Crack Small Experiment

This article is in accordance with the "0day security" in the Book of the experiment Step by step, for the disassembly also has a new understanding.

Tools: WinXP SP3 virtual machine, IDA Pro 6.6,OLLYDBG,ULTRAEDITOR,VC 6.0,LORDPE.

Because in the Win7 under the virtual stored redirect problem, not conducive to analysis, so in the virtual machine win XP under the experiment, Win7 can also be achieved through the ALSR plug-in.

First, VC under the preparation of small procedures

The program implements password authentication and only the correct password is successful.

Ii. IDA Pro Disassembly program

Visible "JZ short Loc_4010f6" is the judgment statement of the program, right into the right output "congratulation!", otherwise go to the left, output "incorrect password!".

Press SPACEBAR to find the location of the statement ". Text:004010e5 JZ Short Loc_4010f6".

Three, ollydbg dynamic commissioning

Ctrl+g find "004010E5" Location:

CPU Disasm
Address hex Data Assembler code Comment
004010e5/74 0F JE Short 004010f6

F2 Add breakpoint debugging, the Discovery program does branch here.

By modifying JE (74) to Jne (75), the wrong password can be passed, and the correct password cannot pass the phenomenon.

Iv. LORDPE Calculating file offset address

The file offset address is: 0x004010e5-0x00400000 = 0x10e5

V. Ultraeditor Edit PE File

Open the PE file with Ultraeditor, ctrl+g find 0x10e5 location is really "74", instead of "75" can be saved after running the discovery program did occur the expected changes.

Crack Small Experiment