Source: China Security
There are many factors that affect the development of shared software. Illegal cracking can be said to be the top competitor of shared software. So what weapons are used by crackers that make shared software difficult to survive? Today, let me show you the ten categories of mysterious cracker software, which are the top ten killers of shared software!
I. debugging tools soft-ice and trw2000.
Soft-ice is currently recognized as the best tracking and debugging tool. Using Soft-ice, you can easily track software errors or monitor software errors for debugging, it has versions on DOS, window3.1, Win95/98/NT/2000/platforms. This tool is used to debug, track, and debug software. It becomes the most terrible cracking tool in the hands of cracker. trw2000 is a debugging software compiled by the Chinese people, fully compatible with various commands of soft-ice, because many software can detect the existence of soft-ice, but the trw2000 detection is much worse, so it has become a favorite of many cracker. Trw2000 is specially optimized for software cracking, and tracks debugging in windows.ProgramThe tracking function is more powerful. You can set various breakpoints and more types of breakpoints. It can remove the encrypted shell like some shelling tools and automatically generate the EXE file, therefore, it has a stronger cracking capability and poses a greater threat to the development of shared software in the hands of hackers. It also has a DOS version named tr.
Ii. disassembly tools wdasm8.93 gold edition and hiew.
Cracker often compares soft-ice and trw2000 to the Dragon-killing knife, and wdasm8.93 to the Yi tianjian. Wdasm8.93 can be used to easily disassemble programs. It can analyze program flows statically or dynamically. On the basis of the original normal version, some hackers developed the wdasm8.93 gold version, which enhanced the extraction of Chinese strings. The threat to domestic shared software is even greater. For example, happy landlords, this very interesting sharing software, with the gold version of its disassembly can directly see the registration code, the normal version is not, you say it is amazing? Hiew is a hexadecimal tool. In addition to common hexadecimal functions, hiew also has a unique feature that can disassemble files and modify programs using assembly commands, convenient and quick! This is also a common static Disassembly tool for Cracker.
3. smartcheck, A Visual BASIC program debugging tool.
This is a debugging program for Visual Basic programs. Because vbprograms are interpreted and executed in essence, they only call functions in vbrunxxx. dll. Therefore, the executable files of VB are pseudo-CodePrograms are all executed in vbxxx. dll. If soft-ice is used for tracking and debugging, it can only be used in vbdll. There are no useful things, and the code quality is not high, and the structure is complicated. Of course, as long as you understand its features, soft-ice can also be used to crack, but the appearance of smartcheck greatly facilitates cracker. Smartcheck is an excellent tool for debugging, interpreting, and executing programs exported by numbench. The latest version is v6.03. It is very easy to use, and you can control it easily without knowing the assembly language. It records the operations executed by the vbprogram, making it easy for the attacker to crack most vbprograms.
4. hexadecimal editor ultraedit.
The hexadecimal editor can edit a file in hexadecimal mode and modify the content of the file. Although hiew is a hex tool, it is a DOS interface, so many hackers have prepared a tool for windows. There are many such tools, such: ultraedit, winhex, and hex workshop. Among them, ultraedit has its own characteristics, is easy to operate, and is available in Chinese versions. It is a very good hexadecimal editor. We recommend that you use it.
5. Registry monitoring tools
Mainly include regshot, regmon, and regsnap. In Microsoft, many settings are stored in the registry. The Registry is the core database of windows, and various parameters are stored in the table, it directly controls Windows Startup, hardware driver loading, and the normal operation of some Windows applications. When installing the application software, you may include necessary information, such as the installation time, usage, and registration code. Regshot, regmon, or regsnap is a tool used to monitor registry changes. It can be used to understand and monitor the actions of applications in the registry. Hackers often use them to monitor the changes of applications in the registry.
6. File monitoring tool Filemon.
You can monitor the running status of a specified file in the system. For example, you can specify which file is opened, which file is closed, and which file is read. It monitors any read, write, and open operations on a specified monitored file, and provides complete report information. Hackers often use Filemon to monitor the file system, so that they can understand what operations the program has done when it starts, closes, or verifies the registration code, and then decrypt the Code accordingly.
7. Shell removal tool procdump.
Nowadays, many software are shelled. "shell" is a program dedicated to protecting the software from unauthorized modification or decompilation. They generally run programs before they get control and then complete their tasks to protect the software. The shell software cannot see its real hexadecimal code when tracking, so it can protect the software. Procdump is a shell removal tool to handle software shelling. It can peel off a lot of shells and restore the original face of the file, so it is much easier to modify the file content. Because it also allows users to write their own script files, it can take off the shell of the new shell software. It is also an excellent PE format modification tool and an essential tool for shelling!
8. File detection tools
Such tools include typ, gtw, fileinfo, and shock wave 2000. They are used to detect the software shelling type, where shock wave 2000 can easily find any entry point of the encrypted shell, including asprotect and phantom encryption shells. This type of software is generally used with procdump and debugging software. Use them to find the program shelling type and use procdump, soft-ice, and trw2000 to shell the program.
9. Resource modifier exists.
Exists is a powerful tool that can modify software resources. Exclusive can analyze and display different information without resource files, and rewrite the resources of executable files, including (exe, DLL, OCX. It can directly modify the resources of programs compiled with VC ++ and Delphi, including menus, dialogs, and string tables. It is a common tool for Chinese software. In the hands of the attacker, it is often used to modify the menu, dialog box, string table, and so on in the file resource to display the information required by the hacker (such as changing the copyright information ), to modify the software.
10. Call the query tool API spy.
As the name suggests, this program is used to detect which APIs are called by software. The API is the function called during windows program execution. It is similar to the INT (Interrupt) in DOS. Windows provides many such functions for program designers to apply, the main purpose is to save time for software development and facilitate software development. The API spy is such a software that monitors API calls. It can check which APIs are called by the application to obtain API call information useful to the hacker and set breakpoints through these API calls, to crack the software. It can work on the Windows95/98/NT/2000 platform.
Now, the top ten sharing software killers are all about you. It should be noted that the software mentioned above is "legitimate" software, but it has played a different role in different users. It is like a gun. in the hands of the people's army, it is a weapon to protect the country, and in the hands of evil people, it is a weapon. You must never be so arrogant about these software!