Reverse learning notes (I)

background

It took 1500 Applied for a summer school , Start from the foundation again and learn the reverse

Note No 0 course

A lesson on learning methods ：

1. Learn in order , Don't omit knowledge points , Slowly but surely , go further

2. Be good at thinking , Observe ;

3. Practice after study , Ask questions .

The first lesson

1. Usually exe The inspiration address of is 0x401000;

2.EXE and DLL The difference between ： Structure is the same , but exe It can run directly ,DLL It can be exe Library functions called ;

3. The difference between system airspace and program airspace

4. When not running , You can click CALL function , Enter to check , Keypad - No. return .

6.MessageBoxA Is the system pop-up function , Breakpoints can be set here , Disconnect before popping ;

7. stay Command Window type ：？MessageBoxA, You can find its absolute address ;

8.Ctrl+G You can jump to the designated address , Equivalent to goto;

The third class

1. Crack 95% It's guessing the developer's program flow based on fragmentary information ;

2.Ctrl+N（Alt+E） Exhale “ modular ” window , You can see the program called DLL as well as DLL Inside API, Input function name to filter .

  Several ways to lower the breakpoint ：

1.F2;

2. In the naming window, enter ：bp Function identification （ Absolute address ）

The fourth lesson

F9 function

Cut in through two ways ：

1. Search string , Double click to enter the program code segment ;

2. Through system functions such as MessageBoxA Lower breakpoint , The stack window in the lower right corner , See the calling function ,Enter Get into

When you get to the code segment of the key function , Click the beginning of the function segment ,OD There will be one. “ go to CALL come from , Enter his superior to call the function ”

3. Modify jump conditions , Fail to prevent the program from entering （ Will enter success ）;

4. The way of modification is ： Will jump here Conditions jump , Change it to nop, No jump , Or find a successful location , take Conditional jump to JMP Jump unconditionally .

5. export ： Right click ,“ Copy to executable ”, Save all changes , Right click , Save the file , Save as new exe that will do .

The homework has been finished （2022 year 7 month 15 Japan 07:58:48）