¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡ OkStart Cracking Tutorials No. 12 DK Z-Note Version 1.21 [ Eng ] ÃÊ°£´Ü ÆÐÄ¡ H O M E : http://user.chollian.net/~dksoft/dkznote/ D O W N : http://user.chollian.net/~dksoft/dkznote/znote_e1.exe USINGTools : Numega Soft-Ice Version 3.24 ¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡ À½.. ÆÐÄ¡ÇϽǶ§ ³Ê¹« ¾î·Æ°Ô »ý°¢ÇϽø鼭 °øºÎ ÇϽô °Í °°±º¿ä. ÆÐÄ¡¶õ ±×³É?? ÇÁ·Î±×·¥À» ¸ÁÃijõ´Â°Í... ¶ôÀ̶õ °ÍÀº °£´ÜÇÕ´Ï´Ù.. Áö°¡ ¹«½¼ ¿¬»êÀ» ÇÏ´ø¸»´ø ÁöÁö°í º¹´ø°£¿¡ ºÐ¸íÈ÷ Âü°ú °ÅÁþÀ̶ó´Â ºÎºÐÀÌ ÀÖ½À´Ï´Ù. ºÐ¸íÈ÷ ºñ±³ ºÎºÐÀÌ ÀÖ½À´Ï´Ù. ÄÄÇ»ÅÍ´Â º¸Åë ÂüÀº 1,°Å ÁþÀº 0 À̶ó´Â °ªÀ» °¡Áý´Ï´Ù.. ÆÐÄ¡ÇÏ´Â µµÁß À̸§À» ÀÔ·ÂÇϱ¸ ½Ã¸®¾óÀ» ÀÔ·ÂÇϱ¸ ³ª¼­ 1°ú 0 ¸ÕÀú ãÀ¸½Ê½Ã¿À. ±×¸®°í 0À¸·Î °¡´Â ºÎºÐÀ» 1·Î °¡°Ô²û ¸¸µé¾î ÁÖ¸é ÆÐÄ¡´Â ³¡ ÀÔ´Ï´Ù. ¿¬»ê°úÁ¤ÀÌ ±æ¾îµÎ »ó°ü¾ø°í µÎ¹ø¿¬»êÇϵç 10º¯À» ¿¬»êÇϵ簣¿¡ ±×³É 0 À¸·Î °¡´Â ºÎ ºÐÀ» 1 ·Î °¡°Ô²û ¸¸µé¾î ÁÖ¸é µË´Ï´Ù.. À§ÀÇ °³³äÀ» ¸Ó¸®¿¡ Áý¾î ³Ö°í ´ÙÀ½À» º¸½Ê½Ã¿À!. ÇÁ·Î±×·¥ ´Ù¿î ¹ÞÀ» ¼ö Àִ°÷ : ÀÌ °÷¿¡¼­ À§ÀÇ ÇÁ·Î±×·¥À» ´Ù¿î ¹ÞÀ¸½Ã±¸ ÀνºÅç! ±×¸®°í ½ÇÇà ½Ãŵ´Ï´Ù. ±×¸®°í µî·Ï ºÎºÐ¿¡¼­ µî·ÏÄڵ带 ÀÔ·ÂÇ϶ó ÇÏÁÒ. ¾Æ¹«·¸°Ô³ª ÀÔ·ÂÀ» Çϱ¸³ª¼­ À̸§ ¾Æ´Ï¸é ½Ã¸®¾óÀ» ÀÔ·ÂÇÏ´Â ÇÁ·Î±×·¥¿¡¼­ÀÇ ºêÆ÷´Â GetWindowtextA À§ÀÇ ÇÔ¼ö¿¡ ºêÆ÷¸¦ °É±¸ ³ª¼­ È®ÀÎ ¹öÆ°À» ´©¸£¸é.. ´ç¿¬È÷ °É¸®°ÚÁÒ.. P ret ¸¦ Á¶±Ý ´­¸£¸é¼­ Æ®·£½ÌÀ» ÇÏ¸é ´ÙÀ½ ºÎºÐÀÌ ³ª¿É´Ï´Ù. :0041DB4C 68C0EF4600 push 0046EFC0 :0041DB51 8B4DEC mov ecx, dword ptr [ebp-14] :0041DB54 E84A580200 call 004433A3 :0041DB59 C645FC01 mov [ebp-04], 01 :0041DB5D 83EC04 sub esp, 00000004 :0041DB60 8965E0 mov dword ptr [ebp-20], esp :0041DB63 56 push esi :0041DB64 8B4DE0 mov ecx, dword ptr [ebp-20] :0041DB67 E874560200 call 004431E0 :0041DB6C 885DFC mov byte ptr [ebp-04], bl :0041DB6F E8ACA3FFFF call 00417F20 - ´ç¿¬È÷ ÀÌ ºÎºÐ¿¡¼­ µî·Ï¹øÈ£°¡ ¸Â´ÂÁö Ʋ¸®´ÂÁö ¿¬»êÇÏ°ÚÁ®. :0041DB74 83C418 add esp, 00000018 :0041DB77 85C0 test eax, eax :0041DB79 7527 jne 0041DBA2 - ÀüÇüÀûÀÌ ¹æ¹ý eax ¿¡ 1°ú 0À» Áý¾î³Ö¾î Âü°ú °ÅÁþÀ» ÆǺ° ´ç¿¬È÷ À§ CALL ºÎºÐ¿¡ µî·Ï¹øÈ£¸¦ ¿¬»êÇؼ­ Âü°ú °ÅÁþÀ» °¡·Á ³»°ÚÁÒ! 0 À϶§´Â No Jump Çؼ­ ¾Æ·¡¿Í °°ÀÌ Æ²¸®´Ù´Â ¸Þ¼¼Áö 1 À϶§´Â Jump Çؼ­ µî·ÏÇؼ­ °í¸¿´Ù´Â ¸Þ¼¼Áö.. :0041DB7B 53 push ebx :0041DB7C 53 push ebx * Possible StringData Ref from Data Obj ->"mis-input: Register Code" | :0041DB7D 6810F34600 push 0046F310 :0041DB82 E8B2B30200 call 00448F39 -> ¶È¹Ù·ç ÀÔ·ÂÇØ.. :0041DB87 C745FCFFFFFFFF mov [ebp-04], FFFFFFFF :0041DB8E E826010000 call 0041DCB9 :0041DB93 8B45F4 mov eax, dword ptr [ebp-0C] :0041DB96 5E pop esi :0041DB97 64A300000000 mov dword ptr fs:[00000000], eax :0041DB9D 5B pop ebx :0041DB9E 8BE5 mov esp, ebp :0041DBA0 5D pop ebp :0041DBA1 C3 ret :0041DBA2 8D45E4 lea eax, dword ptr [ebp-1C] :0041DBA5 B9842A4700 mov ecx, 00472A84 :0041DBAA C7057CEF460001000000 mov dword ptr [0046EF7C], 00000001 .......... Áß°£ »ý·« ................ :0041DBF9 A1842A4700 mov eax, dword ptr [00472A84] :0041DBFE 8D4DF0 lea ecx, dword ptr [ebp-10] :0041DC01 50 push eax * Possible StringData Ref from Data Obj ->"%s, Register the Completed ! Good " ->"Luck to you." | :0041DC02 68C0F24600 push 0046F2C0 :0041DC07 51 push ecx :0041DC08 E8A1D90100 call 0043B5AE -> µî·ÏÇؼ­ °í¸¶¹ö.. :0041DC0D 83C40C add esp, 0000000C :0041DC10 8D4DF0 lea ecx, dword ptr [ebp-10] ±×·³ ´ç¿¬È÷ CALL ºÎºÐ¿¡ ºêÆ÷¸¦ °É±¸ ´Ù½Ã ½Ã¸®¾óÀ» ÀÔ·ÂÇϱ¸ È®ÀÎ ¹öÆ°À» ´­·¯¼­ ÀÌ CALL ºÎºÐºÎÅÍ ¾ÈÀ¸·Î µé¾î°¡¼­ Æ®·£½ÌÀ» ÇØ¾ß °ÚÁÒ!! ´ÙÀ½À» Àß º¸½Ã±â ¹Ù¶ø´Ï´Ù. ÀÌ °­ÁÂÀÇ ÇÙ½ÉÀÌ ÀÖÀ¸´Ï±î¿©.. * Referenced by a CALL at Addresses: |:004183C1 , :0041DB6F | Áö±Ý ÀÌ ÄÚµå´Â W32Dasm À¸·Î ¸¸µç °ÍÀε¥. À§¿¡ ÁÖ¼Ò´Â ÀÌ ºÎºÐÀ» ºÒ¸£´Â °÷À» ³ªÅ¸³À´Ï´Ù. 2°³ÀÇ ÁÖ¼Ò°¡ ÀÖÁÒ?? ÀÌ°Ç ´ç¿¬ÇÏ´Ù±¸ º¸½É µË´Ï´Ù. µî·ÏÇÒ¶§ Çѹø ºÒ¸£±¸. óÀ½ ÇÁ·Î±×·¥ÀÌ ½ÇÇàµÉ¶§ ÀúÀåÇصРµî·Ï¹øÈ£°¡ ¸Â³ª Ʋ¸®³ª °Ë»ç Çϴϱ.. ´ç¿¬È÷ 2¹ø ÀÌ°ÚÁÒ!! ±×·¯´Ï ÀÌ ºÎºÐÀÌ µî·Ï¹øÈ£¸¦ ¿¬»êÇؼ­ Âü°ú °ÅÁþÀ» °¡¸®´Â °÷ÀÌÁ®. :00417F20 64A100000000 mov eax, dword ptr fs:[00000000] :00417F26 55 push ebp :00417F27 8BEC mov ebp, esp :00417F29 6AFF push FFFFFFFF :00417F2B 6897824100 push 00418297 :00417F30 50 push eax :00417F31 64892500000000 mov dword ptr fs:[00000000], esp :00417F38 83EC20 sub esp, 00000020 :00417F3B C745FC01000000 mov [ebp-04], 00000001 :00417F42 53 push ebx :00417F43 8D4DD4 lea ecx, dword ptr [ebp-2C] :00417F46 56 push esi :00417F47 BB03000000 mov ebx, 00000003 :00417F4C 57 push edi :00417F4D E87EB20200 call 004431D0 :00417F52 C645FC02 mov [ebp-04], 02 :00417F56 8D4DE0 lea ecx, dword ptr [ebp-20] :00417F59 E872B20200 call 004431D0 :00417F5E 8D4DDC lea ecx, dword ptr [ebp-24] :00417F61 885DFC mov byte ptr [ebp-04], bl :00417F64 E867B20200 call 004431D0 :00417F69 C645FC04 mov [ebp-04], 04 :00417F6D 8D4D08 lea ecx, dword ptr [ebp+08] :00417F70 E816B90200 call 0044388B :00417F75 6A2D push 0000002D :00417F77 8D4D08 lea ecx, dword ptr [ebp+08] :00417F7A E8E8B80200 call 00443867 :00417F7F 8945F0 mov dword ptr [ebp-10], eax :00417F82 83F8FF cmp eax, FFFFFFFF :00417F85 7542 jne 00417FC9 - Àü ÀÌ ºÎºÐÀ» ¼öÁ¤ ÇÒ °Í ÀÔ´Ï´Ù. ÀÌ jump ºÎºÐÀ» eax ¿¡´Ù°¡ 1 À» Áý¾î ³Ö´Â °÷À¸·Î ÀÓÀÇ ÀûÀ¸·Î ¼öÁ¤ÇÒ °Í ÀÔ´Ï´Ù.. ¾î·Á¿î ¿¬»ê ºÎºÐÀ» ¹ø¿ªÇØ°¡¸ç Æ®·£½ÌÇÒ ÇÊ¿ä ¾øÀÌ ÀÌ ºÎºÐÀ» ³» ¸¾´ë·ç ¹Ù²Ü ¾êÁ¤ ÀÔ´Ï´Ù. JNE 00417FC9 -=> JMP 00418219 ¾Æ·¡ 418219 ºÎºÐÀ» Áö³ª°¡¸é EAX ¸¦ 1 ·ç ¸¸µé¾î ¹ö¸³´Ï´Ù. ±×¸®±¸ RET ºÎºÐÀ¸·Î jUMP Çϵµ·Ï µÇ¾î ÀÖÁÒ. º¹ÀâÇÑ ¿¬»ê ºÎºÐÀ» ±×³É Áö³ªÄ¡±¸ µî·ÏÆÇÀ¸·Î ¸¸µé¾î ¹ö¸®¾ß¡.. Old Code 75 42 88 5D FC New Code E9 8F 02 00 00 ÀÌ·¸°Ô¸¸ ¼öÁ¤ÇÏ¸é ³¡.. ÇÁ·Î±×·¥¿¡ ÀÌ»óÀ» ³¢Ä¡Áú ¾Ê´Â´Ù¸é À§ ¹æ¹ýÀ¸·Î ¼öÁ¤ÇÏ¸é µË´Ï´Ù. ±×¸®°í º¸Åë µî·Ï¹øÈ£ ¿¬»ê ºÎºÐÀº ÇÁ·Î±×·¥¿¡ ¿µÇâÀ» ÁÖÁú ¾Ê½À´Ï´Ù. ±×·¯´Ï±î.. º¸ÅëÀûÀ¸·Î´Â À§ ¹æ¹ýÀ» »ç¿ëÇصΠµÈ´Ü ¾ê±â°¡ µÇÁ®. :00417F87 885DFC mov byte ptr [ebp-04], bl * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:0041802E(U), :00418049(U), :004180AA(U), :004180BC(U), :004180E8(U) |:00418139(U), :0041820B(U), :00418214(U) | - ÀÌ ºÎºÐÀ» Áö³ª°¡¸é xor eax,eax ºÎºÐÀ» Áö³ª °©´Ï´Ù. ±×·¯¸é °ÅÁþÀ¸·Î ÀÌ CALL ºÎºÐÀ» ³ª°£´Ù´Â ¾ê±â ÀÔ´Ï´Ù.. ±×·¯´Ï ÀÌ ºÎºÐÀ» Áö³ª°¡¸é ¾ÊµÇ°ÚÁ®..?? À§ÀÇ ÁÖ¼ÒµéÀ» º¸½Ê½Ã¿À.. Âü Â¥Áõ³ª°Ô ¸¹ÁÒ.. ÀÌ ¾ê±ä °Ë»ç¸¦ ¹«ÁøÀå ¸¹ÀÌ ÇÑ´Ù´Â ¾ê±âµµ µË´Ï´Ù. Àü ÀÌ·± ÇÁ·Î±×·¥À» ÇÒ ¶§¸é ±×³É Äڵ带 ¿ÏÁÔÈ÷ ¼öÁ¤ÇØ ¹ö¸³´Ï´Ù. óÀ½ºÎÅÍ ¿¬»ê ºÎºÐÀ» Áö³ª°¡Áú ¾Ê±¸. ¸¶±¸ÀÚºñ ¹æ¹ýÀ¸·Î ±×³É 1 ºÎºÐÀ» Áö³ª°¡µµ·Ï ÇÁ·Î±×·¥ Äڵ带 ¼öÁ¤ÇØ ¹ö¸®´Â °Í ÀÔ´Ï´Ù. :00417F8A E8E8020000 call 00418277 :00417F8F C645FC02 mov [ebp-04], 02 :00417F93 E8E7020000 call 0041827F :00417F98 C645FC01 mov [ebp-04], 01 :00417F9C E8E6020000 call 00418287 :00417FA1 C645FC00 mov [ebp-04], 00 :00417FA5 E8E5020000 call 0041828F :00417FAA C745FCFFFFFFFF mov [ebp-04], FFFFFFFF :00417FB1 E8EB020000 call 004182A1 :00417FB6 33C0 xor eax, eax => ºñµî·Ï eax = 0 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0041824A(U) <¦¡¦¡¦¡¦¡¦¤ | ¦¢ :00417FB8 8B4DF4 mov ecx, dword ptr [ebp-0C] ¦¢ :00417FBB 5F pop edi ¦¢ :00417FBC 64890D00000000 mov dword ptr fs:[00000000], ecx ¦¢ :00417FC3 5E pop esi ¦¢ :00417FC4 5B pop ebx ¦¢ :00417FC5 8BE5 mov esp, ebp ¦¢ :00417FC7 5D pop ebp ¦¢ :00417FC8 C3 ret ¦¢ ¦¢ .................. ¹«ÁöÇÏ°Ô »ý·« ................. ¦¢ ¦¢ ¦¢ :00418210 C645FC03 mov [ebp-04], 03 ¦¢ :00418214 E971FDFFFF jmp 00417F8A ¦¢ ¦¢ * Referenced by a (U)nconditional or (C)onditional Jump at Address: ¦¢ |:00418209(C) ¦¢ | ¦¢ :00418219 E859000000 call 00418277 ¦¢ :0041821E C645FC02 mov [ebp-04], 02 ¦¢ :00418222 E858000000 call 0041827F ¦¢ :00418227 C645FC01 mov [ebp-04], 01 ¦¢ :0041822B E857000000 call 00418287 ¦¢ :00418230 C645FC00 mov [ebp-04], 00 ¦¢ :00418234 E856000000 call 0041828F ¦¢ :00418239 C745FCFFFFFFFF mov [ebp-04], FFFFFFFF ¦¢ :00418240 E85C000000 call 004182A1 ¦¢ :00418245 B801000000 mov eax, 00000001 µî·Ï eax = 1 ¦¢ - À§ Äڵ带 º¸½Ê½Ã¿À. ¼Ò¾Æ·ç ¿­³ª°Ô Page Down À» ´­·¯ º¸½Ã¸é ¦¢ ÀÌ ºÎºÐÀ» º¸½Ã°Ô µÉ °Í ÀÔ´Ï´Ù. Áö·çÇÑ ¿¬»ê °úÁ¤À» ¹«»çÈ÷ Åë°úÇÏ¸é ¦¢ ÀÌ ºÎºÐÀ» µð³ª À§·ç Jump Çؼ­ ret ºÎºÐÀ» ¸¸³ª.. ¦¢ eax ¿¡ 1À» ´ã±¸.. ºüÁ® ³ª°¡¼­. µî·ÏµÇÁ®.. À½.. ¦¢ :0041824A E969FDFFFF jmp 00417FB8 ¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¥ :0041824F 8B4DF0 mov ecx, dword ptr [ebp-10] ³¡..