Assembler untuk Cracker :
Stack & Push/Pop
|
Before any function call, a program must 'push' any parameters that the function expects onto the stack. Think of it as a stack of plates, the first plate on the stack is the last one to be taken off-- the stack is exactly the same. It's important to remember this 'first on/last off' principal when looking at a call, as this means that the parameters will be passed in reverse order... In case my babbling has confused you, lets look at this example:
The windows api function GetDlgItemText requires the following parameters:
(1) Handle of dialog box
(2) Identifier of control
(3) Address of buffer for text
(4) Maximum size of string
Therefore these could be passed like so:
MOV EDI,[ESP+00000220] ; Get Handle of dialog box in EDI
PUSH 00000100 ; PUSH (4) Max size of string
PUSH 00406130 ; PUSH (3) Address of buffer for text
PUSH 00000405 ; PUSH (2) Identifier of control
PUSH EDI ; PUSH (1) Handle of dialog box
CALL GetWindowText ; CALL the function
Easy eh? This can be one of the simplest ways of cracking a serial number app, if you know the address of the buffer for the serial number, in this case 00406130, just breakpoint it, and you'll usually end up in or around the procedure that generates the real serial!! :)
POP is simply used to remove the first item from the stack, there are usually a lot of them before a function returns to the program...
|