1 / 19

Reverse Engineering

Reverse Engineering. PART1 숭실대학교 최소영 , 김충희. Reverse Engineering. What is Reverse Engineering? Intel Architecture Calling Convention. What is Reverse Engineering?. Reverse Engineering. Game Hack. CD-Key. EDITER. Maintenance. Security. Imformation.

armando-sykes
Download Presentation

Reverse Engineering

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Reverse Engineering PART1 숭실대학교 최소영, 김충희

  2. Reverse Engineering • What is Reverse Engineering? • Intel Architecture • Calling Convention

  3. What is Reverse Engineering?

  4. Reverse Engineering Game Hack CD-Key EDITER Maintenance Security Imformation

  5. What Does It Need For Reverse Engineering? • Intel Architecture & Basic • Register • Virtual Memory • Calling Convention • ELF • Compositionof ASM Table • GDB, OBJDUMP, Itrace, strace

  6. Intel Architecture 가용 메모리 영역 확인 최근 사용되는 시스템의 CPU는 64bit씩 처리할 수 있으므로 메모리 영역은 0~264-1의 범위를 갖는다. Kernel 적재

  7. Intel Architecture 명령어:기계어코드 논리주소 사용

  8. Intel Architecture 지역변수 • What does Data Segment have? • Data Structure • Data Module • Dynamic Generation Data • Sharing Data • What does Stack Segment have? • Handler • Task • Program • Buffer 전역 변수 Physical address = Logical address + Offset 0x80010000(offset) + 0x00000100(logical a.d) = 0x80010100(physical a.d)

  9. Register 32-bit register for accumulator EAX's lower half 16-bit register AX's upper half 8-bit register AX's lower half 8-bit register

  10. Register • EFLAGS Register • EFLAGS : 32-bit register for flags • Instruction Pointer • EIP: 32-bit register for instruction pointer • Segment Register • CS : 16-bit register for code segment • SS : 16-bit register for stack segment • DS : 16-bit register for data segment • ES, FS, GS : additional 16-bit segment register

  11. Virtual Memory

  12. Virtual Memory

  13. Process of Compilation

  14. The Basic of Calling Convention What does it need for materialization of calling function? Place where could save return value after function execution Place where function’s information could be save Pointer which has function’s location Place where could get the parameter which need for function execution Function name which can get the value

  15. The Basic of Calling Convention Stack structure Last in-first out callee caller

  16. What is calling convention exactly? 함수 호출 규약(function calling convention) : 함수 호출을 위해서 밟는 절차 서로 다른 컴파일러 및 언어에 대한 상호 작용성↑ 빌드(Build)된 실행 파일의 재사용성 ↑

  17. Calling Convention _cdecl : 전통적인 C스타일의 호출규약 인자를 오른쪽에서 왼쪽으로 Stack에 저장 (뒤에 것부터 먼저 넣음) 받을 때는 Register를 통해 Return값을 받음 호출한 함수가 Stack을 해제

  18. Calling Convention _stdcall : API함수에 적용된 호출규약 (파스칼식 호출) 일반적으로 API식 _cdecl로 여겨짐 호출 받은 함수가 스택을 해제 가변 파라미터 사용시 _cdcl과 같은 형식의 호출 사용

  19. Calling Convention _fastcall: _stdcall을 빠른 속도로 개선 Register Calling Convention Windows NT/200X 커널 모드 드라이버에서는 더 이상 사용하지 않음 (Register는 CPU에 종속적이기 때문

More Related