ÎÒ´ÓûÓиã¹ýÆƽâ,Ö»ÊÇÔÚÇ°¶Îʱ¼äѧϰPEÎļþ¸ñʽÔÚ¿´Ñ©Ñ§ÔºDownÁËһЩ×ÊÁÏ,Ã÷
Ìì¾ÍÒª·Å¼ÙÁËÏÐÀ´ÎÞÊÂÓÃÒ»¸öСʱ°Ñ¿´Ñ©Ñ§ÔºµÄ<Crack Tutorial 2001>ͨÀÀÁËÒ»±é,Ϊ
ÁËÁ·Ï°¸ã¶¨Á˼¸¸öCrackMe,¾õµÃÒ²¹ÖºÃÍæµÄ,¾õµÃ!
Crack¼¼ÊõÀïµÄÍѿǼ¼ÊõÊǷdz£ÓÐÒâ˼
,ÎÒ²»Ïë½âÊÍÍѿǵĸÅÄîʲôµÄ,Õâ·½ÃæµÄ×ÊÁϷdz£¶à,ºÃÁ˲»·Ï»°,ÏÂÃæÈÿªÊ¼½²½âÈçºÎ
ÔÚÁ½·ÖÖÖÄÚÍѵôUPXµÄ¿Ç,ÒÔǰûÓиã¹ýCrack,ÓÐʲôErrorµÄµØ·½¸ßÊÖÎóЦ!ºÇºÇ!

Ïà¹Ø¹¤¾ß:

UPX 1.23W(ÓÃÓÚѹËõºÍ¼Ó¿Ç)
W32Dasm 10.0»Æ½ðºº»¯°æ(CrackerÃǺÍHackerÃǶ¼¾­³£ÒªÓõÄ)
OllyDbg 1.09cñö·çÌýÓ꺺»¯°æ(Õâ¸öºº»¯BugºÜÉÙ,ºÜºÃÓÃ)
OllyDump(OllyDbgÍѿDzå¼þ)

"¿ªÊ¼"-->"³ÌÐò"-->"¸½¼þ"-->"ÓÎÏ·"-->"ɨÀ×"-->"ÓÒ»÷"-->"ÊôÐÔ"-->"²éÕÒÄ¿±ê"

¸´ÖƵ½¹¤×÷Ŀ¼ÏÂ(ÎÒµÄÊÇD:\temp\Crack\),ʹÓÃUPX¶ÔɨÀ׳ÌÐò¼Ó¿Ç
ÃüÁîÈçÏÂ:
d:\temp\crack>upx -9 winmine.exe -o swinmine.exe
Ŀ¼ÏÂÉú³ÉÁËÒ»¸öÃûΪswinmine.exeµÄÒѼӿdzÌÐò

ʹÓÃW32Dasm´ò¿ª·´»ã±à,ÒѾ­¿´²»µ½ÒýÈëºÍÒý³öº¯Êý²Î¿¼,¶Ô»°¿òºÍ²Ëµ¥²Î¿¼,×Ö´®²Î¿¼È«±ä³ÉÁË

String Resource ID=00001: "ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß"
String Resource ID=00002: "ßßßßßßßßßßßßßßßßßßßßßßßßßßßß?
ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß?quot;
String Resource ID=0!
0003: &q
uot;ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß"
String Resource ID=00004: "ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß"
String Resource ID=00005: "ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß"
String Resource ID=00007: "ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß"
String Resource ID=00009: "ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß"
String Resource ID=00011: "ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß"
String Resource ID=00014: "ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß"
String Resource ID=00014: "ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß"

ÏÈ°´Ctrl+End¹â±ê×ßµ½ÁË×îºóÒ»ÐÐ,ÔÙÑ¡ÔñW32DasmµÄ"²éÕÒ/²éÕÒÎı¾"²Ëµ¥,ÊäÈë"popad",Ñ¡ÖÐ
²éÕÒ·½ÏòΪÏòÉÏ,ÕÒµ½ÕâÑùµÄÓï¾ä:

:0101BC28 FF96E8BC0100 !
call dword ptr [esi+0001BCE8]

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
©¦:0101BBF0(C)
©¦
:0101BC2E 61 popad
:0101BC2F E99C81FEFF jmp 01003DD0;<==---

¹â±êÒƵ½:0101BC2F E99C81FEFF jmp 01003DD0Õâ¾äÉÏ,Ñ¡Ôñ"±à¼­/¿ìËٱ༭"
²Ëµ¥Ïî,½«
E99C81FEFF000000000000000000000000000000¸ÄΪ
CCE99C81FEFF0000000000000000000000000000
(ºóÃæÈ¥µôÁ½¸öÒ»×Ö½Ú,Ç°ÃæÌí¼ÓÒ»×Ö½ÚµÄÊ®Áù½øÖÆÊýµÄCC,¼´»ã±àÓï¾äint 3,User Break
PointÖжϵ÷ÓÃ),±£´æ³ÉPswinmine.exeÔËÐÐÒ»ÏÂ,µ¯³öÒ»¸öMessageBox"Software Exception...
λÖÃ0101bc2f"³öÏÖÒ»¸öδ´¦ÀíÒì³£?³ö´íÁË?ûÓÐ!ûÓÐ!ÊÇÎÒÃÇдÈëµÄint 3·¢³öµÄ,!
¿´
Çå³þËüµÄλÖÃ0101bc2f,
ÔÙ·´»ã±àPswinmine.exe¿´Ò»ÏÂ0x01!
01bc2fµØ
Ö·µÄÖ¸Áî¾ÍÃ÷°×ÁË:

:0101BC28 FF96E8BC0100 call dword ptr [esi+0001BCE8]

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
©¦:0101BBF0(C)
©¦
:0101BC2E 61 popad
:0101BC2F CC int 03;<==---
:0101BC30 E99C81FEFF jmp 01003DD1<==---

Í˳öW32Dasm,´ò¿ªOllyDbg,´ò¿ª¸Õ²Å´ò¹ýÓû§Öжϵ÷Óò¹¶¡µÄPswinmine.exe,³ÌÐòÏÔʾ
"Ä£¿é"Pwinmine"µÄ¿ìËÙͳ¼Æ²âÊÔ±¨¸æ˵Ã÷,ËüµÄ´úÂë×Ü·¢Ò²ÐíÊǾ­¹ýÁËѹËõ,¼ÓÃÜ,»òÕß°üº¬
ºÜ´óÊýÄ¿µÄǶÈëʽÊý¾Ý.´úÂë·ÖÎö½á¹û½«»áÊǷdz£²»¿É¿¿µÄ»òÕßÊǼòµ¥¶øÇÒ´íÎóµÄ.ÄúÈ·¶¨Òª
¼ÌÐø½øÐзÖÎöÂð?"µ±È»!
µã"ÊÇ"ÁË,ÔÙ°´F9³ÌÐò»áÖжÏÔÚ0101bc2fÒòΪÎÒÃÇint 3µ÷ÓÃÁËUser
Break PointÖжÏ,¿ØÖÆȨתµ½ÁËOllyDbg,Æäʵ¼Ó¿Ç(¼ÓÃÜ)ºó³ÌÐòÐèÒªÔÚÖ´ÐÐʱÓÉһС¶Î³ÌÐò
À´½âÃܳÌÐòÈ»ºóÔÙÌøתµ½½âÃܺóµÄ´úÂëÖ´ÐÐ,ÕâºÍOverflow¹¥»÷ÖÐʹÓõÄShellCode±à½âÂë¼¼
Êõ¾ªÈ˵ÄÏàËÆ,ShellCodeÔÚ½âÂëÒÔÇ°Ö»ÓÐһС¶Î´úÂë(ͨ³£ÊǽâÂë×Ó³ÌÐò)ÊÇ¿ÉÖ´ÐеÄ,ÆäËüδ
¾­½âÂëµÄ´úÂë(ÆäʵÔÚδ½âÂëÇ°ËüÃÇͬ¼Ó¿Ç¹ýµÄÈí¼þ´úÂëÒ»ÑùÊÇһϵÁкÁÎÞ¹æÔòµÄ´íÎóµÄÖ¸Áî
,ÉõÖÁÊǸù±¾²»´æÔÚµÄÖ¸Áî´úÂë)Èç¹ûÖ´Ðоͻá³öÏÖ´íÎó.
ÓÒ»÷Ñ¡"Dump Debuged Process",ÔÚEntry Point¿òÊäÈë3dd1,×¢ÒâÊÇ3dd1¶ø²»ÊÇ3dd0,ÊäÈë±£
´æÎļþÃû123.exeµãÈ·¶¨±£´æ,ÔËÐÐÒ»ÏÂ,Ò»ÇÐÕý³£(Õâʱ³ÌÐòÒÑ´ÓÄÚ´æÖб»ÍѿdzöÀ´).

Í˳öOllyDbg,´ò¿ªW32DasmÔٴη´»ã±à123.exe(ÒÑÍÑUPX¿ÇµÄɨÀ׳ÌÐò)

²Ëµ¥²Î¿¼:
Menu: MenuID_01F4
Menu: MenuID_01F4, Item: ""
Menu: MenuID_01F4, Item: "??)(M)"
Menu: MenuID_01F4, Item: "?B)"
Menu: MenuID_01F4, Item: "-?I)"
Menu: MenuID_01F4, Item: "ðó(S)"
Menu: MenuID_01F4, !
Item: "ا(E)"
Menu: MenuID_01F4, Item: "œr(L!
)"<
br>Menu: MenuID_01F4, Item: "êšI(C)..."
Menu: MenuID_01F4, Item: "îU(C) F1"
¶Ô»°¿ò²Î¿¼:
Dialog: DialogID_0050
Dialog: DialogID_0258
Dialog: DialogID_02BC
×Ö·û²Î¿¼:
String Resource ID=00001: "k?
String Resource ID=00003: "k??
String Resource ID=00004: "àÕMn¡öh÷s?
String Resource ID=00005: "…X
?
String Resource ID=00006: "? %d"
String Resource ID=00007: "%d ?
String Resource ID=00008: "Z
"
String Resource ID=00009: "?§°U
÷Y
?
"
String Resource ID=00010: "?-§°U
÷Y
?
"
String Resource ID=00011: "?ا°U
÷Y
?
"
String Resource ID=00012: "k?
String Resource ID=00013: "by Robert Donner and Curt Johnson"
".chm"
"?
"?"
"CLSID\{ADB880A6-D8FF-11CF-9377-00AA003B7A11}\I"
"entpack.ini"
"Failed t!
o create Bitmap
"
"FLoad failed to create compatible "
"hhctrl.ocx"
"NTHelp.chm"
"Software\Microsoft\winmine"
"U‹ì‹E
SVƒèSW„æ"
"winmine.hlp"
"ÿÿÿÿ2?"
Ò»ÇÐÊÕÑÛµ×,ÒýÈ뺯Êý²Î¿¼ÈÔÈ»¿´²»¼û,ÓдíÎóÂð?²»ÖªµÀ!¿ÉÒÔÕý³£ÔËÐÐÓ¦¸ÃÊÇûÓÐ,ʹÓÃ
Visual StudioµÄDepends¹¤¾ß¿´Ò»ÏÂÏÈ,ÒýÈ뺯ÊýºÍδ¼Ó¿ÇǰһģһÑù,Ó¦¸ÃûÓÐʲôÎÊÌâ,
×¢ÒâÈç¹ûÔÚÕâÀïÄܶÔPEÎļþÍ·µÄSection Header½øÐÐһЩÖع¹ÄǾÍÍѵķdz£ÍêÃÀÁË,Èç¹û
ÊÇÆäËüÐèҪע²áµÄÈí¼þ¿ÉÒÔÔÙ½øÒ»²½¸ú×Ù·ÖÎö³ö×¢²áÂë.

×îºó:
ÊÖ¹¤¼ÓÉÏÒ»¸öint 3µ÷ÓÃÊǷdz£ÓÐÓõÄ,ÓÐЩÈí¼þʹÓÃOllyDbgÀ´Ò»²½²½¸ú×Ù·ÖÎöÊÇ·Ç
³£·Ñʱ·ÑÁ¦µÄ(ÐèÒª½âÂëºÜ¶àÊý¾Ý,ÎÒÃǸÐÐËȤµÄ²»ÊǼÓÃܹýµÄ´úÂë,¶øÊÇδ¼ÓÃÜ´úÂë),¶øÇÒ
ÕâÑù¶¨Î»·Ç³£×¼È·,¼ÈÈ»ÎÒÃÇÒѾ­Ã÷°×ÁËUPX¼Ó¿ÇµÄËã·¨Ô­Àí(ÀàËÆÓëShellCode±à½âÂëËã·¨),
ÄÇÎÒÃǾ͵ÈËü×Ô¼º½âÂëÍêÁËÒÔºóDumpһϲ»ÊǷdz£Ë¬¿ìÂð?ÕâÀïÖ»ÊǼòµ¥·ÖÎöÁËÒ»ÖÖ¿ìËÙÈ¥
³ýÒ»°ãUPX¿ÇµÄ·½·¨,ÓÐЩÈí¼þ»¹Óз´¸ú×ٺͷ´µ÷ÊÔ¹¦ÄÜ,ÍѿǾÍûÓÐÄÇ!
ô¼òµ¥ÁË.