 鲜花( 0)  鸡蛋( 0)
|
10 strokes teach you break (school hacker must see) 4 `7 r$ V' t) [1 s/ b8 t' q' ?8 I. O" k
below to learn about some of the decryption process frequently encountered problems, I simply according to their own experience to talk to you. These issues are often badly in need of beginners out to understand, according to my own learning experience, if you direct a lot of cracking tutorial according to study it,ralph lauren france, most will put themselves under a full head of fog,abercrombie hoodies, because there are many Either they are not very clear concept, or simply do not know how one thing, I hope to you by the following discussion of some help:
: L" }" I, e! n1 ^% g& ^7 c/ r 1. breakpoint: the so-called breakpoint is the procedure to be interrupted where the word The decryptor is too familiar. So what is it interrupts? Interruption is due to exceptional events (interrupt events) occurred, the computer to suspend the current task (that program), turn to perform another task (interrupt service routine), and then return to its original mandate to continue. Analogy: you are at work, suddenly the students called to tell you that he came by train from the field, you go to the railway station to pick him up. Then you leave the temporary owner, rushed to the train station to pick up students, then he settled in, then you returned the company to continue to work, this is an interrupt process. Decryption process is to wait until we have procedures to obtain the registration code we entered the correct registration code and the preparation and when compared it to break down the analysis process and then we find the correct registration code. So we need to be decrypted program set breakpoints, cut into the program at the appropriate time within the track to the program's registration code, so as to achieve the purpose of crack.
8 [4 x, `; B' A* G4 |6 V 2. airspace: this is a very important concept, but also for beginners often do not understand is the place. We have a variety of crack article airspace can see the word, if you are confused in the end process of airspace where, you can not enter the crack of the door. You may also break off some of the software, but only a blind cat encountered a dead rat it (before I was like ^ _ ^, now speaking are sorry Oh!). The so-called process of airspace, it means their own local procedures, that is, the procedures we have to crack the code their own procedures for the location. Perhaps you will immediately ask: I was running when the breakpoint set, why not in the program after interrupt their own space? Prepared for each program are no fixed pattern,juicy couture velour, so we have to cut into the program when you want to interrupt proceedings, must not depend on the specific procedure set breakpoints, is what we set the breakpoint should be used for each program will to things. In the DOS era, basically all the procedures are working on the interrupt program, that almost all of the DOS program will be to call all kinds of interruptions to complete the task. But by the WINDOWS era, the program has no power to directly call interruption, WINDOWS system provides a system function call platform (API), on the DOS program to interrupt the process-based,herve leger dresses, like, WINDOWS procedures to API as the basis for the realization and system deal to the kinds of functions, it WINDWOS software crack under the API function with a breakpoint set is based, that is, when the program calls an API function interrupt its normal operation, and then decrypt. For example, in SOFTICE set the following breakpoint: bpx GetDlgItemText (for dialog text), when we want to crack the program to read input data and call GetDlgItemText, he was immediately intercepted SOFTICE, which cracked the program stay in GetDlgItemText the program area, and GetDlgItemText is in WINDWOS own management system area, if we get rid of this part of the program without authorization code, then great danger of the ^ _ ^! So we return to the region from the system by cracking program their own place (ie, airspace procedures), to break on the procedures,nike shox shoes, procedures as to how to look at the airspace in front of SOFTICE see diagram. Imagine: For each program will call the procedures of, what we might find useful from there things? (How kind of encryption is the process to decide for themselves, rather than calling system calls implemented!) ( J. p6 I/ g) e, }
3. API: Application Programming Interface is a shorthand, the Chinese called the Application Programming Interface, is a system-defined function of a large collection of It provides access to the operating characteristics of the method. API contains hundreds of applications call functions that perform all the necessary operating system-related operations, such as memory allocation, to screen out and create a window so the user's program by calling the WINDOWS API interface to deal with, no matter what kind of application,paul smith bags, its underlying eventually by calling various API functions to implement various functions. Usually there are two of the basic forms API: Win16 and Win32. Win16 is the original, API 16-bit version for Windows 3.1; Win32 is now, API 32-bit version for Windows 95/98/NT/ME/2000. Win32 includes Win16, Win16 is a superset of the majority of function names, use the same. 16-bit API function and 32-bit API function difference between the last letter, for example, we set such a breakpoint: bpx GetDlgItemText, bpx GetDlgItemTextA and bpx GetDlgItemTextW, which is 16-bit API function GetDlgItemText, GetDlgItemTextA and GetDlgItemTextW is 32 API function, but GetDlgItemTextA that function uses single-byte, GetDlgItemTextW that function uses double-byte. Now we break the commonly used single-byte to the Win32 API function, that is, and GetDlgItemTextA similar function, the other two (Win16 API and Win32 API function, double-byte) are relatively rare. Win32 API function is included in the dynamic link library (Dynamic Link Libraries, referred to as DLLs), that is included in the kernel32.dll, user32.dll, gdi32.dll and comctl32.dll, this is why we used exp = C in softice : \ windows \ system \ kernel32.dll and other command line to the dynamic link library into softice of reasons. Because they do not do so, we can not intercept the system calls the Win32 API function. 4. On the program registration code of existence: we will crack during the process will enter the registration code to find the correct registration code and compare local, and then through the process of tracking, analysis to find the correct registration code. However, the correct registration code is usually in the program there in two forms: explicit and implicit, the existence of the registration code for explicit, we can directly program the memory in which to see it, for example, you can directly SOFTICE data window to see like \entered the correct registration key registration key and compare, for example it is possible to convert an integer License, or disassemble the registration code, registration code and then separate each individually in different places to compare, or will we Enter the registration code for some kind of transformation, then a special program for validation and so on. In short, the application will take a variety of different ways to avoid the complexity of computing the registration code directly compared, for such procedures, we often have to make efforts to carefully track, analyze each program function, to find encryption algorithm, and then to break it, Of course, this will take some 8086 assembly programming foundation and a lot of patience and energy. # {3 g* Y7 u$ W( D8 F- h* z
5. hack on the software: I will hack into two categories, namely, crack full crack and violence. The so-called full break mainly for those who need to enter the software registration key or password is, if we follow through on the procedure to find the correct registration code, registered by the software itself functions properly register the software, so called hack complete break; but if some software itself does not provide registration functions, but only to provide trial (DEMO), or the registration can not the software itself (such as the need for another special registration procedures, registration, etc. via INTERNET) or software their more complex encryption software's ability to break, energy, time constraints, can not directly get the correct registration code, then we need to modify the software program code itself, that is man-made change Cong calendar? brain more Ying Deng crab? approach of taking? sodium balance hai Pu?? ┝ ζ Ping Suan?
! ^0 r9 n! F% O 6. tutorial on cracking the code address the problem: crack tutorial will put part of the program code to help explain the process analysis method, for example, a section of code below :
" S+ }2 m* c' h% }- g, J( K- k& i+ d ...... " a/ R) R% I, j- Y
0167:00408033 PUSH 00 9 z2 h% e2 W, R2 A. D8 t
0167:00408035 PUSH EBX & O5 S8 x3 `: r& S
0167:00408036 CALL [USER32! EndDialog]
- y; l; v# f- Q; @7 v7 S) s$ Z1 k 0167:0040803 C JMP 0040812C - n" I/ Q! |# v1 Q3 w
. ..... 8. on how to track the process of problem: beginners to start learning, when decrypted often do not know how to follow procedures, how to compare the place to find registration code, when faced with a long pile of program code a loss. Usually within the software program will use a subroutine (ie CALL ********) we enter the registration code to verify correct or not, registration code explicitly for the existence of procedures, the general registration key will be entered and the correct registration code into the register, and then call the validation routines to judge, the results are returned, the application was decided according to whether the subroutine returns successfully registered, such a procedure often has the following form: 0 D: h5 z! j3 ~8 n
****: ******** MOV EAX ,[********] (or PUSH EAX and other forms)
+ e" O& S" @9 q% \5 Y2 J ****:******** MOV EDX, [** ******] (or PUSH EDX form)
. T3 W$ A2 g5 e# L0 F+ b ****:******** CALL ********
% B5 C7 e! {8 \, w7 ]; A, M ^ ****:*** ***** TEST EAX, EAX (or TEST AL, AL, or do not have a form) ! t) y4 z! W3 D2 o9 u" I
****:******** JNZ ******** ( or JZ ******** form) + A! J0 x u6 W/ z5 O
including EAX and EDX pointing to the memory region that we enter the registration code and the correct registration code, where EAX and EDX registers are written at random, it can be ECX, EBX, EDI, ESI, etc.. License exists for implicit procedure, while not directly see the correct registration code, but usually is first entered into a registration key address register, and then call the subroutine to verify, when they need to break into the subroutine registration algorithm to analyze. In short, see subroutine (call ********) followed by a jump instruction (JNZ ******** or JZ ********) where we should be alert , Multi-D EAX (or EBX, ECX, EDX, EDI, ESI ... etc.) to register to see hidden area of memory pointed to something. One thing we have to remind you: see the program use the following this function is to note that GetDlgItenInt, this API function is used to input text into an integer, so these programs will not have shown the existence of the registration key because the registration code is converted to an integer, and programs typically use the CMP ECX, EDX this type of command to verify the accuracy of registration code, ECX and EDX of survival here is the registration code and enter the correct registration key integer form , then you can use? edx and? ecx see its decimal form, that we entered in the form. |
|
狗仔卡
发表于 2010-6-28 02:48
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡