Îñîáåííîñòè äèçàññåìáëèðîâàíèÿ ïîä LINUX íà ïðèìåðå tiny-crackme
Èññëåäîâàíèå tiny-crackme èçâíå è èçíóòðè - ÷àñòü 8
ebx ïîñëå ptrace
LOAD:0020009D mov ecx,offset dword_200296; óêàçàòåëü íà 4õ áàéòîâûé áóôåð
LOAD:002000A2 mov edx, 4 ; ñêîëüêî ñèìâîëîâ ñ÷èòàòü
LOAD:002000A7 call loc_2002AA ; ñ÷èòàòü ñ êëàâû 4 ñèìâîëà
LOAD:002000AC call loc_2002C9 ; ïðîâåðêà ïàðîëÿ + CRC
LOAD:002000B1 xor ebx, dword_200296 ; àíàëèç ðåçóëüòàòîâ ïðîâåðêè
LOAD:002000B7 jz short loc_2000CC ; -> ïàðîëü è CRC ïîäëèííûå
LOAD:002000B9
LOAD:002000B9 loc_2000B9: ; CODE XREF: start+C7j
LOAD:002000B9 mov ecx, offset aWrongPasswordS ;
LOAD:002000BE mov dl, 1Dh ; ïàðîëü èëè CRC
íåâåðíû
LOAD:002000C0 call loc_20029A ; âûâîä ðóãàòåëüñòâà íà ýêðàí
LOAD:002000C5 jmp loc_20030C ; -> çàâåðøåíèå ïðîãðàììû
LOAD:002000C5
LOAD:002000CA db 72h ; r ; ìóñîð
LOAD:002000CB db 36h ; 6 ; ìóñîð
LOAD:002000CC
LOAD:002000CC loc_2000CC: ; CODE XREF: start+AFj
LOAD:002000CC pop ebx ; âûòàëêèâàåì
ebx ïîñëå ptrace
LOAD:002000CD test ebx, ebx ; áûë ëè ðàíüøå îáíàðóæåí îòëàä÷èê
LOAD:002000CF jnz short loc_2000B9 ; -> îòëàä÷èê áûë ðàíåå îáíàðóæåí
LOAD:002000D1 mov ecx, offset aSuccessCongrat ;
LOAD:002000D6 mov edx, 68h ; âñå ïðîâåðêè ïðîéäåíû! âñå îê!
LOAD:002000DB call loc_20029A ; âûâîäèì ïîçäðàâëåíèå íà ýêðàí
LOAD:002000E0 jmp loc_20030C ; -> ïîáåäîíîñíîå çàâåðøåíèå ïðîãè
LOAD:002000E0
LOAD:002000E5 aWrongPasswordS db 0Ah ; DATA XREF: start:loc_2000B9o
LOAD:002000E5 db ' Wrong password, sorry...',0Ah
LOAD:002000E5 db 0Ah,0
LOAD:00200102 aSorryButThePro db 'Sorry but the process seems to be traced...',0Ah,0
LOAD:00200102 ; DATA XREF: start+80o
