reverse engineering - agz.esagz.es/reverse-engineering/basic/reverse engineering [security... · ...

Download Reverse Engineering - agz.esagz.es/Reverse-Engineering/Basic/Reverse Engineering [Security... ·   © 2008 Security Awareness Korea - i - Reverse Engineering Table of Content Module 1 ⎯ RCE 란?

Post on 31-Jan-2018

263 views

Category:

Documents

33 download

Embed Size (px)

TRANSCRIPT

  • http://www.securitya.kr 2008 Security Awareness Korea

    - i -

    Reverse Engineering Table of Content

    Module 1 RCE ?..................................................................................................................................1 1-1. RCE ? ............................................................................................................................................2 1-2. RCE .................................................................................................................................4 1-3. RCE ..................................................................................................................................6

    Module 2 RCE ...............................................................................................................................9 2-1. CPU ................................................................................................................................10 2-2. CPU ................................................................................................................................12 2-3. Assembly.........................................................................................................................................17 2-4. STACK ...................................................................................................................................21 2-5. (Calling Convention).............................................................................................23 2-6. SEH(Structured Exception Handling).............................................................................................26 2-7. C ........................................................................................34 2-8. API ..............................................................................................40

    Module 3 PE ........................................................................................................................43 3-1. PE ..................................................................................................................................44 3-2. DOS DOS Stub Code ........................................................................................................49 3-3. PE File Header ................................................................................................................................51 3-4. Optional Header ..............................................................................................................................54 3-5. Section Table...................................................................................................................................59 3-6. Import Table....................................................................................................................................62 3-7. Export Table....................................................................................................................................69

    Module 4 ..............................................................................................................................75 4-1. ...............................................................................................................................76 4-2. CrackMe ........................................................................................................................84 4-3. KeygenMe .....................................................................................................................94

    Module 5 MUP(Manual UnPack) .....................................................................................................101 5-1. Packing / Unpacking .....................................................................................................................102 5-2. Packing .................................................................................................................................103 5-3. MUP .....................................................................................................................................105 5-4. MUP Ollydbg script ...............................................................................................114

    Module 6 Anti-Reverse ..............................................................................................................121 6-1. .........................................................................................................................122 6-2. BreakPoint ...................................................................................................................133 6-3. TLS Callback ................................................................................................................................145 6-4. Process Attach ......................................................................................................................150

    Module 7 ............................................................................................................................155 7-1. ........................................................................................................156 7-2. - shadowbot .........................................................................................................173

  • http://www.securitya.kr 2008 Security Awareness Korea

    - ii -

  • Reverse Engineering

    http://www.securitya.kr 2008 Security Awareness Korea

    - 1 -

    Module 1 RCE ?

    Objectives

  • Reverse Engineering

    http://www.securitya.kr 2008 Security Awareness Korea

    - 2 -

    1-1. RCE ?

    Student Notes

    . .

    (EXE, DLL, SYS )

    C

    .

    .

    RCE?

    Reverse Code Engineering ,

  • Reverse Engineering

    http://www.securitya.kr 2008 Security Awareness Korea

    - 3 -

    .

    . PC , HEX

    ,

    .

    . , C

    .

    VC gcc

    () . CPU

    . VC, VB,

    () C .

    VB .

    () .

  • Reverse Engineering

    http://www.securitya.kr 2008 Security Awareness Korea

    - 4 -

    1-2. RCE

    Student Notes

    12 2 ()

    .

    1 1

    .

    1. 3

    2.

    [ 2001.1.16][[

    2001.7.17]]

    RCE

    (Competition) (Copyrightlaw) The Digital Millennium Copyright Act (DMCA)

    RIAA Felten ebook SunnComm CD

  • Reverse Engineering

    http://www.securitya.kr 2008 Security Awareness Korea

    - 5 -

    2001 1 16 7 17 ,

    .

    2000 , 2001

    , .

    .

    .

    DMCA(The Digital Millennium Copyright Act)

    . DMCA HTML , , , , ,

    , , , . DMCA

    .

    DMCA Sony-BMG ""

    Sony-BMG CD "(root kit)"

    Secure Digital Music Initiative(SDMI)

    ,

    . SDMI

    . .

    SunnComm CD

    SunnComm

    . SunnComm .

    pdf

    .

    pdf .

    . .

  • Reverse Engineering

    http://www.securitya.kr 2008 Security Awareness Korea

    - 6 -

    1-3. RCE

    Student Notes

    . .

    / . /

    ( )

    .

    exe PC

    . PC

    PC

    . .

    RCE

    DRM

    RCE

  • Reverse Engineering

    http://www.securitya.kr 2008 Security Awareness Korea

    - 7 -

    .

    .

    .

    .

    DRM

    DRM .

    .

    .

    API

    .

    .

    .

    .

    .

    . .

    .

  • Reverse Engineering

    http://www.securitya.kr 2008 Security Awareness Korea

    - 8 -

  • Reverse Engineering

    http://www.securitya.kr 2008 Security Awareness Korea

    - 9 -

    Module 2 RCE

    Objectives

    CPU

    CPU

    /

    STACK

    (Calling Convention)

    SEH(Structured Exception Handling)

    C

    API

  • Reverse Engineering

    http://www.securitya.kr 2008 Security Awareness Korea

    - 10 -

    2-1. CPU

    Student Notes

    CPU , .

    CPU . CPU

    , , , . CPU

    . , (ALU: arithmetic logic

    unit), (control unit) .

    .

    . .

    . - -

    CPU

    BUS Interface

    ALU(Arithmetic Logic Unit)

    Control Unit

    Register Set

    CPU (Central Processing Unit)

    Memory

    I/O BUS

    Keyboard Monitor NIC HDDMonitor

  • Reverse Engineering

    http://www.securitya.kr 2008 Security Awareness Korea

    - 11 -

    CPU

    Control Unit ALU ALU .

    ALU() : (, ) ( , ,

    ) .

    .

    Register : .

    .

    - .

  • Reverse Engineering

    http://www.securitya.kr 2008 Security Awareness Korea

    - 12 -

    2-2. CPU

    Student Notes

    CPU , , EFLAGS , CIP

    . 32