Win32-based Software Reverse Engineering Of The Research And Application

The application of software system is more and more widely used, creating a new software system is not the only problem in the field of software engineering, but also ways to protect and rebuild the existing system, the latter even seems to be more meaningful and challenging, the software reverse engineering, however, is the foundation of the reconstruction and protection for existing system. At present, the technologies of software reverse engineering and re-engineering have achieved a non-existing space for their development, both of them are becoming more important in the software engineering field, and making a great point in both handling and economy.The security of software problem has been concerned since the rapid development of software industry,its fast transport and the increasing demand, to analysis and design a good way to improve security of software is significant for copyright protection. To research on software security in the key technology is great meaningful for the authority protecting, creators' profit protecting and users' profit protecting. Besides, the Legacy System (LS) has brought new problems to the updating and moistening of the software, as the LS has problems such as the fallen technology, chaotic system structure, documents disappearing and high fee for maintaining, majority of the companies and communities adopt new tech to rebuild the legacy system to the new software or hardware ground, in order to increase the responsibility, availability, reparability and property of the system.In recent years, there are many researches in the software reverse engineering and re-engineering, but it is still could not be seen as an fully developed area, since there is no uniform, systematic, scientific software reverse engineering theory and methods, wherefore an in-depth study is highly needed.This article refers to the large number of domestic and international literature, and is related to the author's experience in reverse engineering, identifying many core tech in reverse engineering minutely, studying a business testing system which run in the WIN32 platform. The main work is using spy tool PEID to analysis whether the system is shelled and the forming language of this soft; using IDA analysis tool to analysis the software statically, opposite active software analysis tool OLLYDBG to run the static analyze, getting where the software can be creaked violently and writing the patch, which achieve the violently creak in software; analysis the totally testing program of a film, knowing how the machine code formed and how the software resisted to create a register machine; at last, take advantage of the theory of rebuild system and the tech of recreate to gain new menu, expanding the function of software simply.1. The violent creak in softwareTo enhance the of software anti-cracking level, we need to learn how to creak in order to do better in anti-creak field. The author will take this software as an example to explain the process of violent creak. Firstly, using PEID to inspect, see whether the software have shell or other protective measures, through inspecting we know there are no shell, so that will be easier to creak; at the same time, we know the main file is written by VB6.0, the active link chain about the registion is written by VC++6.0, by knowing the writing language can accelerate the speed of reverse analyze.Then using static analysis software to analysis the model testing system, looking for the disassembly registration code, in OllyDbg dynamic debugging software on rtcMsgBox set up break point, running track, to find the DLL in the checkRegister() Function of the code, modify the value of the register (the function return value) or transformed into directive JMP jump to violence to achieve break.In order to retain the above-mentioned results, we need to modify the original document of the software; the author uses a patch file to achieve the goal. Firstly use the hex editor to search the place that need to modify the location and the revised code of hexadecimal form, then using C++ to revise the original file with the form of byte wave. At last, put the file which has been translated by C++ to the setup document, running the file to creak.2. The software registration flow analysisAnalysis of the software registration flow can help us to understand the software protection, the process and the principle of machine code's generation, process and algorithm of the software registration, to enhance the anti-crack strength is essential for protecting the registration software. First of all, author executes examination simulation system software to learn the way of registration, and then using static and dynamic analysis of the combination of debugging software to track the implementation process.There are two types of registration: the network off-line registration and registration when the software runes to the registration step. At the same time, the system generates a 90-length binary string as machine code; a normal registration can be executed only when it contents all the three keys: user name, password and registered trade mark.According to the static analysis of the results, tracking software implementation process from the background of the violent break, we found that the software judged the integrity of the document to prevent file was modified illegally. Specific process is as follows: Calculation of the dynamic link library files Register.dll the MD5 value of the software released with a pre-MD5 value, to determine whether the link library files have been modified; in the dynamic link in the main document read in a number of bytes to read Master file has been modified. Then the computer software system based on the Main Board number, C logical disk serial number, date and other information generated string, and string BASE64 encoded to carry out the conversion, and then MD5 and RSA encryption, the final binary form. On the basis of the registration process analysis, prepared by VB6.0 registry, enter a user name and password to generate code.3. The software systems RedevelopmentSoftware re-engineering, simply speaking, is a re-assembly of the existing system through analysis and transformation of existing software systems; Redevelopment is through existing software systems analysis, on this basis On the part of the increase in the function that it can better meet the needs of the user, is the form of the initial application of second development. for the purpose of researching reverse engineering software, author just done a simple expansion for the simulation test system adds a menu function which is used to start VC++6.0.To add a menu through existing tools, set ID value for it, then go to the new WndProc message processing code, add new message judgment and event codes, to achieve the corresponding function by programming event processing code. Anti-assembly code can be received from Reverse engineering, we can use assembly language if source code has very few, but the source has a few readability and not easy to maintain in the future's upgrade, and therefore I used the way of increasing DLL. Compiling the StartVC function with the VB6.0, the use of function is to detect if VC + +6.0 has been installed in systems, if it has, to start it as normal, otherwise, prompt users to install VC + +6.0. After generating the DLL files, to open the main file of simulation test system with LoadPE, increase the DLL reference and input StartVC function, and then set the correct address of the call. Finally we will see the new menu when re-start the simulation test system, after click we can implement the scheduled function.