Web : http://mxb.cjb.net
Contact Me : [email protected] or [email protected]


Main

Advanced Topics

Software companies are really trying hard to protect their software from
pirates and crackers,but always there will be a loop hole.
Most common methods used to protect their application are :

1 Serial number check
2 Encrypting program file
3 Hardware locks

Each techniques have its own importance.It depends on the knowledge of the
programmer who implement these protections.


Encrypting program file : This method is used commonly.By packing a file we
can't disassemble it and also can't use hex editor to change its values.
Because when we run the protected program it first unpacks itself in memory
of computer and control is passed to original program.To defeat this we can
follow two techniques :


1 Use runtime patching - In this we implement patch which will change the
code inside the file at runtime after the packer has done its job i.e
unpacking main program.Suppose we want to patch address 0x4045A4 with
NOP.So we will find a place inside the loader after the unpack routine
and write ...

MOV [0x4045A4],90 ==> NOP

So we have used runtime patching to patch memory.

2 Unpacking - This method is only for gurus.You need to know every thing
about PE File format ,about import table...
Attacking point is where the loader is transfering control to main
program in memory.The trick is that we dump the memory at this point
to a file and change it program entry point by using PE Editor.
If unpacker is playing with idata [ import table ] section we will have
to find real idata setion and glue it all together.
I have seen that end of unpacking routine can be
found out by instruction : Example

0x79329F POPAD
0x7932A0 JMP [REAL PROGRAM ENTRY POINT]


Now most of unpackers use hardcore techniques : example
VBOX - Cracking into VBOX protected programs is very simple but implementing
a patch is realy realy tough.It uses CRC checking ,memory checking,debugger
checking.


I will like to discuss about three of the most important packers :

1 VBOX
2 ASPack
3 ASProtect