reverse engineering - agz.esagz.es/reverse-engineering/basic/reverse engineering [security... · ...
Post on 31-Jan-2018
263 views
Embed Size (px)
TRANSCRIPT
http://www.securitya.kr 2008 Security Awareness Korea
- i -
Reverse Engineering Table of Content
Module 1 RCE ?..................................................................................................................................1 1-1. RCE ? ............................................................................................................................................2 1-2. RCE .................................................................................................................................4 1-3. RCE ..................................................................................................................................6
Module 2 RCE ...............................................................................................................................9 2-1. CPU ................................................................................................................................10 2-2. CPU ................................................................................................................................12 2-3. Assembly.........................................................................................................................................17 2-4. STACK ...................................................................................................................................21 2-5. (Calling Convention).............................................................................................23 2-6. SEH(Structured Exception Handling).............................................................................................26 2-7. C ........................................................................................34 2-8. API ..............................................................................................40
Module 3 PE ........................................................................................................................43 3-1. PE ..................................................................................................................................44 3-2. DOS DOS Stub Code ........................................................................................................49 3-3. PE File Header ................................................................................................................................51 3-4. Optional Header ..............................................................................................................................54 3-5. Section Table...................................................................................................................................59 3-6. Import Table....................................................................................................................................62 3-7. Export Table....................................................................................................................................69
Module 4 ..............................................................................................................................75 4-1. ...............................................................................................................................76 4-2. CrackMe ........................................................................................................................84 4-3. KeygenMe .....................................................................................................................94
Module 5 MUP(Manual UnPack) .....................................................................................................101 5-1. Packing / Unpacking .....................................................................................................................102 5-2. Packing .................................................................................................................................103 5-3. MUP .....................................................................................................................................105 5-4. MUP Ollydbg script ...............................................................................................114
Module 6 Anti-Reverse ..............................................................................................................121 6-1. .........................................................................................................................122 6-2. BreakPoint ...................................................................................................................133 6-3. TLS Callback ................................................................................................................................145 6-4. Process Attach ......................................................................................................................150
Module 7 ............................................................................................................................155 7-1. ........................................................................................................156 7-2. - shadowbot .........................................................................................................173
http://www.securitya.kr 2008 Security Awareness Korea
- ii -
Reverse Engineering
http://www.securitya.kr 2008 Security Awareness Korea
- 1 -
Module 1 RCE ?
Objectives
Reverse Engineering
http://www.securitya.kr 2008 Security Awareness Korea
- 2 -
1-1. RCE ?
Student Notes
. .
(EXE, DLL, SYS )
C
.
.
RCE?
Reverse Code Engineering ,
Reverse Engineering
http://www.securitya.kr 2008 Security Awareness Korea
- 3 -
.
. PC , HEX
,
.
. , C
.
VC gcc
() . CPU
. VC, VB,
() C .
VB .
() .
Reverse Engineering
http://www.securitya.kr 2008 Security Awareness Korea
- 4 -
1-2. RCE
Student Notes
12 2 ()
.
1 1
.
1. 3
2.
[ 2001.1.16][[
2001.7.17]]
RCE
(Competition) (Copyrightlaw) The Digital Millennium Copyright Act (DMCA)
RIAA Felten ebook SunnComm CD
Reverse Engineering
http://www.securitya.kr 2008 Security Awareness Korea
- 5 -
2001 1 16 7 17 ,
.
2000 , 2001
, .
.
.
DMCA(The Digital Millennium Copyright Act)
. DMCA HTML , , , , ,
, , , . DMCA
.
DMCA Sony-BMG ""
Sony-BMG CD "(root kit)"
Secure Digital Music Initiative(SDMI)
,
. SDMI
. .
SunnComm CD
SunnComm
. SunnComm .
pdf
.
pdf .
. .
Reverse Engineering
http://www.securitya.kr 2008 Security Awareness Korea
- 6 -
1-3. RCE
Student Notes
. .
/ . /
( )
.
exe PC
. PC
PC
. .
RCE
DRM
RCE
Reverse Engineering
http://www.securitya.kr 2008 Security Awareness Korea
- 7 -
.
.
.
.
DRM
DRM .
.
.
API
.
.
.
.
.
. .
.
Reverse Engineering
http://www.securitya.kr 2008 Security Awareness Korea
- 8 -
Reverse Engineering
http://www.securitya.kr 2008 Security Awareness Korea
- 9 -
Module 2 RCE
Objectives
CPU
CPU
/
STACK
(Calling Convention)
SEH(Structured Exception Handling)
C
API
Reverse Engineering
http://www.securitya.kr 2008 Security Awareness Korea
- 10 -
2-1. CPU
Student Notes
CPU , .
CPU . CPU
, , , . CPU
. , (ALU: arithmetic logic
unit), (control unit) .
.
. .
. - -
CPU
BUS Interface
ALU(Arithmetic Logic Unit)
Control Unit
Register Set
CPU (Central Processing Unit)
Memory
I/O BUS
Keyboard Monitor NIC HDDMonitor
Reverse Engineering
http://www.securitya.kr 2008 Security Awareness Korea
- 11 -
CPU
Control Unit ALU ALU .
ALU() : (, ) ( , ,
) .
.
Register : .
.
- .
Reverse Engineering
http://www.securitya.kr 2008 Security Awareness Korea
- 12 -
2-2. CPU
Student Notes
CPU , , EFLAGS , CIP
. 32
