-
OD is a powerful tool for dynamic debugging! Crack the registration code or something, it's easy to track down the registration code. But the shortcomings are also obvious, it only explains**, but does not analyze the logical relationship of **, you have to analyze it yourself!
If you want to understand the specific operation process and branch structure of the program, it is recommended that you use the static debugging tool - IDA. The analysis process of this software is very clear, and there is a flowchart display, which is clear at a glance!
In addition, the compilation you mentioned must be very different from the source of the software, but the function is the same. Assembly is a low-level language, and it implements software functions in a more cumbersome language, which requires careful analysis! Generally, if you watch a lot, you will know which compilation is implemented by choice, or loop!
-
dailyren said it very well.
However, OD disassembly is really difficult to analyze, and it is recommended to use IDA Pro
But you have to have a good compilation base, very good
-
Personally, I think it's good to have od. IDA is too bloated, and it might be better to analyze big software.
Top 1st floor. Analyze the logic between ** yourself.
-
Use OD disassembly,If the program is relatively large, you should first look at the program as a whole,For example, see which segments the program has,Which modules are there,Roughly browse to see the API used to analyze。
To understand it all, you can only step through the analysis on f7f8.
If it's cracked, you don't have to understand it all, just go to the key place and carefully analyze the registration algorithm.
-
After loading with OD, the OD will automatically stop at the breakpoint of your settings:
1.System breakpoint (kernel32).
In general, it is broken at the OEP. Later tracking also needs to be based on different development languages to place different breakpoints.
Press f9 to run, if there is a user breakpoint or the program has a breakpoint or encounters another system breakpoint, it will stop, otherwise it will be in a state of running all the time.
It is recommended to find clues to follow.
If it is a Windows VS series compiler, it is recommended that the breakpoint is at registerclass, and its parameter is wndclass*Then the second member of wndclass is the address of the window procedure function, and then make a breakpoint at that address, and then continue to find it.
-
MFC wrote? Or is it written by the SDK? sdk, break registerclass, find the window function address, and you can find it with the past
MFC's disconnection setWindowText, setdlgitemText. Seconds to find.
-
What data do you want to get?
Decompilation can see ** and some constants.
If the variable, then you can only look at the memory address when it is executed to **.
-
If you want to learn disassembly, you must first understand the calendar code of the generation branch Go and see Wang Shuang's "Assembly Language" That book is all understood, go and see the cracking of Amakusa (be sure to read it thoroughly, don't be sloppy) Look at it in the following order 1, Black Hawk cracking tutorial 2, Black Hawk VIP cracking improvement class 3, Amakusa stream primary 4, Amakusa intermediate class 5, Amakusa advanced class After reading it all, basically your shelling technology stays in 2006 2007 This technology As for finding call, shelling is all judged by experience Then the next one is called " China Sharing Sky Original Cracked Animation" Delete all the tutorials in it yourself A person slowly cracks the software inside Then go to some to see the snow, I love to crack, upk forum Find some execrypter shell, zprotect shell, Themida shell, vmprotect shell, Noobyprotect shell tutorial These are all done, I suggest you go to see "32-bit assembly in the Windows environment" If you want to ask what if I can't buy these books.
In this**, there is a natural search for compilation Remember cash on delivery.,I'm not responsible for being deceived After reading this book, search for ACG Sinicization Group., Find a Chinese tutorial < in it-Don't ask why you want to see it.,After the cycle is gradual, you naturally understand Learn more about the game's Chinese tutorial can help you (don't explain) If you can change your stupidity, go and see it Reading at night and night-From assembly language to windows kernel programming Hanjiang solo fishing—Windows kernel security programming It is recommended to learn how to use CE as a plug-in It's not that you want to use CE to do plug-ins, but you want to use CE Amakusa's 2009 "Shell World" When you look at the shell world, you must have a deeper understanding of the assembly, otherwise it's a bit difficult to read Next, go learn a high-level language by yourself, All in all, follow the core and take the ring step by step, and what to do in the future, you will naturally understand!! Satisfied.
-
ollydbg compils the address which is originally hexadecimal, and is an assembly
-
It is recommended to check out the oak noise tease as above**. Beam sells very touch the stool in detail!
-
I think we should pronounce "Eucalyptus debug" or "Europellia dbg".
The first half of the name comes from the author's name, Oleh Yuschuk (better known as Olly).
The second half is all the consonant letters of debug.
-
Open the stuff you want to compile directly
-
Now debuggers (e.g. ollydbg), disassemblers (idas) will reverse the executable into an 80386 assembly by default, but for some. com file or file of unknown format, IDA may disassemble it as a compilation of 8086.
To understand the assembly,It's very simple,Keep looking,There's a good learning method to check the Internet if you don't understand.,Write ** under VC yourself,Set breakpoint debugging,When the program is broken,Right-click->Go to Disassembly,You can see the assembly corresponding to each statement in the C language you wrote**。
As for win32 assembly, it doesn't seem to be needed, anyway, I don't understand.
-
There are many types of VC compilation, MFC and non-MFC compilation.
The current VC is written in VC6 to VC9, where the individual button events are different, but the general button events are loaded into ollydbg ctrl+f sub,eax,a
For general VC button event handling, this will do the button event method for VC8.
In the case of an exception, it can be caught inside the called method or can continue to be thrown. >>>More
Here's how to quickly understand financial statements:1. Look at the income statement first. From the income statement, we can see the operating ability of an enterprise, and trace whether the performance of a certain business or department affects the profitability of the company. >>>More
Morse code is a time-on-break signal** that expresses different letters, numbers, and punctuation marks in different sequences. It was invented by the American Alfeld Weir, who at the time (1835) was assisting Samuel Morse in the invention of the Morse telegraph. Morse code is an early form of digital communication, but unlike modern binary, which uses only zeros and one or two states, Morse code includes five types >>>More
Joel is writing a school report on word processors. She wants to place an oversized dimple that is cm30, dot, 51, start text, space, c, m, end text wide, so that it appears in the center of the page. The width of the page is, point, 59, starttext, space, c, m, and end text. >>>More
Add the path to the file you installed under the system path, and you're done.