The Art of Reversing by Ap0x - Tutoriali.org
The Art of Reversing by Ap0x - Tutoriali.org
The Art of Reversing by Ap0x - Tutoriali.org
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
PE Pack 1.0<br />
Prelistavajuci neke tudje keygeneratore koje imam na svom hard disku<br />
naisao sam na jedan zanimljiv keygen za CDRLabel 4.1 koji su napravili<br />
momci iz CORE crackerske grupe. Meni licno sam keygen nije bio zanimljiv<br />
nego mi je bila zanimljiva zastita kojom je pakovan ovaj keygen. U pitanju je<br />
PE Pack koji nikada ranije nisam rucno otpakovao pa sam odlucio da se<br />
oprobam i sa ovim pakerom. Molim vas da imate na umu da mene, a ne bi<br />
trebalo ni vas, ne interesuje sta ova meta radi, nego me interesuje kako bih<br />
ja to mogao da je otpakujem. Meta se nalazi u folderu Cas10 a zove se<br />
crcdl41.pepack10.exe. Ovu metu cemo otvoriti pomocu Ollyja i pogledacemo<br />
sta se nalazi na OEPu.<br />
00401212 > $ /74 00 JE SHORT cr-cdl41.00401214<br />
00401214 >-\E9 E74D0000 JMP cr-cdl41.00406000<br />
Dosta cudno, ali nema veze, sa F8 cemo izvrsiti oba skoka i naci cemo se<br />
ovde:<br />
00406000 60 PUSHAD<br />
00406001 E8 00000000 CALL cr-cdl41.00406006<br />
00406006 5D POP EBP<br />
00406007 83ED 06 SUB EBP,6<br />
Sa F8 cemo izvrsavati red po red sve dok ne dodjemo do jednog dugackog<br />
loopa:<br />
004060D4 /73 38<br />
JNB SHORT cr-cdl41.0040610E<br />
004060D6 |48<br />
DEC EAX<br />
004060D7 |74 35<br />
JE SHORT cr-cdl41.0040610E<br />
004060D9 |78 33<br />
JS SHORT cr-cdl41.0040610E<br />
004060DB |66:8B1C39 MOV BX,WORD PTR DS:[ECX+EDI]<br />
004060DF |80FB E8<br />
CMP BL,0E8<br />
004060E2 |74 0F<br />
JE SHORT cr-cdl41.004060F3<br />
004060E4 |80FB E9<br />
CMP BL,0E9<br />
004060E7 |74 0A<br />
JE SHORT cr-cdl41.004060F3<br />
004060E9 |66:81FB FF25 CMP BX,25FF<br />
004060EE |74 0F<br />
JE SHORT cr-cdl41.004060FF<br />
004060F0 |41<br />
INC ECX<br />
004060F1 ^|EB E3<br />
JMP SHORT cr-cdl41.004060D6<br />
004060F3 |294C39 01 SUB DWORD PTR DS:[ECX+EDI+1],ECX<br />
004060F7 |83C1 05<br />
ADD ECX,5<br />
004060FA |83E8 04<br />
SUB EAX,4<br />
004060FD ^|EB D7<br />
JMP SHORT cr-cdl41.004060D6<br />
004060FF |295439 02 SUB DWORD PTR DS:[ECX+EDI+2],EDX<br />
00406103 |83C1 06 ADD ECX,6<br />
00406106 |83EA 04 SUB EDX,4<br />
00406109 |83E8 05 SUB EAX,5<br />
0040610C ^|EB C8<br />
JMP SHORT cr-cdl41.004060D6<br />
0040610E \C685 D3000000 F>MOV BYTE PTR SS:[EBP+D3],0F8<br />
00406115 5B POP EBX<br />
00406116 5A POP EDX<br />
00406117 5E POP ESI<br />
00406118 ^ E9 76FFFFFF JMP cr-cdl41.00406093<br />
0040611D 6A 04 PUSH 4<br />
Da ne bismo izvrsavali ovaj dugacak loop postavicemo breakpoint na adresu<br />
0040611D, odnosno na PUSH 4 komandu jer cemo tu sigurno stici odmah<br />
posle izvrsavanja ovog loopa to jest posle otpakivanja u memoriju. Sa F8<br />
cemo polako izvrsavati kod sve dok ne dodjemo do adrese:<br />
004061C2 0385 47050000 ADD EAX,DWORD PTR SS:[EBP+547]<br />
004061C8 52 PUSH EDX ; cr-cdl41.00404000<br />
<strong>The</strong> <strong>Art</strong> <strong>of</strong> <strong>Reversing</strong> <strong>by</strong> <strong>Ap0x</strong> Page 220 <strong>of</strong> 293
Change language