Îñîáåííîñòè äèçàññåìáëèðîâàíèÿ ïîä LINUX íà ïðèìåðå tiny-crackme
Âîò êàê áóäåò âûãëÿäåòü ýêðàí
Âîò êàê áóäåò âûãëÿäåòü ýêðàí äèçàññåìáëåðà:
LOAD:0020004B loc_20004B: ; DATA XREF: sub_2002F0+1o
LOAD:0020004B mov eax, 20019Eh ; íà÷àëî íîâîãî øèôðîáëîêà
LOAD:00200050 mov ebx, 0F4h ; äëèíà øèôðîáëîêà â áàéòàõ
LOAD:00200055 shr ebx, 2 ; ïåðåâîäèì áàéòû â äâîéíûå ñëîâà
LOAD:00200058 mov edx, dword_200292 ; "âîëøåáíàÿ" êîíñòàíòà 0BEEFC0DAh
LOAD:0020005E call loc_2002BC ; âûçîâ layer-2 ðàñøèôðîâùèêà
LOAD:00200063 mov ecx, offset unk_20019E ; óêàçàòåëü
íà ASCII-ñòðîêó
LOAD:00200068 mov edx, 0F4h ; äëèíà ñòðîêè
LOAD:0020006D call loc_20029A ; âûâîä ñòðîêè íà ýêðàí
LOAD:00200072 mov eax, 1Ah ; \
LOAD:00200077 xor ecx, ecx ; + àíòèîòëàäêà, îñíîâàííàÿ íà
LOAD:00200079 mov esi, ecx ; + íåðåíòàáåëüíîñòè ptrace
LOAD:0020007B mov edx, 1 ; /
LOAD:00200080 int 80h ; LINUX - sys_ptrace
LOAD:00200082 sub ebx, eax ; àíàëèç êîäà âîçâðàòà
LOAD:00200084 test eax, eax ; ïðîâåðêà íà íàëè÷èå îòëàä÷èêà
LOAD:00200086 jz short loc_200099 ; -> îòëàä÷èê íå îáíàðóæåí
LOAD:00200088 mov ecx, offset aSorryButThePro
LOAD:0020008D mov dl, 34h ; îòëàä÷èê îáíàðóæåí, ìàòåðèìñÿ
LOAD:0020008F call loc_20029A ; âûâîä ðóãàòåëüíîãî ñîîáùåíèÿ
LOAD:00200094 jmp loc_20030 ; -> çàâåðøåíèå ïðîãðàììû
LOAD:00200094
LOAD:00200099 loc_200099: ; CODE XREF: start+7Ej
LOAD:00200099 jmp short loc_20009C ; ïðûæîê
íà loc_20009C
LOAD:00200099
LOAD:0020009B db 0B0h ; - ; ìóñîðíûé
áàéò
LOAD:0020009C
LOAD:0020009C loc_20009C: ; CODE XREF: start:loc_200099j
LOAD:0020009C push ebx ; ñîõðàíÿåì
