๐’ƒ๐’†๐’‚๐’–๐’•๐’š ๐’Š๐’๐’•๐’†๐’๐’๐’Š๐’ˆ๐’†๐’๐’•
728x90
๋ฐ˜์‘ํ˜•
Mobile Application Reverse Engineering: MARA
Security Study/Reversing 2016. 12. 16. 17:06

Mobile Application Reverse engineering and Analysis Framework MARA is a Mobile Application Reverse engineering and Analysis Framework. It is a tool that puts together commonly used mobile application reverse engineering tools, in order to make the task or reverse engineering and analysis easier and friendly to mobile application developers and security professionals. Features supportedAPK Revers..

article thumbnail
๋ฒ”์šฉ ๋ ˆ์ง€์Šคํ„ฐ(General Register)
Security Study/Reversing 2015. 9. 8. 18:19

๋ฒ”์šฉ ๋ ˆ์ง€์Šคํ„ฐ(General Register)EAX (AX, AH, AL) - ๋ˆ„์ ์—ฐ์‚ฐ๊ธฐ, ๊ณฑ์…ˆ๊ณผ ๋‚˜๋ˆ—์…ˆ ์—ฐ์‚ฐ์—์„œ ์ž๋™์œผ๋กœ ์‚ฌ์šฉEBX (BX, BH, BL) - ๋ฒ ์ด์Šค ๋ ˆ์ง€์Šคํ„ฐ, ํŠน์ • ์ฃผ์†Œ๋ฅผ ์ง€์ •ECX (CX, CH, CL) - ์ˆ˜๋ฅผ ์„ธ์•„๋ฆผ, ์ž๋™์œผ๋กœ ๋ฃจํ”„ ์นด์šดํ„ฐ๋จ(๋ฐ˜๋ณต์ ์ธ ๋ช…๋ น์„ ์ˆ˜ํ–‰์‹œ)EDX (DX, DHT, DL) - ๋ฐ์ดํ„ฐ ๋ ˆ์ง€์Šคํ„ฐ, ์ž…์ถœ๋ ฅ ์—ฐ์‚ฐ์—์„œ ๋ฐ˜๋“œ์‹œ ๊ฐ„์ ‘ ์ฃผ์†Œ ์ง€์ •์— ์‚ฌ์šฉESI (SI) - ์ฝ๊ธฐ ์ธ๋ฑ์Šค, ๋ฌธ์ž์—ด ์ „์†ก์ด๋‚˜ ๋น„๊ต์—์„œ ์‚ฌ์šฉ๋˜๋Š”๋ฐ ์ฃผ๋กœ ์†Œ์Šค ๋ฌธ์ž์—ด์˜ ์˜คํ”„์…‹์„ ๊ฐ€๋ฆฌํ‚ดEDI (DI) - ์“ฐ๊ธฐ ์ธ๋ฑ์Šค EBP (BP) - ๋ฒ ์ด์Šค ํฌ์ธํ„ฐ, ์Šคํƒ์˜ ๋ฐ์ดํ„ฐ์— ์ ‘๊ทผํ•˜๊ธฐ ์œ„ํ•ด ์‚ฌ์šฉESP (SP) - ์Šคํƒ ํฌ์ธํ„ฐ, ํ˜„์žฌ๊นŒ์ง€ ์‚ฌ์šฉ๋œ ์Šคํƒ์˜ ์œ„์น˜๋ฅผ ์ €์žฅ, ์Šคํƒ ์ตœ์ƒ๋ถ€์˜ ์˜คํ”„์…‹์„ ๊ฐ€๋ฆฌํ‚ดEIP - ๋ช…๋ น์–ด ..

๋ฆฌ๋ฒ„์Šค ์—”์ง€๋‹ˆ์–ด๋ง์ด๋ž€?
Security Study/Reversing 2015. 9. 3. 05:19

* ๋ฆฌ๋ฒ„์Šค ์—”์ง€๋‹ˆ์–ด๋ง์ด๋ž€? - ํ”ํžˆ ์—ญ๊ณตํ•™์ด๋ผ๊ณ  ๋ถ€๋ฅธ๋‹ค.- ์‘์šฉ ํ”„๋กœ๊ทธ๋žจ์˜ ๋‚ด๋ถ€ ๊ตฌ์กฐ์™€ ๋™์ž‘์›๋ฆฌ๋ฅผ ํƒ๊ตฌํ•˜๋Š” ๊ธฐ์ˆ - ๋ฒ„๊ทธ๋‚˜ ์ทจ์•ฝ์  ๋ถ„์„- ํŒŒ์ผ์ด๋‚˜ ๋ฉ”๋ชจ๋ฆฌ ์ง์ ‘์ˆ˜์ •- ์ƒˆ๋กœ์šด ๊ธฐ๋Šฅ์„ ์ถ”๊ฐ€ ํ•˜์—ฌ ํ”„๋กœ๊ทธ๋žจ์˜ ๊ธฐ๋Šฅ ํ–ฅ์ƒ- C์–ธ์–ด, ์–ด์…ˆ๋ธ”๋ฆฌ, OS๊ตฌ์กฐ, ๋””๋ฒ„๊ฑฐ ์‚ฌ์šฉ๋ฒ• ํ•„์š” * ์ •์ ๋ถ„์„ - ๋ฉˆ์ถ˜์‚ฌ์ง„ - ํŒŒ์ผ์˜ ๊ฒ‰๋ชจ์Šต ๋ถ„์„- ํŒŒ์ผ์˜ ์ข…๋ฅ˜, ํฌ๊ธฐ, ํ—ค๋”์ •๋ณด, Import/ Export API, ๋‚ด๋ถ€ ๋ฌธ์ž์—ด ์‹คํ–‰ ์ž…์ถœ์—ฌ๋ถ€, ๋“ฑ๋ก์ •๋ณด, ๋””๋ฒ„๊น… ์ •๋ณด, ๋””์ง€ํ„ธ ์ธ์ฆ์„œ, ๋‚ด๋ถ€์ฝ”๋“œ ๋“ฑ * ๋™์ ๋ถ„์„ - ๋™์˜์ƒ - ํŒŒ์ผ์„ ์‹ค์ œ๋กœ ์‹คํ–‰์‹ด์ผœ ๊ทธ ํ–‰์œ„๋ฅผ ๋ถ„์„ ๋””๋ฒ„๊น…์œผ๋กœ ์ฝ”๋“œ ํ๋ฆ„๊ณผ ๋ฉ”๋ชจ๋ฆฌ ์ƒํƒœ๋“ฑ์„ ์ž์„ธํžˆ ์‚ดํŽด๋ณด๋Š” ํ–‰์œ„[์ถœ์ฒ˜] ๋ฆฌ๋ฒ„์Šค ์—”์ง€๋‹ˆ์–ด๋ง์ด๋ž€?|์ž‘์„ฑ์ž Zealous

๋ ˆ์ง€์Šคํ„ฐ๋ž€?
Security Study/Reversing 2015. 9. 3. 05:17

CPU ๋ ˆ์ง€์Šคํ„ฐ ์šฐ์„  CPU๊ฐ€ ๋ฌด์Šจ ์ผ์„ ํ•˜๋Š”์ง€ ์•Œ์•„๋ณด์ž. ๊ฐ„๋‹จํ•˜๊ฒŒ CPU(Central Processing Unit)๋Š” ๋ฉ”๋ชจ๋ฆฌ๋กœ๋ถ€ํ„ฐ ๋ช…๋ น์–ด๋ฅผ ๊ฐ€์ ธ์™€์„œ(fetch) ์–ด๋–ค ๋ช…๋ น์–ด์ธ์ง€ ํ•ด์„ํ•˜๊ณ (decode) ์‹คํ–‰ํ•˜๋Š”(execute) ๋™์ž‘์„ ํ•œ๋‹ค. CPU์— ๋Œ€ํ•ด์„œ๋Š” ๋ฆฌ๋ฒ„์‹ฑ ์ž‘์—…์—์„œ ๋งŽ์ด ์‚ฌ์šฉ๋˜๋Š” ๋ ˆ์ง€์Šคํ„ฐ์— ๋Œ€ํ•ด์„œ๋งŒ ์•Œ์•„๋ณด๋„๋ก ํ•˜๊ฒ ๋‹ค. ๋ ˆ์ง€์Šคํ„ฐ๋Š” CPU ๋‚ด๋ถ€์— ์กด์žฌํ•˜๋Š” ์ž‘์€ ๊ณ ์†์˜ ๋ฉ”๋ชจ๋ฆฌ๋ผ๊ณ  ํ•  ์ˆ˜ ์žˆ๋‹ค. ๋ ˆ์ง€์Šคํ„ฐ์˜ ์ข…๋ฅ˜๋กœ๋Š” ๋ฒ”์šฉ ๋ ˆ์ง€์Šคํ„ฐ, ์„ธ๊ทธ๋จผํŠธ ๋ ˆ์ง€์Šคํ„ฐ, ์ƒํƒœ ํ”Œ๋ž˜๊ทธ ๋ ˆ์ง€์Šคํ„ฐ, ๋ช…๋ น ํฌ์ธํŠธ ๋ ˆ์ง€์Šคํ„ฐ ๋“ฑ์ด ์žˆ๋‹ค. ์˜ฌ๋ฆฌ๋””๋ฒ„๊ฑฐ์— ๋‚˜ํƒ€๋‚˜๋Š” ๋ ˆ์ง€์Šคํ„ฐ ์ •๋ณด๋ฅผ ์‚ดํŽด๋ณด์ž. ๋ฒ”์šฉ ๋ ˆ์ง€์Šคํ„ฐ โ–ก EAX(Extended Accumulator Register) ๊ณฑ์…ˆ๊ณผ ๋‚˜๋ˆ—์…ˆ ๋ช…๋ น์—์„œ ์ž๋™์œผ๋กœ ์‚ฌ์šฉ๋˜๊ณ  ํ•จ์ˆ˜์˜ ๋ฆฌํ„ด ๊ฐ’์ด ์ €์žฅ๋˜๋Š” ..

์–ด์…ˆ๋ธ”๋ฆฌ์–ธ์–ด๋ž€?
Security Study/Reversing 2015. 9. 3. 05:16

์–ด์…ˆ๋ธ”๋ฆฌ ์–ธ์–ด ๋ฐ์ดํ„ฐ ํƒ€์ž… ํƒ€์ž… ์„ค๋ช…BYTE 8๋น„ํŠธ ๋ถ€ํ˜ธ ์—†๋Š” ์ •์ˆ˜SBYTE 8๋น„ํŠธ ๋ถ€ํ˜ธ ์žˆ๋Š” ์ •์ˆ˜WORD 16๋น„ํŠธ ๋ถ€ํ˜ธ ์—†๋Š” ์ •์ˆ˜SWORD 16๋น„ํŠธ ๋ถ€ํ˜ธ ์žˆ๋Š” ์ •์ˆ˜DWORD 32๋น„ํŠธ ๋ถ€ํ˜ธ ์—†๋Š” ์ •์ˆ˜SDWORD 32๋น„ํŠธ ๋ถ€ํ˜ธ ์žˆ๋Š” ์ •์ˆ˜FWORD 48๋น„ํŠธ ์ •์ˆ˜QWORD 64๋น„ํŠธ ์ •์ˆ˜TBYTE 80๋น„ํŠธ ์ •์ˆ˜ ํ”ผ์—ฐ์‚ฐ์ž(operand) ํƒ€์ž… ํ”ผ์—ฐ์‚ฐ์ž ์„ค๋ช…r8 8๋น„ํŠธ ๋ฒ”์šฉ ๋ ˆ์ง€์Šคํ„ฐr16 16๋น„ํŠธ ๋ฒ”์šฉ ๋ ˆ์ง€์Šคํ„ฐr32 32๋น„ํŠธ ๋ฒ”์šฉ ๋ ˆ์ง€์Šคํ„ฐReg ์ž„์˜์˜ ๋ฒ”์šฉ ๋ ˆ์ง€์Šคํ„ฐSreg 16๋น„ํŠธ ์„ธ๊ทธ๋จผํŠธ ๋ ˆ์ง€์Šคํ„ฐImm 8, 16, 32๋น„ํŠธ ์ฆ‰์‹œ ๊ฐ’imm8 8๋น„ํŠธ ์ฆ‰์‹œ ๊ฐ’imm16 16๋น„ํŠธ ์ฆ‰์‹œ ๊ฐ’imm32 32๋น„ํŠธ ์ฆ‰์‹œ ๊ฐ’r/m8 8๋น„ํŠธ ๋ฒ”์šฉ ๋ ˆ์ง€์Šคํ„ฐ, ๋ฉ”๋ชจ๋ฆฌr/m16 16๋น„ํŠธ ๋ฒ”์šฉ ๋ ˆ์ง€์Šคํ„ฐ, ๋ฉ”๋ชจ๋ฆฌr/m32 32๋น„ํŠธ ๋ฒ”์šฉ ๋ ˆ์ง€..

728x90
๋ฐ˜์‘ํ˜•
profile on loading

Loading...