Introduction to Simple software hack

First, crack preparation:

Combination one:

Shell Language.exe

Shelling AspackDie.exe

Anti-compilation W32dasm Gold Chinese version

Hex Editor UltraEdit

Combination two:

Peid

ollydbg

Second, crack the software steps:
1. Check the shell

General software will shell, so we want to crack software, we must first know the type of shell to be cracked software. Before this, we need to understand the concept of shell. What is a shell? The so-called Shell is a protection program, the executable file compression, protection of software copyright information, do not let people arbitrarily change. The most common Packers software is the ASPACK,UPX,PE compact and so on.

Among them, the Shell tool has language.exe, Peid and so on. , we can know what language the software is written in and what type of shell is added.

2. Shelling

The so-called shelling, is to have the shell of the program from the shell stripping out.

First of all, we need to introduce the concept of Oep, Oep is the original program entry point, that is, the real entry point. When the shell program is run, the shell program is first run, and the shell program restores the original program to memory and returns control. Oep will always be found by the shelling during this period. Just find this oep, you can dump the original program from memory, and then for the dump out of the program processing, and finally get the original program. In general, shelling is to find the Oep of the program, get this oep, shelling is half done, the rest is the repair work.

Shelling methods have many kinds, such as: single-step tracking method, esp law, two-time breakpoint method, the last anomaly method, simulation tracking method, SFX automatic shelling method, export sign method, use shelling script to assist shelling, use shelling tool shelling. Among them, for relatively simple and common shells, we can shelling tools to help us solve the problem. I will not go into other methods here, can refer to http://www.cnblogs.com/einyboy/archive/2012/05/19/2508696.html

One of the AspackDie.exe is a professional shelling tool for aspack shells. Through the shelling of this tool, we can get a unpacked.exe after shelling.
3. Disassembly

The so-called disassembly (disassembly), which is the process of converting the target code to assembly code. The commonly used tools are: Anti-compilation w32dasm, ollydbg and so on. For the conversion of the assembly code, generally will be longer, and obscure difficult to understand, the general people often do not know where to start. In this process, the most important thing is to find the key point of cracking software. First, we can use the function of disassembly software to look for "registration code Error", "registration success" and other suggestive reference strings, narrow the range of code we need to read.

Near the "Registration code Error" Reference string, we can try to find call sub function calls and conditional jumps (except for other hops in JMP: JE,JNE,JZ,JNZ). For these key points, it is generally the key point of the cracked software we need to find. But not really, for the specific problem, we still need to read the assembly code to analyze, so we learn in the University of the assembly language here is very useful.

The actual modified address (offset address) and the line address (virtual address) Pw32dasmgold The disassembled code consists of three columns. The first column is the line address (virtual address). The second column is machine code (modified with UltraEdit when final modification). The third column is the assembly directive.

Among them, the key point is jne 004ACCB1. From the ToolTip bar of the disassembly software we can see the offset address of this jump instruction 0xacb4b.

4. Modify the machine code

Since the EXE executable is a binary file, we can convert it to a hexadecimal display via the UltraEdit software. When we modify the hexadecimal in the file, it is equivalent to modifying the contents of the executable file.

Open the Hex editor UltraEdit, open the Unpacked.exe after shelling, press Ctrl+g directly, the dialog box appears, enter 0xacb4b (that is, offset address).

Here we will instruct jne 004ACCB1 corresponding machine code) 0f8560010000 change to 0f8460010000, that is to say we changed the instruction to JE 004accb1. In this case, the program in judging the jump condition is that almost will not pop up the "Registration Error" dialog box, and always perform "registration success" of the sub-program.

Common instruction corresponding to machine code

Third, personal experience:

1. Don't be afraid of difficulties
2. Concrete analysis of specific problems
(1) Where to come from, through where, to where to
(2) traced the source of the complaint, stepwise analysis

3. In the face of problems, need to persist
(1) Open ideas, reverse thinking
(2) Consider other circumstances

Getting started with simple software hack