|
http://www.hackerschool.org/HS_Boards/zboard.php?id=HS_Translate&no=98 [º¹»ç]
¾È³çÇϼ¼¿ä. ¹ø¿ªÀÌ ¸¹ÀÌ ´Ê¾ú±º¿ä.... ¸Û¸Û´Ô Á˼ÛÇÕ´Ï´Ù ¤Ð¤Ð ±×µ¿¾È ±ôºý ÀØ°í ÀÖ¾ú³×¿ä.¤Ð¤Ð¤Ð¤Ð
Á¦°¡ ¸®½º´× ½Ç·ÂÀÌ ¸¹ÀÌ ÀúÁ¶Çؼ ¾Ë¾ÆµèÁö ¸øÇÑ ºÎºÐÀÌ »ó´çÇÕ´Ï´Ù. (ƯÈ÷ ¿ë¾î°°Àº°Å)
³ª¸§ ¿µ»óÀ̶û ¸Â°Ô ÀÇ¿ªÇß½À´Ï´Ù! ±×·¡µµ ¹º°¡ ¾î»öÇϱº¿ä -_-;;;¤Ð¤Ð¤Ð¤Ð
-----------------------------------------------------------------------------------
00:00 This Constant is usually used for checking whether there is optional function being called. recorded by ~.
~¿¡ ÀÇÇØ ±â·ÏµÈ ÀÌ »ó¼ö´Â ´Ù¸¥ ÇÔ¼ö°¡ È£ÃâµÇ´ÂÁö ¾Ë¾Æº¸±â À§ÇØ ÁÖ·Î ¾²ÀÔ´Ï´Ù.
00:08 and so this a nice hint about the ~ function.
±×·¡¼ ÀÌ°ÍÀº ~ ÇÔ¼ö¿¡ ´ëÇÑ ÁÁÀº ÈùÆ®ÀÔ´Ï´Ù.
00:16 so I can still scroll down
°è¼Ó ½ºÅ©·Ñ ÇÒ ¼ö Àֳ׿ä.
00:30 and at some point we are going to find some loop and encrypted record behind it. so it might be nice (one) to stop that because it¡¯s going to self-decrypt itself.
ƯÁ¤ ÁöÁ¡ºÎÅÍ ·çÇÁ¿Í ¾ÏÈ£ÈµÈ ·¹Äڵ带 ãÀ» ¼ö ÀÖ½À´Ï´Ù. (ÇÁ·Î±×·¥ÀÌ)¾Ë¾Æ¼ º¹È£È ÇÒ °ÍÀ̱⠶§¹®¿¡
ÁßÁö½ÃÅ°°Ú½À´Ï´Ù.
00:44 so I can just put an ~ point in to look
º¸±â À§ÇØ ~ Æ÷ÀÎÆ®¸¦ ³Ö°Ú½À´Ï´Ù.
00:58 this time exit to access and reload programme
ÀÌÁ¦ ÇÁ·Î±×·¥À» ²ô°í ´Ù½Ã Àç½ÇÇà ÇÏ°Ú½À´Ï´Ù.
01:06 it¡¯s stopped
¸ØÃ豺¿ä.
01:09 So (Maybe) you just want let it decrypt itself and continue ~
¾Ë¾Æ¼ º¹È£È ÇÏ°Ô ³öµÎ°í ´Ù½Ã ~·Î µ¹¾Æ°©½Ã´Ù.
01:29 here there is a ~ function checking whether ~ in it. But since batch when it started to ~. It¡¯s going to find things that (we are not looking out for). So I can just continue to ~ through it.
¿©±â¿¡ ~°¡ ÀÖ´ÂÁö ¾ø´ÂÁö È®ÀÎÇÏ´Â ~ÇÔ¼ö°¡ ÀÖ½À´Ï´Ù. Batch°¡ ~Çϱ⠽ÃÀÛÇϸé (¿ì¸®°¡ ãÀ¸·Á°í ÇÏ´Â ÆÄÀÏÀ») ãÀ¸·Á°í ÇÒ °ÍÀÔ´Ï´Ù. °è¼Ó ~ÇÏ°Ú½À´Ï´Ù.
02:01 there are a few loops and here we can see that the program is pretty much done. Exceptional ~.
¿©±â ·çÇÁ°¡ Á» ÀÖ°í ÇÁ·Î±×·¥ÀÌ º¹È£È¸¦ °ÅÀÇ ´Ù ÇÑ °ÍÀ» º¼ ¼ö ÀÖ½À´Ï´Ù.
02:11 ~ usually jumps directly over to entry points or they can use a register, it jumps registers, or they can ~ and create exceptions and it jumps to ~ program. So it might be a nice thing to check out.
~´Â º¸Åë ¹Ù·Î entry point·Î °¡±âµµ ÇÏ°í ·¹Áö½ºÅ͸¦ »ç¿ëÇϱ⵵ ÇÕ´Ï´Ù. ¶Ç ¾î¶² °æ¿ì¿¡´Â ~¸¦ Çؼ ¿¹¿Ü¸¦ ¸¸µé°í ~ ÇÁ·Î±×·¥À¸·Î °¡±âµµ ÇÕ´Ï´Ù. È®ÀÎÇØ º¸´Â °ÍÀÌ ÁÁ½À´Ï´Ù.
02:27 it¡¯s building it creates ~ function
ºôµåµÇ°í ÀÖ½À´Ï´Ù. ~±â´ÉÀ» ¸¸µé¾î ³À´Ï´Ù.
02:37 you can just put the brake point on it
Break point¸¦ »ðÀÔÇÏ°Ú½À´Ï´Ù.
02:47 and there¡¯s ~program. So it¡¯s going to break on it. And here is the final jump to the ~ program.
ÀÚ ÀÌÁ¦ ~ ÇÁ·Î±×·¥ÀÌ ¿Ï¼ºµÇ¾ú½À´Ï´Ù. ¿©±â¿¡¼ ¸ØÃâ °Í ÀÔ´Ï´Ù. ±×¸®°í ¿©±â¿¡ ~ ÇÁ·Î±×·¥À¸·Î °¡´Â ¸¶Áö¸· jump°¡ ÀÖ½À´Ï´Ù.
02:55 and to find the right address we have to look at ~.
¿Ã¹Ù¸¥ address¸¦ ãÀ¸·Á¸é ~¸¦ ºÁ¾ßÇÕ´Ï´Ù.
03:29 so here we can see that the program is going to access the ~ structure, and is going to modify the IP register which is a ~ pointer so we have to look at the value of this register because this will be the next location the program is going to jump.
¿©±â¿¡¼ ÇÁ·Î±×·¥ÀÌ ~ ±¸Á¶¿¡ Á¢±ÙÇÏ·Á´Â °ÍÀ» º¼ ¼ö ÀÖ°í ÀÌ°ÍÀº ~ Æ÷ÀÎÅÍÀÎ IP ·¹Áö½ºÅ͸¦ º¯°æÇÒ °ÍÀÔ´Ï´Ù. ÀÌ ·¹Áö½ºÅÍÀÇ °ªÀ» ºÁ¾ß Çϴµ¥¿ä ¿Ö³ÄÇϸé ÀÌ °ªÀº ÇÁ·Î±×·¥ÀÇ ´ÙÀ½ JUMP À§Ä¡À̱⠶§¹®ÀÔ´Ï´Ù.
04:05 right inside the ¡¦¡¦ section. You can put the brake point on it, and just run the program.
¡¦¡¦ ¼½¼Ç ¾È¿¡ break Æ÷ÀÎÆ®¸¦ ³Ö°í ÇÁ·Î±×·¥À» ÀÛµ¿ ½ÃÅ°°Ú½À´Ï´Ù.
04:13 so we just passed the first ~ and now this is the second one
ÀÌÁ¦ ù ~À» Åë°úÇß°í ÀÌ°ÍÀÌ µÎ¹ø° ÀÔ´Ï´Ù.
04:19 it is very simple to begin. Just scroll down and try to locate the jump in ~ point.
½ÃÀÛÇϱ⠾öû ½±½À´Ï´Ù. ½ºÅ©·Ñ ÇÏ°í ~ Æ÷ÀÎÆ®¿¡ ÀÖ´Â Jump¸¦ ã¾Æº¸°Ú½À´Ï´Ù.
04:32 At the end of the ~ section you can find a jump it¡¯s most likely to the one jumping to uhm to ~ programme.
~¼½¼Ç ³¡¿¡ ~ ÇÁ·Î±×·¥À¸·Î À̵¿ÇÒ °¡´É¼ºÀÌ ³ôÀº Jump¸¦ ãÀ» ¼ö ÀÖ½À´Ï´Ù.
|
Hit : 2735 Date : 2012/04/14 02:26
|
97, 
1/4 
dex023
