|
http://www.hackerschool.org/HS_Boards/zboard.php?id=HS_Translate&no=82 [º¹»ç]
À̹ø¿£ ³Ê¹« ¸øÇÑ °Í °°¾Æ Á˼ÛÇմϴ٤ФÐ
Àß ¾È µé¸®´Â ºÎºÐÀÌ ¸¹¾Æ Çؼ®À» ¸øÇÑ °Íµµ ¸¹½À´Ï´Ù..
ÀÏ´Ü ´õ µé¸®´Â°Ô ÀÖÀ¸¸é °è¼Ó Ãß°¡Çغ¼°Ô¿ä!
*** checks for that
*
so i've previously terminated is the f**** function.
Á¦°¡ ¹æ±Ý ¾ø¾Ø °Ô **** ±â´ÉÀÔ´Ï´Ù.
I'm gonna put the mic down
¼³¸íÀ» Çص帮±â À§ÇØ
a little bit so i can tell you
Àá½Ã ¸¶ÀÌÅ©¸¦ ³»·Á³õ°Ú½À´Ï´Ù.
so i've found the function i wanna focus on
Á¦°¡ ÁßÁ¡À» µÎ°í ½ÍÀº ±â´ÉÀ» ã°í
and i wanna show you a little bit how i would go
¸ðµç ±â´ÉÀ» ÀÏÀÏÈ÷ Ç¥½ÃÇÏ´Â°Ô Á¤¸»
½Ç¿ëÀûÀÌ°í ¹Ù¶÷Á÷ÇÑ ÀÏÀÎÁö
about marking every function so does it actually useful and likable
Àá½Ã ¿©·¯ºÐ¿¡°Ô º¸¿©µå¸®°í ½Í½À´Ï´Ù.
and i can actually start getting in the ***** see what it does
what are the very first thing that i wanna do with
Á¦°¡ °¡Àå ¸ÕÀú ÇÏ°í ½ÍÀº °ÍÀº
the function is trying to identify the mpoints.
mpointµéÀ» ã¾Æ È®ÀÎÇÏ´Â °ÍÀÔ´Ï´Ù.
so here's where returns.
¿©±â¼ ¹ÝȯÇϳ׿ä
umm, (often?)***** times you don't know what's going on quite yet,
*** ¾ÆÁ÷±îÁö´Â ¹¹°¡ ¾î¶»°Ô µÇ´ÂÁö Àß ¸ð¸£½Ç °Ì´Ï´Ù,
so ah let's go ahead marker ****
you don't know **** who's gonna call this call returning @@@
uh my habit is to mark up the return functions
Á¦ ½À°üÀº ****¸¦ Ç¥½ÃÇÏ´Â °Í
native? return underscore where *** turning
trying anything force not being set here *******
returning 1 or call returns 0 returning to register
and a lot of functions what ha** return variable ***
if there's any loose on the program,
¸¸¾à ÇÁ·Î±×·¥¿¡ ÇãÁ¡ÀÌ ÀÖ´Ù¸é
find and mark of those.
À̰͵éÀ» ã¾Æ³»¼ Ç¥½ÃÇÕ´Ï´Ù.
i don't see any obvious ones
Àú´Â È®½ÇÇÑ °Ô º¸ÀÌÁø ¾Ê³×¿ä
i'm looking on the side where's the arrows are,
Áö±Ý È»ìÇ¥°¡ ÀÖ´Â ÂÊÀ» º¸°íÀִµ¥¿ä,
you can see a stick black line if you jumps upwards.
À§·Î ¿Ã¶ó°¡¸é? °ËÀº»ö ÁÙÀÌ º¸ÀÌ½Ç °Ì´Ï´Ù.
which often times **** cames but not always
°¡²û *** º¸ÀÌÁö¸¸ Ç×»óÀº ¾Æ´Ñ
so uhm, i'm gonna do it **** graf? down from here,
im running out of time
½Ã°£ÀÌ ´Ù µÇ¾î°¡°íÀֳ׿ä
trying to ** ** ****
ok, so this * call too many children funcions that aren't library *****
³×, ÀÌ *´Â ¶óÀ̺귯¸®¿¡ ¾ø´Â ³Ê¹« ¸¹Àº ºÎ¼Ó ±â´É(ÀÚ½Ä ±â´É?)À» È£ÃâÇÕ´Ï´Ù.
i'll take a look at this ***
ÀÌ°É Çѹø ºÁº¸ÁÒ
ok so here's one of ****************applications
if you used this IDA pro normally used *** behaviors
the problem is.. was at IDA pro was not realized
¹®Á¦´Â, IDA pro°¡ ÀÌ ±â´ÉÀÌ EEP¸¦
that this function uses EEP as variable pointer.
º¯¼ö Æ÷ÀÎÅÍ·Î »ç¿ëÇÑ´Ù´Â °É ¾Ë¾ÆäÁö ¸øÇÑ´Ù´Â °Ì´Ï´Ù.
it's normally looking for its signature **
**** this C++ program ****
the way in do that (fix that) is ** edit > function
±×°É °íÄ¡´Â ¹æ¹ýÀº, ¼öÁ¤ > ±â´ÉÀ¸·Î °¡¼
and you'll see ****(eep?) basic frame
*** ±âº» ÇÁ·¹ÀÓÀ» **Çϴ°̴ϴÙ
if you prefer use in keyboard ***
Å°º¸µå·Î ÇϽô °É ¿øÇϽøé ****
here we go
****** announces *** argument functions..
this is import because it'll start picking up variable
names in the system ***
if it knows particular parameters * system ca** name this,
if it's clear your program is also uses init the same way
so uhm.. we can see some of the funcions on
here, and again * mark return ******next *** here
but some of the key pieces ***just you wanna do
in terms in naming variables if * when you can go up?
and put in the functions proto type
so down here, i've got arguments to this program
i've got a list (least?) one** name
i can go up here and press ***
ÀÌÁ¦ ÇÁ·ÎÆ÷ ŸÀÔ ±â´ÉÀ» ½ÇÇàÇغ¸±â À§ÇØ
to start function proto type
À§·Î ¿Ã¶ó°¡¼ * ¹öÆ°À» ´·¯º¸°Ú½À´Ï´Ù.
now *****another prompt to ****
i'm using c++ here which is uhmm
most of function was programmed ***
exception handler srewed up **** |
Hit : 1786 Date : 2011/08/02 08:02
|
97, 
2/4 
