ÆÐÄ¡°ÁÂ No 8
ºñÁê¾ó °íµµ¸® Version 4.2 ÆÐÄ¡Çϱâ
( Numega Soft-Ice Ver 3.24 - MSVBVM50.DLL )
À̹ø°Á¿¡¼´Â VisualBasic À¸·Î ÀÛ¼ºÇÑ ÇÁ·Î±×·¥À» ¾î¶»°Ô ÆÐÄ¡ ÇÏ´ÂÁö¿¡ ´ëÇÏ¿© ´Ù·ê °Í ÀÔ´Ï´Ù.
VIsualBasic ÇÁ·Î±×·¥Àº »ó´çÈ÷ ±î´Ù·Î¿î Á¡ÀÌ ÀÖ½À´Ï´Ù. ¸¸¾à¿¡ VB4.0 & VB3.0 À¸·Î ÀÛ¼ºÇÑ ÇÁ·Î±×·¥Àº Á¶±Ý ´ú ±î´Ù·ÓÁö¸¸ VB5.0 À¸·Î ÀÛ¼ºÇÑ ÇÁ·Î±×·¥Àº ½Å°æÀ» ¸¹ÀÌ ¾²¼Å¾ß ÇÒ °Í ÀÔ´Ï´Ù.. VB5.0 ÇÁ·Î±×·¥À» ÆÐÄ¡ ÇϽ÷Á¸é MSVBVM50.DLL ÆÄÀÏÀ» ·Îµå ÇÏ¼Å¾ß ÇÕ´Ï´Ù. ¾Æ·¡ÀÇ WINICE.DAT ÆÄÀÏÀ» Âü°í ÇϽñ⠹ٶø´Ï´Ù.
NMI=ON
SIWVIDRANGE=ON
LOWERCASE=ON
MOUSE=ON
NOLEDS=OFF
NOPAGE=OFF
PENTIUM=ON
THREADP=ON
VERBOSE=ON
PHYSMB=128
SYM=1024
HST=256
TRA=8
INIT="WIN;WL;CODE ON;WC 10;WD 5;WR 2;X;"
; È¸é ¸ð¾ç ¸¸µé°í
F1="^here;"
; Áö±Ý À§Ä¡±îÁö ½ÇÇàÇ϶ó~
F2=""
F3=""
F4="^rs;"
; À©µµ¿ì ȸ麸±â
F5="^x;"
; Á¾·á & ½ÇÇà
F6="^ec;"
; Ä¿¼ À§Ä¡ ¹Ù²Ù±â ( Code Window & Command Window )
F7="^p ret;"
; ret ¸¦ ¸¸³¯¶§ ±îÁö ½ÇÇà
F8="^t;"
; Æ®·£½Ì ¹æ¹ý
F9="^bpx;"
; ºê·¹ÀÌÅ© Æ÷ÀÎÆ®
F10="^p;"
; Æ®·£½Ì ¹æ¹ý
F11="^CODE OFF;"
; HEXA CODE º¸Áö ¾Ê±â
F12="^CODE ON;"
; HEXA CODE º¸±â
; ¾Æ·¡´Â 32ºñÆ® ÇÔ¼ö¸¦ »ç¿ëÇϱâ À§ÇØ.. DLL ·Îµå
EXP=c:\windows\system\kernel32.dll
EXP=c:\windows\system\user32.dll
EXP=c:\windows\system\gdi32.dll
EXP=c:\windows\system\comdlg32.dll
EXP=c:\windows\system\shell32.dll
EXP=c:\windows\system\advapi32.dll
EXP=c:\windows\system\shell232.dll
EXP=c:\windows\system\comctl32.dll
EXP=c:\windows\system\crtdll.dll
EXP=c:\windows\system\version.dll
EXP=c:\windows\system\netlib32.dll
EXP=c:\windows\system\msshrui.dll
EXP=c:\windows\system\msnet32.dll
EXP=c:\windows\system\mspwl32.dll
EXP=c:\windows\system\mpr.dll
EXP=c:\windows\system\msvbvm50.dll
; ÀÌ ºÎºÐÀÌ MSVBVM50.DLL ÆÄÀÏÀ» ·Îµå..
À§ÀÇ DAT ÆÄÀÏÀ» Âü°í ÇÏ½Ã°í ½ÃÀÛ ÇÕ´Ï´Ù. ÀÌÁ¨ VB5.0 ÇÁ·Î±×·¥À» ÆÐÄ¡ Çϱâ À§Çؼ ¾Ë¾Æ¾ß ÇÒ ¸î°¡Áö ÇÔ¼ö¸¦ Á¤ÀÇ ÇÕ´Ï´Ù.
rtcMsgBox -> MessageBoxA °ú °°´Ù°í »ý°¢ÇÏ½Ã¸é µË´Ï´Ù.. ¸Þ¼¼Áö ¹Ú½º¸¦ Àâ´Â°Í
rtcInputBox
__vbaStrCmp -> cmp ax,ax ÀÌ·±°Í°ú °°´Ù°í »ý°¢ÇÏ½Ã¸é µË´Ï´Ù. ¹®ÀÚ¿À» ºñ±³ÇÏ´Â °Í
__vbaFreeVar -> ÀÔ·ÂÇÑ ¹®ÀÚ¿À» ¹Ýȯ½Ã ºêÆ÷
__vbaLenBstr -> ¹®ÀÚ¿ÀÇ ±æÀ̸¦ ¹Ýȯ
__vbaStrCopy
__vbaStrMove -> ¹®ÀÚ¿ÀÇ À§Ä¡¸¦ À̵¿..
Á˼ÛÇÕ´Ï´Ù.. Visual Basic ÇÁ·Î±×·¥Àº Windows API ÇÔ¼öµéÀÌ ¸ÔÈ÷Áú ¾Ê¾Æ¼.. À§ÀÇ ÇÔ¼ö¿¡ ´ëÇÏ¿© ÀÚ¼¼ÇÏ°Ô ¾Ë·Á µå¸±¼ö ¾øÀ½À» Á˼ÛÇÏ°Ô »ý°¢ÇÕ´Ï´Ù.. Àúµµ Àú ¿¬±¸ÇؾßÁÒ!! À¸À½...
±×·³ °íµµ¸®¸¦ ½ÇÇà ½ÃÅ°½Ê½Ã¿À! ±×·±´ÙÀ½ ½ÇÇàÀÌ µÇ°í µî·Ï¹øÈ£¸¦ ¹°¾îº¸´Â ¹Ú½º°¡ ¶ã °Í ÀÔ´Ï´Ù. ±×·³ ÀÌ °÷¿¡¼.. ´ÙÀ½°ú °°Àº ºêÆ÷¸¦ °É¾î ÁÝ´Ï´Ù..
bpx __vbaStrCmp
±×·±´ÙÀ½ ¼ýÀÚ¸¦ ÀÔ·ÂÇÏ°í µî·ÏÈ®ÀÎ ¹öÆ°À» Ŭ¸¯... ±×·³..
MSVBVM50!__vbaStrCmp
0177:7B24F8F6 PUSH DWORD PTR [ESP+08]
: PUSH DWORD PTR [ESP+08]
: PUSH 00
: CALL MSVBVM50!__vbaStrComp
: MOVSX EAX,AX
: RET 0008
ÀÌ·±°÷ÀÌ ³ª¿É´Ï´Ù.. RET ¸¦ Áö³ª¸é
XXXX:4C0341 CALL MSVBVM50!__vbaStrCmp
NEG EAX
SBB EAX,EAX
INC EAX
NEG EAX
MOV [EBP-44],AX
::
::
°è¼Ó Æ®·£½ÌÇϽøé... Á¶±Ý ¾Æ·¡ ºÎºÐ¿¡..
XXXX:4C0462 FILD DWORD PTR [004E81A8]
FSTP REAL8 PTR [EBP-0088]
FCOMP REAL8 PTR [EBP-0088]
FSTSW AX
SAHF
JNZ 004C0485
MOV DWORD PTR [EBP-008C],00000001
JMP 004C048C
AND DWORD PTR [EBP-008C],00000000
::
::
ÀÌ·±½ÄÀÇ Äڵ尡 ³ª¿É´Ï´Ù.. À§ÀÇ ÄÚµåµéÀº Á¦°¡ È®½ÇÈ÷ ¾Ë ¼ö´Â ¾ø½À´Ï´Ù.. ½Å±âÇϱ⸸ ÇÑ ¿µ¾îµé.. vb ÇÁ·Î±×·¥ÀÇ ÄÚµåµéÀº Àß ¸ð¸£°Ú´õ±º¿ä.. À¸À½.. ÇÏÁö¸¸ .. º¸ÅëÀÇ ¾Ë°í¸®ÁòµéÀÌ 1°ú 0À¸·Î ¸Ô°í »ì±â ¶«½Ã ´«Ä¡ ÄÚÄ¡¸¸ ÀÖ´Ù¸é ¾î´À ÇÁ·Î±×·¥À̵çÁö ÆÐÄ¡ ÇÒ ¼ö ÀÖÀ¸½Ç °Í ÀÔ´Ï´Ù.. °£´ÜÇÏÁö¿ä..
À§ÀÇ MOV DWORD PTR [EBP-008C],00000001 °ú AND DWORD PTR [EBP-008C],00000000 ´Â [EBP-008C] ¸¦ 1°ú 0À¸·Î ¸¸µé¾î ÁÝ´Ï´Ù.. º¸ÅëÀº 1·Î ºüÁ® ³ª°¡¾ßÁö.. µî·ÏÀÌ µÇ±â ¶«½Ã.. À§ÀÇ JNZ 004C0485 ÀÌ ºÎºÐÀ» ´Ù NOP ·Î ¸¸µé¾î Áشٸé Áö±Ý ÀÌ ºÎºÐÀÌ Áö³ª°¥¶§´Â ¹«Á¶°Ç 1·Î ºüÁ® ³ª°¡¼ µî·ÏÆÇÀÌ µÇ´Â °Í ÀÌÁö¿ä..
ÀÌ ¾Æ·¡ ºÎºÐÀ» º¸½Ã¸é VGIMG.RES ÆÄÀÏ¿¡ µî·Ï¹øÈ£¸¦ ÀúÀåÇÏ´Â °ÍÀ» ¾Ë ¼ö ÀÖÀ» °Í ÀÔ´Ï´Ù.. ÇÁ·Î±×·¥ÀÇ ÀÌ»óÀÌ »ý±â´Â °ÍÀ» ¹æÁöÇÏ°í ½ÍÀ¸½Ã´Ù¸é À§ÀÇ ÆÄÀÌÀ» backup ÇØ µÎ½Ã°í Çϼ¼¿ä..
FILENAME : VISUALGO.EXE
OFFSET : BF877 h
OLDCODE : 75 0C
NEWCODE : 90 90
À§¸¦ ¼öÁ¤ ÇÏ½Ã¸é µË´Ï´Ù.
ÇÁ·Î±×·¥ ¼öÁ¤ ¼Ò½º¸¦ º¸½Ã°í ½ÍÀ¸½Å ºÐµéÀÌ ÀÖÀ» °Í °°¾Æ.. ÆÐÄ¡ ¼Ò½º¸¦ ¾Æ·¡¿¡ Ç¥½Ã ÇÕ´Ï´Ù..