 004EAC43 |. 8D45 F4 |LEA EAX, [LOCAL.3] 004EAC46 |. E8 199EF1FF |CALL unpacked.00404A64 004EAC4B |. 43 |INC EBX ==> tăng EBX lên 1 004EAC4C |. 4E |DEC ESI ==> if ESI # 0 004EAC4D |.^ 75 D9 \JNZ SHORT unpacked.004EAC28 ==> continue loop End loop 004EAC4F |> 8D45 F8 LEA EAX, [LOCAL.2] 004EAC52 |. 50 PUSH EAX 004EAC53 |. B9 04000000 MOV ECX, 4 004EAC58 |. BA 01000000 MOV EDX, 1 004EAC5D |. 8B45 F4 MOV EAX, [LOCAL.3] ==> đưa FU dưới dạng Hexa vào EAX nhưng theo thứ tự ngược lại 004EAC60 |. E8 4FA0F1FF CALL unpacked.00404CB4 004EAC65 |. 8D45 F4 LEA EAX, [LOCAL.3] 004EAC68 |. 50 PUSH EAX 004EAC69 |. B9 04000000 MOV ECX, 4 ==> i = 4 004EAC6E |. BA 05000000 MOV EDX, 5 004EAC73 |. 8B45 F4 MOV EAX, [LOCAL.3] ==> đưa FU dưới dang Hexa nhưng đảo ngược vào EAX 004EAC76 |. E8 39A0F1FF CALL unpacked.00404CB4 004EAC7B |. 8B45 F8 MOV EAX, [LOCAL.2] ==> lấy 4 char cuối của FU này chuyển vào EAX 004EAC7E |. E8 D99DF1FF CALL unpacked.00404A5C ==> gọi hàm kiểm tra 004EAC83 |. 83F8 04 CMP EAX, 4 ==> if EAX < 4 004EAC86 |. 7D 2F JGE SHORT unpacked.004EACB7 ==> then continue 004EAC88 |. 8B45 F8 MOV EAX, [LOCAL.2] 004EAC8B |. E8 CC9DF1FF CALL unpacked.00404A5C 004EAC90 |. 8BD8 MOV EBX, EAX 004EAC92 |. 83FB 03 CMP EBX, 3 004EAC95 |. 7F 20 JG SHORT unpacked.004EACB7 004EAC97 |> 8D4D E4 /LEA ECX, [LOCAL.7] 004EAC9A |. 8BC3 |MOV EAX, EBX 004EAC9C |. C1E0 02 |SHL EAX, 2 004EAC9F |. 33D2 |XOR EDX, EDX 004EACA1 |. E8 D6E3F1FF |CALL unpacked.0040907C 004EACA6 |. 8B55 E4 |MOV EDX, [LOCAL.7] 004EACA9 |. 8D45 F8 |LEA EAX, [LOCAL.2] 004EACAC |. E8 B39DF1FF |CALL unpacked.00404A64 004EACB1 |. 43 |INC EBX 004EACB2 |. 83FB 04 |CMP EBX, 4 004EACB5 |.^ 75 E0 \JNZ SHORT unpacked.004EAC97 004EACB7 |> 8B45 F4 MOV EAX, [LOCAL.3] ==> else: lấy 4 char tiếp theo của FU chuyển vào EAX 004EACBA |. E8 9D9DF1FF CALL unpacked.00404A5C ==> gọi hàm kiểm tra 004EACBF |. 83F8 04 CMP EAX, 4 ==> if EAX < 4 004EACC2 |. 7D 2F JGE SHORT unpacked.004EACF3 ==> then continue 004EACC4 |. 8B45 F4 MOV EAX, [LOCAL.3] 004EACC7 |. E8 909DF1FF CALL unpacked.00404A5C 004EACCC |. 8BD8 MOV EBX, EAX 004EACCE |. 83FB 03 CMP EBX, 3 004EACD1 |. 7F 20 JG SHORT unpacked.004EACF3 004EACD3 |> 8D4D E0 /LEA ECX, [LOCAL.8] 004EACD6 |. 8BC3 |MOV EAX, EBX 004EACD8 |. C1E0 02 |SHL EAX, 2 004EACDB |. 33D2 |XOR EDX, EDX 004EACDD |. E8 9AE3F1FF |CALL unpacked.0040907C 004EACE2 |. 8B55 E0 |MOV EDX, [LOCAL.8] 004EACE5 |. 8D45 F4 |LEA EAX, [LOCAL.3] 004EACE8 |. E8 779DF1FF |CALL unpacked.00404A64 004EACED |. 43 |INC EBX 004EACEE |. 83FB 04 |CMP EBX, 4 004EACF1 |.^ 75 E0 \JNZ SHORT unpacked.004EACD3 004EACF3 |> 8D45 F0 LEA EAX, [LOCAL.4] ==> Else 004EACF6 |. BA 80AD4E00 MOV EDX, unpacked.004EAD80 ; ASCII "Picture5s7efu85re" ==> đưa String default vào EDX 004EACFB |. E8 3C9BF1FF CALL unpacked.0040483C ==> gọi hàm kiểm tra 004EAD00 |. 8D45 DC LEA EAX, [LOCAL.9] 004EAD03 |. 50 PUSH EAX 004EAD04 |. B9 04000000 MOV ECX, 4 004EAD09 |. BA 01000000 MOV EDX, 1 004EAD0E |. 8B45 F0 MOV EAX, [LOCAL.4] 004EAD11 |. E8 9E9FF1FF CALL unpacked.00404CB4 004EAD16 |. FF75 DC PUSH [LOCAL.9] ==> lấy 4 char đầu của String default 004EAD19 |. 68 9CAD4E00 PUSH unpacked.004EAD9C 004EAD1E |. FF75 F8 PUSH [LOCAL.2] ==> lấy tiếp 4 char hexa đầu của FU đã được đảo ngược 004EAD21 |. 8D45 D8 LEA EAX, [LOCAL.10] 004EAD24 |. 50 PUSH EAX 004EAD25 |. B9 05000000 MOV ECX, 5 004EAD2A |. BA 05000000 MOV EDX, 5 004EAD2F |. 8B45 F0 MOV EAX, [LOCAL.4] 004EAD32 |. E8 7D9FF1FF CALL unpacked.00404CB4 004EAD37 |. FF75 D8 PUSH [LOCAL.10] ==> lấy 4 char tiếp theo của String default 004EAD3A |. 68 9CAD4E00 PUSH unpacked.004EAD9C 004EAD3F |. FF75 F4 PUSH [LOCAL.3] ==> lấy 4 char hexa tiếp theo của FU đã được đảo ngược 004EAD42 |. 8BC7 MOV EAX, EDI 004EAD44 |. BA 06000000 MOV EDX, 6 004EAD49 |. E8 CE9DF1FF CALL unpacked.00404B1C Trace into 00404B1C $ 53 PUSH EBX 00404B1D . 56 PUSH ESI 00404B1E . 57 PUSH EDI 00404B1F . 52 PUSH EDX 00404B20 . 50 PUSH EAX 00404B21 . 89D3 MOV EBX, EDX 00404B23 . 31FF XOR EDI, EDI 00404B25 . 8B4C94 14 MOV ECX, DWORD PTR SS:[ESP+EDX*4+14] ==> đưa 4 char đầu của String Default vào ECX 00404B29 . 85C9 TEST ECX, ECX 00404B2B . 74 06 JE SHORT unpacked.00404B33 00404B2D . 3908 CMP DWORD PTR DS:[EAX], ECX ==> if lenchar = 0 00404B2F . 75 02 JNZ SHORT unpacked.00404B33 ==> then 00404B31 . 89C7 MOV EDI, EAX 00404B33 > 31C0 XOR EAX, EAX ==> else EAX=0 00404B35 > 8B4C94 14 MOV ECX, DWORD PTR SS:[ESP+EDX*4+14] ==> 00404B39 . 85C9 TEST ECX, ECX 00404B3B . 74 09 JE SHORT unpacked.00404B46 00404B3D . 0341 FC ADD EAX, DWORD PTR DS:[ECX-4] 00404B40 . 39CF CMP EDI, ECX ==> check lại ECX lần 2 00404B42 . 75 02 JNZ SHORT unpacked.00404B46 00404B44 . 31FF XOR EDI, EDI 00404B46 > 4A DEC EDX ==> jump if # 0 00404B47 .^ 75 EC JNZ SHORT unpacked.00404B35 00404B49 . 85FF TEST EDI, EDI 00404B4B . 74 14 JE SHORT unpacked.00404B61 00404B4D . 89C2 MOV EDX, EAX 00404B4F . 89F8 MOV EAX, EDI 00404B51 . 8B37 MOV ESI, DWORD PTR DS:[EDI] 00404B53 . 8B76 FC MOV ESI, DWORD PTR DS:[ESI-4] 00404B56 . E8 85020000 CALL unpacked.00404DE0 00404B5B . 57 PUSH EDI 00404B5C . 0337 ADD ESI, DWORD PTR DS:[EDI] 00404B5E . 4B DEC EBX 00404B5F . EB 08 JMP SHORT unpacked.00404B69 . tra 00 4EAD 00 |. 8D45 DC LEA EAX, [LOCAL.9] 00 4EAD03 |. 50 PUSH EAX 00 4EAD04 |. B9 04 000 000 MOV ECX, 4 00 4EAD09 |. BA 01 0 00 000 MOV EDX, 1 00 4EAD0E |. 8B45 F0 MOV EAX, [LOCAL.4] 00 4EAD 11 | lại 00 4EAC 60 |. E8 4FA0F1FF CALL unpacked .00 404 CB4 00 4EAC65 |. 8D45 F4 LEA EAX, [LOCAL.3] 00 4EAC68 |. 50 PUSH EAX 00 4EAC69 |. B9 04 000 000 MOV ECX, 4 ==> i = 4 00 4EAC6E |. BA 05 000 000 MOV. ngược 00 4EAD 21 |. 8D45 D8 LEA EAX, [LOCAL . 10 ] 00 4EAD24 |. 50 PUSH EAX 00 4EAD25 |. B9 05 000 000 MOV ECX, 5 00 4EAD2A |. BA 05 000 000 MOV EDX, 5 00 4EAD2F |. 8B45 F0 MOV EAX, [LOCAL.4] 00 4EAD32

Định dạng
Số trang	6
Dung lượng	78,51 KB