|
http://www.hackerschool.org/HS_Boards/zboard.php?id=HS_Translate&no=88 [º¹»ç]
¼ö¹é¹ø µé¾ú´ø°Å °°½À´Ï´Ù. °è¼Ó µé¾îµµ ¾Èµé¸®´Â ºÎºÐÀº Àý´ë ¾Èµé¸®°í
100% ¿Ï¼ºÇؼ ¿Ã¸±·Á°í Çߴµ¥ Áö±Ý ½Ç·ÂÀ¸·Î ¾ÈµÇ³×¿ä
¹ø¿ªºÎºÐÀº ÇÒ¼öÀִ°÷ ±îÁö´Â Çß½À´Ï´Ù. ¿À¿ªµµ ÀÖÀ»¼ö ÀÖ½À´Ï´Ù.
Áö±Ý ½Ç·ÂÀ¸·Î ÇÒ¼öÀÖ´Â ÃÖ´ë°¡ ¿©±â±îÁö ÀΰŠ°°°í ³²Àº ºÎºÐÀº ´Ù¸¥ºÐ²² ³Ñ±â°Ú½À´Ï´Ù.
´Ê°Ô ¿Ã¸®°í ´Ù 󸮵µ ¸øÇØ Á˼ÛÇÕ´Ï´Ù.
am....
most what i hear the show the day is how i'm actually used i pro
vastly
¿À´Ã ÄÁÆÛ·±½º¿¡¼ µéÀº °ÍµéÀº ³»°¡ ¾î¶»°Ô **** »ç¿ëÇÏ´Â °Ì´Ï´Ù.
i think fine that IDA Pro is A more scaning tool
IDA Pro ´Â A ÀÌ»óÀÇ ÁÁÀº ½ºÄ³´× ÅøÀ̶ó°í »ý°¢ÇÕ´Ï´Ù.
people try IDA files like would work document file
¹®¼ ÆÄÀÏÀ» ÀÛ¾÷ ÇÏ´Â »ç¶÷µéÀº IDA ÆÄÀϵéÀ» »ç¿ëÇØ º¸¼¼¿ä
it's spent company anybody company but i naver tray sample with
am..
it's generally done IDA files
ÀϹÝÀûÀÎ IDA ÆÄÀϵé·Î Çß½À´Ï´Ù.
**** **** with
lucky with same like IDA Pro , proxy tool is very expensive
ÇÁ·Ï½Ã Åø °ú IDA ÇÁ·Î °°Àº ÇÁ·Î±×·¥Àº ¸¹ÀÌ ºñ½Ô´Ï´Ù
it's someone difficult original visual file
sometimes the last guy are very **** policy
¶§¶§·Î
am..
there want some people rush for example they claim
¾î¶² »ç¶÷Àº ±×µéÀÌ ¿äûÇÑ "¹ÙÀÌ·¯½º »çº»" ¿øÇÕ´Ï´Ù.
because
¿Ö³ÄÇϸé
you know free country for virus
³Ê°¡ ¾ËµíÀÌ ¹ÙÀÌ·¯½º´Â ÀÚÀ¯·ÎÀÌ ±¹°¡µéÀ» µ¹¾Æ ´Ù´Ñ´Ù
am..
i think a little bit
³» »ý°¢¿¡´Â
i do so bad **** though
it does set back comforts tool really very expensive ****
that every single correct word copier
so
±×·¡¼
there are not agree position
ÀÌ ÀÇ°ß¿¡ µ¿ÀÇÇÏÁö ¾Ê½À´Ï´Ù.
but it is a really good tools
±×·¯³ª ÀÌ°ÍÀº Á¤¸» ÁÁÀº ÅøÀÔ´Ï´Ù.
so
±×·¡¼
you've got?
´ç½ÅÀº °¡Áö°í ÀÖ½À´Ï±î?
a mean is agreed by recommended
am...
keys using IDA Pro back to the quickly
but jennifer ID section code given **** that
for example, library functions the import but make sure have
¿¹¸£¸£ µé¾î, ¶óÀ̺귯¸® ÇÔ¼öµéÀ» import ÇÏÁö¸¸ È®½ÇÈ÷ È®ÀÎ Çؾß
µË´Ï´Ù.
although well jennifer ID
because of **** **** **** times by the pieces of program
and you find out have a library name
±×¸®°í ³Ê´Â ¶óÀ̺귯¸® À̸§À» ãÀ»¼ö ÀÖÀ»°Ì´Ï´Ù.
am...
you can see the strange copier strange ****
ÀÌ»óÇÑ *** ¿Í ÀÌ»óÇÑ *** À» º¼¼ö ÀÖ½À´Ï´Ù.
immediately give you huge clue what **** code doing
Áï½Ã *** ÄÚµåÀÇ µ¿ÀÛ¿¡ ´ëÇÑ ¸¹Àº Á¤º¸¸¦ ÁÙ°Ì´Ï´Ù.
am...
start most common use pieces imposible
°¡Àå ÀϹÝÀûÀÎ ºÎºÐÀ¸·Î ½ÃÀÛÇϴ°ÍÀº ºÒ°¡´ÉÇÕ´Ï´Ù.
meanning that if you got A function ****
¸¸¾à¿¡ ³Ê°¡ A ÇÔ¼ö¸¦ ³Ö¾úÀ¸¸é ****
you dont't what is yet
ÀÌ°ÍÀÌ ¹«¾ùÀÎÁö ¾ÆÁ÷ ´ç½ÅÀº ¸ð¸¨´Ï´Ù.
but is at the bottom of a call trace and under function calling at probably working time
±×·¯³ª call trace ÀÇ ¾Æ·¡ºÎºÐ ÀÌ°í ¾Æ¸¶µµ ÀÛ¾÷½Ã°£¿¡ È£ÃâÇÏ´Â ÇÔ¼ö ÀÔ´Ï´Ù.
someone early process figure out without function
´©±º°¡´Â ÇÔ¼ö ¾øÀ̵µ ÇÁ·Î¼¼½º¸¦ ¾Ë¼ö ÀÖ°í
so you can name a back by
and **** give more else program
±×¸®°í **** ´Ù¸¥ ÇÁ·Î±×·¥¿¡°Ôµµ ÁÙ¼ö ÀÖ½À´Ï´Ù.
and then last point
¸¶Áö¸· ¿äÁ¡ À¸·Î
this is one i quickly side back by stick to the program flow
ÇÁ·Î±×·¥ÀÇ È帧¿¡ Ãæ½ÇÇÏ¿©
we need know about
¿ì¸®´Â ÀÌ°Í¿¡ ´ëÇØ ¾Ë¾Æ¾ß ÇÕ´Ï´Ù.
this side on go
at the time looking at pick piece and look out
beacuse it's easy to off side track reallize here or later or
else looking at we naver piece my mom
someone here go IOC point
´©±º°¡´Â IOC Æ÷ÀÎÆ®·Î °¥ °ÍÀÌ´Ù.
**** **** Library Functions
**** **** ¶óÀ̺귯¸® ÇÔ¼öµé
this is most programs demo **** **** compiler
´ëºÎºÐ ÇÁ·Î±×·¥µéÀº **** **** ÄÄÆÄÀÏ·¯
include pieces **** in with a code
am...
so that strange copy strange functions man copy always
library pieces actually live binary **** with it
so import have a jennify ID
±×·¡¼ Á¦´ÏÆÛ ID¸¦ import ÇÕ´Ï´Ù.
the imports the source and you get
¼Ò½º¸¦ import ÇÏ°í
for any family system **** and **** library linking
it's good a be reading some library low time possibly at run time as well
·±Å¸ÀÓ ¿¡ ¾î¶² ¶óÀ̺귯¸® "³·Àº ½Ã°£"À» ÀÐÀ»»Ó¸¸ ¾Æ´Ï¶ó
that is set up functions window
student app **** library and program control
and lot some piece you wanna take look at jennifer ID
the entry points and show example
ÁøÀÔÁ¡µé °ú Ç¥½Ã ¿¹Á¦
you **** where
am...
the entry points is not obviously
ÁøÀÔÁ¡µéÀº ¸í¹éÇÏÁö ¾ÊÁö¸¸
serious A **** A **** a point
this is **** know when we **** **** start ****
how i **** tool show minute
and them look at **** particular interesting course
and this is a **** experience
am....
**** obvious
some agency call think LoadLibrary
¾î¶² ¿¡ÀÌÀü½Ã ÄÝÀº LoadLibrary ¶ó°í »ý°¢µË´Ï´Ù.
mention we knows **** load up library **** time
some **** code design view
have very few import possible at the actually low time
manually **** **** **** wrong
so sometimes very important
¶§¶§·Î ¸Å¿ì Áß¿äÇÕ´Ï´Ù.
depending on some time piece **** **** **** code
you wanna look at
³Ê´Â Àú°É º¸±â¸¦ ¿øÇÒ°Å°í
naver calls rand
rand ÇÔ¼ö¸¦ È£Ãâ ÇÏ¸é ¾ÈµË´Ï´Ù.
am....
if you got worm, it got a particular spread **** worm
¸¸¾à ¿úÀ» °¡Áö°í ÀÖ´Ù¸é, ƯÁ¤ÇÑ °÷À¸·Î ÆÛÁö´Â **** ¿úÀÔ´Ï´Ù.
that is start one of pieces people worm very instead
the rand function **** involve
rand ÇÔ¼ö´Â **** °ü·ÃÀÖ´Ù.
you wanna look at what's going to the registry file system and
ÆÄÀϽýºÅÛ ·¹Áö½ºÅÍ¿¡ ¾î¶² ÀÛ¾÷À» ÇÏ´ÂÁö º¸°í ½Í°í
you look at think like free is web
´ç½ÅÀº ¹«·á À¥ °°Àº »ý°¢ÀÌ µé°Ì´Ï´Ù.
a lot of **** code file up all ****
and IDA Pro dosen't **** dosen't ****
so that is mean manually take a look out and mark
ÀǹÌÇÏ´Â ¹Ù´Â ¼öµ¿Àû
some looking at calls diagram
´ÙÀ̾î±×·¥ È£ÃâÀ» º¼°ÍÀ̸ç
i **** **** cpu and then it dosen't include think **** **** ****
until **** struction
|
Hit : 2219 Date : 2011/08/09 07:21
|
97, 
1/4 
