¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡ OkStart Cracking Tutorials No. 13 E-TRAN 98 ÇÁ·Î±×·¥ ½Ã¸®¾ó ³Ñ¹ö º¸±â... H O M E : 4´ë Åë½Å¸Á ´Ù ÀÖÀ½.. D O W N : 4´ë Åë½Å¸Á ´Ù ÀÖÀ½.. USINGTools : Numega Soft-Ice Version 3.24 , W32Dasm Version 8.93 ¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡ À½.. ÀÌ ÇÁ·Î±×·¥ °­Á¸¦ ÀÌÁ¦¾ß ¾²°Ô µÇ´Â ±º¿©.. ½Ã°£ÀÌ Á» ³²´Ù ºÎ´Ï±î.. ÀÌ ÇÁ·Î±×·¥Àº Â¥Áõ³ª´Â ºÎºÐÀÌ À־ ±×³É ¹Ì·ç´Ù ¹Ì·ç´Ù º¸´Ï±î. ÀÌÁ¦¾ß ¾²´Â±º¿©. ½¬¿ì´Ï±î.. ±×³É µû¶ó ÇØ º¸¼¼¿©.. ´Ù¸¥ ÇÁ·Î±×·¥¿¡¼­´Â ÀÌ ¹æ½ÄÀ» ¾²Áö ¾ÊÀ» °Í ÀÔ´Ï´Ù.. ±×³É º¸½Ê½Ã¿À! ¼Ò¾Æ¿¡¼­ º¸¸é °£´ÜÈ÷ º¸½Ç ¼ö ÀÖÀ» °Í ÀÔ´Ï´Ù. ºêÆ÷´Â GetDlgItemTextA ¸¦ »ç¿ëÇÕ´Ï´Ù. ½Ã¸®¾óÀ» ÀÔ·ÂÇÏ°í ºêÆ÷¸¦ °É±¸..³ª¼­.. ´ÙÀ½ÀÇ ÁÖ¼®À» ÁöÄÑ º¸¼¼¿©. * Reference To: USER32.GetDlgItemTextA, Ord:0000h <= ºêÆ÷ °Ç°Í... | :00404C56 E8EF2F0100 Call 00417C4A :00404C5B 807DCC00 cmp byte ptr [ebp-34], 00 :00404C5F 7517 jne 00404C78 -> jUMP :00404C61 6A40 push 00000040 * Possible Reference to String Resource ID=08018: "Validate error" | :00404C63 68521F0000 push 00001F52 * Possible Reference to String Resource ID=08020: "To validate the program, enter the site key that corresponds" | :00404C68 68541F0000 push 00001F54 :00404C6D 53 push ebx :00404C6E E875D7FFFF call 004023E8 :00404C73 83C410 add esp, 00000010 :00404C76 EB5C jmp 00404CD4 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00404C5F(C) | :00404C78 8D55CC lea edx, dword ptr [ebp-34] :00404C7B 52 push edx :00404C7C E8C4290000 call 00407645 => µî·Ï ¹øÈ£ ¿¬»ê ºÎºÐ,, :00404C81 59 pop ecx :00404C82 85C0 test eax, eax :00404C84 7417 je 00404C9D => Å°°¡ Ok And Error?? ¿ä ¹ØÀÌ Error ÀÌ´Ï±î ´ç±ÙÀ¸·Î Jump ÇؾßÁÒ? ºñ±³ ¹®ÀÌ Je ÀÌ°í Jump ÇØ¾ß Çϴϱî.. EAX °ªÀº '0' À¸·Î CALL ºÎºÐÀ» ºüÁ® ³ª¿Í¾ß ÇÕ´Ï´Ù. CALL ºÎºÐ ¾È¿¡¼­ ã¾Æ º¸ÁÒ.. * Possible Ref to Menu: MenuID_72A2, Item: "Close Alt+F4" | :00404C86 6A10 push 00000010 * Possible Reference to String Resource ID=08019: "Site Key error" | :00404C88 68531F0000 push 00001F53 * Possible Reference to String Resource ID=05001: "This site key is incorrect. Please check what you have enter" | :00404C8D 6889130000 push 00001389 :00404C92 53 push ebx :00404C93 E850D7FFFF call 004023E8 :00404C98 83C410 add esp, 00000010 :00404C9B EB37 jmp 00404CD4 ¦¡CALL ·çƾ¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡ * Referenced by a CALL at Addresses: |:00404C7C , :004065E6 , :0040AAD6 | <= 3 °÷¿¡¼­³ª ÀÌ ºÎºÐÀ» ã´Â ±º¿©.. ¼ÂÁ... :00407645 55 push ebp :00407646 8BEC mov ebp, esp :00407648 81C430FEFFFF add esp, FFFFFE30 :0040764E 53 push ebx :0040764F 56 push esi :00407650 57 push edi :00407651 8B5D08 mov ebx, dword ptr [ebp+08] :00407654 833D78B1410000 cmp dword ptr [0041B178], 00000000 :0040765B 750A jne 00407667 => Á¡ÇÁÇÏ°í. :0040765D B898FFFFFF mov eax, FFFFFF98 :00407662 E948030000 jmp 004079AF * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040765B(C) | :00407667 833D78B1410001 cmp dword ptr [0041B178], 00000001 :0040766E 7E44 jle 004076B4 => ÀÌ ºÎºÐÀ» No Jump ÇØ¾ß Çϴµ¥.. ±×·¯¸é ½Ã¸®¾óÀ̱¸ ¹¹±¸ Çϳªµµ ±¸ÇÒ ¼ö ¾ø½À´Ï´Ù. ÀÏ´Ü ÀÌ ºÎºÐÀ» Jump ÇÏÁÒ. * Possible StringData Ref from Data Obj ->"save_site_key" | :00407670 6840B54100 push 0041B540 :00407675 FF3574B14100 push dword ptr [0041B174] ---------- Áß°£ »ý·« ------------ * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0040766E(C) | * Possible StringData Ref from Data Obj ->"SAVE_SITE_KEY" | :004076B4 684EB54100 push 0041B54E :004076B9 E8B6480000 call 0040BF74 :004076BE 59 pop ecx :004076BF 53 push ebx :004076C0 E8BE3B0000 call 0040B283 :004076C5 59 pop ecx :004076C6 53 push ebx * Reference To: KERNEL32.lstrlenA, Ord:0000h <= ¿ä ÇÔ¼ö°¡ ¹»±î¿©?? ÀÌ ÇÔ¼ö´Â¿©.. ½ºÆ®¸µÀÇ(¹®ÀÚ¿­ÀÇ)±æÀ̸¦ ±¸ÇÏ´Â ÇÔ¼ö ÀÔ´Ï´Ù. ÀÌ ÇÔ¼öÀÇ ¹ÝȯµÇ´Â °ªÀº ½ºÆ®¸µÀÇ ±æÀÌ ÀÔ´Ï´Ù. | :004076C7 E886040100 Call 00417B52 :004076CC 83F81A cmp eax, 0000001A <= 1A ´Â COMMAND ¿¡¼­ ? 1A ¶ó±¸ ÀÔ·ÂÇϸé ASCII ¿¡¼­ 26 ÀÌ¶ó±¸ ÇÏÁÒ?! ½Ã¸®¾ó ³Ñ¹öÀÇ ¼ýÀÚ´Â 26ÀÚ¸® ÀÔ´Ï´Ù.. :004076CF 740A je 004076DB => Jump :004076D1 B8FEFFFFFF mov eax, FFFFFFFE :004076D6 E9D4020000 jmp 004079AF * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004076CF(C) | :004076DB 8D55A8 lea edx, dword ptr [ebp-58] :004076DE 52 push edx :004076DF 68300EFE40 push 40FE0E30 :004076E4 6A00 push 00000000 :004076E6 6800A06C40 push 406CA000 :004076EB 6A00 push 00000000 :004076ED 53 push ebx * Possible Reference to String Resource ID=00001: "English" | :004076EE 6A01 push 00000001 :004076F0 E88B350000 call 0040AC80 :004076F5 83C41C add esp, 0000001C :004076F8 8D8D98FEFFFF lea ecx, dword ptr [ebp+FFFFFE98] :004076FE 51 push ecx :004076FF 8D45A8 lea eax, dword ptr [ebp-58] :00407702 50 push eax :00407703 E8033A0000 call 0040B10B :00407708 83C408 add esp, 00000008 :0040770B 8A9598FEFFFF mov dl, byte ptr [ebp+FFFFFE98] :00407711 8855FF mov byte ptr [ebp-01], dl :00407714 6A0C push 0000000C :00407716 8D8D98FEFFFF lea ecx, dword ptr [ebp+FFFFFE98] :0040771C 51 push ecx :0040771D E8EF3C0000 call 0040B411 :00407722 83C408 add esp, 00000008 :00407725 6685C0 test ax, ax :00407728 740A je 00407734 => ºüÁö¸é ¾ÈµÇ´Ï±î.. ÀÌ ºÎºÐµµ Jump :0040772A B8FEFFFFFF mov eax, FFFFFFFE :0040772F E97B020000 jmp 004079AF * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00407728(C) | :00407734 8A55FF mov dl, byte ptr [ebp-01] :00407737 83E27F and edx, 0000007F :0040773A 8A0DC4F44100 mov cl, byte ptr [0041F4C4] :00407740 83E17F and ecx, 0000007F :00407743 3BD1 cmp edx, ecx :00407745 7408 je 0040774F => ÀÌ ºÎºÐ¶ÇÇÑ Jump :00407747 83C8FF or eax, FFFFFFFF :0040774A E960020000 jmp 004079AF * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00407745(C) | :0040774F F645FF80 test [ebp-01], 80 :00407753 0F847E010000 je 004078D7 :00407759 833DC8F4410000 cmp dword ptr [0041F4C8], 00000000 :00407760 7D09 jge 0040776B :00407762 80BD99FEFFFF00 cmp byte ptr [ebp+FFFFFE99], 00 :00407769 7C12 jl 0040777D ----- Áß°£ »ý·«. ---------- :00407859 E8E0F3FFFF call 00406C3E :0040785E 59 pop ecx :0040785F 85C0 test eax, eax :00407861 7408 je 0040786B <= ÀÌ ºÎºÐ¶ÇÇÑ Á¾·á ·çƾÀ¸·Î °¡´Ï±î.. Jump :00407863 83C8FF or eax, FFFFFFFF :00407866 E944010000 jmp 004079AF * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00407861(C) | :0040786B 8D9531FEFFFF lea edx, dword ptr [ebp+FFFFFE31] :00407871 52 push edx :00407872 68300EFE40 push 40FE0E30 :00407877 6A00 push 00000000 :00407879 6800A06C40 push 406CA000 :0040787E 6A00 push 00000000 :00407880 FF3584B14100 push dword ptr [0041B184] * Possible Reference to String Resource ID=00001: "English" | :00407886 6A01 push 00000001 :00407888 E8F3330000 call 0040AC80 :0040788D 83C41C add esp, 0000001C :00407890 C68530FEFFFF00 mov byte ptr [ebp+FFFFFE30], 00 :00407897 53 push ebx :00407898 56 push esi :00407899 0FB74DEA movzx ecx, word ptr [ebp-16] :0040789D 51 push ecx :0040789E FF35BCF24100 push dword ptr [0041F2BC] :004078A4 FF75EC push [ebp-14] :004078A7 8D8564FEFFFF lea eax, dword ptr [ebp+FFFFFE64] :004078AD 50 push eax :004078AE 8D9530FEFFFF lea edx, dword ptr [ebp+FFFFFE30] :004078B4 52 push edx :004078B5 E802040000 call 00407CBC => ÀÌ ºÎºÐ¿¡¼­ ÆÇ°¡¸§ÀÌ ³³´Ï´Ù.. Â¥Áõ³ª°Ô½Ã¸®. ÀÌ CALL ºÎºÐ ¾ÈÀ¸·Î µé¾î°¡¼­ Æ®·£½Ì Çغ¸¼¼¿©. Site Key Çϱ¸ ½ÎÀÌƮŰ¿¡ ´ëÇؼ­ ³ª¿Â ÀÌ»óÇÑ ¼ýÀÚ Çϱ¸ ¶Ç ÀÔ·ÂÇÑ ¼ýÀÚÇϱ¸ Á¶ÇÕÇؼ­ ½Ã¸®¾óÀ» ¸¸µå´Â °Í °°Àºµ¥. ¾î¶»°Ô ¸¸µå´ÂÁö Âü Ȳ´çÇÏ´õ±º¿©.. À½³Ä.. Â¥Áõ³ª.. :004078BA 83C41C add esp, 0000001C :004078BD 85C0 test eax, eax :004078BF 740A je 004078CB => ÀÌ ºÎºÐÀ» ±×³É No Jump Çϼ¼¿©.. ¿ä ¾Æ·¡.. [ebp-08] ºÎºÐÀÌ ÀÖÁ®! ÀÌ ºÎºÐ¿¡¼­ ¸¶¿ì½º ¿À¸¥ÂÊ Å° ´­·ç±¸ Display ¸¦ Ŭ¸¯ÇÏ¸é ½Ã¸®¾ó ÀÌ º¸ÀÏ °Í ÀÔ´Ï´Ù. ±× ½Ã¸®¾ó ¹øÈ£¸¦ Àû±¸³ª¼­.. ÀÌ ºÎºÐÀ» No Jump ½ÃÅ°±¸ ³ª¼­ ´Ù½Ã ÀûÀº ½Ã¸®¾óÀ» Àû±¸ ³ª¸é.. µî·ÏÀÌ µË´Ï´Ù.. :004078C1 B8FEFFFFFF mov eax, FFFFFFFE :004078C6 E9E4000000 jmp 004079AF * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:004078BF(C) | :004078CB 8D55F8 lea edx, dword ptr [ebp-08] <= ÀÌ ÀÚ½ÄÀÌ µî·Ï¹øÈ£¸¦ º¸°üÇÏ°í Àִµ¥. °è¼Ó Æ®·£½ÌÇϸé ÀÌ»óÇÏ°Ô. Site Key °¡ º¯È¯ µÇ´õ±º¿© ±×·¡¼­ »ý°¢ÇÑ°ÍÀÌ ÀÌ ºÎºÐÀ» Áö³ª°¡Áö ¾Ê°í ½Ã¸®¾ó ¹øÈ£´Â º¸¾ÒÀ¸´Ï±î.. ±×³É Á¾·á ÇÏ¸é ¾î¶»°Ô µÇ³ª ÇÏ°í ÇØ º¸¾Ò´Âµ¥. µÇ´õ±º¿©.. À§ÀÇ ºñ±³ ºÎºÐÀÌ ÀÖÁ®. ÀÌ ºÎºÐÀ» ±×³É No Jump ½ÃÄÑ ÁֽʽÿÀ! :004078CE 52 push edx :004078CF E8A53E0000 call 0040B779 :004078D4 59 pop ecx :004078D5 EB13 jmp 004078EA ------------- ÀÌÇÏ »ý·« ------------- À½. ÀÌ ÇÁ·Î±×·¥Àº Âü Â¥Áõ³ª´Â ºÎºÐÀÌ ¸¹½À´Ï´Ù.. ½Ã¸®¾óÀ» ÀúÀåÇϱâ Àü¿¡ ½ÎÀÌÆ® Å°¸¦ ÀúÀå½ÃÄÑ ¹ö¸³´Ï´Ù.. À½.. ½Î°¡Áö ¾ø´Â ÇÁ·Î±×·¥... ±×¸®°í Çѹø µî·ÏµÇ°í ³ª¼­ È÷µçµÇ¾î ÀÖ´Â ÆÄÀÏ 4°³¸¦ »èÁ¦ÇÏ¸é ¿¡·¯ ¸Þ¼¼Áö¿Í ÇÔ±ú.. ±×³É ¿ÏÁÔÀÌ ¹ÌÄ£ ÇÁ·Î±×·¥ÀÌ µË´Ï´Ù. ÀÌ ÇÁ·Î±×·¥ÀÇ °­Á¸¦ ¾²Áö ¾Ê¾Ò´ø ÀÌÀ¯´Â.. Âü Â¥Áõ³ª´Â ±º¿©.. ÀÌ ¶ôÀº À½.. Àç¹Ì À־ ÀÌ ÇÁ·Î±×·¥Àº ÆÐÄ¡¸¦ ÇϽÃÁö ¸¶¼¼¿©.. ±×·¯¸é ¿¡·¯°¡ ³¯ Å״ϱî.. CKI3203.DLL ¾ÈÀ¸·Î µé¾î°¡¼­ ºüÁ® ³ª¿Ã¶§ ¸Þ¸ð¸®¸¦ °¡Áö±¸ ºüÁ®³ª¿É´Ï´Ù. ±×¸®°í ±× ¸Þ¸ð¸®·Î Jump Çؼ­ ½ÇÇà ·çƾÀ¸·Î µé¾î°¡´Â °Í °°Àºµ¥. ¸¸¾à CKI3203.DLL ÆÄÀÏÀ» ¼öÁ¤ ÇÏ¼Ì´Ù¸é ¸Þ¸ð¸® ¹øÁö°¡ Ʋ·Á¼­ ÀÌ »óÇÑ °÷À¸·Î Á¡ÇÁ ÇÒ °Í ÀÔ´Ï´Ù. ±×·³ ´ç±ÙÀ¸·Î ERROR!!!! ÀÌ ÇÁ·Î±×·¥Àº ´Ù½Ã´Â Çϱ⠽ȱº¿©.. Â¥Áõ ³ª¼­¸®.. ³¡..