http://www.hackerschool.org/HS_Boards/zboard.php?id=QNA_Reversing&no=51 [º¹»ç]
³× ÀÌÁ¦ ¾î¼Àºí¸®¾î¿Í ¸®¹ö½º¿£Áö´Ï¾î¸µ¿¡ È˹̸¦´À³¢¸ç ´«À»¶ß°ÔµÈ ¼¼³»±âÀÔ´Ï´Ù
´Ù¸§ÀÌ ¾Æ´Ï¶ó Á¦°øºÎ¹æ½ÄÀÌ µ¶ÇÐÀε¥ ±âº»»ó½ÄÃ¥ÀÐÁö¾Ê°í ¾î¼Àºí¸®¾î¼Ò½º¸¦ºÁ¼ Çϳª¾¿Ç®¾î°¡¸é¼ ¸ð¸£´Â°Ç ¹è¿ö°¡´Â ±×·±½ÄÀ¸·Î °øºÎÇϰŵç¿ä ±×·¡¼ ´Ù¸§ÀÌ ¾Æ´Ï¶ó ±¸¹®ÀÌ ÀÌÇØ°¡ ¾ÈµÇ´ÂÁ¡µéÀÌ ÀÕ¾î¼ Áú¹®Çغ¾´Ï´Ù ¿¹¸¦µé¾î
[enable]
registersymbol(Timer)
alloc(pu,256)
registersymbol(pu)
alloc(Timer,4)
//eip= pu º£À̽º=702C87
Timer:
dd 00
pu:
cmp [Timer],2
jl 702c90
mov [Timer],0
jmp 702C89
[disable]
dealloc(pu)
unregistersymbol(pu)
ÀÌ·¸°Ô ÀÕÀ¸¸é Áú¹®À»Çغ¸°Ù½À´Ï´Ù (´Ü¾î µéÀº ¾Ë°í ÀÕ½À´Ï´Ù )
1.registersymbolÀֵ̿ΰ³ÁÒ?(À§¿¡´ÂŸÀ̸Ӱí¾Æ·¡´ÂǪÀε¥¿ÖµÎ°³Àΰ¡¿ä ÇÑ°³¸¸Àվ µÇ´Â°Å¾Æ´Ñ°¡¿ä)
2.allocÀÌ ¿Ö µÎ°³ÁÒ? (ù¹ø° alloc¿¡´Â ÀúµÎ°³°¡ eip°ªÀΰɾƴµ¥ ¾Æ·¡allocÀºÀÌÇØ°¡ °¡Áö¾Ê´Â±º¿ä )
3.±×¸®°í
Timer:
dd 00
pu:
cmp [Timer],2
jl 702c90
mov [Timer],0
jmp 702C89
À̱¸¹®ÀÌ ±Ã±ÝÇÕ´Ï´Ù Àú°³ ¹«¾ùÀ»¶æÇÏ´ÂÁö ¼³¸íÇØÁֽǼöÀͫ塂 ´ÙÇØÁÖ½Ã¸é °¨»çÇÏ°Ù½À´Ï´Ù
|
Hit : 2808 Date : 2012/11/06 01:04
|