Hackers teach you how to crack software

Software cracking-breakpoint:

The so-called breakpoint is where the program is interrupted. This word is no longer familiar to the decrypted. So what is interruption? Interruption occurs because of a special event interrupt event. The computer suspends the current task, that is, the program, and executes another task to interrupt the service program.

For example, when you were at work, someone suddenly called to tell you that he was taking a train from another place and asked you to pick him up at the train station. Then, you will ask your boss for a temporary leave and rush to the train station to pick up your classmates. Then you will settle in and go back to the company to continue working. This is an interruption process. The decryption process is to wait until the program obtains the entered registration code and prepares to compare it with the correct registration code to interrupt it. Then we can find the correct registration code through the analysis program. Therefore, we need to set a breakpoint for the decrypted program, and track the registration code of the program in the program as appropriate to achieve the crack goal.

Software cracking-airspace:

This is a very important concept, but it is often hard for beginners to understand. We can see the term "airspace" in various cracking articles. If you don't know where the program's airspace is, you won't be able to enter the door for cracking. Maybe you have cracked some software, but it's just that a blind cat hits a dead mouse. The so-called program's airspace, to put it bluntly, is the place where the program itself is located, that is, the location where the program code we are going to crack is located. Maybe you will immediately ask: I set the breakpoint when the program is running. Why is it not in the program's own space after the interruption? Because there is no fixed mode for writing each program, we need to interrupt the program when we want to cut into the program, we must not rely on the specific program to set breakpoints, that is, the breakpoint we set should be something that every program will use.

In the DOS era, basically all programs work on interrupt programs, that is, almost all DOS Programs call various interruptions to complete tasks. However, in the WINDOWS era, programs do not have the power to directly call the interrupt, and WINDOWS provides a system function to call the platform API), which is the same as that of DOS programs based on the interrupt program, WINDOWS programs use APIs as the basis for dealing with systems and various functions. Therefore, the breakpoint settings of software cracking in windwos are based on API functions, that is, when a program calls an API function, it interrupts its normal operation and decrypts it.

For example, in SOFTICE, set the following breakpoint: bpx GetDlgItemText to get the text of the dialog box). When the program to be cracked needs to read the input data and call GetDlgItemText, SOFTICE immediately blocks it, therefore, the cracked program stays in the GetDlgItemText program area, while GetDlgItemText is in the system area managed by WINDWOS. If we change this part of the program code without authorization, it is a big disaster! So we need to return from the system area to the cracked program's own place, that is, the program's airspace), in order to crack the program, as to how to view the program's airspace, please refer to the previous SOFTICE diagram. Imagine: Where can we find something useful for the program segments that every program calls? How to encrypt is determined by the program itself, rather than calling system functions !)

Software cracking-API:

It is short for Application Programming Interface, which is called an Application Programming Interface in Chinese. It is a large collection of system-defined functions and provides methods to access operating system features. APIS contain functions called by hundreds of applications. These functions perform all required operating system-related operations, such as memory allocation, on-screen output, and window creation, A user's program calls an API to deal with WINDOWS. No matter what kind of application, the underlying layer of the user's program eventually implements various functions by calling various API functions. Generally, an API has two basic forms: Win16 and Win32.

Win16 is the original API 16-bit version for Windows 3.1. Win32 is the current API 32-bit version for Windows Array5/Array8/NT/ME/2000. Win32 includes Win16, which is a superset of Win16. The names and usage of most functions are the same. The difference between a 16-bit API function and a 32-bit API function is the last letter. For example, we set a breakpoint: bpx GetDlgItemText, bpx GetDlgItemTextA, and bpx GetDlgItemTextW, getDlgItemText is a 16-bit API function, GetDlgItemTextA and GetDlgItemTextW are 32-bit API functions, while GetDlgItemTextA indicates that the function uses a single byte, and GetDlgItemTextW indicates that the function uses dubyte. Currently, we often use Win32 single-byte API functions, which are similar to GetDlgItemTextA functions. The other two Win16 APIs and Win32 double-byte API functions are rare.

Win32 API functions are included in the Dynamic Link library Dynamic Link Libraries (DLLs). They are included in kernel32.dll, user32.dll, gdi32.dll, and comctl32.dll, this is why we need to use commands such as exp = C: \ windows \ system \ kernel32.dll in softice to import these dynamic link libraries into softice. If this is not done, we cannot intercept system Win32 API function calls.

For more information, see:

Hackers teach you how to crack software

Hackers teach you how to crack software

1. Detailed parsing Data Encryption
2. Generate and exchange pre-shared keys
3. PKI Basic Content 1)
4. How long does it take to crack your password?
5. Password Technology at the core of information security
6. Expose new methods for wiki decryption to steal confidential information
7. Network threat defense UTM technical decryption illustration)