Cracker Guide 1.0

rmwdum
pmrsufESm
pum;rdwfquf 3
tcef;(1) Cracker rsm;odxm;oifhaomtcsufrsm; 4
tcef;(2) tajccH C bmompum; 7
tcef;(3) tajccH Assembly bmompum; 25
tcef;(4) aqmhzf0Jvf protection 52
tcef;(5) Cracker wpfOD;twGufvdktyfaom tool rsm; 59
tcef;(6) Olly Debugger rdwfquf 65
tcef;(7) PE Header 73
tcef;(8) Cracker Test y&dk*&rfESifh yxrqHk;tMudrf crack vkyfjcif;
tcef;(9) Cracker rsm; owdxm;oifhaom Windows API rsm;
tcef;(10) Packer (Protector) rsm;
tcef;(11) Visual Basic jzifh a&;om;xm;aom y&dk*&rfrsm;udk crack jcif;
tcef;(12) Visual Dot.net jzifh a&;om;xm;aom y&dk*&rfrsm;udk crack jcif;
Cracking qdkif&ma0g[m&rsm;
Cracking qdkif&m tifwmeuf 0ufbfqdkufrsm;
usrf;udk;
pum;rdwfquf
]Cracker vrf;nTef} trnf&aom þpmtkyfudk cracking (reverse engineering) ESifhywfoufjyD;
tuRrf;w0if r&Sdao;aom 0goem&Sifrsm;twGuf &nf&G,fjyD; xkwfa0jcif;jzpfygonf/ þae&mwGif 0efcHvdkonf
rSm uRefawmfhtaeESifh þpmtkyf\&Sif;jyrIyHkpHonf pmzwfolwdkU\tqifhrsm; (Beginner/ Intermediate/
Advanced) xJrS Beginner tqifhudkom t"duxm;aMumif; 0efcHygonf/ xdkUaMumifh uGefysLwma0g[m&rsm;
udk twwfEdkifqHk; jrefrmrIjyKxm;ygonf/ odkUaomf tcsdKUa0g[m&rsm;onf rl&if;twdkif;xm;&Sdjcif;onf bmom
jyefjcif;xuf em;vnf&ydkrdkvG,fulaomaMumifh uRefawmfhtaeESifh bmomjyefjcif;rjyKbJ rlvtwdkif;xm;&Sdyg
onf/
Cracking ynm&yfonf uRefawmfwdkYEkdifiHwGif acwfpm;jcif; r&SdvSao;yg/ tb,fhaMumifhqdkaomf jynf
wGif;wGif y&dk*&rfa&;om;jcif;twwfynmonf rwGifus,fjcif;aMumifh jzpfonf/ Cracking onf y&dk*&rfa&;
om;jcif;ESifh qefUusifzufjzpfonfhtjyif y&dk*&rfa&;om;jcif; oabmw&m;udk em;vnfEdkifrSom avhvmEdkifaom
aMumifhwaMumif;? tcsdKUtcsdKUaom ynm&Sifrsm;onf þynm&yfudk tzsuftarSmifhvkyfief;rsm;wGifom oHk;pGJ
Muonf[k xifjrif,lqaomaMumifhwaMumif; avhvmvdkufpm;rIenf;yg;cJhMuonf/
,aeU tdkifwDavmuudk MunfhrnfqdkvQif aqmhzf0Jvfrsm; yvlysHí xGufay:vmMuonfudk awGU&ayrnf/
xdkUtwl y&dk*&rfoHk;pGJol awmfawmfrsm;rsm;onfvnf; aqmhzf0Jvfxkwfvkyfolrsm;tay: tvGeftrif; ,HkMunf
tm;xm;aeMuonfudk awGUjrifae&ygonf/ xkwfvkyfolrsm;udk,fwdkifuyif a&;om;ol y&dk*&rfrmrsm;\ uk'f
wdkif;udk rppfaq;EdkifaomaMumifhaomfvnf;aumif;? a&;om;aom y&kd*&rfrmrsm;\ r&dk;om;rIrsm;aMumifhaomf
vnf;aumif;? malicious uk'frsm; a&;om;xnfhoGif;olrsm;aMumifhaomfvnf;aumif; aps;uGufwGif&Sdaom y&dk
*&rfrsm;tm; ,HkMunfvufcHvmEdkif&ef cJ,Of;vmayonf/ xdkUaMumifh uRefawmfwdkUtaejzifh y&dk*&rfuk'frsm;udk
wnf;jzwfppfaq;&ef vdktyfvmygonf/ odkUaomf uRefawmfwdkUtaeESifh cracking udk vspfvsL&Ioifh^roifhESifh
rlydkifcGifhtm; av;pm;&ef ponfhar;cGef;ESpfckMum;wGif &yfwnfae&ayonf/ rnfodkUyifjzpfapumrl cracking
enf;ynm&yfrsm;onf aqmhzf0Jvfa&;om;olrsm;ESifh oHk;pGJolrsm;twGuf rsm;pGm tusdK;&Sdaponfqdkaom tcsuf
udkrl jiif;r&onfrSm trSefjzpfygonf/
Cracking \ tusdK;aus;Zl;rsm;um; (1) malicious uk'frsm;udk &SmazGEdkifjcif;? (2) rxifrSwfaomcsdKU
,Gif;csuf^tjypfudk &SmazGEdkifjcif;? (3) tjcm;olrsm;\ uk'frsm;udk avhvmEdkifjcif;? (4) aqmhzf0Ja&;om;xkwfvkyf
olrsm;udk,fwdkif r&SmawGUao;aom tm;omcsufrsm;udk &SmazGawGU&SdEdkifjcif; wdkUjzpfygonf/ þae&mwGif ajym
Mum;vdkonfrSm pmzwfolonf y&dk*&rfbmompum;ESifh ywfoufí C (odkU) Assembly wGif tuRrf;w0if
&Sdjcif;? odkUwnf;r[kwf tjcm;y&dk*&rfbmompum;wpfcw k Gif uRrf;usifpGm wwfajrmufjyD;jcif; jzpf&ygrnf/
t&dk;om;qHk; 0efcH&vQif pma&;oludk,fwdkifyif cracking ESifhywfoufvQif pwifavhvmoltqifhxuf
ausmfvGef&HkrQomjzpfí þpmtkyfonf Beginner-to-Beginner Guide rQom jzpfygaMumif; ...
rsdK;jrifhxkduf
22? rwf? 2009
tcef;(1) - Cracker rsm; odxm;oifhaom tcsufrsm;
'D ]Cracker vrf;nTef} pmtkyfrSm uRefawmfhtaeeJU yxrqHk; &Sif;jycsifwmu cracker trnfcHxm;wJh
uRefawmfwkdU[m b,fvdkvlrsdK;awGvJ? bmaMumifh crack wJhtvkyfudk uRefawmfwdkU vkyfaeMuwmvJqdkwJh ar;cGef;
awG jzpfygw,f/ Cracker ppfppfwpfa,muf&JU vkyfief;wm0efawGuawmh y&dk*&rfawG b,fvdktvkyfvkyfovJ?
toHk;trsm;qHk; protection trsdK;tpm;awGubmawGvJ qdkwmudk avhvmwmjzpfjyD; uk'fawGudk b,fvkda&;&
rvJqdkwmudk pOf;pm;qHk;jzwfwmjzpfygw,f/ wcgw&HrSmawmh emrnfMuD;csifvdkU crack MuwmjzpfjyD;? wcgw&H
rSmawmh aqmhzf0JvftopfawGudk prf;oyfcsifvdkU crack Muwmjzpfygw,f/ 'Dae&mrSm jzwfajymvdkwmuawmh
y&dk*&rfwpfyk'fudk crack vkyfwmeJU crack vkyfxm;wJh^vkyfjyD;om; y&dk*&rfawGudk toHk;jyKwm[m &mZ0wfrIjzpf
jyD; Oya'udk csdK;azmuf&m a&mufygw,f/ (jrefrmEdkifiHtygt0if 0ifaiGenf;EdkifiHtcsdKUrSmawmh crack vkyfjyD;om;
y&dk*&rfawGudk &mcdkifEIef;tjynfheD;yg; w&m;r0if oHk;pGJaeMuqJyg/) 'gaMumifhrdkU MudKuf&ifyJjzpfjzpf? aiGydkaiGvQH
&Sd&ifyJjzpfjzpf aqmhzf0JvfawGudk 0,foHk;oifhygw,f/ 'grSr[kwf&ifawmh trial version awGudkom toHk;jyKyg/
Cracker wpfa,muf&JU t"duvkyfief;wm0efuawmh taMumif;t&mtopfawGudk avhvmvdkpdwf tjrJ
jzpfzdkUeJU tjcm;olawG&JUtvkyfudk tav;xm;zdkUyJjzpfygw,f/ bmaMumifh tav;xm;cdkif;&ovJqdk&if y&dk*&rfrm
awG[mvnf; vlom;awGyJ jzpfMuygw,f/ (qdkvdkwmu oifhtaeeJU y&dk*&rfrmawG&JU MudK;pm;tm;xkwfrIawG
uae tjrwfrxkwfcsifygeJU/)
Cracker ppfppfr[kwfwJh 'kp&dkufurÇmxJu cracker awGuawmh yHkrSef cracker awGvkyfaeMu
tvkyfudk vkyfudkifMuayr,fh olwdkUrSm udk,fusifhw&m;eJU &nfrSef;csuf r&SdMuygbl;/ olwdkU[m olwdkUtusdK;
tjrwftwGuf aqmhzf0JvfawGudk cdk;,la&mif;cszdkUom odygw,f/ 'DvdkvlrsdK;awGudk cracker vdkU rac:a0:ygbl;/
'gaMumifhrkdU aqmhzf0Jvfwpfckudk crack vkyfEdkifwdkif; cracker rjzpfygbl;/
aqmhzf0JvfawGudk bmaMumifh crack vkyfMuovJqdkwmuawmh crack vkyfjcif;tm;jzifh y&dk*&rfawG&JU
tvkyfvkyfyHk? uGefysLwmwpfvHk;&JU tvkyfvkyfyHk? y&dkqufqm&JU twGif;ydkif;pepfeJU vlawG&JU pOf;pm;awG;ac:yHkawG
udk tao;pdwfodvmygw,f/ taMumif;trsdK;rsdK;aMumifh cracking avmuuae pGefUcGmcJhr,fqdk&ifawmif
t&ifu oifodxm;wmeJU tckoifodxm;wmawGudk EdIif;,SOfMunfhvdkufyg/ todcsif; tvGefuGmjcm;aewm
owdjyKrdygvdrfhr,f/ vlawG&JUtjrifrSmawmh crack vkyfwm[m w&m;r0ifbl;vdkU xifaeygw,f/ 'Dtjrif[m
rSm;aeygw,f/ y&dk*&rfwpfckudk b,fvdka&;xm;ovJqdkwmudk avhvm&HkoufoufomjzpfjyD;? crack vkyfxm;jyD;
om; aqmhzf0Jvfudk jzefUjzL;zdkU (tcrJhjzefUjzL;jcif; tygt0if) rMudK;pm;cJh&if? crack vkyfxm;jyD;om; aqmhzf0Jvfudk
roHk;pGJcJh&ifawmh &mZ0wfrIrajrmufygbl;/ Oya'eJU jidpGef;jcif; r&Sdygbl;/ (rSwcf suf/ / 'Dpmtkyfa&;om;aepOf
twGif;rSmawmh jrefrmEdkifiHrSm cracked aqmhzf0JvfawG jzefUjzL;a&mif;cs? oHk;pGJolawG[m Oya'eJUjidpGef;jcif; r&Sd
ao;ygbl;/)
Cracker aumif;wpfa,muf jzpfzdkUtwGuf atmufygtajccHpnf;rsOf;rsm;udk em;vnfxm;zdkU vdkygw,f/
(1) oifhtaeeJU aqmhzf0Jvfwdkif;udk crack vkyfvdkU&rSm r[kwfygbl;/ 'Dtcsufudkawmh trSwf&aeyg/ bmaMumifh
vJqdkawmh oif[m OmPfMuD;&Sif r[kwfvdkUyg/ t&m&mudk odaezdkUqdkwm rjzpfEdkifygbl;/
(2) aqmhzf0Jvfwdkif;udk crack vkyfvdkU&ygw,f/ wpfcsdefcsdefrSmawmh aqmhzf0Jvfwdkif;[m crack vkyfvdkU &vmrSm
yg/ erlemajym&r,fqdk&if ASProtect 1.3 udk awGUpwkef;u crack vkyfvdkU rjzpfEdkifbl;vdkU xifcJhMuygw,f/
wpfESpf? ESpfESpfavmufvJMumawmh vlopfwef; 0goem&Sifav;awGuawmif tvG,fwul crack vkyfEdkifvm
MuwmawGU&ygw,f/ (Word to PDF Converter 3.0 aqmhzf0Jvf[m ASProtect 1.3 eJU protect vkyfxm;wm
jzpfygw,f/)
(3) oifh&JU tawGUtMuHKA[kokwawGudk rQa0yg/ wu,fvdkU oifhtaeeJU xl;jcm;wJhvn S hfuGufav;awG awGU&SdcJh
r,fqdk&if tjcm;olawGudk ajymjyyg/ usLwdk&D&,fawG? aqmif;yg;awG? crackme awG a&;om;yg/ Cracking eJU
ywfoufjyD; aemifvmr,fhrsdK;qufopf cracker awGudk ulnDEdkifzdkU oifwwfEdkifoavmuf vkyfay;yg/
(4) Cracking eJU ywfoufwJh usLwdk&DawG rsm;rsm;zwfay;yg/ pnf;rsOf; (1) rSm ajymxm;ovdk uRefawmfwdkU[m
taumif;qHk;awG r[kwfygbl;/ 'gayr,fh uRefawmfwdkU rodwJht&mawGudk tjcm;olawGu odaeMuygw,f/
olwdkUrodwmawGudkvJ uRefawmfwdkU odaeMuwm &Sdygw,f/ 'gaMumifh usLwdk&D&,fawGudk pOfqufrjywf zwf
ay;yg/
(5) uk'fawGudk avhvmyg/ oifhtaeeJU &IyfaxG;wJhy&dk*&rfwpfyk'f[m b,fvdktvkyo f vJqdkwm? olUudk b,fvdk
a&;xm;wmvJqdkwm od&if olUudk crack vkyfzdkU vG,fvmygvdrfhr,f/
(6) vltrsm;pk oHk;aeMuwJh tool awGudk odyfroHk;ygeJU/ Tool ajymif;oHk;Edkif&if ydkaumif;ygw,f/ 'grSom
shareware awGudk a&;aewJh y&dk*&rfrmawGu oifh tool udk 0dkif;jyD;wdkufckdufwmudk rcH&rSmyg/ Tool wpfckudk
&SmjyD; avhvmyg/ uRrf;usifatmifvkyfyg/ oifudk,fwkdif tool wpfckjzpfygap/
(7) Cracking tzGJUtpnf;awGeJU qufoG,fyg/ ,m,Dtoif;0iftaeeJU jzpfygap toif;0ifyg/ 'Dtcg
olwdkU[m oifhudk tultnDay;Muygvdrfhr,f/ oifuvJ tjcm;olawGudk tultnD ay;aumif;ay;Edkifygvdrfh
r,f/ aemufqHk;rSmawmh oifavhvmaewJh protection awGtaMumif; aumif;aumif; odvmygvdrfhr,f/
(8) tjrJwrf; topfjzpfaeygap/ 'Dtcsuf[m tvGefta&;MuD;ygw,f/ oif[m aemufqHk;xkwf tool awGudk
oHk;jyD; aemufqHk;ay:awGtaMumif; avhvmae&ygr,f/ Shareware a&;olawG&JUpm&if;udk oifh&JUtD;ar;vfrSm
aygif;xm;jyD; olwdkUeJU tquftoG,fvkyfyg/ olwdkUawG&JU enf;ynmawGudkavhvmyg/ olwdkUawGxJu wpf
a,mufavmuf eD;eD;jzpfatmif vkyfyg/
(9) udk,fwdkif &SmazGavhvmyg/ awGU&Sdcsuf^vSnfhuGuf topftqef;awGudk udk,fhbmomodatmifvkyfyg/ pmtkyf
pmwrf;rzwfbJ rdrdbmom ajz&Sif;EdkifzdkUvkyfyg/ topftqef;awG awGU&Sd&ifvJ tjcm;olawGudk oifMum;ay;zdkU
rarhygeJU/ udk,fwdkifavhvmjcif;uawmh taumif;qHk;ygyJ/
(10) aqmhzf0Jvfa&;om;olawG&JU y&dk*&rfawGudk tvGJoHk;pm;rvkyfygeJU/ olwdkUawG[m olwdkU&JUaqmhzf0JvfawG
jzpfvmatmif? atmifjrifvmatmif cufcufcJcJ MudK;pm;xm;&wmyg/ tjcm;olawG a&;xm;wJh crack/ keygens/
serial awGudkvJ tvGJoHk;pm; rvkyfygeJU/ 'guawmh w&m;rQwrIr&Sd? roifhawmfvdkUyg/
(11) uk'fawGrsm;rsm;a&;yg/ pmrsm;rsm;zwfyg/ Crack rsm;rsm;vkyfyg/ usLwdk&D&,f rsm;rsm;a&;yg/ Cracker
aumif;wpfa,muf jzpfvmygvdrfhr,f/
Cracking udk yxrqHk; pwifavhvmawmhr,fqdk&if oifhtaeeJU y&kd*&rfa&;om;jcif;eJU ywfoufwJh
tawGUtMuHK r&SdbJeJU vHk;0(vHk;0) rjzpfEdkifygbl;/ aqmhzf0Jvfawmfawmfrsm;rsm;udk Visual C++? Borland
Delphi eJU Dot.net y&dk*&rfbmompum;awGeJU a&;om;xm;wm jzpfygw,f/ ('Dbmompum;awGeJU a&;om;
xm;wmjzpfwJhtwGuf oifhtaeeJU 'Dy&dk*&rfbmompum;awGudk uRrf;usifwwfajrmuf&r,fvdkU qdkvdkwmr[kwf
ygbl;)/ Cracking vkyf&mrSm em;vnf&vG,fulzdkUtwGuf tultnDtay;EdkifqHk; bmompum;ESpfckuawmh C eJU
Assembly wdkUyg/ C [m Assembly xufpm&if ydkrkdvG,fulwJhtwGuf C udk t&ifavhvmvdkufyg/
oifhOmPf&nfay: rlwnfjyD; tenf;qHk; 21&ufawmh Mumygvdrfhr,f/ 'DvdkavhvmjyD;rS crack vkyfzdkU MudK;pm;yg/
aemufwpfckuawmh Assembly bmompum;yg/ Assembly vdkUajymvdkuf&if vlawmfawmfrsm;rsm;u 16-bits
acwfwkef;u assembler awGudkyJ jrifjrifaewwfMuygw,f/ oifavhvm&r,fh Assembly bmompum;u
awmh 32-bits Assembly bmompum;yJ jzpfygw,f/
Cracking tajccHuawmh compile vkyfxm;wJh uGefysLwm binary uk'fawG (odkU) machine uk'fawG
udk avhvmzdkU jzpfygw,f/ y&dk*&rfawGudk uGefysLwmacwfOD;u vufcsnf;oufouf a&;cJhMuwmyg/ 'Dwkef;u
compiler qdkwm r&Sdao;ygbl;/ y&dk*&rfa&;wJh vkyfief;pOfuvJ t&rf;&IyfaxG;jyD; t&rf;yJ trSm;rsm;vSygw,f/
'gaMumifhrdkUvJ olwdkU[m vlom;pum;uae uGeyf sLwmbmompum;tjzpf ajymif;vJay;Edkifr,fh compiler udk
wDxGifcJhMuwmyg/ 'DaeUrSmawmh y&dk*&rfawG[m compile vkyfxm;wm (odkU) assemble vkyfxm;wmawG jzpfyg
w,f/ 'Duk'fawGudk disassembler wpfcktoHk;jyKjyD; binary uk'ftaeeJU jyefazmf&r,fqdk&if atmufygtwdkif;
awGU&rSmyg/
100100100101010010101010010100001100111001
Binary qdkwm ESpfvDpepfjzpfjyD; 0 eJU 1 udk tajccHygw,f/ 'gayr,fh 'Dvdkazmfjywm[m zwf&I&cufcJwJh
twGuf 16vDpepfjzpfwJh hexadecimal pepfudk xGifMuygw,f/ Hexadecimal pepfrSmawmh 0 uae 9 txd?
A (10) uae F (15) txd yg&Sdygw,f/ HEX uk'ftcsdKUudk azmfjyvdkufygw,f/
817D 0C 10010000 (HEX)
10000001011111010000110000010000000000010000000000000000 (BIN)
HEX uk'fawG[m toHk;rsm;vSygw,f/ bmaMumifhvJqdkawmh Intel xkwf CPU awG&JU mnemonic
rSmygwJh opcode awGudk HEX uk'fawGeJU azmfjyvdkUyg/
JNZ 00002A; 'Dae&mrSm JNZ mnemonic twGuf opcode [m 75h (117d) jzpfygw,f/
PUSH 0C8; 'Dae&mrSm PUSH mnemonic twGuf opcode [m 68h (104d) jzpfygw,f/
Assembly bmompum; tao;pdwfudkawmh ]tajccH Assembly bmompum;} oifcef;pmrSm zwf&I
avhvmyg/
'DaeUacwfrSmawmh vlodtrsm;qHk;eJU toHk;trsm;qHk; operating system uawmh Microsoft
Windows platform awGjzpfwJh Windows 98? Windows NT? Windows 2003? Windows XP?
Windows Vista? Windows 7 pwmawG jzpfygw,f/ 'D OS awGtm;vHk;[m tajccHtm;jzifhawmh Win32
API (Application Programming Interface) udk toHk;jyKMuwmcsif; wlygw,f/ (DOS acwfwkef;uawmh
uGefysLwm[mh'f0JvfawGeJU qufoG,fEdkifzdkU interrupt awGudk toHk;jyKcJh&ygw,f/) axmifeJUcsDwJh API function
awG[m DLL (Dynamic Link Library) zdkifawGtaeeJU Windows rSm wcgwnf;ygvmMuygw,f/ Oyrm
jy&&if kernel32.dll? GDI32.dll zdkif pwmawGyg/ Cracking vkyfr,fqdk&if 'D .dll zdkifawGeJU API function
awGudk em;vnfxm;&ygr,f/
oif[m Unix/ Linux avmuu vmwmqdk&ifawmh executable zdkifawG tvkyfvkyfEdkifzdkU ELF
format &Sdwm owdxm;rdrSmyg/ Windows rSmawmh PE format udk toHk;jyKygw,f/ PE udk toHk;jyKwJh zdkif
trsdK;tpm;awGuawmh .exe? .dll? .ocx? .sys? .cpl? .scr zdkifawGyJ jzpfygw,f/ Cracking vkyfr,fqdk&if
'DzdkifawGtaMumif;udk twGif;usus odxm;&ygr,f/
Cracker vlopfwef;awGtwGuf cracking eJUywfoufjyD; pdwf0ifpm;p&m taMumif;t&mawGuawmh
protect vkyfxm;wJh shareware awGjzpfygw,f/ 'gayr,fh tqifhjrifh cracker awG pdwf0ifpm;wmuawmh PE
zdkifawGudk packed/unpacked vkyfjcif;? tJ'DzdkifawGrSm function awGudk aygif;jcif;^jyKjyifjcif;? uk'frsm;udk
cdk;jcif;eJU cracking tool awGudk a&;om;jcif;wdkU jzpfygw,f/ 'gaMumifhrdkUvJ vlopfwef; cracker awG[m
shareware awGrSm ygvmwJh nag awGudk zsufjcif;? serial &Smjcif;awGudk t"du vkyfaqmifMujyD; aqmhzf0Jvf
awGudk register vkyfMuwm jzpfygw,f/ b,fae&mrSm protect vkyfxm;w,f? b,fvdk protect vkyfxm;w,f
qdkwmudk avhvmjyD; registrated version (cracked version) udk oHk;pGJMuwm olwdkUtwGufawmh tMuD;rm;qHk;
atmifjrifrIawGyJ jzpfygw,f/ 'DvdkrvkyfcifrSm cracker tm;vHk;[m rdrd protect vkyfxm;wJhaqmhzf0Jvf(y&dk
*&rf)udk crack vkyfEdkifzdkU tenf;qHk; tool wpfckawmh oHk;&ygw,f/ 'D tool udkawmh debugger (odkU)
decompiler (odkU) disassembler vdkU ac:ygw,f/
Debugger awGoHk;&wJh t"du&nf&G,fcsufuawmh y&dk*&rf tvkyfvkyfpOfrSm rdrdMudKufwJhae&mrSm cP
&yfxm;jyD; uk'fawGudk jyifEdkifzdkU jzpfygw,f/ bmaMumifhvJqdkawmh y&dk*&rfawGudk debug vkyfcsdefrSm tvGefrsm;
jym;vSwJh uk'fawG xGufvmygw,f/ 'Duk'fwdkif;udk avhvmzdkU uRefawmfwdkUrSm tcsdefr&Sdygbl;/ 'gaMumifh vdktyf
wJhae&m^ owfrSwfxm;wJhae&mrSm &yfwefUEdkifzdkU debugger udk toHk;jyK&jcif; jzpfygw,f/ toHk;rsm;vSwJh
debugger/ disassmebler awGuawmh Olly? IDA Pro eJU W32dasm wdkU jzpfygw,f/ Olly [m tcrJh oHk;pGJ
vdkU&wJhaqmhzf0JvfjzpfjyD; oHk;pGJolrsm;jym;vSygw,f/ 'gaMumifhrdkU tqifhjrifh cracker awG&JU oifcef;pmydkUcscsuf
awmfawmfrsm;rsm;[m Olly udk erlemxm;jyD; &Sif;jywm jzpfygw,f/
y&kd*&rfwpfckudk crack vkyfzdkU MudK;pm;awmhr,fqdk&if 'Dy&dk*&rfudk b,fbmompum;eJU a&;om;xm;wm
vJqdkwmodatmif yxrqHk; MudK;pm;oifhygw,f/ 'DtwGuf PEiD (odkU) CFF explorer pwJh tool awGvdkyg
w,f/ 'D tool awGeJU udk,f crack vkyfcsifwJhaqmhzf0Jvfudk b,fbmompum;eJU a&;xm;wmvJqdkwm t&ifod
atmifvkyf&ygw,f/ aqmhzf0Jvfudk Visual Basic eJU a&;xm;wmqdk&ifawmh Olly tpm; VB Decompiler udk
toHk;jyKwm ydkoifhawmfygw,f/ tvm;wlygyJ? Dot.net eJU a&;xm;wmqdk&if Dot.net reflector udk oHk;wm
ydkjyD;oifhawmfvG,fulygw,f/ usefwJh y&dk*&rfbmompum;awGtwGufuawmh Olly eJU debug vkyfEdkifygw,f/
(wu,fvdkU y&dk*&rfawGudk pack vkyfxm;&ifawmh t&if unpack vkyfjyD;rS crack vkyf&rSmjzpfygw,f/)
b,fvdk crack &rvJqdkwJhar;cGef;udk ar;cJhr,fqdk&ifawmh enf;vrf;awG trsm;MuD;&Sdw,fvdkUyJ ajym&rSm
jzpfygw,f/ rwlnDwJhjyóemwdkif;twGuf taumif;qHk;ajz&Sif;rIenf;vrf;udk &SmazG&wmuawmh cracker tay:
rSmyJ rlwnfygw,f/
xl;cRefwJh cracker aumif;wpfa,mufjzpfzdkUtwGufuawmh tifwmeufudk tcsdefrsm;rsm; toHk;jyKay;&yg
r,f/ tifwmeufuae tool topfawG? usLwdk&D&,ftopfawG download vkyfyg/ zdk&rfawG awmfawmfrsm;rsm;
rSm toif;0ifyg? aqG;aEG;yg? ar;jref;yg/ aqmhzf0Jvftopfqef;qef;awGudk crack vkyfMunfhyg/ olrsm;a&;xm;
wJh usLwdk&D&,fawGudk em;vnfatmifzwfyg/ Crack zdkifawGudkavhvmyg/ rdrdudk,fwkdif usLwdk&D&,fawG a&;om;
&rSmjzpfygw,f/
tcef;(2) - tajccH C bmompum;
Cracker aumif;wpfa,mufjzpfzdkUtwGuf y&dk*&rfbmompum;wpfckckudk uRrf;uRrf;usifusif wwf
ajrmufxm;&rSm jzpfwJhtwGuf 'Dtcef;rSm uRefawmfhtaeeJU C y&dk*&rfbmompum;udk xnfhoGif;&Sif;jyrSm
jzpfygw,f/ bmaMumifh tjcm;bmompum;udk ra&G;cs,f&ygovJvdkU ar;cGef;xkwfEdkifygw,f/ C++ qdk&if
ydkraumif;Edkifbl;vm;? Visual C++ qdk&if ydkjyD;rjynfhpHkbl;vm;vdkU oifhtaeeJU xifaumif;xifEdkifygw,f/ 'Dt
ar;twGuf tajzuawmh C y&dk*&rfbmompum;[m tajccHtusqHk;eJU t&dk;t&Sif;qHk; jzpfvdkUyg/ C++ [m C
bmompum;udk tvSay:t,Ofqifhatmif vkyfay;wmyJ &Sdygw,f/ tajccHtusqHk; vkyfaqmifcsufawGudk C
uom vkyfaqmifaejcif;jzpfygw,f/ Visual C++ uawmh Windows udk tajccHjyD; wnfaqmufxm;wm
aMumifh rvdktyfyJ uk'fawG[m&SnfaejyD; cracking udk pwifavhvmaewJh oifhtzdkU &IyfaxG;aerSm jzpfygw,f/ C
&JU tjcm;y&dk*&rfbmompum;awGtay: vTrf;rdk;EdkifwJhtcsufawGuawmh operator awG pHkvifjcif;? system eJU
ywfoufwJh function tpHktvifyg0ifjcif;eJU y&dk*&rfa&;om;&mwGif tvGef&dk;&Sif;jcif;? y&dk*&rfa&;om;jcif;\
tESpfom&udk azmfjyEdkifjcif;? Visual C++ udk tqifhjrSifh avhvmEdkifap&eftwGuf taxmuftuljyKjcif;wdkU
jzpfygw,f/ 'Doifcef;pmrSmawmh C &JU aemufcHordkif;aMumif;eJU jzpfay:vmyHkawGudk aqG;aEG;rSmr[kwfbJ C eJU
y&dk*&rfawGudk b,fvdka&;om;&rvJqdkwmudkom &Sif;jyrSmjzpfygw,f/ 'Dae&mrSm C eJU aps;uGuf0ifaqmhzf0Jvf
awG b,fvdkzefwD;rvJqdkwmudk aqG;aEG;rSmr[kwfbJ cracking vkyf&mrSm taxmuftuljyKEdkifr,fh C &JU
vkyfaqmifcsuf tydkif;awGudkom aqG;aEG;rSmjzpfygw,f/ 'gaMumifh graphics eJY ywfoufwJhtydkif;udk raqG;aEG;
bJ jzKwfcsefcJhygw,f/ (rSwf&ef/ / Graphics ydkif;[m DOS udk tajccHwJh 16-bits pepfoHk;jzpfwJhtwGuf
rsufarSmufacwfrSm b,folrStoHk;rjyKMuawmhygbl;)/ 'ghtjyif structure ydkif;udkvJ cracking vkyf&mrSm toHk;
r0ifvSwJhtwGuf csefvSyfxm;cJhygw,f/ (rSwf&ef/ / Structure ydkif;udk C++ wGif tvGeftqifhjrifhwJh
vkyfaqmifcsufrsm;yg0ifaom class jzifh tpm;xdk;vdkufjyDjzpfygw,f)/ C udk pdwf0ifpm;vdkU xyfrHavhvmcsif&if
awmh Brian W. Kernighan eJU Dennis M. Ritchie wdkU a&;om;wJh ]The C Programming Language}
pmtkyfudkzwf&IygvdkU wdkufwGef;csifygw,f/ b,fbmom&yfudkyJ avhvmavhvm tao;pdwfodcsif&ifawmh pmtkyf
rsm;rsm;zwfygvdkU tMuHjyKvdkygw,f/ bmaMumifhvJqdkawmh pma&;q&mawG[m wpfa,mufeJUwpfa,muf &Sif;jyyHk
csif;? awG;ac:yHkcsif; rwlnDMuvdkUyg/
txl;owday;ajymMum;vdkwmu C y&dk*&rfbmompum;[m DOS udk tajcjyKjyD; wDxGifxm;wmjzpfwJh
twGuf C eJU a&;vdkufwJhy&dk*&rfawG[m y&dkqufqmudk &mcdkifEIef;tjynfh tvkyfvkyfapygw,f/ 'gaMumifh
Windows 98 aemufydkif;xGuf&SdwJh Windows awGeJU o[Zmw rjzpfawmhygbl;/ 'gaMumifh y&dk*&rfa&;&mrSm
uRefawmfwdkUtaeeJU Turbo C++ 3.0 (DOS version) udk ra&G;cs,bJ Borland C++ 5.02 (Windows
version) udkyJ toHk;jyKrSmjzpfygw,f/ MudKwifowday;&wmuawmh Borland C++ 5.02 rSm y&dk*&rfa&;om;
rSmjzpfwJhtwGuf C++ eJU y&dk*&rfawGa&;aew,f xifrSmpdk;vdkUyg/ C bmompum; oufoufeJUom y&dk*&rfawG
a&;rSmjzpfygw,f/ 'gaMumifh Borland C++ 5.02 udk t&if install vkyfzdkU rarhygeJU/ jyD;&if Start menu Æ
All Programs Æ Borland C++ 5.02 Æ Borland C++ udk zGifhvdkufyg/ 'gqdk y&dk*&rf pwifa&;om;vdkU
&ygjyD/
(1) yxrqHk; C y&dk*&rf
yHk(1)rSm jyxm;wJhtwkdif; C++ compiler rSm uk'fawGudk &dkufxnfhvdkufyg/ 'Dy&dk*&rfuk'fawGudk source
code vdkU ac:a0:ygw,f/
yHk(1)
Ctrl + F9 (Run) udk ESdyfvdkuf&ifawmh compiler u uRefawmfwdkU a&;xm;wJh source uk'fudk exe
uk'ftjzpfajymif;ay;rSm jzpfygw,f/ (wu,fawmh source uk'fudk compiler u assembly uk'ftjzpfajymif;
ay;jyD; assembly uk'fudk assembler u exe uk'ftjzpfajymif;vJay;wm jzpfygw,f/)
yHk(2)
yHk(1)uuk'fudk run vdkuf&if yHk(2)twdkif; jrif&rSmyg/ 'Dy&dk*&rfav;[m wu,fawmh bmtvkyfrS
aumif;aumif;vkyfrSm r[kwfygbl;/ uGefysLwmzefom;jyifrSm ]Welcome to Cracking World} qdkwJhpmwef;udk
jyoay;&HkygyJ/ aumif;ygjyD? y&dk*&rftvkyfvkyfyHkudk tao;pdwf MunfhvdkufMu&atmif/
(1) yxrpmaMumif;u include qdkwmuawmh keyword wpfckjzpfygw,f/ uRefawmfwdkUtoHk;jyKr,fh header
zdkifawGudk C:\BC5\ atmufu include qdkwJh zdk'gatmufrSm xm;&Sdr,fhtaMumif; uGefysLwmukd ajymMum;wmyg/
<stdio.h> qdkwmuawmh include zdk'gatmufu stdio qdkwJhtrnfeJU header zdkifudk toHk;jyKygr,fvdkU
ajymwmyg/ (<stdio.h>tpm; "stdio.h" qdk&ifawmh C++ compiler tvkyfvkyfaewJh? wlnDwJhzdk'gatmufu
stdio qdkwJhtrnfeJU header zdkifudk toHk;jyKygr,fvdkU ajymwmyg/) stdio &JU t&Snfaumufuawmh STandarD
Input/Output jzpfygw,f/ 'D header zdkifawG&JU trnf[m t"dyÜm,f&SdvSygw,f/ tcsuftvufawGudk toGif;
txkwfvkyfr,fqdkwJhtaMumif; uGefysLwmudk compiler u yPmrMudKajymxm;wm jzpfygw,f/ bmawGudk
toGif;txkwfvkyfr,fqdkwmudkawmh twdtusajymjcif; r&Sdao;ygbl;/ conio &JU t&Snfaumufuawmh
CONsole Input/Output jzpfygw,f/ conio eJU stdio [m oabmw&m;csif;wlygw,f/ conio u pmom;awG
udk ta&mifawGeJU jyEdkifwmav;uyJ enf;enf;uGmygw,f/
(2) int main() qdkwmuawmh y&dk*&rfuk'fawG a&;xJh&r,fh t"duae&mjzpfjyD; oifa&;xnfhcsifwJhuk'fawGudk 'D
main() function xJu { } xJrSm a&;&rSmjzpfygw,f/ printf() qdkwmuawmh function wpfckjzpfjyD; udk,fazmf
jyapcsifwJh taMumif;t&m? tcsuftvufawGudk uGefysLwmzefom;jyifrSm jyoay;ygw,f/ printf() udk oHk;r,f
qdk&if stdio.h zdkifudk aMunmay;&rSm jzpfygw,f/
(3) getch() uawmh 'GET CHaracter' &JU twdkaumufyg/ uGefysLwmuD;bkwfuae &dkufr,fhpmvHk;wpfvHk;udk
vufcHwmyg/ 'gayr,fh &dkufxnfhwJh pmvHk;udkawmh zefom;jyifrSm jyrSmr[kwfygbl;/ bmaMumifh 'D function udk
oHk;&wmvJqdk&if y&dk*&rf[m printf() udkvkyfaqmifjyD;&if csufcsif;jyD;qHk;oGm;rSmrdkU y&dk*&rfudk cP&yfxm;csifvdkU
olUudkoHk;&wmyg/ uD;bkwfuae ESpfouf&m key wpfckckudk ESdyfvdkuf&if getch() &JUvkyfaqmifcsuf jyD;oGm;rSmyg/
getch() udk oHk;r,fqdk&if conio.h zdkifudk aMunmay;&rSm jzpfygw,f/
(4) return uawmh main() function eJU oufqdkifygw,f/ ol[m y&dk*&rfuk'u
f dk atmifjrifpGm vkyfaqmifEdkifcJh
jyDjzpfwJhtaMumif; y&dk*&rfqD taMumif;jyefygw,f/
(2) 'kwd,ajrmuf C y&dk*&rf
#include <stdio.h> /* 2nd C Program */

#include <conio.h>
/* print Fahrenheit-Celsius table for fahr = 0, 20, … , 300 */
int main()
{
int fahr, celsius;
int lower, upper, step;
lower = 0; /* lower limit of temperature scale */
upper = 300; /* upper limit */
step = 20; /* step size */
fahr = lower;
while (fahr <= upper) {
celsius = 5 * (fahr - 32) / 9;
printf("%d\t%d\n", fahr, celsius);
fahr = fahr + step;
}
getch();
return 0; yHk(3)
}
yHk(3)rSm jrif&wmuawmh zm&if[dkufeJU pifwD*&dww
f efzdk;awGudk yHkaoenf;toHk;jyKjyD; wGufcsufay;wJh
y&dk*&rfuk'feJU xGuf&SdvmwJhtajzyg/ b,fzufuwefzdk; (0? 20? 40? 60? ponfjzifh)awGu zm&if[dkufwefzdk;
awGjzpfjyD; nmzufuwefzdk; (-17? -6? 4? 15? ponfjzifh)awGuawmh pifwD*&dwfwefzdk;awG jzpfygw,f/
y&dk*&rftvkyfvkyfyHkudk tao;pdwf MunfhMuygr,f/
(1) /* … */ oauFwudkawmh comment vdkUac:ygw,f/ wu,fvdkU y&dk*&rfeJU oufqdkifwJh taMumif;t&m
awGudk rSwfcsufay;csif&if comment oHk;ygw,f/ 'DvdkrSwfcsufay;xm;awmh 'Dy&dk*&rfudk bmtwGufa&;w,f?
b,fvdka&;xm;wmvJqdkwm tvG,fwul em;vnfEdkifygvdrfhr,f/ tjrJwrf; /* eJU pjyD; */ eJU tqHk;owf&yg
w,f/ C++ rSmqdk&ifawmh /* … */ tpm; \\ udk oHk;ygw,f/
(2) int qdkwmuawmh integer (udef;jynfh)udk qdkvdkwmyg/ uRefawmfwdkUxkwfr,fhtajzudk 'órudef;eJU rxGuf
apcsif&if int udktoHk;jyKygw,f/ fahr? celsius? lower? upper eJU step wdkUudkawmh identifier vdkU ac:a0:yg
w,f/
(3) lower = 0; qdkwmuawmh yxrqHk;tajzxkwfapcsifwJh zm&if[dkuf'D*&D[m oknvdkU owfrSwfvdkufwmyg/
tjrifhqHk;zm&if[dkufuawmh 300 jzpfygw,f/ (rSwf&ef/ / main() function xJwGif pmaMumif;wpfaMumif;jyD;
wdkif; semi-colon (;) jzifh tqHk;owfay;&onf)/ step &JUqdkvdk&if;uawmh zm&if[dkufwefzdk; wpfckeJUwpfck[m
20'D*&Djcm;r,fvdkU qdkvdkwmyg/
(4) while(fahr<=upper){ … }uawmh zm&if[dkufwefzdk;[m tjrifhqHk;wefzdk;jzpfwJh 300'D*&Dxuf i,faepOf
twGif;jzpfap? wlnDaepOftwGif;jzpfap xJrSm&SdwJhuk'fawGudk tvkyfvkyfaeygvdkU qdkvdkwmyg/
(5) celsius = 5 * (fahr - 32) / 9; uawmh pifwD*&dwfwefzdk;udk &Smay;wJhyHkaoenf; jzpfygw,f/
(6) printf() function uawmh zm&if[dkufeJU pifwD*&dwfwdkU&JU wefzdk;awGudk tajzxkwfay;rSmyg/ %d udkawmh
udef;jynfhawGeJU ywfoufjyD; tajzxkwfwJhtcgrSm oHk;ygw,f/ \t (tab) uawmh tajzwpfckeJUwpfckMum; tab
key tuGmta0;wpfckpm (vufr0uf) jcm;ay;ygvdkU qdkvdkygw,f/ \n (new line) uawmh uGefysLwmzefom;
jyif&JU aemufwpfaMumif;udk oGm;ygvdkU qdkvdkygw,f/
(7) zm&if[dkufwefzdk;udk 20aygif;ygw,f/ jyD;&if while loop qDjyefoGm;ygw,f/ pifwD*&dwfwefzdk;udk wGufcsuf
jyD; tajzxkwfygw,f/ 'DvdkeJU zm&if[dkufwefzdk;[m 300xufrMuD;rcsif; while loop udkyJ aqmif&Gufygw,f/
300xufMuD;oGm;&ifawmh getch() function udk vkyfrSmjzpfygw,f/ jyD;&ifawmh y&dk*&rf&JU vkyfaqmifcsufjyD;qHk;
oGm;rSm jzpfygw,f/
(3) Data type
trsdK;tpm; yrmP
unsigned char 0 rS 255 xd
char 0 rS 255 xd
short int -32,768 rS 32,767 xd
unsigned int 0 rS 65,535 xd
int -32,768 rS 32,767 xd
unsigned long 0 rS 4,294,967,295 xd
enum -32,768 rS 32,767 xd
long -2,147,483,648 rS 2,147,483,647 xd
float 3.4 x 10-38 rS 1.7 x 10+38 xd
double 1.7 x10-308 rS 3.4 x10+308 xd
long double 3.4 x 10-4932 rS 1.1 x 10+4932 xd
Data type qdkwmuawmh rdrdtoHk;jyKr,fh identifier (variable) awGudk a'wmtrsdK;tpm; owfrSwf
ay;wmyg/ ukd,faMunmr,fh variable [m pmvHk;vm;? 'órudef;vm;? udef;jynfhvm;qdkwm aumif;aumif;od
xm;&ygr,f/ Oyrm pmvHk;awGeJUywfoufvm&if? (string) pmom;awGeJUywfoufvm&if char vdkU aMunmay;&
ygr,f/ udef;jynfhawGqdk&if int vdkU aMunm&ygw,f/ 'órudef;awGtwGufqdk&if float eJU double udk
toHk;jyKvdkU&ygw,f/
Variable wpfckudk char vdkU aMunm&if uGefysLwm&JU rSwfOmPfrSm 1 byte ae&m,lrSm jzpfygw,f/ 1
byte [m 8-bits eJU nDjyD; ydkjyD;&Sif;vif;atmif ESpfvDpepfeUJ jy&&ifawmh atmufygZ,m;uGuftwdkif; awGUjrif&rSm
yg/
1 1 1 1 1 1 1 1
Z,m;&JU tuGufi,fwpfckpD[m 1 bit udk udk,fpm;jyKjyD; olUxJrSm 1 (odkU) 0 qdkwJh wefzdk;ESpfckudkyJ xnfh
xm;Edkifygw,f/ ESpfvDpepfudk,fpm;jyKwJhtwGuf olUxJrSmtrsm;qHk;xnfhEdkifwJh ta&twGuf[m 0 uae 255 xd
256 rsdK;xdyJjzpfygw,f/ 11111111 = 28 = 256 {0 rS 255 xd } (oknwefzdk;udkyg xnfhwGufjcif;jzpfonf/)
char eJU ywfoufwJh erlemawGudk avhvmMunfhygr,f/
char variable_name; // character pmvHk;wpfvHk;jzifhom tvkyfvkyfonf/
char variable_name [20]; // string pmvHk; 20jzifh tvkyfvkyfEdkifonf/
char * variable; // pointer string pmvHk;a& tuefUtowfrJh tvkyfvkyfEdkifonf/
char udk zdkifawGxJu tcsuftvufawGudk toGif;txkwfvkyf&mrSm jzpfjzpf? database y&dk*&rfawGudk
a&;&mrSmyJjzpfjzpf? password eJUqdkifwJh y&dk*&rfawGudk a&;&mrSmyJjzpfjzpf toHk;trsm;qHk; jzpfygw,f/
int udk oHk;&ifawmh uGefysLwm&JUrSwfOmPfrSm 2 bytes ae&m,lygw,f/ 'gaMumifh olUxJrSm odrf;qnf;
xm;EdkifwJh *Pef;wefzdk;uawmh 2 bytes = 16 bits = 216 = 65536 xdjzpfygw,f/ int &JU toHk;jyKyHkawG
uawmh -
signed int variable_name; // 2 bytes -32,768 rS 32,767 xd
unsigned int variable_name; // 2 bytes 0 rS 65,535 xd
short int variable_name; // 2 bytes -32,768 rS 32,767 xd
long int variable_name; // 4 bytes -2,147,483,648 rS 2,147,483,647 xd
unsigned long int variable_name; // 4 bytes 0 rS 4,294,967,295 xd
signed eJU short udk xnfhjyD;raMunmay;vJ &ygw,f/ wu,fvdkU int variable_name; vdkUyJ
aMunmxm;&if compiler u signed short int variable_name; vdkU em;vnfygw,f/ C y&dk*&rfa&;&mrSm
bmaMumifh signed/ unsigned eJU short/ long awG aMunmae&ovJqdkwJh taMumif;&if;&Sdygw,f/ 'Djyoemu
DOS acwfwkef;u MuHKawGUcJh&wmyg/ tJ'Dtcsdefwkef;u RAM awG&JU yrmP[m tckacwfrSmvdk 1GB awG?
4GB awG r[kwfygbl;/ 64KB? 128KB avmufom&Sdygw,f/ DOS &JU uefUowfcsufuvJ 1MB xuf
MuD;wJh C y&dk*&rfawGudk toHk;jyKcGifhray;ygbl;/ 'gaMumifh y&dk*&rfrmawG[m olwdkU&JU y&dk*&rfudk uGefysLwm
rSwfOmPfxJrSm ae&m,lrIenf;atmif twwfEdkifqHk; MuHpnfMu&ygw,f/ 'gaMumifhvJ rvdktyf&if twwfEdkifqHk;
rSwfOmPfacRwmEdkifzdkU long tpm; short udk toHk;jyKMuygw,f/ qdkvdkwmu y&dk*&rfu wGufcsufvdkU&&SdwJh
tajz[m 40000 eJU 50000 0ef;usifMum;yJ &Sdr,fqdk&if oifhtaeeJU 'D variable udk b,fvdkaMunmoifhw,f
xifygovJ/ unsigned int variable_name; vm;? long int variable_name; vm;/ 'Dar;cGef;u variable
wpfckxJtwGufqdk&if odyfta&;rMuD;ayr,fh variable awG aomif;eJUcsDvmcJh&if pOf;pm;zdkU vdkvmygjyD/ int
variable_name [200] [100]; qdk&ifaum/ oifbmudk a&G;cs,frSmygvJ/ Variable ta&twGuf 20000 udk
udkifwG,fajz&Sif;csdefrSmawmh ta&;MuD;vmygjyD/ long int vdkU aMunm&if uGefysLwm&JUrSwfOmPfrSm 200 x 100
= 20000 x 4 bytes = 80KB ae&m,lygvdrfhr,f/ oifh&JU RAM [m 64KB yJ &Sdr,fqdkygawmh/ 'Dy&dk*&rf[m
stack overflow jzpfjyD; tvkyfvkyfrSm r[kwfygbl;/ (rSwfcsuf/ / 'DaeUacwfrSmawmh uGefysLwmrSwfOmPfrSm
ae&mb,favmuf,l,l pdwfylp&mr&Sdawmhygbl;/)
float uawmh 'órudef;awGudk udkifwG,fajz&Sif;&mrSm toHk;jyKjyD; rSwfOmPfrSm 4 bytes ae&m,lyg
w,f/ double udkvJ 'órudef;awGudk udkifwG,fajz&Si;f &mrSm toHk;jyKjyD; rSwfOmPfrSm 8 bytes ae&m,lyg
w,f/ 'ór 15ae&mpmwduszdkUvdkwJh odyÜHqdkif&mwGufcsufrIawGrSm toHk;rsm;ygw,f/ long double uawmh
double eJU wlygw,f/ rSwfOmPfrSm 10 bytes ae&mpmae&m,lygw,f/
(4) Identifier
rdrdMudKufESpfouf&m ay;wJh variable awG&JUtrnfudk identifier vdkU ac:ygw,f/ Identifier awGukd
trnfay;csdefrSm atmufygpnf;rsOf;awGudk vdkufem&ygw,f/
(1) Identifier \tponf pmvHk; (A-Z, a-z) (odkU) underscore om jzpf&rnf/
(2) Underscore (_) oauFwrSty useftxl;tu©&mrsm; roHk;&/
(3) Identifier \ pmvHk;ta&twGufonf 255vHk;xuf rydk&/
(4) Keyword rsm;udk identifier tjzpf raMunm&/ (Oyrm case? return)
(5) MY_Variable123 eJU my_Variable123 wdkUonf rwlnDMuyg/ pmvHk;tMuD;tao; uGJjym;rI&Sdonf/
atmufyg identifier rsm;uawmh rSefuefwJhyHkpHawG jzpfygw,f -
int get_result_from_program;
int x123;
atmufyg identifier rsm;uawmh rSm;,Gif;wJhyHkpHawG jzpfygw,f -
int 123data;
int while;
int base@location;
int get-result-from-program;
(5) wwd,ajrmuf C y&dk*&rf
#include <stdio.h> /* 3rd C Program */

#include <conio.h>
/* print Fahrenheit-Celsius table for fahr = 0, 20, … , 300 */
int main()
{
float fahr, celsius;
float lower, upper, step;
lower = 0; /* lower limit of temperature scale */
upper = 300; /* upper limit */
step = 20; /* step size */
fahr = lower;
while (fahr <= upper) {
celsius = 5.0 * (fahr - 32.0) / 9.0;
printf("%7.0f %10.3f\n", fahr, celsius);
fahr = fahr + step;
}
getch();
return 0;
} yHk(4)
'Dwwd,ajrmuf y&dk*&rf[m 'kwd,y&dk*&rfeJU oabmcsif;wlygw,f/ bmaMumifh 'Dae&mrSm xyfxnfh

oGif;&ovJqdk&if format specifier taMumif;udk &Sif;jycsifvdkUyg/ Format specifier udk printf() function
eJUwGJoHk;jyD; % eJU pavh&Sdygw,f/ toHk;jyKvdkU&wJh format specifier trsdK;tpm;awGuawmh flag character?
width specifier? precision specifier? input size modifier eJU conversion type character wdUk
jzpfygw,f/ 'Dae&mrSmawmh toHk;0ifr,fh? toHk;rsm;r,fh format specifier awGudkyJ &Sif;jyrSm jzpfygw,f/
%d udef;jynhf (integer) taeeJU jyocsif&if oHk;ygw,f/
%o &SpfvDpepf (octal) eJU jyocsif&if oHk;ygw,f/
%u unsigned integer taeeJU jyocsif&if oHk;ygw,f/
%x 16vDpepf (hexadecimal)udk pmvHk;ao;eJU jyygw,f/
%X 16vDpepf (hexadecimal)udk pmvHk;MuD;eJU jyygw,f/
%f 'órudef;eJU tajzxkwfay;ygw,f/
%e Exponential eJU tajzxkwfay;ygw,f/
%E xyfudef;eJU tajzxkwfay;ygw,f/
%c Character taeeJU tajzxkwfay;ygw,f/
%s String taeeJU tajzxkwfay;ygw,f/
%l long taeeJU tajzxkwfay;ygw,f/
%lf double taeeJU tajzxkwfay;ygw,f/
%L long double taeeJU tajzxkwfay;ygw,f/
yHk(4)u printf("%7.0f %10.3f\n", fahr, celsius); udk Munfhvdkufyg/ %7.0f rSm 7 qdkwmuawmh
b,fuae pmvHk; 7 vHk;pm ae&m,lr,fvdkU ajymwmyg/ f uawmh 'órudef;awGudk tajzxkwfwmyg/ %10.3f
rSmawmh 10 u yxrpmom;uae 10ae&mpmae&m,lr,fvdkU ajymwmjzpfjyD; .3 uawmh 'ór 3 ae&meJU
jyay;ygvdkU qdkvdkjcif;jzpfygw,f/ aemufwpfckuawmh escape sequence taMumif;jzpfygw,f/ toHk;rsm;qHk;
awGuawmh \t eJU \n wdkU jzpfygw,f/ \t uawmh tab key wpfae&mpmae&m,lr,fvdkU ajymwmjzpfjyD; \n uawmh
aemufwpfaMumif;udk qif;r,fvdkU ajymwmyg/
(6) keyword
C bmompum;rSm toHk;jyKvQuf&SdwJh keyword awGuawmh atmufygtwdkif; jzpfygw,f -
auto break case char const
default do double else enum
extern far float for goto
huge if int long near
register return short signed sizeof
static struct switch typedef union
unsigned void volatile while
Identifier awGudkaMunm&mrSm keyword awGudk variable trnfay;vdkUr&ygbl;/ Keyword wdkif;rSm
olU&JUvkyfaqmifcsuftoD;oD; &SdvkdUyg/ ta&;ygtoHk;rsm;wJh keyword awG&JU vkyfaqmifcsufawGukd oD;jcm;
acgif;pOfawGeJU aqG;aEG;rSm jzpfygw,f/
(7) if statement
if statement udk tajctaewpf&yf&yf[m rSefovm;^rSm;ovm; qHk;jzwfcdkif;wJhtcgrSm toHk;jyKyg
w,f/ wcgw&HrSm else keyword eJU wGJoHk;wmvJ&Sdygw,f/ olU&JU jzpfEdkifwJhyHkpHtcsdKUuawmh 'Dvdkyg ...
(1)
if(condition) statement;
(2)
if(condition) statement;
else statement;
(3)
if(condition1) statement;
else if(condition2) statement;
…
else statement;
(4)
…
(1) yxryHkpHudkawmh tajctaewpfckck[m rSe^f rrSef qHk;jzwfwJhtcgrSm toHk;jyKygw,f/

(2) 'kwd,yHkpHuawmh tajctaeESpfckteuf wpfckck[m vHk;0rSefudkrSef&r,fh tajctaerSm toHk;jyKygw,f/
(3) wwd,yHkpHuawmh tajctaeoHk;ck(odkU)oHk;ckxufydkwJhtxJu wpfckck[m vHk;0rSeu f dkrSef&r,fh tajctaerSm
toHk;jyKygw,f/
(4) pwkw¬yHkpHuawmh tajctaetm;vHk;[m rSefcsifreS f^rSm;csifrSm; jzpfEdkifwJhtajctaerSm oHk;ygw,f/
(8) pwkw¬ajrmuf C y&dk*&rf
yHk(5)
yHk(5)u uk'fawGudk run vdkuf&if yHk(6)twdkif;awGU&rSmyg/
yHk(6)
'Dy&dk*&rf[m uD;bkwfuae oif&dkufxnfhvdkufwJh *Pef;[m taygif;vm;? tEIwfvm;? oknvm;qdkwm
ppfaq;ay;rSm jzpfygw,f/ yHk(6)/ if statement udk oHk;jyD;a&;xm;wJh &dk;&Sif;vSwJh y&dk*&rfav;yg/ 'Dae&mrSm
topfxyfwdk;vmwmuawmh scanf() function yg/ olUtaMumif;udk tao;pdwfodcsif&ifawmh scanf ae&mrSm
mouse cursor udkxm;jyD; Ctrl+F1 udk ESdyfvdkufyg/ olUudk b,fvdktoHk;jyK&rvJqdkwJh Help ay:vmygvdrfhr,f/
yHk(7)/ tjcm; function awGudkvJ Ctrl+F1 EdSyfjyD; tao;pdwf MunfhvdkU&ygw,f/
yHk(7)
scanf() function udk uD;bkwfuae &dkufxnfhr,fh *Pef;? pmom;awGudkzwfzdkU toHk;jyKygw,f/
'Derlemy&dk*&rfrSm uRefawmfwdkUzwfr,fht&muawmh udef;jynfh*Pef;(%d) wpfck jzpfygw,f/ number_check
&JUa&SUrSm address sign (&) av;ygwm rarhygeJU/
Function awGtaMumif;odcsif&ifawmh Help udkrsm;rsm;zwfyg/ Help rSm ygvmwJh example awGudk
avhvmyg/ Example awGudk run Munfhyg/
(9) switch statement
if statement eJU oabmw&m;csif;wlwJh tjcm;wpfckuawmh switch statement jzpfygw,f/ olU&JU
toHk;jyK&r,fhyHkpHuawmh 'Dvdkyg ...
switch(expression){
case constant_expression1: statement;
case constant_expression2: statement;
default: : statement;
}
(10) 5ckajrmuf C y&dk*&rf

#include<stdio.h>
#include<conio.h>
#include<stdlib.h>
int main() { /* Copyright © Myo Myint Htike, 2009 */
int menu;
printf("Choose 1 to print \"Welcome!\" text. \n");
printf("Choose 2 to print \"Sorry!\" text. \n");
printf("Choose any number to exit!\n");
printf("Please enter a number: ");
scanf("%d", &menu);
switch(menu){
case 1: printf("Wecome!."); break;
case 2 : printf("Sorry!"); break;
default: exit(0);
} getch(); return 0; }
'Dy&dk*&rfuawmh switch statement udk b,fvdktoHk;jyK&rvJqdkwm jyowJh erlemy&dk*&rfyg/ b,fvdk
tvkyfvkyfovJqdkwmuawmh vufawGUprf;Munfhvdkufyg/ 'Dae&mrSm &Sif;jycsifwmuawmh exit() function yg/
exit() &JU t"dyÜm,fuawmh ]exit functions} yg/ qdkvdkcsifwmu teD;pyfqHk; function uaexGufr,fvdkU
qdkvdkwmyg/ olUudkoHk;r,fqkd&ifawmh stdlib.h <STandarD LIBrary> udk aMunmay;&ygr,f/ switch
statement udkawmh toHk;enf;vSwJhtwGuf ravhvmvJ &ygw,f/
(11) while loop
'Dwpfcgawmh loop awGtaMumif; avhvmMunfhygr,f/ Cracking vkyf&mrSm toHk;rsm;qHk;uawmh loop
awGyg/ Loop awG[m tvkyfwpfckudk owfrSwfxm;wJh tajctaewpfcktwGif;rSm Mudrfzefrsm;pGm vkyfay;yg
w,f/ toHk;trsm;qHk; loop awGuawmh for loop eJU while loop wdkUyg/ while loop &JU toHk;jyKrIyHkpHuawmh
atmufygtwdkif; jzpfygw,f/
while(condition)
statement;
while loop eJUywfoufwJh erlemy&dk*&rfudkawmh ra&;jyawmhygbl;/ bmaMumifhvJqdkawmh 'kwd,

ajrmuf C y&dk*&rfrSm while loop &JU tvkyfvkyfyHkudk &Sif;jyjyD;vdkUyg/ while loop uae cGJxGufoGm;jyD; while
loop eJUwlwJh aemuf loop wpfckuawmh do{ } while loop yg/ toHk;enf;wJhtwGuf r&Sif;jyawmhygbl;/
(12) for loop
for loop &JU toHk;jyKrIyHkpHuawmh atmufygtwdkif; jzpfygw,f/
for(expression1; condition; expression2)
statement;
for loop &JU tvkyfvkyfyHkuawmh yxrqHk; expression1 udk initialize vkyfygw,f/ jyD;awmh
condition [m rSefovm;? rSm;ovm; ppfygw,f/ rSef&ifawmh statement qDudk oGm;ygw,f/ jyD;awmh
expression2 udk vkyfygw,f/ expression2 udk vkyfaqmifjyD;wJhtcgrSm expression1 qDjyefa&mufvmygw,f/
jyD;awmh condition udk rSef^rrSef xyfppfygw,f/ Condition [m rSefaeoa&GU statement udk aqmif&GufaerSm
jzpfjyD; rSm;wJhtcgusrSom loop [m jyD;qHk;rSmjzpfygw,f/
#include<stdio.h>
#include<conio.h>
int main()
{ /* Copyright © Myo Myint Htike, 2009 */
int x, y, z; /* Declare 3 unknown variables */
for(x=0; x<10; x++) // for(1; 2; 14) After 14, then go to 1
for(y=0; y<10; y++) // for(3; 4; 12) 3=13
for(z=0; z<10; z++) // for(5; 6; 10) 5=11
if(2*x+3*y-4*z == -3) // if 7 = true then do 8, else go to 10
if(4*x-2*y+z == 6) // if 8 = true then do 9
if(x-3*y-2*z == -15) // if 9 = true then print x, y, z
printf(" x= %d\n y= %d\n z= %d",x,y,z);
getch();
return 0;
}
yHk(8)
yHk(8)uawmh rodudef; 3vHk;&SmwJhykpäm jzpfygw,f/ x? y eJU z udk &Smay;&rSmyg/ for loop oHk;jyD; ajz&Sif;
xm;wmyg/ 'Dy&dk*&rfudk aocsmMunfhr,fqdk&if bmocsFmnDrQjcif;rS roHk;bJ ajz&Sif;oGm;wm awGU&rSmyg/ 'Denf;
[m cracking vkyfwJhtcg password awGudk cefUrSef;&mrSm awmfawmftoHk;0ifvSygw,f/ y&dk*&rftvkyfvkyfyHk
udk MunfhvdkufMu&atmif/
(1) yxrqHk; uRefawmfwdkU &SmcsifwJh rodudef; 3vHk;udk udef;jynfhawGtjzpfaMunmygw,f/ (rSwfcsuf/ /
rodudef;ykpämwdkif;[m tjrJwrf; udef;jynfhjzpfaerSmawmh r[kwfygbl;/ udef;jynfheJU &SmvdkUr&&if float vdkU
aMunmyg/)
(2) for loop udk pwifygw,f/ for loop &JUtvkyfvkyfyHkudk aocsmem;vnfatmifMunfhyg/ yxrqHk; x &JUwefzdk;
udk oknvdkUowfrSwfygw,f/ jyD;awmh x [m 10 xuf i,f^ri,f ppfygw,f/ i,fcJh&if aemufwpfaMumif;udk
qif;oGm;ygw,f/ y &JUwefzdk;udk oknvdkUowfrSwfygw,f/ jyD;awmh y [m 10 xuf i,f^ri,f ppfygw,f/
i,fcJh&if aemufwpfaMumif;udk qif;oGm;ygw,f/ z &JUwefzdk;udk oknvdkUowfrSwfygw,f/ jyD;awmh z [m 10
xuf i,f^ri,f ppfygw,f/ i,fcJh&if aemufwpfaMumif;udk qif;oGm;ygw,f/ 'DwpfcgrSm (x=0, y=0, z=0)udk
2x+3y-4z rSm tpm;oGif;jyD; -3 eJU nD^rnD ppfygw,f/ nDcJh&if aemufwpfaMumif;udk qif;oGm;rSm jzpfygw,f/
rnDcJh&ifawmh z &JU wefzdk;rSm wpfaygif;rSm jzpfygw,f/ 'Dwpfcg z=0 uae z=1 jzpfvmygw,f/ z [m 10
xuf i,f^ri,f xyfppfygw,f/ i,fcJh&if aemufwpfaMumif;udk qif;oGm;ygw,f/ 'DwpfcgrSm (x=0, y=0,
z=1)udk 2x+3y-4z rSm tpm;oGif;jyD; -3 eJU nD^rnD xyfppfygw,f/ nDcJh&if aemufwpfaMumif;udk qif;oGm;rSm
jzpfygw,f/ rnDcJh&ifawmh z &JU wefzdk;rSm wpfaygif;rSm jzpfygw,f/ 'DvdkeJU x,y,z wefzdk;toD;oD;udk wpfaygif;
oGm;jyD; nDrQjcif; 3aMumif;rSm nD^rnD ppfrSm jzpfygw,f/ ppfr,fhta&twGufuawmh wpfMudrfuae tMudrfwpf
axmiftwGif; jzpfygw,f/ wu,fvdkU nDcJh&ifawmh printf() function udk oHk;jyD; x,y,z wdkU&JUwefzdk;awGudk
tajzxkwfay;rSm jzpfygw,f/
(3) x++ qdkwmuawmh x = x+1; eJUwlygw,f/ (Operator acgif;pOfatmufwGif Munfhyg/)
(14) operator
Operator awGudk atmufygtwdkif; wl&mtkyfpkzGJUEdkifygw,f/
(u) Arithmetic operator
(c) Unary operator
(*) Relational operator
(C) Assignement operator
(i) Logical operator
(p) Conditional operator
(q) Bitwise operator
(u) Arithmetic operator
Arithmetic operator awGuawmh atmufygtwdkif;jzpfygw,f-
+ (addition) Variable rsm; aygif;&mwGiftoHk;jyKonf/

- (subtraction) Variable rsm; EIwf&mwGiftoHk;jyKonf/
* (multiplication) Variable rsm; ajrSmuf&mwGiftoHk;jyKonf/
/ (division) Variable rsm; pm;&mwGiftoHk;jyKonf/
% (modulus) t<uif;&Sm&mwGifoHk;onf/
(c) Unary operator

Unary operator awGuawmh atmufygtwdkif;jzpfygw,f-
i++; (postincrement) Variable wefzdk;tm; wpfaygif;ay;onf/

i--; (postdecrement) Variable wefzdk;tm; wpfEIwfay;onf/
++i; (preincrement) Variable wefzdk;tm; wpfaygif;ay;onf/
--i; (predecrement) Variable wefzdk;tm; wpfEIwfay;onf/
yHkrSeftm;jzifhawmh olwdkUudk increment operator eJU decrement operator vdkU ac:a0:Muygw,f/

'Dae&mrSm owdxm;zdkUuawmh i++ eJU ++i wdkU uGJjym;rIudkyg/ atmufygtwdkif;aMunmr,fqdk&ifawmh olwdkU&JU
t"dyÜm,fu wlygw,f/
int i=0, j=0;
i++;
++j;
'Dae&mrSm i eJU j wdkU&JUwefzdk;[m wlrSmjzpfjyD; 1 qdkwJh tajzxGufrSmyg/ aemufxyfyHkpHwpfrsdK;udk Munfhyg
r,f/
int i=0, j=0, x=0, y=0;
x = x+(i++);
y = y+(++j);
'Dvdkqdk&ifawmh x &JUwefzdk;u oknjzpfaejyD; y &JUwefzdk;uawmh 1 jzpfvmrSmyg/ qdkvdkcsifwmuawmh i++
vdkUaMunmcJh&if i &JUvuf&Sdwefzdk;udk x rSmaygif;jyD;rS i &JUwefzdk;udk wpfaygif;rSmjzpfygw,f/ 'gaMumifh i++ udk
postincrement vdkUac:wmyg/
(*) Relational operator
Relational operator udkawmh if statement? for loop? while loop pwmawGeJU wGJoHk;jyD; tajctae
wpf&yf&yfudk EdIif;,SOf&mrSm? variable awGudk EdIif;,SOf&mrSm toHk;jyKygw,f/
== (equal) Variable wefzdk;ESpfckudk wlrwlppfygw,f/ wl&if tvkyfvkyfygw,f/
!= (not equal) Variable wefzdk;ESpfckudk wlrwlppfygw,f/ rwl&if tvkyfvkyfygw,f/
> (greater than) Variable wefzdk;[m MuD;rMuD;ppfygw,f/ MuD;&if tvkyfvkyfygw,f/
< (less than) Variable wefzdk;[m i,fri,fppfygw,f/ i,f&if tvkyfvkyfygw,f/
>= (greater or equal) Variable wefzdk;[m MuD;&if (odkU) nD&if tvkyfvkyfygw,f/
<= (less than or equal) Variable wefzdk;[m i,f&if (odkU) nD&if tvkyfvkyfygw,f/
(C) Assignement operator

Assignment operator awGudk wpfckckeJU nDay;&mrSm toHk;jyKjyD; olwdkUawGuawmh ...
= *= /= %= += -=
<<= >>= &= ^= |=
toHk;jyKyHkawGuawmh atmufygtwdkif; jzpfygw,f/
x = y +10; // x = y + 10;
x *= 10; // x = x * 10;
x /= 10; // x = x / 10;
x << = 3; // x = x << 3;
x ^ = 30; // x = x ^ 30;
(i) Logical operator
Logical operator awGuawmh atmufygtwdkif; jzpfygw,f -
&& (AND) tajctaeESpfckpvHk;rSef&if tvkyfvkyfygw,f/

|| (OR) tajctaeESpfckteuf wpfckrSef&if tvkyfvkyfygw,f/
! (NOT) tajctaerSm;&if tvkyfvkyfygw,f/
toHk;jyKyHkawGuawmh atmufygtwdkif; jzpfygw,f/

int x=0;
scanf("%d",&x);
if( x>0 && x<40) printf ("Fail");
if( x>75 || x == 75) printf ("Credit");
if(!x) printf("The value of x is zero.");
(p) Conditional operator
Conditional operator yHkpHuawmhh atmufygtwdkif; jzpfygw,f -
logical-OR-expression ? expression : conditional-expression
toHk;jyKyHkuawmh atmufygtwdkif; jzpfygw,f/
z = (a > b) ? a: b; /* z = max (a,b) */
a eJU b eJUxJu MuD;wJhwefzdk;udk ,lwJh 'DOyrmav;udk aemufwpfrsdK;jyefa&;&r,fqdk&if ...
if (a>b) z = a;
else z = b;
'Dae&mrSm z wefzdk;[m b,fvdkyJjzpfjzpf trsm;qHk;jzpfaerSm jzpfygw,f/
(q) Bitwise operator
Bitwise operator awGuawmh atmufygtwdkif; jzpfygw,f/
& (Bitwise AND)

| (Bitwise inclusive OR)
^ (Bitwise exclusive OR)(XOR)
~ (Bitwise complement) (NOT)
>> (Bitwise shift right)
<< (Bitwise shift left)
toHk;jyKyHkuawmh atmufygtwdkif; jzpfygw,f/
AND OR XOR NOT
Source Bit 001100 1100110 1
Destination Bit 0 1 0 1 0 1 0 1 0 1 0 1 X X
&v'f 000101 1101101 0
>> uawmh assembly bmompum;&JU SHR instruction eJUwljyD;? << uawmh assembly
bmompum;&JU SHR instruction eJUwlygw,f/ SHL eJU SHR [m register^rSwfOmPfae&mu bit awGudk
b,f^nmrSae owfrSwfxm;wJh bit ta&twGufudk a&wGufjyD; a&TUvdkufwmjzpfygw,f/ erlemMunfhyg/
int x = 0xBEEF; // x = 1011111011101111 (binaray)
x = x >> 4; // x = 0000101111101110
printf("x = %X", x); // x = BEE
ydkjyD;em;vnfapzdkU aemuferlemwpfckMunfhyg/
int x = 0xDEAD; // x = 1101111010101101 (bin)
x = (x >> 5) & ~ (~0 << 3); //
printf("x = %X", x); // x = 5 (101)
'Duk'fudk run vdkuf&ifawmh 5 qdkwJhtajz&rSmyg/ b,fvdk&ovJqdkwmawmh udk,fhbmomudk,f wGufMunfh
yg/ Hexadecimal uae binary? binary uae hexadecimal b,fvdkajymif;&rvJqdkwmudkawmh calculator
(calc.exe) eJU wGufcsufEdkifygw,f/
(15) Function
Function qdkwmuawmh vkyfaqmifcsufawGudk pkpnf;ay;xm;wJht&mwpfckjzpfjyD;? function wpfckrSm
yg0if&r,fh t*Fg&yfawGuawmh return type? function name? parameter list eJU uk'fa&;om;r,fh function
body wdkUjzpfygw,f/ Compiler rSm toifhygvmwJh function eJU rdrdudk,fwdkifzefwD;xm;wJh function qdkjyD;
function ESpfrsdK;ESpfpm; cGJjcm;Edkifygw,f/ Compiler rSmygvmwJh function awGuawmh printf()? scanf() pwJh
function awGjzpfygw,f/ olwdkUudk toHk;jyKawmhr,fqdk&if header file awG aMunmay;&ygw,f/ 'Dae&mrSm
awmh built-in function awGtaMumif;udk &Sif;jyrSm r[kwfygbl;/
#include<stdio.h> #include<conio.h>
int power (int m, int n);
int main()
{ int i;
for (i=0; i<10; ++i)
printf("%d %d %d\n", i, power(2,i), power(-3,i));
getch();
return 0; }
int power (int base, int n)
{ int i, p; p = 1;
for (i = 1; i <= n; ++i)
p = p * base;
return p; } yHk(9)
'Dy&dk*&rfuawmh 2 eJU -3 wdkU&JU xyfudef;q,fckwefzdk; (20, 21, 22, 23, 24, ..)udk &Smay;wmyg/
1/ int power (int m, int n); qdkwmuawmh uRefawmfwdkUzefwD;xm;wJh function udk toHk;jyKr,fvdkU aMunm
wmyg/ 'DvdkaMunmxm;wJhtwGuf main() function &JUtwGif;xJrSmyJjzpfjzpf? tjyifrSmyJjzpfjzpf MudKufwJhae&mu
ae power() function udk ac:oHk;vdkU &ygjyD/ bmaMumifh power() function udk MudKufwJhae&muae
ac:oHk;vdkU&wmvJqdkawmh olU&JU scope aMumifhyg/ wu,fawmh main() function &JU tjyifrSm int power (int
m, int n); vdkUa&;wm[m extern int power (int m, int n); vdkU a&;wmeJU twlwlygyJ/ 'Dae&mrSm extern [m
keyword wpfckjzpfjyD; olUudk storage class vdkUvJ ac:a0:ygw,f/
2/ Storage class 4rsdK;&Sdygw,f/ auto? extern? static eJU register wdkUyg/ Function wpfck&JUtwGif;rSm
bmrSa&;xm;jcif;r&SdbJ int? float? char vdkU&dk;&dk;wef;wef; aMunmxm;wJh data type awGtm;vHk;[m auto awG
ygyJ/ Function awG&JUtjyifbufrSm bmrSa&;xm;jcif;r&SdbJ int? float? char vdkU&dk;&dk;wef;wef; aMunmxm;wJh
data type awGtm;vHk;[m extern jzpfygw,f/ static eJU register wdkUuawmh toHk;enf;wJhtwGuf r&Sif;jy
awmhygbl;/ wu,fvdkU function awGrSm return jyefydkUp&m wefzdk;wpfckckr&SdcJh&if void vdkU aMunm&ygr,f/
(17) Array
Array qdkwmuawmh wlnDwJh data type awGudk pkpnf;ay;wJh variable wpfckyg/ wu,fvdkU rwlnDwJh
data type awGudk pkpnf;csif&ifawmh struct qdkwJh keyword udk toHk;jyK&rSmyg/ One dimensional array
wpfckudk aMunmyHkuawmh atmufygtwdkif;yg/
int myanmar[60];
int myanmar[60]; [m ausmif;om;ta,mufajcmufq,f&JU jrefrmpm&rSwfudk odrf;qnf;r,fvdkU aMu
nmwmyg/ wu,fvdkU array taeeJUom raMunmcJh&if uRefawmfwdkUtaeeJU int myanmar1, myanmar2,
myanmar3; ponfjzifh aMunm&rSmjzpfygw,f/ 'gqdk y&dk*&rf[m &Snfvsm;jyD; &IyfaxG;vmEdkifygw,f/ ydkjyD;
&Sif;vif;atmif aemufwpfckxyfMunfhygr,f/
int exam_result [60] [6];
'DyHkpHuawmh ausmif;om;ta,mufajcmufq,f&JU bmom&yfajcmufck&v'fudk odrf;qnf;r,fvdkU aMu
nmwmyg/ Two dimensional array wpfckjzpfygw,f/ 'Dae&mrSm &Sif;jyvdkwmuawmh exam_result [m
array &JUtrnfjzpfjyD;? 60 eJU 6 uawmh array element jzpfygw,f/ Array element udk wpfcgw&H array
index vdkUvJ ac:a0:ygw,f/ Array element [m tjrJwrf; 0 eJUpavh&SdjyD; tqHk;uawmh size-1 jzpfygw,f/
wu,fvdkU char udk array taeeJU aMunmr,fqdk&if character tpm; string jzpfoGm;aMumif; ]Data
type} acgif;pOfatmufrSm &Sif;jywm trSwf&yg/ 'gudk xyfMunfhygr,f/
char my_string [11] = "I Love You.";
int i;
for(i=0; i<11; i++)
printf("%c", my_string[i]);
'Duk'fudk run vdkuf&if 'I Love You.' qdkwJhpmom;udk jrif&rSmyg/ wu,fvdkU for(i=0; i<11; i++)
ae&mrSm for(i=1; i<12; i++) vdkUjyifvdkuf&if tajzuawmh ' Love You. ' jzpfrSmyg/ Full stop (.) &JUaemufrSm
space ( )udk awGU&rSmyg/ Array wpfck[m tjrJwrf; null terminator (\0) eJU qHk;avh&Sdygw,f/ wu,fvdkU 12
ae&mrSm 19 vkdUjyifvdkuf&if random pmvHk;awGxGufvmygvdrfhr,f/
(18) Pointer
Pointer qdw
k m variable wpfck&JU address udkodrf;xm;wJh variable wpfckyg/ Pointer udk C bmom
pum;rSm awmfawmfav; oHk;pGJwmawGU&ygw,f/ Pointer eJU array [mvJ awmfawmfav; qufpyfrI&Sdygw,f/
ydkjyD;&Sif;vif;atmif erlemwpfckudk Munfhygr,f/
int x = 1, y = 2, z[10];
int *ip; // ip is a pointer to int
ip = &x; // ip now points to x
y = *ip; // y is now 1
*ip = 0; // x is now 0
ip = &z[0]; // ip now points to z[0]
printf("%d %d %X %X", x,y , *ip, ip); // Answer: 0 1 0 12FF60
Unary operator wpfckjzpfwJh & uawmh object &JU address udk jyygw,f/ & operator [m
rSwfOmPfxJrSm variable eJU array element udkyJ point vkyfEdkifygw,f/ Expression? constant awGeJU
register variable awGudkawmh point vkyfEdkifjcif; r&Sdygbl;/
Unary operator (*) udkawmh indirection (odkU) dereferencing operator vdkU ac:ygw,f/ Pointer
tjzpftoHk;jyKcsdefrSm pointer u point vkyfwJh object udk &,lEdkifygw,f/
#include<stdio.h>
#include<conio.h>
int strlen(char *string);
int strcmp(char *string1, char *string2);
int main()
{ char get_string[100]; int length;
char *comp_str = "My Love";
gets(get_string);
length = strlen(get_string);
printf("String Length = %d", length);
if( (strcmp(get_string, comp_str)) !=0)
printf("\n\"%s\" and \"%s\" are not equal.",
get_string, comp_str);
getch(); return 0; }
/* strlen: return length of string s */
int strlen(char *s)
{
int n;
for (n = 0; *s != '\0'; s++)
n++; yHk(10)
return n;
}
\\ strcmp: return <0 if s<t, 0 if s==t, >0 if s>t
int strcmp(char *s, char *t)
{
for ( ; *s == *t; s++, t++)
if (*s == '\0')
return 0;
return *s - *t;
}
'Dy&dk*&rfuawmh oif&dkufxnfhvdkufwJhpmom;rSm yg0ifwJh pmvHk;ta&twGufudk azmfjyjyD; owfrSwfxm;

wJh pmom;eJU udkufnD^rnD ppfay;ygw,f/ 'Dy&dk*&rfrSm pointer eJU array awGudk wGJoHk;wm owdjyKrdrSmyg/
(20) String
'DwpfcgrSmawmh string awGtaMumif;udk tenf;i,f avhvmMuygr,f/ String eJU ywfoufwJh
function awGudk toHk;jyKr,fqdk&if <string.h> udk aMunmay;&ygr,f/ String function tcsdKUuawmh
atmufazmfjyygtwdkif;jzpfygw,f/
strcpy(str1,str2) str2 rSpmom;rsm;udk str1 xJodkU ul;xnfhay;jcif;/
strncpy(str1,str2,length) str2 rS owfrSwfxm;aomta&twGuftwdkif; pmom;rsm;udk str1 xJodkU ul;xnfhay;jcif;/
strcmp(str1,str2) str2 ESifh str1 wdkUudk EIdif;,SOfjcif;/
strcmpi(str1,str2) str2 ESifh str1 wdkUudk EIdif;,SOfjcif;/ (pmvHk;tMuD;tao;udk vspfvsL&I)
strlen(str) str \pmvHk;ta&twGufudk jyjcif;/
strcat(str1,str2) str2 ESifh str1 udk aygif;jyjcif;/ &v'fudk str1 wGif odrf;onf/
yHk(10)u y&dk*&rft&qdk&if strlen() function udk rdrdbmom rdrdzefwD;oGm;wm awGU&rSmyg/ wu,f

awmh 'Dy&dk*&rfu pointer awGtaMumif; &Sif;jycsifvdkU strlen() function udk udk,fhbmomudk,f a&;oGm;wmyg/
uRefawmfwdkUtaeeJU string eJUywfoufwJh function awmfawmfrsm;rsm;udk udk,fwdkifa&;p&m rvdkygbl;/
<string.h> udk aMunmjyD; toifh,loHk;&HkygyJ/ ydkjyD; &Sif;vif;atmif 9ckajrmuf y&dk*&rfudk Munfhyg/ strcmpi()
function udk wcgwnf; ,loHk;xm;wm awGU&rSmyg/
#include<stdio.h>
#include<conio.h>
#include<string.h>
void Password();
int main()
{ Password(); getch(); return 0; }
void Password(void)
{ /* Copyright © Myo Myint Htike, 2009 */
char password[80];
printf("\nEnter Password:");
gets(password);
if(strcmpi(password,"PASSWORD")==0)
printf("\nYou really did it. Congratulations!");
else{ printf("\nTry again!\n"); Password(); } yHk(11)
}
'Dy&dk*&rfuawmh jrefrmy&dk*&rfrmawmfawmfrsm;rsm; a&;avh&SdMuwJh password y&dk*&rfyg/ udD;bkwfu

ae password wpfckudk &dkufxnfhckdif;ygw,f/ Password [m rrSefbl;qdk&if aemufxyf password &dkufxnfh
cdkif;ygw,f/ rSef&ifawmh owfrSwfxm;wJh function udk tvkyfvkyfapygw,f/ 'Dy&dk*&rfrSm tm;enf;csuftrsm;
MuD;&Sdygw,f/ Debugger awGudk vspfvsL&Ixm;cJhr,fqdk&ifawmh 'Dy&dk*&rfa&;xm;wm[m awmfawmfynmom;
ygw,fvdkU ajymvdkU&ygw,f/ Function udk recursion oHk;jyD; y&dk*&rfudk uspfvspfatmif vkyfxm;wmyg/
(Recursion qdkwmuawmh function wpfckudk tMudrfMudrfjyefac:oHk;jcif;vdkU t"dyÜm,f&ygw,f/)
(22) File I/O
'DwpfcgrSmawmh zdkifwpfckuae tcsuftvufawGudk b,fvdkzwf&I&rvJqdkwJh zdkifeJUywfoufwJh
function tcsdKUudk avhvmMunfhygr,f/ zdkifeJU ywfoufwJh function awGudk toHk;jyKr,fqdk&if <stdio.h> udk
aMunmay;&ygr,f/ File function tcsdKUuawmh atmufazmfjyygtwdkif;jzpfygw,f/
fopen(filename,mode) zdkifudka&;&ef(odkU)zwf&efzGifhjcif;/
fclose(filename) zdkifudkydwfjcif;/
feof(filepointer) zdkif\tqHk;odkUa&mufra&mufpHkprf;jcif;/
fscanf(filepointer,format) zdkifrStcsuftvufrsm;zwfjcif;/
zdkif function awmfawmfrsm;rsm;[m omref input/output vkyfwJh function awmfawmfrsm;rsm;eJU

vkyfaqmifyHkcsif;wlygw,f/ uGJjym;wmav;wpfcku file function awGrSm b,fzdkifuae tcsuftvufawGudk
&,lr,fvdkU ajymay;&wmav;yJ ydkygw,f/
(23) aemufqHk; C y&dk*&rf
'DwpfcgrSmawmh cracker test y&dk*&rfrSmyg&SdwJh jyóemav;wpfckudk ajz&Sif;wJh y&dk*&rfav; a&;Munfh
ygr,f/
yHk(12)
043B374 PUSH EBP
0043B375 MOV EBP,ESP
0043B377 ADD ESP,-10
0043B37A PUSH EBX
0043B37B PUSH ESI
0043B37C PUSH EDI
0043B37D XOR ECX,ECX
0043B37F MOV [LOCAL.4],ECX
0043B382 MOV [LOCAL.1],EAX
0043B385 XOR EAX,EAX
0043B387 PUSH EBP
0043B38D PUSH DWORD PTR FS:[EAX]
0043B390 MOV DWORD PTR FS:[EAX],ESP
0043B393 XOR EBX,EBX
0043B395 XOR ESI,ESI
0043B397 MOV [LOCAL.2],10
0043B39E LEA EDX,[LOCAL.4]
0043B3A1 MOV EAX,[LOCAL.1]
0043B3A4 MOV EAX,DWORD PTR DS:[EAX+294]
0043B3AF MOV EAX,[LOCAL.4]
0043B3B7 TEST EAX,EAX
0043B3B9 JLE SHORT Cracker_.0043B3F5
0043B3BB MOV [LOCAL.3],EAX
0043B3BE MOV EDI,1
0043B3C3 LEA EDX,[LOCAL.4]
0043B3C6 MOV EAX,[LOCAL.1]
0043B3C9 MOV EAX,DWORD PTR DS:[EAX+294]
0043B3D4 MOV EAX,[LOCAL.4]
0043B3D7 MOVZX EAX,BYTE PTR DS:[EAX+EDI-1]
0043B3DC LEA EDX,DWORD PTR DS:[EDI+ESI]
0043B3DF ADD EAX,EDX
0043B3E1 MOV ESI,EAX
0043B3E3 ADD EBX,EBX
0043B3E5 XOR EBX,ESI
0043B3E7 MOV EAX,ESI
0043B3E9 CDQ
0043B3EA IDIV EDI
0043B3EC INC EDX
0043B3ED ADD EBX,EDX
0043B3EF INC EDI
0043B3F0 DEC [LOCAL.3]
0043B3F3 JNZ SHORT Cracker_.0043B3C3
0043B3F5 DEC [LOCAL.2]
0043B3F8 JNZ SHORT Cracker_.0043B39E
0043B3FA CMP ESI,3810
0043B400 JNZ SHORT Cracker_.0043B40A
0043B402 CMP EBX,402A4FE7
0043B408 JE SHORT Cracker_.0043B424
0043B40A MOV EAX,Cracker_.0043B4AC ; ASCII "Sorry, not the right one - try again !"
0043B40F CALL Cracker_.004338AC
0043B414 MOV EAX,[LOCAL.1]
0043B417 MOV EAX,DWORD PTR DS:[EAX+294]
0043B41D MOV EDX,DWORD PTR DS:[EAX]
0043B41F CALL DWORD PTR DS:[EDX+78]
0043B422 JMP SHORT Cracker_.0043B47D
0043B424 MOV EAX,EBX
0043B426 SUB EAX,ESI
0043B428 CMP EAX,402A17D7
0043B42D JE SHORT Cracker_.0043B449
yHk(13)
ay;xm;csufuawmh yHk(12)rSm jyxm;wJhtwdkif; jzpfygw,f/ pum;vHk;wpfvHk;udk cefUrSef;cdkif;wm jzpfyg
w,f/ Cracker test y&dk*&rf[m cracker awG&JU t&nftcsif;udk prf;oyfzdkU a&;xm;wJhy&dk*&rfjzpfjyD; tqifh(8)
qifh(very very easy? very easy? easy? not entirely easy? somewhat harder? hard? very hard? very
very hard) yg0ifygw,f/ oifjrifae&wJh tqifhuawmh tqifh(3) (easy level) jzpfygw,f/ 'Dy&dk*&rfudk
Olly debugger eJU ppfwJhtcsdefrSm awGU&wJhuk'fuawmh yHk(13)rSm jrif&wJhtwdkif; jzpfyg w,f/ yHk(13)rSm jrif&
wJhuk'fudk ajz&Sif;zdkUqdkwm oifb,favmufyJawmfaeygap vufeJUcswGufzdkU? calculator eJU wGufzdkUqdkwm vHk;0
(vHk;0) rjzpfEdkifygbl;/ 'gaMumifh y&kd*&rfa&;jyD; ajz&Sif;zdkU MudK;pm;wmyg/ C eJU y&dk*&rfa&;wJhtcg yHk(14)twdkif;
awGUjrif&ygw,f/
#include <conio.h> // Compiled by Borland C++.
#include <stdio.h> // Coded by Myo Myint Htike.
#include <string.h> // Date - 2009 March 13
#include <stdlib.h>
#include <math.h>
int main()
{
FILE *fileread = fopen("english.dic","a+");
char password[50];
int EDI, i, j, EDX=0, EAX=0, ESI=0, EBX=0;
while(!feof(fileread)){
int character_count=0;
div_t div_result;
fscanf(fileread,"%s",password);
printf("%s\n",password);
character_count = strlen(password);
EDX=0;
ESI=0;
EDI=0;
EBX=0;
EDX=1;
for(i=0;i<16;i++){ // for loop 1
EDI=1;
for(j=0; j<character_count; j++){
EAX = password[j];
EDX = ESI+EDI;
EAX = EAX + EDX;
ESI = EAX;
EBX = EBX + EBX;
EBX = EBX ^ ESI;
EAX = ESI;
div_result = div( EAX, EDI );
EDX = div_result.rem ;
EDX++;
EBX= EBX +EDX;
EDI++;
} // end of for loop 2
} // end of for loop 1
if(ESI== 0x3810 && EBX == 0x402A4FE7){
printf("Word is = %s\n", password); // Ans: firmware
getch();
} // end of if statement
} // end of while loop
fclose(fileread);
getch();
return 0;
}
yHk(14)
yHk(14)rSm a&;jyxm;wJh source uk'f&JU tvkyfvkyfyHkudk wpfaMumif;csif;em;vnfatmifMunfhyg/ 'Dy&dk*&rf
&JUtvkyfvkyfyHkudk taotcsm em;vnfw,fqdk&ifawmh C bmompum;eJUywfoufjyD; uRefawmf&Sif;jywmtm;vHk;
oifem;vnfoGm;jyDvdkU ,HkMunfvdkufyg/ wu,fvdkU em;rvnfao;&ifawmh oifcef;pmudk jyefzwfvdkufygOD;/
1/ <stdlib.h> header file udk aMunmxm;wmuawmh div_t twGufyg/
2/ FILE *fileread = fopen("english.dic","a+"); qdkwmuawmh english.dic zdkifudk zwfr,fvdkU ajymwm
yg/ qdkvdkwmuawmh uRefawmfwdkU&SmaewJh password (word) [m 'D english.dic zdkifxJrSmjzpfygw,f/
Dictionary (.dic) zdkifawG[m password awGudk wdkufqdkifppfaq;&mrSm cracker awG toHk;jyKMuwJhzdkifawGjzpf
jyD; 'DzdkifawGxJrSm t*Fvdyftbd"mefxJu pum;vHk;aygif; odef;csDyg0ifygw,f/ pum;vHk;pHkav tajzudk
&SmawGUzdkUeD;pyfavjzpfygw,f/ 'D dictionary (.dic) zdkifawGudk tifwmeufuae download vkyf,lyg/
Cracker wpfa,mufrSmawmh t*Fvdyftbd"meftjyif vufwif? jyifopf? tDwvD? aq;ynmtbd"mefpwJh
tbd"mefaygif;pHk &Sdxm;oifhygw,f/
3/ char password[50]; uawmh zwfr,fhpmvHk;ta&twGuf[m tvHk; 50 trsm;qHk;&Sdr,fvdkU aMunmay;wm
yg/ tvHk; 50 xufydk&SnfwJh t*Fvdyfpum;vHk;udk oifjrifzl;ygovm;/ jrifzl;&ifawmh 50 tpm; 200 vdkU
ajymif;vdkufyg/ 200 xufydk&SnfwJh t*Fvdyfpum;vHk;awmh r&Sdavmufawmhbl;vdkU xifygw,f/ ☺☺☺☺☺
4/ while(!feof(fileread)){ } uawmh english.dic zdkifudk zwfwm aemufqHk;pum;vHk;jyD;vdkU zdkiftqHk;udkr
a&mufrcsif;vdkU qdkvdkwmyg/ english.dic zdkifxJu &SdorQpum;vHk; tukefzwfr,fvdkU ajymwmyg/
5/ fscanf(fileread,"%s",password); udk toHk;jyKjyD; english.dic zdkifxJu yxrpum;vHk;udk zwfygw,f/
yxrpum;vHk;udk aaron vdkU ,lqMunfhvdkufMu&atmif/ 'gqdk password = "aaron" jzpfoGm;ygjyD/ password
udk printf() function oHk;jyD; zefom;jyifrSm jyapygw,f/ printf() function udk roHk;vJ&ygw,f/
6/ character_count = strlen(password); uawmh password pum;vHk;&JU pmvHk;ta&twGufudk wGufcsuf
ygw,f/ aaron jzpfwJhtwGuf 5vHk;jzpfygw,f/
7/ for(j=0; j<character_count; j++){ } uawmh password pum;vHk;&JU pmvHk;ta&twGufay:rlwnfjyD;
ajymif;vJaerSmyg/ 'Dae&mrSm 5vHk;jzpfwJhtwGuf for(j=0; j< 5; j++) jzpfrSmyg/
8/ EAX = password[j]; udk owdjyKyg/ EAX udk uRefawmfwdkU integer (int) vdkU aMunmxm;ygw,f/
password udkawmh character string (char []) taeeJU aMunmxm;ygw,f/ vuf&SdtcsdefrSm C++ compiler
uem;vnfaewmuawmh password[5] = "aaron"; jzpfjyD; EAX = password[0] = 'a' = 0x61; jzpfygw,f/
'Dae&mrSm rSwfxm;zdkUu "a" eJU 'a' [m rwlygbl;/ "a" vdkUa&;&if string udk nTef;wmjzpfjyD;? 'a' vdkUa&;&ifawmh
character udk nTef;wmjzpfygw,f/ Character rSmawmh pmvHk;wpfvHk;wnf;omyg0ifEdkifjyD;? string rSmawmh
pmvHk;wpfvHk; (odkU) wpfvHk;xufydkrdkyg0ifygw,f/
9/ EDX = ESI + EDI; udkawmh em;vnfrSmyg/ ESI eJU EDI wdkU&JUwefzdk;awGudk &dk;&dk;wef;wef; aygif;wmyg/
EDX = ESI + EDI = 0 + 1 = 1 jzpfygw,f/
10/ EAX = EAX + EDX; udk ajz&Sif;&if EAX = 0x61 + 1 = 0x62 &ygw,f/
11/ 'gaMumifh ESI &JUwefzdk;[m 0x62 jzpfygw,f/
12/ EBX = EBX + EBX; uawmh EBX = 0 + 0 = 0 jzpfygw,f/
13/ EBX = EBX ^ ESI; uawmh EBX = 0 ^ 0x62 = 0x62 jzpfygw,f/
14/ EAX &JUwefzdk;[m ESI &JUwefzdk;eJU nDwJhtwGuf 0x62 jzpfygw,f/
15/ div_result = div(EAX, EDI); uawmh EAX udk EDI eJUpm;wmyg/ EAX = 0x62 / 1 = 0x62
jzpfygw,f/
16/ EDX = div_result.rem; t& pm;vdkU&wJht<uif;udk EDX rSm odrf;ygw,f/ 'gaMumifh EDX &JUwefzdk;[m
0 jzpfoGm;ygw,f/
17/ EDX++; vdkUa&;xm;wmaMumifh EDX &JUwefzdk;rSm wpfaygif;ygw,f/ 'DtcsdefrSm EDX &JUwefzdk;[m 1
jyefjzpfvmygw,f/
18/ EBX = EBX + EDX; uawmh EBX = 0x62 + 1= 0x63 jzpfvmygw,f/
19/ EDI++; t& EDI udk wpfaygif;wmaMumifh EDI [m 2 jzpfvmygw,f/
20/ jyD;&if for(j=0; j<5; j++) u j++ udkvkyfwmaMumifh j=0 tpm; j=1 jzpfvmjyD; aemufwpfMudrf for loop
udk xyfvkyfapjyefygw,f/ 'DvdkeJU for(j=0; j<5; j++)udk 5Mudrf? for(i=0;i<16;i++) udk 16Mudrf? pkpkaygif;
tMudrf 80 loop ywfjyD;wJhtcgrSm &vmwJhtajzuawmh ESI = 0x2200 eJU EBX = 0xBFC8757F wdkU
jzpfygw,f/
21/ ESI eJU EBX wdkU&JUtajz[m 0x3810? 0x402A4FE7 wdkUeJUnD^rnDppfjyD; nDcJh&if tajzrSefudkxkwfay;yg
w,f/ (rSwf&ef/ / aaron tpm; firmware vdkU &dkufxnfhvdkufcsdefrSm for(j=0; j<character_count; j++){ }
u for(j=0; j<8; j++) jzpfvmygw,f/ 'DvdkeJU for(j=0; j<8; j++)udk 8Mudrf? for(i=0;i<16;i++) udk 16Mudrf?
pkpkaygif; 128Mudrf loop ywfjyD;wJhtcgrSm &vmwJhtajzuawmh ESI = 0x3810 eJU EBX = 0x402A4FE7 wdkU
jzpfygw,f/)
22/ owdjyKapcsifwJhtcsufuawmh a = 0x61? b = 0x62? c = 0x63? ... ? z = 0x7A ponfjzifhjzpfjyD; A =
0x41? B = 0x42? C = 0x43? ... ? Z = 0x5A ponfjzifhjzpfygw,f/
tcef;(3) - tajccH Assembly bmompum;
(1) ed'gef;
wu,fawmh Assembly bmompum;qdkwm uGefysLwmu em;vnfEdkifwJh ESpfvDuk'fawGudk tpm;xkd;zdkU
zefwD;xkwfvkyfxm;wmyg/ t&ifwkef;u high-level bmompum;awG ray:cifrSm y&dk*&rfawGudk Assembly
eJU a&;cJhMuwmyg/ Assembly uk'fawG[m y&dkqufqmtvkyfvkyfEdkifatmif instruction awGudk wdkuf&dkufazmfjy
ay;ygw,f/ Oyrmjy&&if -
ADD EAX, EDX
'D instruction [m *Pef;wefzdk;ESpfckudk aygif;ay;ygw,f/ EAX eJU EDX udkawmh register vdUk
ac:ygw,f/ olwdkUawGrSm wefzdk;awGyg0ifEdkifjyD; 'gawGudk y&dkqufqmxJrSm odrf;xm;wm jzpfygw,f/ 'Duk'fudk
16vDpepfuk'f(hexcode) jzpfwJh 66 03 C2 tjzpf ajymif;vdkufygw,f/ y&dkqufqm[m 'Duk'fawGudkzwfjyD;
oleJUudkufnDwJh instruction udk tvkyfvkyfwmyg/ C vdk highlevel bmompum;awG[m olwdkU&JU udk,fydkif
bmompum;awGudk Assembly tjzpfajymif;ygw,f/ Assembly u 'Duk'fawGudk ESpfvDuk'ftaeeJU ajymif;wm
jzpfygw,f/
C uk'f Assembly uk'f Raw output (hex)

>> Compiler > > >>Assembler>>
a = a + b; ADD EAX, EDX 66 03 C2
'Dae&mrSm Assembly uk'f[m &dk;&dk;&Sif;&Sif;av;jzpfaewm owdjyKrdrSmyg/ Output uawmh C uk'fay:

rlwnfaeygw,f/
(2) bmaMumifh Assembly udk toHk;jyKwmvJ/
Assembly rSm y&dk*&rfa&;&wm[m cufcJw,fqdk&if C (odkU) tjcm;wpfckcktpm; Assembly udk
bmvdkU toHk;jyKMuygovJ/ tajzuawmh &Sif;ygw,f/ Assembly y&dk*&rfawG[m ao;i,fjyD; jrefqefvdkU
jzpfygw,f/ OmPf&nfwkvdk y&dk*&rfbmompum;awGrSm compiler awG[m uk'fudkxkwfay;EdkifzdkU cufcJvSyg
w,f/ Compiler awG[m b,favmufyifaumif;vmapumrl tjrefqHk;eJU t&G,ftpm;tao;qHk;jzpfzdkU
Assembly uk'fudkxkwfay;EdkifzdkU vkyf&ygw,f/ uk'fawGudk udk,fwdkifa&;om;Edkifr,fqdk&ifawmh ao;i,fjyD;jref
qefwJhuk'fudk xkwfay;EdkifrSmyg/ 'gayr,fh 'DvdkvkyfEdkifzdkUu high-level bmompum;awGxufpm&if
ydkrdkcufcJygw,f/
tcsdKU high-level bmompum;awGrSm&SdwJh uGJvGJcsufuawmh olwdkU[m tvkyfvkyfaecsdefrSm tcsdKUaom
vkyfaqmifcsufawGtwGuf DLL zdkifawGudk oHk;pGJ&ygw,f/ Oyrmjy&&if Visual C++ rSm olU&JU pHowfrSwfxm;
wJh C function awGyg0ifwJh msvcrt.dll zdkif&Sdygw,f/ 'g[m rsm;aomtm;jzifhawmh tqifajyaeayr,fh wcg
w&HrSmawmh DLL version eJUywfoufjyD; 'ku©a&muf&ygw,f/ 'gaMumifhrdkU oHk;pGJolawG[m 'DzdkifawGudk
uGefysLwmxJrSm tjrJwrf; xm;xm;&ygw,f/ Visual C++ twGufawmh 'g[m odyfjyóem r&SdvSygbl;/
olU&JUzdkifawG[m Windows rSm wcgwnf;ygvmwm rsm;ygw,f/ Visual Basic usawhm olU&JUbmompum;udk
Assmebly uk'ftaeeJU rajymif;vJay;Edkifygbl;/ (Version 5 eJU txufuawmh tenf;i,fjyKvkyfay;Edkif
ayr,fhvJ tjynfht0awmh r[kwfygbl;/) olwdkU[m Visual Basic Virtual Machine jzpfwJh msvbvm50.dll
zdkifudk rSDckdae&ygw,f/ VB rSm a&;wJhuk'fawG[m 'D DLL zdkifudk tMudrfrsm;pGm ac:oHk;wmawGU&ygw,f/
'gaMumifh VB y&dk*&rfawG[m aES;ae&wmyg/ Assembly uawmh tjrefqHk;bmompum;yg/ ol[m Windows
pepf&JU DLL zdkifawG jzpfwJh kernel32.dll? user32.dll pwmawGudkyJ oHk;vdkUyg/
vltrsm;pku Assembly bmompum;eJU y&dk*&rfa&;zdkU&m rjzpfEdkifbl;vdkU em;vnfrIvGJaeMuygw,f/
aocsmwmuawmh cufw,fqdkwm[kwfygw,f? 'gayr,fh rjzpfEdkifbl;qdkwmuawmh r[kwfygbl;/ ya&m*suf
MuD;MuD;rm;rm;udk Assembly eJUa&;zdkU&m wu,fhudk cufygw,f/ y&dk*&rftao;pm;av;awGa&;wmyJ jzpfjzpf?
tjcm; y&dk*&rfbmompum;awGeJU a&;xm;wJh y&dk*&rfawGuae ac:oHk;wJhtcg jrefapzdkU DLL zdkifawGudk
a&;om;wJhtcgrSmom Assembly udk oHk;Muwm rsm;ygw,f/ tvm;wlyJ DOS eJU Windows y&dk*&rfawGrSm
MuD;MuD;rm;rm;uGJvGJrIawG &Sdygw,f/ DOS y&dk*&rfawG[m function tjzpf interrupt awGudk oHk;ygw,f/
Windows rSmawmh Application Programming Interface vdkUac:wJh API yg/ 'D interface rSm y&dk*&rfawG
twGufvdktyfwJh function awG yg0ifygw,f/ DOS y&dk*&rfawGrSmawmh interrupt awGrSm interrupt
eHygwfwpfckeJU function eHygwfwpfck &Sdygw,f/ Windows rSmawmh API funtion awGrSm trnfawG(Oyrm -
MessageBox, CreateWindowEx) &Sdygw,f/ oifhtaeeJU DLL awGudk import vkyf,lEdkifygw,f/ 'gawG
[m Assembly rSmawmh tvGefvG,fulvSygw,f/
(3) Assembly tajccH
(3.1) Opcodes
Assembly y&dk*&rfawGudk opcode awGeJU zefwD;xm;wmyg/ Opcode qdkwmuawmh y&dkqufqmu
em;vnfEdkifwJh instruction wpfckyg/ Oyrm -
ADD
ADD instruction [m *Pef;wefzdk;ESpfckudk aygif;ay;wmyg/ Opcode trsm;pkrSm operand awG&Sdyg
w,f/
ADD EAX, EDX (destination, source)
ADD rSm operand ESpfck &Sdygw,f/ 'Daygif;jcif;tydkif;rSm source wpfckeJU destination wpfck&Sdyg
w,f/ ol[m source xJuwefzdk;udk destination wefzdk;xJ aygif;xnfhay;wmyg/ jyD;&if &v'fudk destination
xJrSm odrf;xm;ay;ygw,f/ Operand awG[m trsdK;rsdK;jzpfEdkifygw,f/ (Oyrm - register? rSwfOmPfae&m?
vufiif;wefzdk;)
(3.2) Registers
Register yrmPtcsdKUuawmh 8-bit? 16-bit eJU 32-bit wdkU (MMX y&dkqufqmawGrSm 'DxufydkEdkif
ygw,f) jzpfygw,f/ 16-bit y&dk*&rfawGrSm toHk;jyKEdkifwmuawmh 16-bit registers eJU 8-bit registers
awGjzpfygw,f/ 32-bit y&dk*&rfawGrSmawmh 32-bit registers awGudkvnf; toHk;jyKEdkifygw,f/
tcsdKU register awG[m tjcm; register awG&JU tpdwftydkif; jzpfygw,f/ Oyrm - wu,fvdkU EAX
rSm EA7823BBh wefzdk;udk xnfhxm;r,fqdk&if tjcm; register awGrSm &SdEdkifwJh wefzdk;awGuawmh -
EAX EA 78 23 BB
AX EA 78 23 BB
AH EA 78 23 BB
AL EA 78 23 BB
AX, AH eJU AL wdkUuawmh EAX &JU tpdwftydkif;awGyg/ EAX [m 32-bit register wpfckyg/
(80386 txuf y&dkqufqmawGrSmyJ toHk;jyKEdkifygw,f/) AX rSm EAX &JU atmufydkif; 16-bit ygjyD; AH
rSmawmh AX &JU txufydkif;pmvHk;yg0ifygw,f/ AL rSmawmh AX &JU atmufydkif;pmvHk;yg0ifygw,f/ 'gaMumifh
AX [m 16-bit jzpfjyD; AL eJU AH uawmh 8-bit yg/ atmufrSmjyxm;wJh Oyrmuawmh register awG&JU
wefzdk;awGyg/
eax = EA7823BB (32-bit)
ax = 23BB (16-bit)
ah = 23 (8-bit)
al = BB (8-bit) 100100011010001010110
Register awGudk toHk;jyKyHkuawmh -
low‐level bmompum; high‐level bmompum;
mov eax, 12345678h EAX = 12345678h (305419896)
mov cl, ah CL = 56h (86)
sub cl, 10 CL = CL ‐ 10
mov al, cl AL = CL
tay:rSma&;xm;wJhuk'fudk enf;enf;avmuf ppfaq;MunfhvdkufMu&atmif/ MOV instruction [m

wefzdk;wpfckudk register wpfck? rSwfOmPf (odkU) vufiif;wefzdk;wpfckuae tjcm; register wpfckqDudk a&TYay;
Edkifygw,f/ 'Dhaemuf AH &JUwefzdk; (EAX &JU b,fzufrS 4vHk;ajrmuf)udk CL (ECX register &JU atmufqHk;
tydkif;)xJ ul;ydkUvdkufygw,f/ jyD;awmh CL xJuae 10 EIwfvdkufjyD; AL (EAX &JU atmufqHk;tydkif;)xJudk
jyefxnfhvdkufygw,f/
Register trsdK;tpm;uawmh trsm;MuD;&Sdygw,f/
(3.2.1) taxGaxGoHk; register rsm;
EAX (Accumulator) ocsFmqdkif&mudpörsm;ESifh string rsm;udk odrf;qnf;&efoHk;onf/
EBX (Base) stack rsm;ESifh csdwfquf&mwGif oHk;onf/
ECX (Counter) *Pef;rsm;aygif;&mwGif oHk;onf/
EDX (Data) trsm;tm;jzifh ocsFmpm;v'frS t<uif;udk odrf;qnf;onf/

olwdkUrSm trnftrsdK;rsdK; &Sdayr,fh MudKufovdk toHk;jyKEdkifygw,f/
(3.2.2) Segment register rsm;
Segment register vdkU ac:wmuawmh rSwfOmPf&JU segment udk toHk;jyKvdkUyg/ oifhtaeeJU 'gawG
udk Windows rSmawmh odxm;p&m vdkrSmr[kwfygbl;/ bmaMumifhvJqdkawmh Windows rSm flat rSwfOmPfpepf
&SdvdkUyg/ DOS rSmawmh rSwfOmPfudk 64KB &SdwJh segment awGtjzpf ydkif;vdkufygw,f/ 'gaMumifhrdkU oifhtae
eJU rSwfOmPfs&JU address udk owfrSwfcsif&if segment eJU offset udk atmufygtwdkif; (0172:0500
(segment:offset)) owfrSwf&ygr,f/ Windows rSmawmh segment &JU t&G,ftpm;[m 4GB awmif &Sdyg
w,f/ 'gaMumifhrdkU Windows rSm segment awGudk rvdkwmyg/ Segment awG[m tjrJwrf; 16-bit register
awG jzpfygw,f/
olwdkUrSm trnftrsdK;rsdK; &Sdayr,fh MudKufovdk toHk;jyKEdkifygw,f/
CS (Code segment) uk'frsm;udk odrf;qnf;xm;aom rSwfOmPftuefU
DS (Data Segment) tcsuftvufrsm;udk odrf;qnf;xm;aom rSwfOmPftuefU
ES (Extra Segment) AGD'D,dkudpö&yfrsm;twGuf toHk;rsm;onf/
SS (Stack Segment) Routine rsm;rS ay;ydkUaom address rsm;udk odrf;qnf;&ef toHk;jyKaom register
FS (286+) taxGaxGoHk; segment
GS (386+) taxGaxGoHk; segment

(3.2.3) Pointer/Index register rsm;
wu,fawmh oifhtaeeJU pointer register awGudk olwdkU&JUrlvwefzdk;udk rajymif;vJoa&GUawmh taxG
axGoHk; register awGtjzpf (EIP rSwyg;) toHk;jyKEdkifygw,f/ Pointer register vdkU ac:&wJhtaMumif;&if;u
awmh olwdkUawG[m rMumcPqdkovdk rSwfOmPf&JU address udk odrf;qnf;avh&SdvdkUyg/ tcsdKU opcode (movb,
scasb,..) awG[m olwdkUudk toHk;jyKMuygw,f/
esi (source index) string/array \ source udk owfrSwf&mwGifoHk;onf/
edi (destination index) string/array \ destination udk owfrSwf&mwGifoHk;onf/
eip aemuf instruction \ address udk odrf;xm;aomaMumifh wdkuf&dkuf

(instruction pointer) ajymif;vJí r&yg/ (]Olly Debugger} tcef;wGif Munfhyg/)
(3.2.4) Stack register rsm;
Stack register ESpfck &Sdygw,f/ ESP eJU EBP yg/ ESP uawmh rSwfOmPfxJrSm vuf&Sd stack &JU
ae&mudk odrf;xm;ygw,f/ EBP udkawmh function awGrSm local variable awGeJU oufqdkifwJh pointer tjzpf
toHk;jyKygw,f/
esp (stack pointer) stack rS wdusaom ae&mwpfckudk nTefjyonf/
ebp (base pointer) stack udpörsm;aqmif&Guf&ef stack pointer ESifh wGJokH;onf/

(4.0) rSwfOmPf
'Dtcef;rSmawmh Windows rSm rSwfOmPfawGudk b,fvdkudkifwG,f&rvJ qdkwm&Sif;jyyghr,f/
(4.1) DOS & Win 3.xx
DOS eJU Windows 3.xx rSm awGU&wJh 16-bit y&dk*&rfawGrSm rSwfOmPfudk segment awGeJU
cGJjcm;xm;ygw,f/ 'D segment awG[m t&G,ftpm;tm;jzifh 64KB &Sdygw,f/ rSwfOmPfudkac:oHk;zdkU segment
pointer eJU offset pointer wdkUvdkygw,f/ Segment pointer u b,f segment udk toHk;jyKr,fqdkwm
nTefjyjyD; offset pointer uawmh segment xJu olU&JUae&mudk nTefjyygw,f/ atmufygyHkudk Munfhyg/
rSwfOmPf
SEGMENT 1 SEGMENT 2 SEGMENT 3 SEGMENT

(64kb) (64kb) (64kb) 4(64kb)
ponfjzifh
rSwfxm;&rSmu ckuRefawmf&Sif;jyaewm[m 16-bit y&dk*&rfawGtwGuf jzpfygw,f/ tay:uZ,m;u

awmh rSwfOmPfwpfckvHk;udk 64KB qD segment awGcGJvdkufwmyg/ olUrSm trsm;qHk;taeeJU 65536 segment
&Sdygw,f/ tJ'DxJu segment wpfckudk xyfMunfhvdkufMu&atmif/
SEGMENT 1(64kb)
Offset 1 Offset 2 Offset 3 Offset 4 Offset 5 and so on
Segment xJu ae&mwpfckudk nTef;csifw,fqdk&ifawmh offset udk toHk;jyKygw,f/ Offset qdkwm

segment xJu ae&mwpfckyg/ Segment wpfckrSm trsm;qHk;taeeJU offset 65536 ck&Sdygw,f/ rSwfOmPfxJu
segment udk azmfjycsif&ifawmh -
SEGMENT:OFFSET
Oyrmjy&&if -
0030:4012
qdkvdkwmuawmh segment u 0030 jzpfjyD; offset u 4012 jzpfygw,f/ tJ'D address [m bmvJ
qdkwm odcsif&ifawmh yxrqHk; segment 30 qDudk oGm;&rSmjzpfjyD; 'D segment xJu offset 4012 udk &Sm&rSm
jzpfygw,f/ acgif;pOf(3)rSmwkef;u uRefawmfwdkU segment eJU pointer register taMumif;avhvmcJhMuyg
w,f/ Segment register trsdK;tpm;awGuawmh -
CS (Code segment)
DS (Data Segment)
ES (Extra Segment)
SS (Stack Segment)
FS (286+)
GS (386+)
ay;xm;wJhtrnfawG[m olwdkU&JU vkyfaqmifcsufudk,fpDudk azmfjyygw,f/ CS rSm vuf&Sdtvkyfvkyf

aewJhuk'f &Sdaeygw,f/ DS uawmh vuf&Sd segment twGuf tcsuftvufawGudk &,lay;zdkU jzpfygw,f/
Stack uawmh SS udk nTef;ygw,f/ ES? FS eJU GS uawmh taxGaxGoHk; register awGjzpfjyD; b,f segment
twGufrqdk oHk;Edkifygw,f/ Pointer register awGrSmawmh rsm;aomtm;jzifhawmh offset wpfckudk xnfhxm;avh
&Sdygw,f/ 'gayr,fh taxGaxGoHk; register awGjzpfwJh AX? BX? CX eJU DX rSmvnf; 'DtwGuf toHk;jyKEdkif
ygw,f/ IP u (CS xJrS) vuf&SdtvkyfvkyfaewJh instruction &JU offset udk nTefjyygw,f/
atmufrSmjyxm;wJhyHkuawmh crack vkyfwJhtcgrSm Olly debugger rSmjrif&wJh register awG&JU
tvkyfvkyfaeyHkyg/
SP uawmh (SS xJu) vuf&Sd stack ae&m&JU offset udk xnfhxm;ygw,f/
(4.2) 32-bit Windows
16-bit wkef;u y&dk*&rfawG a&;om;&mrSm segment awG[m r&Sdrjzpfvdktyfygw,f/ uHaumif;axmuf
rpGmeJU 32-bit windows (95 ESifh txuf) rSmawmh 'Djyóemudk ajz&Sif;EdkifcJhygw,f/ Segment awG &Sdae
ayr,fh uRefawmfwdkUtaeeJU tav;xm;p&m rvdkawmhygbl;/ bmvdkUvJqdkawmh olwdkUawG[m 64KB r[kwf
awmhyJ 4GB jzpfaevdkUyg/ wu,fvdkU segment register awGxJuwpfckudk ajymif;vJzdkU MudK;pm;cJhr,fqdk&if
Windows eJU jyóem wufaumif;wufygvdrfhr,f/ olwdkUrSm offset awGyJ&SdjyD; ckcsdefrSmawmh olwdkUawG[m
32-bit awGjzpfygw,f/ 'gaMumifh olwdkU&JUtwdkif;twm[m oknuae 4,294,967,295 xdjzpfvmygw,f/
rSwfOmPfxJu b,fae&mrqdk offset eJUyJ nTefjyEdkifygw,f/ 'g[m 16-bit xufpm&if 32-bit &JU taumif;qHk;
tusdK;aus;Zl;awGxJu wpfckjzpfygw,f/ 'gaMumifhrdkU oifhtaeeJU segment register awGudk ckcsdefrSm arhxm;vdkU
&EdkifjyD; tjcm; register awGudk ydkrdk*&kpdkufvdkU &jyDjzpfygw,f/
(5.0) Opcodes
Opcode awG[m y&dkqufqmtwGuf instruction awGjzpfygw,f/ Opcode awG[m wu,fawmh
16vDpepfuk'frlMurf;&JU ]zwfvdkU&wJhpmom;} yHkpHawGyg/ 'DtwGufaMumifh assembler [m y&dk*&rfbmompum;
awGrSm tedrfhqHk;tqifh jzpfaewmjzpfjyD; assembler rSma&;wJhb,ft&mrqdk 16vDpepfuk'ftjzpf wdkuf&dkuf
ajymif;vJwm jzpfygw,f/
'Dtcef;rSmawmh wGufcsufrI? bitwise ydkif;eJUqdkifwJh opcode tcsdKUudk aqG;aEG;rSmjzpfygw,f/ tjcm;
opcode awGjzpfwJh jump instruction? compare opcode pwmawGudkawmh aemuftcef;usrS aqG;aEG;rSm
jzpfygw,f/
(5.1) tajccH opcodes wGufcsufrI
MOV
'D instruction udkawmh wefzdk;wpfckudk wpfae&muae aemufwpfae&mudk a&TUzdkU (ul;zdkU) toHk;jyKyg

w,f/ 'D ]ae&m} qdkwJh toHk;tEIef;rSm register wpfckaomfvnf;aumif;? rSwfOmPfae&mwpfckaomfvnf;aumif;?
vufiif;wefzdk; (rlvwefzdk;) wpfckaomfvnf;aumif; jzpfEdkifygw,f/ mov instruction &JU yHkpHuawmh -
mov destination, source
oifhtaeeJU register wpfcku wefzdk;wpfckudk aemufwpfcq
k D a&TUEdkifygw,f/ (rSwf&ef/ / instruction
[m wu,fawmh olU&JUtrnf ]move} tpm; wefzdk;udk aemufwpfae&mqDudk yGm;ay;vdkufwmyg/)
mov edx, ecx
txufrSmjycJhwJh instruction [m ECX rSm&SdwJh[mawGudk EDX qD ul;ay;vdkufwmyg/ Source eJU
destination &JU t&G,ftpm;[m wlnD&ygr,f/ atmufrSmazmfjyxm;wJh instruction uawmh rSefuefrI r&Sdygbl;/
mov al, ecx ; // yHkpHtrSm;
'D opcode [m DWORD (32-bit) yrmP&SdwJh wefzdk;wpfckudk byte(8-bit) yrmPavmufom&SdwJh
register ae&mwpfckxJudk xnfhzdkUMudK;pm;aewmyg/ 'gudkawmh mov instruction u vkyfay;Edkifjcif; r&Sdygbl;/
(tjcm; instruction awGuawmh vkyfay;Edkifygw,f/) 'gayr,fh atmufu instruction awGudkawmh mov
instruction rSm toHk;jyKvdkU&ygw,f/ bmaMumifhvJqdkawmh source eJU destination [m t&G,ftpm; uGJjym;rI
r&SdvdkUyg/
mov al, bl
mov cl, dl
mov cx, dx
mov ecx, ebx
rSwfOmPf&JUwnf&mudk offset wpfckeJU nTefjyygw,f/ rSwfOmPf&UJ wduswJhae&mwpfckuae wefzdk;
wpfckudk&,ljyD; register wpfckxJrSm tJ'Dwefzdk;udk vmxm;vdkU &ygw,f/ atmufygZ,m;udk Oyrmtjzpf,lyg/
offset 34 35 36 37 38 39 3A 3B 3C 3D 3E 3F 40 41 42
data 0D 0A 50 32 44 57 25 7A 5E 72 EF 7D FF AD C7
(tuefUwpfckpDonf (byte) pmvHk;wpfvHk;udk udk,fpm;jyKonf/ )

'Dae&mrSm offset wefzdk;[m pmvHk;wpfvHk;udk udk,fpm;jyKaeayr,fhvJ ol[m 32-bit yg/ Oyrmtjzpf
3A udk Munfhyg/ ol[mvnf; 32-bit (0000003Ah) wefzdk;jzpfygw,f/ ae&mydk&atmifvdkU tcsdKUoHk;aeMu
r[kwfwJh wefzdk;enf; offset awGudk toHk;jyKwmyg/ wefzkd;tm;vHk;uawmh hexcode awG jzpfygw,f/
tay:Z,m;u offset 3A ae&mudk Munfhvdkufyg/ 'D offset rSm&SdwJh a'wmuawmh 25? 7A? 5E? 72?
EF ponfwdkU jzpfygw,f/ Offset 3A rSm xm;zdkUwefzdk;udk mov instruction eJU register wGJoHk;&r,fhyHkpH
uawmh -
mov eax, dword ptr [0000003Ah]
Instruction mov eax, dword ptr [0000003Ah] qdkvdkwmuawmh - 32-bit t&G,ftpm;&SdwJh
DWORD wefzdk;wpfckudk EAX register xJu 3Ah ae&mrSm xm;ygw,f/ 'D instruction udk tvkyfvkyfjyD;
aemufrSmawmh EAX rSm 725E7A25h wefzdk; a&mufvmygw,f/ rSwfOmPfxJrSm &SdaewJht&m (25 7A 5E 72)
awG[m ajymif;jyeftaetxm;eJU&Sdaewm owdjyKrdrSmyg/ 'g[m bmaMumifhvJqdkawmh rSwfOmPfxJrSm odrf;xm;
wJhwefzdk;awGudk endian enf;eJU pDxm;vdkUyg/ qdkvdkwmu nmzuftusqHk;pmvHk;[m significant tjzpfqHk;
pmvHk;yg/ pmvHk;awGpDwJh tpDtpOfuawmh ajymif;jyefyg/ Oyrmtenf;i,feJU &Sif;jy&ifawmh em;vnfrSmyg/
DWORD (32-bit) wefzdk; 10203040h udk rSwfOmPfrSm odrf;qnf;yHkuawmh - 40 30 20 10 (wefzdk;wpfckpD
[m pmvHk;wpfvHk; (8-bit) udk udk,fpm;jyKygw,f/)
WORD (16-bit) wefzdk; 4050h udk rSwfOmPfrSm odrf;qnf;yHkuawmh - 50 40
ydkrdk&Sif;vif;atmif xyfMunfhMuygr,f/
mov cl, byte ptr [34h] ; cl = 0Dh (tay:Z,m;udk Munfhyg/ )
mov dx, word ptr [3Eh] ; dx = 7DEFh (tay:Z,m;udk Munfhyg/ ajymif;jyefpDwm owd&yg/ )
t&G,ftpm;uawmh wcgw&HrSm ta&;rMuD;vSygbl;/
mov eax, [00403045h]
bmaMumifhvJqdkawmh EAX [m 32-bit register wpfckjzpfygw,f/ Assembler u rSwfOmPf&JU
00403045h ae&muae 32-bit wefzdk;udk ,l&r,fvdkU rSwf,lxm;ygw,f/
Immediate value (vufiif;wefzdk;)awGudkvJ toHk;jyKEdkifygw,f/
mov edx, 5006
'guawmh EDX xJrSm 5006 qdkwJh wefzdk;wpfckudk xnfhxm;wmyg/ av;axmifhuGif;&JU qdkvdkcsufu
awmh av;axmifhuGif;xJu rSwfOmPfwnf&Sd&mrS wefzdk;wpfckudk &,lzdkU toHk;jyKwmyg/
mov eax, 403045h ; eax = 403045h
mov cx, [eax] ; EAX rSwfOmPfae&m (403045) wGif&Sdaom WORD t&G,ftpm;&Sdwefzdk;udk register CX
wGif xnfhxm;onf/
mov cx, [eax] rSm y&dkqufqm[m EAX xJrSm xnfhxm;wJhwefzdk; (rSwfOmPfwnfae&m) b,f
avmufvJqdkwm t&ifMunfhygw,f/ jyD;rSom rSwOf mPfxJu tJ'Dae&mrSm wefzdk;b,favmuf&SdovJqdkwm
qHk;jzwfjyD; 'D WORD (16-bit, tb,faMumifhqdkaomf CX onf 16-bit register jzpfaomaMumifh) udk CX
xJxnfhvdkuf ygw,f/
ADD, SUB, MUL, DIV
Opcode awmfawmfrsm;rsm;[m wGufcsufrIawG jyKvkyfMuygw,f/ oifhtaeeJU olwdkU&JUtrnfawmfawmf

rsm;rsm;udk cefUrSef;vdkU&ygw,f/ ADD (aygif;jcif;)? SUB (EIwfjcif;)? MUL (ajrSmufjcif;)? DIV (pm;jcif;)
ponfjzifh/
ADD opcode rSm atmufygyHkpHtwdkif;&Sdygw,f/
add destination, source
wGufcsufrI jyKvkyfyHku 'Dvdkyg/ destination = destination + source / atmufygyHkpHawGudk cGifhjyKyg
w,f/
Destination Source Example
Register Register add ecx, edx
Register Memory add ecx, dword ptr [104h] / add ecx, [edx]
Register Immediate value add eax, 102
Memory Immediate value add dword ptr [401231h], 80
Memory Register add dword ptr [401231h], edx
'D instruction [m tvGef&dk;&Sif;ygw,f/ ol[m source &JUwefzdk;ukd&,ljyD; destination wefzdk;qDoGm;

aygif;wmyg/ jyD;&if &v'fudk destination xJrSm xm;ygw,f/ tjcm;ocsFmqdkif&m instruction awGuawmh -
sub destination, source (destination = destination ‐ source)
mul destination, source (destination = destiantion * source)
div source (eax = eax / source, edx = remainer
EIwfjcif;[m aygif;jcif;eJU twlwlygyJ/ ajrSmufjcif;uawmh dest = dest * source/ pm;jcif;uawmh
enf;enf;av; xl;jcm;ygw,f/ bmaMumifhvJqdkawmh register awG[m udef;jynfhwefzdk;awG jzpfaevdkUyg (qdkvdk
wmu 'orudef;awG r[kwfygbl;)/ pm;vdkU&wJh&v'fudk pm;v'feJU t<uif;qdkjyD; cGJvdkufygw,f/ Oyrmjy&&if -
28/6 Æ pm;v'f=4, t<uif;=4
30/9 Æ pm;v'f=3, t<uif;=3
97/10 Æ pm;v'f=9, t<uif;=7
18/6 Æ pm;v'f=3, t<uif;=0
ckcsdefrSmawmh source &JU t&G,ftpm;ay:rlwnfjyD; pm;v'fudk EAX (EAX &JU tpdwftydkif;wpfck)rSm
odrf;jyD;? t<uif;udk EDX (EDX &JU tpdwftydkif;wpfck)rSm odrf;qnf;ygw,f/
Source t&G,ftpm; pm;jcif; pm;v'f t<uif;
BYTE (8-bits) ax / source AL AH
WORD (16-bits) dx:ax* / source AX DX
DWORD (32-bits) edx:eax* / source EAX EDX
* Oyrm/ tu,fí DX = 2030h? AX = 0040h? DX:AX = 20300040h/ DX:AX onf DWORD

wefzdk;jzpfjyD; DX onf tjrifhydkif; WORD jzpfjyD; AX onf tedrfhydkif; WORD jzpfonf/ EDX:EAX
uawmh QuadWORD wefzdk; (64-bit) jzpfjyD; tjrifhydkif;uawmh EDX jzpfjyD; tedrfhydkif;uawmh EAX
jzpfygw,f/
DIV opcode &JU source ae&mrSm jzpfEdkifwmuawmh -
• 8-bit register (AL, AH, CL,...)
• 16-bit register (AX, DX, ...)
• 32-bit register (EAX, EDX, ECX, ...)
• 8-bit rSwfOmPfwefzdk; (BYTE PTR [xxxx])
• 16-bit rSwfOmPfwefzdk; (WORD PTR [xxxx])
• 32-bit rSwfOmPfwefzdk; (DWORD PTR [xxxx])
Source uawmh vufiif;wefzdk; rjzpfEdkifygbl;/ bmaMumifhvJqdkawmh y&dkqufqmu source operand
&JU t&G,ftpm;udk rqHk;jzwfEdkifvdkUyg/
BITWISE OPERATIONS
'D instruction awGrSmawmh 'NOT' instruction rSwwyg; source aum? destination yg vdkygw,f/
Destination rSm&SdwJh bit toD;oD;udk source rSm&SdwJh bit awGeJU EdIif;,SOfygw,f/ Instruction ay:rlwnfjyD;
destination bit rSm 0 (odkU) 1 udk xm;ygw,f/
Instruction AND OR XOR NOT
Source Bit 001100 1100110 1
Destination Bit 0 1 0 1 0 1 0 1 0 1 0 1 X X
&v'f 000101 1101101 0
Oyrm -
mov ax, 3406
mov dx, 13EAh
xor ax, dx
ax = 3406 (dec) = 0000110101001110 (bin)
dx = 13EA (hex) = 0001001111101010 (bin)
Source 0001001111101010 (dx)
Destination 0000110101001110 (ax)
&v'f 0001111010100101 (dx)
'D instruction jyD;wJhaemufrSmawmh dx = 0001111010100101 [7845 (dec), 1EA5 (hex)]

aemufOyrmwpfck
mov ecx, FFFF0000h
not ecx
FFFF0000 = 11111111111111110000000000000000 (bin) (16 1's, 16 0's)
oifhtaeeJU bit wdkif;udk ajymif;jyefvkyf&if? &vmrSmuawmh
00000000000000001111111111111111 (16 0's, 16 1's) = 0000FFFF (hex)
'gaMumifhrdkU NOT operation jyD;wJhaemufrSm ECX &JUwefzdk;uawmh 0000FFFFh jzpfygw,f/
IN/DECREMENTS
t&dk;&Sif;qHk; instruction ESpfckuawmh DEC eJU INC yg/ 'D instruction awG[m rSwfOmPfwnf&m
(odkU) register udk wpfaygif;ay;ÊIwfay;ygw,f/ &dk;&dk;av;a&;&Hkyg...
inc reg ‐> reg = reg + 1
dec reg ‐> reg = reg ‐ 1
inc dword ptr [103405] ‐> [103405] rSm&SdaewJh wefzdk;udk wpfaygif;ay;rSmyg/
dec dword ptr [103405] ‐> [103405] rSm&SdaewJh wefzdk;udk wpfEIwfay;rSmyg/
NOP
'D instruction uawmh vHk;vHk;MuD;udk bmrSrvkyfygbl;/ bmrSrvkyfEdkifvdkU toHk;r0ifbl;vdkUawmh rxif

ygeJU/ Crack vkyf&mrSm olUudk toHk;rsm;vSygw,f/ toHk;0ifqHk;ae&muawmh uk'fawGudk patch vkyfwJhae&mrSm
jzpfygw,f/
Bit Rotation and Shifting
rSwf&ef/ / atmufrSmazmfjyxm;wJh Oyrmawmfawmfrsm;rsm;[m 8-bit *Pef;awGudkyJ oHk;ygw,f/ 'gayr,fh ydk&Sif;

atmif yHkawGeJU jyygr,f/
Shift functions
SHL destination, count
SHR destination, count
SHL eJU SHR [m register^rSwfOmPfae&mu bit awGudk b,f^nmrSae a&wGufjyD; a&TUvdkufwmjzpfygw,f/
Oyrm
; 'Dae&mrSm al = 01011011 (bin) vdkU ,lqMunfhygr,f/
shr al, 3
qdkvdkwmuawmh AL register xJu bit awGudk nmzuf 3ae&mpm a&TUvdkufwmyg/ 'gaMumifh AL [m
00001011 jzpfvmygw,f/ b,fzuftjcrf;u bit awGudk oknawGeJU tpm;xdk;vdkufjyD; nmzufu bit
awGudkawmh a&TUz,f&Sm;vdkufwmyg/ a&TUz,fvdkufwJh aemufqHk; bit udkawmh carry-flag xJrSm odrf;xm;ygw,f/
Carry-bit qdkwm y&dkqufqm&JU Flag register xJu bit wpfckyg/ ol[m wdkuf&dkufudkifwG,fEdkifwJh ('Dvdkvkyf
zdkU opcode awG&Sdaomfvnf;) EAX^ ECX vdk register wpfckr[kwfygbl;/ 'gayr,fh olU&JUtajz[m
instruction &JU&v'fay: rlwnfaeygw,f/ 'gudkaemufydkif;rSm &Sif;jyygr,f/ oifhtaeeJU rSwfxm;&rSmwpfck
uawmh carry qdkwm flag register xJu bit wpfckjzpfjyD; tzGifh^tydwf vkyfEdkifw,fqdkwmudkyg/ 'D bit [m
a&TUz,fcHvdkuf&wJh aemufqHk; bit eJU wlnDygw,f/
shl u shr eJUwlygw,f/ 'gayr,fh olu b,fzufudk a&TUwmyg/
; 'Dae&mrSm bl = 11100101 (binary) vdkU ,lqMunfhygr,f/
shl bl, 2
Instruction jyD;wJhaemufrSmawmh BL [m 10010100 (bin) jzpfvmygw,f/ aemufqHk; bit ESpfckrSm
awmh oknawGeJU jznfhvdkufygw,f/ Carry bit uawmh 1 jzpfygw,f/ bmaMumifhvJqdkawmh aemufqHk;a&TUz,fcH
vdkuf&wJh bit u 1 jzpfaevdkUyg/
'DhaemufrSmawmh tjcm; opcode ESpfck &Sdygao;w,f/
SAL destination, count (Shift Arithmetic Left)
SAR destination, count (Shift Arithmetic Right)
SAL u SHL eJUwlygw,f/ 'gayr,fh SAR uawmh SHR eJU rwlygbl;/ SAR u oknawGeJU
a&TUz,fwm r[kwfayr,fh MSB (most significant bit) udk ul;ydkUygw,f/ Oyrm -
al = 10100110
sar al, 3
al = 11110100
sar al, 2
al = 11111101
bl = 00100110
sar bl, 3
bl = 00000010
Rotation functions
rol destination, count ; b,fodkU vSnfhonf/
ror destination, count ; nmodkU vSnfhonf/
rcl destination, count ; Carry rSwqifh b,fodkU vSnfhonf/
rcr destination, count ; Carry rSwqifh nmodkU vSnfhonf/
vSnhfwm[m a&TYovdkygyJ/ uGJjym;wmuawmh a&TUz,fcHvdkuf&wJh bit awGudk tjcm;zufudk xyfa&TUvdkuf
wmygyJ/
Oyrm/ / ror (rotate right)
Bit 7 Bit 6 Bit 5 Bit 4 Bit 3 Bit 2 Bit 1 Bit 0
rvSnfhrD 1 0 0 1 1 0 1 1
Rotate, count= 3 1 0 0 1 1 0 1 1 (a&TUz,f)
&v'f 1 1 0 1 0 0 1 1
tay:yHkrSm jrif&wJhtwdkif; bit awGudkvSnfhvdkufygw,f/ qdkvdkwmu wGef;xkwfcHvdkuf&wJh bit wdkif;[m

xyfrHjyD; tjcm;zufudk a&TUcH&ygw,f/ a&TUjcif;rSmvdkyJ carry bit awG[m aemufqHk;a&TUz,fcH&wJh bit udk
odrf;xm;ygw,f/ RCL eJU RCR uawmh ROL eJU RCR wdkUeJU wpfyHkpHwnf;yg/ olwdkU&JUtrnfawGudk,f
wdkifu ajymjywmuawmh olwdkU[m aemufqHk;a&TUz,fvdkufwJh bit udk nTefjyEdkifzdkU carry bit udk toHk;jyKMuyg
w,f/ ROL eJU ROR uvJ twlwlyJrdkU olwdkUtcsif;csif; uGJjym;rI r&SdMuygbl;/
Exchange
XCHG instruction uawmh vHk;vHk;MuD;udk &dk;&Sif;vSygw,f/ ol[m register ESpfck (odkU) register
wpfckeJU rSwfOmPfae&mwpfckudk vJvS,fay;Edkifygw,f/
eax = 237h
ecx = 978h
xchg eax, ecx
eax = 978h
ecx = 237h
(6.0) zdkifpepf
Assembly source zdkifawGudk section awGtaeeJU cGJxm;ygw,f/ Section awGuawmh code? data?
uninitialized data? constants? resource eJU relocations wdkU jzpfygw,f/ Resource sections udk
resource zdkifu xkwfay;wm jzpfygw,f/ (aemufydkif;wGifMunfhyg/) Relocation section uawmh uRefawmfwdkU
twGuf ta&;rMuD;ygbl;/ (olUrSm y&dk*&rfudk rSwfOmPf&JUtjcm;wae&mrSm ul;wifay;zdkU PE loader twGuf
tcsuftvufawG ygaumif;ygygvdrfhr,f/) ta&;MuD;wJh section awGuawmh code? data? uninitialized data
eJU constants wdkUyg/ Code section rSmygwmuawmh oifxifxm;wJhtwdkif; uk'fawGyg/ Data sections
rSmawmh zwfvdkU&â&;vdkU&wJh a'wmawG yg0ifygw,f/ Data section wpfckvHk;[m exe zdkifrSmyg0ifjyD; a'wm
awGeJU tpysdK;avh &Sdygw,f/
Unitialized data twGufuawmh tpydkif;rSm bmrSrygygbl;/ exe zdkifukd,fwdkifrSmawmif rygygbl;/
oluawmh Windows twGuf oD;oefUz,fxm;wJh rSwfOmPfwpfpdwfwpfa'oom jzpfygw,f/ 'D section rSm
a&;vdkU? zwfvdkU&ygw,f/ Constants uawmh data section eJU wlygw,f/ 'gayr,fh zwfvdkUyJ&ygw,f/ 'D
section udk constant twGufyJ toHk;jyKEdkifaomfvnf; ol[m include zdkifxJrSm constant awGudk aMunmxm;
&ifawmh ydkrdkvG,fuljyD;jrefqefvmygw,f/ 'DhaemufolwdkUudk vufiif;wefzdk;tjzpf oHk;&Hkyg/
(6.1) Section indicators
oifh&JU source zdkifawGrSm oifhtaeeJU section awGudk t"dyÜm,fzGifhxm;&ygr,f/
.code ; code section [m 'Dae&mu pygw,f/
.data ; data section [m 'Dae&mu pygw,f/
.data? ; unitialized data [m 'Dae&mu pygw,f/
.const ; constants section [m 'Dae&mu pygw,f/
tvkyfvkyfwJhzkdifawG (*.exe, *.dll, ...) [m Win32 rSmawmh PE (portable executable) yHkpHeJUyg/
ta&;MuD;wJh taMumif;t&mtcsdKUuvGJvdkU usefwmawGudk 'Dae&mrSm tao;pdwfaqG;aEG;rSm r[kwfygbl;/ (PE
header tcef;wGif tao;pdwf aqG;aEG;ygrnf/) Section awGudk PE header rSm 0daootcsdKUeJU MudKwif
teufzGifhxm;ygw,f/ tJ'gawGuawmh section name? RVA? offset? raw size? virtual size eJU flags wdUk
jzpfygw,f/ RVA (relative virtual address) uawmh section udk ul;wifay;r,fh rSwfOmPfxJu
qufEG,fwJhae&m jzpfygw,f/ 'Dae&mrSm relative qdkwJht"dyÜm,fu y&dk*&rftvkyfvyk fcsdefrSm rSwfOmPfxJrSm&SdwJh
base address eJU qufEG,faewmudk ajymwmyg/ 'D address [m PE-header rSmvJ &Sdaeayr,fh PE-loader
uyJ ajymif;vJay;Edkifygw,f (relocation-section udk toHk;jyKjyD;)/ Offset uawmh exe zdkifxJu yxrqHk;
a'wm&Sd&m raw offset omjzpfygw,f/ Virtual size uawmh rSwfOmPfrSmjzpfvmr,fh t&G,ftpm; jzpfyg
w,f/ Flag awGuawmh zwfzdkUâ&;zdkU^tvkyfvkyfzdkU pwmawGtwGuf flag awG jzpfygw,f/
(6.2) erlem y&dk*&rf
'guawmh erlemy&dk*&rfyg/
.data
Number1 dd 12033h
Number2 dw 100h,200h,300h,400h
Number3 db "blabla",0
.data?
Value dd ?
.code
mov eax, Number1
mov ecx, offset Number2
add ax, word ptr [ecx+4]
mov Value, eax
'Dy&dk*&rf[m aumif;aumif; assemble vkyfrSmr[kwfygbl;/ 'gayr,fh udpör&Sdygbl;/ oifh&JU assembly
y&dk*&rfrSm section xJrSmxm;&SdwJht&mwdkif;[m y&dk*&rfudk rSwfOmPfxJul;wifcsdefrSm exe zdkifxJ a&mufoGm;rSm
jzpfygw,f/ tay:rSmjyxm;wJh data section rSm label 3ck&Sdygw,f/ Number1? Number2 eJU Number3 yg/
'D label awG[m y&dk*&rfxJu olwdkU&Sd&mae&m&JU offset udk odrf;xm;ygw,f/ 'gaMumifhrdkU oifh&JUy&dk*&rfxJrSm
ae&mwpfckudk nTefjyzdkU olwdkUudk toHk;jyKEdkifygw,f/ DD uawmh tJ'Dae&mrSm wdkuf&dkufyJ DWORD wefzdk;
wpfckudk xm;ygw,f/ DW uawmh word jzpfjyD; DB u byte jzpfygw,f/ DB eJUqdk&if oifhtaeeJU string
awGudk toHk;jyKEdkifygw,f/ 'gaMumifhrdkU string qdkwm byte wefzdk;awGwGJxm;wJh tpkwpfck jzpfygw,f/
OyrmtaeeJU jy&&if -
33,20,01,00,00,01,00,02,00,03,00,04,62,6c,61,62,6c,61,00 (all hex numbers)
(wefzdk;wdkif;[m byte wpfckpD jzpfygw,f/)
uRefawmfhtaeeJU *Pef;tcsdKUudk ta&mifjc,fxm;ygw,f/ Number1 u byte 33 &Sd&m rSwfOmPfae&m
udk jyoygw,f/ Number 2 uawmh teDa&mif 00 &Sd&mjzpfjyD; Number3 uawmh tpdrf;a&mif 62 &Sd&mae&m
jzpfygw,f/ 'gudk oifhtaeeJU y&dk*&rfrSmoHk;&if ...
mov ecx, Number1
wu,fqdkvdkwmuawmh
mov ecx, dword ptr [rSwfOmPfxJrS dword 12033h wnf&Sd&mae&m]
'gayr,fh 'Dwpfck
qdkvdkwmuawmh ...
mov ecx, rSwfOmPfxJrS dword 12033h wnf&Sd&mae&m
yxrOyrmrSm? ECX [m Number1 &JU rSwfOmPfae&mrSm&SdwJh wefzdk;wpfckudk &&Sdygvdrfhr,f/ 'kwd,
wpfckrSmawmh ECX [m rSwfOmPfae&m (offset) jzpfvmygvdrfhr,f/ atmufuOyrmESpfckrSm wlnDwJhtusdK;ESpfck
&Sdygw,f/
(1)
mov ecx, Number1
(2)
mov ecx, dword ptr [ecx] (odkUr[kwf mov ecx, [ecx])
tck Oyrmudk jyefMunfhMuygr,f/
.data
Number1 dd 12033h
Number2 dw 100h,200h,300h,400h
Number3 db "blabla",0
.data?
Value dd ?
.code
mov eax, Number1
add ax, word ptr [ecx+4]
mov Value, eax
Label wefzdk;udk Number1? Number2 eJU Number3 wdkUvdk toHk;jyKEdkifygw,f/ 'gayr,fh ppcsif;rSm
awmh olUrSm oknyg0ifaeygvdrfhr,f/ bmaMumifhvJqdkawmh ol[m unitialized data section xJrSm &SdvdkUyg/
'g&JU tusdK;aus;Zl;uawmh .data? rSm oifaMunmcJhwmawGtm;vHk;[m executable rSm &SdrSmr[kwfygbl;/
rSwfOmPfrSmom &SdrSmyg/
.data?
ManyBytes1 db 5000 dup (?)
.data
ManyBytes2 db 5000 dup (0)
(5000 dup = udk,fyGm; 5000. Value db 4,4,4,4,4,4,4 = Value db 7 dup (4).)
ManyBytes1 [m oludk,fwdkif zdkifxJrSm &SdrSmr[kwfygbl;/ rSwfOmPfrSm pmvHk;a& 5000 csefvSyfxm;
wmyg/ 'gayr,fh ManyBytes2 uawmh executable xJrSm&SdjyD; zdkifudk 5000 bytes MuD;atmif vkyfygw,f/
oifh&JUzdkifrSm oknawG tvHk; 5000 ygvmrSmrdkU 'g[m toHk;awhmr0ifvSygbl;/
Code section uawmh assemble vkyfcH&&HkoufoufjzpfjyD;( raw code odkUajymif;jcif;) executable
xJrSmxm;ygw,f/ (trSefawmh ul;wifcsdefrSm rSwfOmPfxJrSmjzpfygw,f/)
(7.0) Conditional Jumps
Code section rSmawmh label udk 'Dvdk toHk;jyKvdkU &ygw,f/
.code
mov eax, edx
sub eax, ecx
cmp eax, 2
jz loc1
xor eax, eax
jmp loc2
loc1:
xor eax, eax
inc eax
loc2:
(xor eax, eax rSm eax = 0 vdkU qdkvdkwmyg/)
uk'fudk ppfMunfhvdkufMu&atmif/
mov eax, edx ; EAX xJrSm EDX udk xm;wmyg/
sub eax, ecx ; EAX xJu ECX udk EIwfygw,f/
cmp eax, 2; EAX udk 2 eJU EdIif;,SOfygw,f/
Cmp u instruction topfjzpfygw,f/ Cmp [m 'compare' vdkU t"dyÜm,f&ygw,f/ ol[m wefzdk;
ESpfck (reg, mem, imm)udk EdIif;,SOfjyD; olwdkUESpfck[m nDcJh&if Z-flag udk owfrSwfygw,f/ Zero-flag [m
carry vdkyJ flag register xJu bit wpfckjzpfygw,f/
jz loc1;
'Dwpfck[mvnf; topfwpfckjzpfygw,f/ oluawmh conditional jump yg/ Jz = jump if zero /
qdkvdkwmu zero flag udk owfrSwfvdkufcsdefrSm ausmfoGm;ygw,f/ loc1 uawmh rSwfOmPfxJu offset twGuf
label wpfckyg/ tJ'DrSm instructions 'xor eax, eax | inc eax' pygw,f/ 'gaMumifhrdkU jz loc1 [m wu,fvdkU
zero flag udk owfrSwfvdkuf&if loc1 rSm&SdwJh instruction qD ausmfoGm;rSmyg/
cmp eax, 2 ; EAX=2 jzpf&if zero flag udk owfrSwfrSmyg/
jz loc1 ; zero flag udk owfrSwfvdkuf&if loc1 qD ausmfoGm;ygr,f/
=
EAX [m 2 eJU nDcJh&if loc1 rSm&SdwJh instruction qD ausmfoGm;ygr,f/
aemufwpfckuawmh jmp loc2 yg/ ol[mvnf; jump wpfckyg/ 'gayr,fh oluawmh unconditional
jump yg/ olu tjrJwrf;ausmfvTm;ygw,f/ tay:uuk'fudk C bmompum;eJU twdtus jyefa&;jy&&if -
if ((edx‐ecx)==2)
{
eax = 1;
}
else
{
eax = 0;
}
BASIC y&dk*&rfbmompum;eJU a&;jy&&ifawmh
IF (edx‐ecx)=2 THEN
EAX = 1
ELSE
EAX = 0
END IF
(7.1) Flag register
Flag register rSm wGufcsufrIeJU tjcm;tjzpftysufrsm;ay:rlwnfjyD; owfrSwfjcif;^rowfrSwfjcif;
jyKvkyfwJh flag awG &Sdygw,f/ uRefawmfhtaeeJU 'gawGtukefvHk;udk aqG;aEG;rSm r[kwfygbl;/ ta&;MuD;wmtcsdKU
udkyJ aqG;aEG;rSm jzpfygw,f/
ZF (Zero flag)
wGufcsufrI&v'f[m oknjzpfcJh&if 'D flag udk owfrSwfygw,f/ (EdIif;,SOfw,fqdkwm wu,fawmh
EIwfjcif;wpfrsdK;om jzpfygw,f/ &v'fudk odrf;qnf;rI r&Sdayr,fh flag awGudkawmh owfrSwfygw,f/)
SF (Sign flag)
wu,fvdkU 'D flag udk oHk;cJh&if wGufcsufrIu &&SdvmwJhaemufqHk;udef;[m tEIwfjzpfygw,f/
CF (Carry flag)
wGufcsufrIjyD;wJhaemufrSmawmh xJrSm b,fzuftusqHk; bit yg0ifvmygw,f/
OF (Overflow flag)
wGufcsufwJhtcg ausmfvGefwGufcsufrdwmudk ajymwmyg/ qdkvdkwmu &v'f[m destination xJrSm
rawmfwm (rqefUwm)udk ajymwmyg/
'ghjyif tjcm; flags (Parity, Auxiliary, Trap, Interrupt, Direction, IOPL, Nested Task,
Resume & Virtual Mode) awGvnf; &Sdygao;w,f/ 'gayr,fh uRefawmfwdkU toHk;jyKrSm r[kwfwJhtwGuf
'gawGudk &Sif;jyawmhrSm r[kwfygbl;/
(7.2) Jump series
atmufrSmazmfjyxm;wmuawmh conditional jump eJUywfoufwm tukefyg/ olwdkUawG[m flag
awG&JU tajctaeay:rlwnfjyD; jump vkyfMuwmyg/ 'gayr,fh awmfawmfrsm;rsm;rSm &Sif;vif;vG,fulwJhtrnf
awG &Sdygw,f/ oifhtaeeJU b,f jump udk owfrSwfoHk;pGJw,fqdkwm odp&m rvdkygbl;/ 'Jump if greater or
equal' (jge) twGuf Oyrmjy&&if 'Sign flag = Overflow flag' jzpfygw,f/ aemufwpfckuawmh 'Jump if
zero' vdkUawGU&if 'Jump if Zero flag = 1' vdkU odxm;&ygr,f/
Z,m;zwfenf;
'Jump if above' - &JU qdkvkdcsufuawmh
cmp x, y; // x eJU y udk EdIif;,SOfygw,f/
// wu,fvdkU x [m y xufMuD;&if jump vkyfygr,f/
Opcode Meaning Condition
JA Jump if above CF=0 & ZF=0
JAE Jump if above or equal CF=0
JB Jump if below CF=1
JBE Jump if below or equal CF=1 or ZF=1
JC Jump if carry CF=1
JCXZ Jump if CX=0 register CX=0
JE (is the same as JZ) Jump if equal ZF=1
JG Jump if greater (signed) ZF=0 & SF=OF
JGE Jump if greater or equal (signed) SF=OF
JL Jump if less (signed) SF != OF
JLE Jump if less or equal (signed) ZF=1 or SF!=OF
JMP Unconditional Jump -
JNA Jump if not above CF=1 or ZF=1
JNAE Jump if not above or equal CF=1

JNB Jump if not below CF=0
JNBE Jump if not below or equal CF=1 & ZF=0
JNC Jump if not carry CF=0
JNE Jump if not equal ZF=0
JNG Jump if not greater (signed) ZF=1 or SF!=OF
JNGE Jump if not greater or equal (signed) SF!=OF
JNL Jump if not less (signed) SF=OF
JNLE Jump if not less or equal (signed) ZF=0 & SF=OF
JNO Jump if not overflow (signed) OF=0
JNP Jump if no parity PF=0
JNS Jump if not signed (signed) SF=0
JNZ Jump if not zero ZF=0
JO Jump if overflow (signed) OF=1
JP Jump if parity PF=1
JPE Jump if parity even PF=1
JPO Jump if paity odd PF=0
JS Jump if signed (signed) SF=1
JZ Jump if zero ZF=1
Jump instruction tm;vHk;rSm operand wpfckomvdkygw,f/ 'guawmh jump vkyfr,fhae&m&JU offset

yg/ Z,m;udk taotcsmMunfhr,fqdk&if unconditional jump (JMP) wpfckudkawGUrSmyg/ oluawmh wpfckckeJU
EdIif;,SOfwJhtvkyfudk vkyfrSmr[kwfygbl;/ Jump wef;vkyfrSmyg/
(8.0) *Pef;rsm;taMumif; waphwapmif;
y&dk*&rfbmompum; awmfawmfrsm;rsm;rSm udef;jynfheJU 'orudef; toHk;jyKwm[m variable aMunmrI
tay:rlwnfygw,f/ Assembler rSmawmh 'gawG[m vHk;vHk;uGJjym;ygw,f/ 'orudef;awG wGufcsufrIudk txl;
opcode awGeJUjyKvkyf&ygw,f/ 'gudk FPU (floating point unit) vdkUac:wJh tydky&dkqufqmu jyKvkyf
ay;ygw,f/ 'orudef;eJUywfoufwJh instruction awGtaMumif;udk aemufydkif;rSm aqG;aEG;ygr,f/ yxrawmh
udef;jynfhawGtaMumif; aqG;aEG;ygr,f/ C rSm signed eJU unsigned *Pef;qdkjyD; ESpfrsdK;&Sdygw,f/ Signed
qdkwmuawmh taygif;^tEIwfoauFw&SdwJh *Pef;awGudk ac:wmyg/ Unsigned uawmh tjrJwrf; taygif;yg/
atmufuZ,m;rSm uGJjym;rIav;awG MunfhvdkufMu&atmif/ (xyfajym&r,fqdk&if 'Dae&mrSm byte eJU Oyrmjyxm;
wmyg/ tjcm;t&G,ftpm;qdkvJ tvkyfvkyfyHk wlygw,f/)
wefzdk; 00 01 02 03 ... 7F 80 ... FC FD FE FF
Unsigned 00 01 02 03 ... 7F 80 ... FC FD FE FF
Signed 00 01 02 03 ... 7F -80 ... -04 -03 -02 -01

'gaMumifhrdkU signed *Pef;qdk&if pmvHk;udk tydkif;ESpfydkif; cGJvdkufygw,f/ taygif;wefzdk;twGuf 0 uae
7F xd? tEIwfwefzdk;twGuf 80 uae FF xd jzpfygw,f/ wefzdk;twGufqdk&ifvnf; twlwlygyJ/ taygif; = 0
- 7FFFFFFFh? tEIwf = 80000000 - FFFFFFFFh / oif*&kjyKrdovdkyJ tEIwf*Pef;awGMu&if significant
bit udk owfrSwfygw,f/ bmaMumifhvJqdkawmh olwdkU[m 80000000h xufMuD;vdkUyg/ 'D bit udk sign bit vdkU
ac:ygw,f/
(8.1) Signed vm;? unsigned vm;/
oifa&m? y&dkqufqmyg wefzdk;wpfck[m signed vm;? unsigned vm; rodEdkifygbl;/ owif;aumif;
wpfckuawmh taygif;eJU tEIwfrSm *Pef;wpfck[m signed jzpfjzpf? unsigned jzpfjzpf ta&;rMuD;ygbl;/
wGufyg/ / -4 + 9
FFFFFFFC + 00000009 = 00000005. (rSefygw,f/)
wGufyg/ / 5 - (-9)
00000005 - FFFFFFF7 = 0000000E (olvJyJ rSefygw,f/) ( 5 - -9 = 14)
owif;qdk;wpfckuawmh olwdkU[m ajrSmufjcif;? pm;jcif;eJU EdIif;,SOfjcif;wdkUrSm rrSefygbl;/ 'gaMumifhrdkU
signed *Pef;awGtwGuf txl; mul eJU div opcode awG &Sdygw,f/
imul ESifh idiv
mul xufpm&if imul rSm &SdwJh tm;omcsufuawmh olUrSm vufiif;wefzdk;awGudk oHk;Edkifygw,f/
imul src
imul src, immed
imul dest,src, 8‐bit immed
imul dest,src
idiv src
olwdkUawG[m mul? div wdkUeJUwlayr,fh olwdkUawG[m signed wefzdk;awGeJUom wGufcsufygw,f/
EdIif;,SOf&mrSmvJ unsigned *Pef;awGeJU wlnDpGmtoHk;jyKEdkifayr,fh flag awGudk owfrSwfwmawmh uGJjym;yg
w,f/ 'gaMumifhrdkU signed eJU unsigned *Pef;awGtwGuf uGJjym;wJh jump instruction awG &Sdae&wmyg/
cmp ax, bx
ja offset
JA [m unsigned jump yg/ (Jump if above)/ ax = FFFFh (FFFFh unsigned, -1 signed) eJU
bx = 0005h (5 unsigned, 5 signed) wdkUudk pOf;pm;Munhfyg/ FFFFh [m (unsigned) wefzdk;tm;jzifh 0005
xuf jrifhwmaMumifh JA instruction [m ausmfvTm;rSmyg/ 'gayr,fh JG instruction udkawmh signed jump
tjzpf oHk;ygw,f/
cmp ax, bx
jg somewhere
JG instruction uawmh jump jzpfrSm r[kwfygbl;/ bmaMumifhvJqdkawmh -1 [m 5 xuf rMuD;vdkUyg/
rSwfxm;&rSmuawmh -
k m signed/ unsigned jzpfw,fqdkwmuawmh oifhtaeeJU 'D*Pef;udk udkifwG,frItay:yJ
*Pef;wpfc[
rlwnfygw,f/
(9.0) aemufxyf opcode rsm;
'guawmh aemufxyf opcode tcsdKU jzpfygw,f/
TEST
TEST [m logical AND vkyfaqmifcsufudk aqmif&GufjyD; dest eJU src qdkwJh ESpfck&SdjyD; &v'fay:
rlwnfjyD; flag register udk owfrSwfygw,f/ &v'fudkawmh udk,fwdkifrodrf;ygbl;/ TEST udk toHk;jyKwJhae&m
uawmh Oyrmjyxm;wJhtwdkif; register wpfckxJu bit wpfckudk prf;oyfzdkUjzpfygw,f/
test eax, 100b ; (b u ESpfvDpepf&JU twdkaumufyg/ )
jnz bitset
wu,fvdkU EAX xJu wwd,ajrmuf bit (nmzufrSonf)udk owfrSwfa&G;cs,fvdkuf&if JNZ [m
jump jzpfygvdrfhr,f/ TEST &JU trsm;qHk;toHk;jyKrIuawmh register wpfck[m oknjzpf^rjzpf prf;oyfwJh
tcgrSm jzpfygw,f/
test ecx, ecx
jz somewhere
ECX [m oknjzpfcJh&if JZ [m jump jzpfygvdrfhr,f/
STACK OPCODES
Stack opcodeawG taMumif;rajymjycifrSm stack qdkwmbmvJqdkwm t&if&Sif;jyyghr,f/ Stack qdkwm

rSwfOmPfxJu ae&mwpfckjzpfjyD; stack pointer register jzpfwJh ESP eJU nTefjyygw,f/ Stack [m ,m,D
wefzdk;awGxm;zdkU ae&mwpfck jzpfygw,f/ olUrSm wefzdk;awGudkxm;zdkUeJU jyef&,lzdkU PUSH eJU POP qdkwJh
instruction ESpfck&Sdygw,f/ PUSH uawmh stack xJudk wefzdk;wpfckvmxnfhjyD; POP uawmh xyfrHqGJxkwf
wmyg/ Stack xJudk aemufqHk;vmxnfhwmudk t&ifxkwf,lygw,f/ wefzdk;wpfckudk stack rSm vmxm;&if
stack pointer [m avsmhenf;vmygw,f/ z,f&Sm;csdefrSmawmh stack pointer wdk;vmygw,f/
OyrmudkMunfhyg/
(1) mov ecx, 100
(2) mov eax, 200
(3) push ecx ; ECX udk odrf;ygw,f/
(4) push eax
(5) xor ecx, eax
(6) add ecx, 400
(7) mov edx, ecx
(8) pop ebx
(9) pop ecx
&Sif;vif;csuf
1: ECX wGif 100 udk vmxm;onf/
2: EAX wGif 200 udk vmxm;onf/
3: push ecx (=100) (stack rSm yxrqHk;vmxm;wmyg/)
4: push eax (=200) (stack rSm aemufqHk;vmxm;wmyg/)
5/6/7: ECX eJU ywfoufwJhvkyfaqmifcsufawG vkyfygw,f/ ECX &JU wefzdk;awG ajymif;vJaeygw,f/
8: pop ebx: EBX [m 200 jzpfvmygw,f/ (aemufqHk;vmxm;vdkUyg/ t&ifqHk;xkwf,lygw,f/)
9: pop ecx: ECX [m 100 jzpfvmygw,f/ (yxrqHk;vmxm;vdkUyg/ aemufqHk;xkwf,lygw,f/)
PUSH/POP vkyfjcif;jzifh rSwfOmPfxJrmS bmawGjzpfysufaevJqdkwmMunfhzdkU atmufygZ,m;udk Munfh
yg/
Offset 1203 1204 1205 1206 1207 1208 1209 120A 120B
Value 00 00 00 00 00 00 00 00 00
ESP
('Dae&mrSm stack
[m yxrqHk; oknawG jznfhoGm;ygw,f/ 'gayr,hf wu,fhwu,frSmawmh 'Dvdk
r[kwfygbl;/ ESP [m ESP nTefjywJh offset udk &nf&G,fygw,f/)
mov ax, 4560h
push ax
Offset 1203 1204 1205 1206 1207 1208 1209 120A 120B
Value 00 00 60 45 00 00 00 00 00
ESP
mov cx, FFFFh

push cx
Offset 1203 1204 1205 1206 1207 1208 1209 120A 120B
Value FF FF 60 45 00 00 00 00 00
ESP
pop edx
Offset 1203 1204 1205 1206 1207 1208 1209 120A 120B
Value FF FF 60 45 00 00 00 00 00
ESP
ckcsdefrSm EDX [m 4560FFFFh jzpfaeygjyD/
CALL & RET
Call wpfck[m tcsdKUuk'fawGqD ausmfvTm;EdkifjyD; RET-instruction udkawGUwJhtcg csufcsif;yJjyefa&muf

vmygw,f/ oifhtaeeJU olwdkUawGudk tjcm;y&kd*&rfbmompum;awGrSm function awGtjzpf? subroutine
awGtjzpf awGUEdkifygw,f/ Oyrm -
..code..
call 0455659
..more code..
Code at 455659:
add eax, 500
mul eax, edx
ret
CALL instruction tvkyfvkyfwJhtcgrSm y&dkqufqm[m 455659 rSm&SdwJhuk'fqD ausmfoGm;jyD; RET
ra&mufrDxd instruction awGudk tvkyfvkyfygw,f/ jyD;awmh CALL tjyD;u instruction awGqD jyefvSnfh
ygw,f/ CALL u jump jzpfoGm;wJhuk'fudkawmh procedure vdkU ac:ygw,f/ CALL [m EIP (aemufnTef
Mum;csufudk tvkyfvkyfaprnfh pointer)udk stack ay: push vkyfygw,f/ jyD;awmh RET-instruction u pop
jyefvkyfay;ygw,f/ oifhtaeeJU CALL twGuf argument awG owfrSwfvdkU&ygw,f/ 'gudk PUSH eJU jyKvkyf
Edkifygw,f/
push something
push something2
call procedure
CALL twGif;rSmawmh argument awGudk stack xJuzwfjyD;toHk;jyKEdkifygw,f/ Local variables
(qdkvdkwmu procedure xJtwGif;rSmomvdkwJh a'wmrsm;) awGudkvJ stack xJrSmxm;odkvdkU&ygw,f/ uRefawmfh
taeeJU 'gawGudk tao;pdwfaqG;aEG;rSm r[kwfygbl;/ bmvdkUvJqdkawmh 'gawGudk masm (Macro Assembler)
eJU tasm (Turbo Assembler) rSm tvG,fwulvkyfEdkifvdkUyg/ oifhtaeeJU procedure awGudk jyKvkyfEdkifw,f
qdkwmeJU olwdkUawG[m parameter awGudkoHk;wm trSwf&&if awmfygjyD/ ta&;MuD;wmwpfcsuf uawmh -
EAX [m procedure wpfck&JU return value udk xnfhxm;zdkU tjrJwrf;eD;yg; toHk;jyKygw,f/
'gawG[m windows function awGtwGufvJ rSefuefygw,f/ trSefrSmawmh oifh&JUudk,fydkif
procedure rSmawmh tjcm;b,f register udkrqdk toHk;jyKEdkifygw,f/ 'gayr,fh EAX uawmh pHwpfckjzpf
ygw,f/ pum;rpyf instruction wpfck&JU oHk;EHI;yHkudk &Sif;jyvdkygw,f/
lea edi, namebuffer ; EDI [m rdrd&dkufxnfhvdkufwJh trnfxm;okd&m address jzpfygw,f/
mov eax, dword ptr ds:[edi] ; EAX xJudk pmvHk;av;vHk; oGm;xm;wmyg/ bmaMumifhvJqdkawmh DWORD
(4 bytes) [m pmvHk; av;vHk;eJU nDvdkUyg/
(10.0) Windows ESifh ywfoufaom Assmebly bmompum; tajccH
(10.1) API
Windows rSmy&dk*&rfa&;om;jcif;&JU tajccHtusqHk;tcsufuawmh Windows API (Application
Programming Interface) awGay:rlwnfaeygw,f/ API qdkwm OS ujznfhpGrf;ay;EdkifwJh function awGudk
pkpnf;ay;xm;wmyg/ Windows y&dk*&rfwdkif;[m 'D function awGudk toHk;jyKygw,f/ 'D function awG[m
Windows pepf&JU dll zdkifawGjzpfwJh kernel? user? gdi? shell? advapi pwJh zdkifawGxJrSm &Sdygw,f/ Function
ESpfrsdK;ESpfpm;&Sdygw,f/ ANSI eJU Unicode yg/ 'gawGuawmh string awGudk odrf;qnf;udkifwG,f&mrSm toHk;jyK
wJhenf;vrf;ESpfck jzpfygw,f/ ANSI eJUqdk&ifawmh pmvHk;wdkif;udk oauFw(ASCII uk'f)taeeJU azmfjyjyD;
string &JUtqHk;udkazmfjyzdkU \0 (null-terminated)udk toHk;jyKygw,f/ Unicode uawmh widechar ykHpHudk
toHk;jyKjyD; oauFwwpfckpDtwGuf pmvHk;ESpfvHk;toHk;jyKygw,f/ oluawmh w&kwf? jrefrmbmompum;awGvdk
pmvHk;a&ydkrdkvdktyfwJh bmompum;awGrSmtoHk;jyKygw,f/ Widechar string awG[m \20 eJU tqHk;owfavh
&Sdygw,f/ Windows uawmh ANSI function jzpfjzpf? Unicode function jzpfjzpf vufcHygw,f/ Oyrm
jy&&if -
MessageBoxA (ANSI)
MessageBoxW (W = widechar (unicode))
uRefawmfwdkUuawmh ANSI udk toHk;jyKrSm jzpfygw,f/
(10.2) DLL zdkifrsm;udk qGJ,loGif;jcif;
Windows API &JU function awGudk toHk;jyKzdkU DLL zdkifawGudk import vkyfzdkUvdkygw,f/ 'gawGudk
import libraries (.lib) awGeJU jyKvkyfEdkifygw,f/ 'D lib awG[m r&Sdrjzpfvdktyfygw,f/ bmaMumifhvJqdkawmh
olwdkU[m Windows pepfudk DLL awG ,m,Dul;,loHk;pGJzdkU cGifhjyKvdkUyg/ (qdkvdkwmu rSwfOmPfu dynamic
base addresse rSm)/ 'gudk includelib oHk;jyD; library wpfckudk xnfhoGif;Edkifygw,f/
includelib C:\masm32\lib\kernel32.lib (odkUr[kwf)
includelib \masm32\lib\kernel32.lib (odkUr[kwf)
includelib kernel32.lib
'gqdk kernel32.lib udk xnfhoGif;toHk;jyKawmhrSmyg/ 'Dae&mrSm include library wpfckwnf;uom
ta&;MuD;wm r[kwfygbl;/ include file (.inc) uvJ vdkygw,f/ 'gawGudkawmh l2inc y&dk*&rfoHk;jyD; library
awGuae tvdktavsmuf xkwfay;aewmyg/ include file wpfckudk a&;jy&r,fqdk&ifawmh 'Dvdkyg/
include \masm32\include\kernel32.inc
include file xJrSm DLL xJu function awGtwGuf prototype awGudk t"dyÜm,fzGifhxm;jyD;jzpfwm
aMumifh oifhtaeeJU invoke udk toHk;jyKjyD; oHk;pGJvdkU&ygjyD/
kernel32.inc:
...
MessageBoxA proto stdcall :DWORD, :DWORD, :DWORD, :DWORD
MessageBox textequ <MessageBoxA>
...
include file xJrSm ANSI function awGeJU wu,fh function trnfeJU wxyfwnf;usatmifvkyfxm;
wJh 'A' rygwJh function awGudk t"dyÜm,fzGifhxm;wm jrif&rSmyg/ oifhtaeeJU MessageBoxA tpm;
MessageBox udk oHk;Edkifygw,f/ oHk;pGJr,fh function awGtwGuf include library eJU include file awGudk
aMunmowfrSwfjyD;oGm;&ifawmh 'D function awGudk toHk;jyKvdkU &ygjyD/
invoke MessageBox, NULL, ADDR MsgText, ADDR MsgTitle, NULL
(10.3) Windows include file
Windows rSm txl; include file wpfckjzpfwJh windows.inc zdkif&Sdygw,f/ tJ'DzdkifxJrSm Windows
API twGufvdktyfwJh constant eJU structure tm;vHk;yg0ifygw,f/ Oyrmjy&&if message box rSm yHkpHtrsdK;rsdK;
&Sdygw,f/ Function &JU av;ckajrmuf parameter uawmh pwdkifyg/ NULL u MB_OK udk qdkvdkjyD; ol[m
OK button jzpfygw,f/ Windows include file rSm 'DvdkpwdkifrsdK;awGtwGuf t"dyÜm,fzGifhqdkcsufawG yg0ifyg
w,f/
MB_OK = 0
MB_OKCANCEL = ...
MB_YESNO = ...
'Dvdk t"dyÜm,fzGifhxm;vdkUvJ 'DtrnfawGudk oifhtaeeJU constant taeeJU oHk;vdkU&aewmyg/
invoke MessageBox, NULL, ADDR MsgText, ADDR MsgTitle, MB_YESNO
'DOyrmtwGuf include file udk aMunmr,fqdk&ifawmh 'DvkdaMunm&ygr,f/
include \masm32\include\windows.inc
(10.4) Frame
erlem frame wpfckudk MunfhMunfhygr,f/
.486
.model flat, stdcall
option casemap:none
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\user32.lib
includelib \masm32\lib\gdi32.lib
include \masm32\include\user32.inc
include \masm32\include\gdi32.inc
.data
blahblah
.code
start:
blahblah
end start
'guawmh windows assembly source file (.asm) twGuf tajccH frame wpfckyg/
Assembler udk y&dkqufqm (odkUr[kwf tjrifh)twGuf awGxkwfay;zdkU ajymyg

.486 w,f/ oifhtaeeJU .386 udk toHk;jyKEdkifayr,fhvJ .486 uawmh rsm;aom tm;jzifh
aumif;aumif; tvkyfvkyfavh&Sdygw,f/
Flat rSwfOmPfudk toHk;jyKwmyg/ stdcall udk toHk;jyKygw,f/ qdkvdkwmu

function awGtwGuf parameter awGudk nmzufuae b,fzufudk push
.model flat, stdcall vkyfygw,f/ (aemufqHk;udk yxrqHk; push vkyfygw,f) jyD;oGm;csdefrSmawmh
function [m stack udk jyefjyKjyifay;&ygr,f/ 'g[m Windows API
function eJU DLL awGtm;vHk;eD;yg;twGuf pHyg/
option casemap:none Label twGufpmvHk;awG[m tMuD;tao; cGJjcm;rI&dS^r&Sd pdppfygw,f/

windows.inc zdkif aumif;aumif; tvkyfvkyfEdkifzdkU olUudk 'none' vdkU ay;&ygr,f/
includelib tay:rSm aqG;aEG;jyD;jzpfygw,f/
include tay:rSm aqG;aEG;jyD;jzpfygw,f/
.data data section \tp
.code code section \tp
Label [m y&dk*&rf&JUtpudk nTefjyygw,f/ 'start' vdkUawmh ac:zdkUrvdkygbl;/

start:
oifhtaeeJU MudKufwJhemrnf ay;Edkifygw,f/ tqHk;us&ifawmh 'end' statement udk
end start
oHk;zdkUawmh vdkygw,f/
aumif;jyD? uRefawmfwdkU yxrqHk;y&dk*&rfwpfyk'fudk a&;Munfhygr,f/ 'Dae&mrSm assemble vkyfzdkU

uRefawmfwdkUoHk;r,fh aqmhzf0JvfESpfckuawmh WinAsm Studio 5.1.5 eJU Macro Assembler 3.2.7 wdkU
jzpfygw,f/
.486
.model flat, stdcall
option casemap:none
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\user32.lib
include \masm32\include\user32.inc
.data
MsgText db "Hello world!", 0
MsgTitle db "This is a messagebox", 0
.code
start:
invoke MessageBox, NULL, ADDR MsgText, ADDR MsgTitle, MB_OKCANCEL or MB_ICONQUESTION
invoke ExitProcess, NULL
end start
'Duk'fawGudk assemble (Go All) vkyfvdkuf&if awGU&rSmawmh yHk(1)twdkif; jzpfygw,f/
yHk(1)
y&dk*&rftvkyfvkyfyHkudk &Sif;&&ifawmh ...
1/
MessageBox &JU toHk;jyKyHkuawmh 'Dvdkyg/ (Win32.hlp udk Munfhyg/)
int MessageBox(
HWND hWnd, // handle of owner window
LPCTSTR lpText, // address of text in message box
LPCTSTR lpCaption, // address of title of message box
UINT uType // style of message box
);
zefwD;r,fh message box &JU owner window udk owfrSwfygw,f/ wu,fvdkU 'D
hWnd
parameter [m NULL jzpfcJh&if message box rSm owner window &SdrSmr[kwfygbl;/
lpText Message taeeJU jyr,fh \0 eJU qHk;wJh string udk nTef;ygw,f/
acgif;pOftwGuf vdktyfwJh \0 eJU qHk;wJh string udk nTef;ygw,f/ wu,fvdkU 'Dae&mrSm

lpCaption
NULL vdkU oHk;cJh&if default acgif;pOfudk toHk;jyKrSm jzpfygw,f/
uType Dialog box &JU yHkpHudk azmfjy&rSmjzpfjyD; aygif;pyfxm;wJh flag awGyg0ifvmEdkifygw,f/
2/
hWnd uawmh NULL jzpfaerSmyg/ bmaMumifhvJqdkawmh uRefawmfwdkUy&dk*&rfrSm window r&SdvdkUyg/
lpText uawmh uRefawmfwdkUpmom;&JU pointer yg/ qdkvdkwmu 'D parameter [m uRefawmfwdkUowfrSwfcsif
wJhpmom;&Sd&m rSwfOmPf&JU offset wpfckjzpfygw,f/
lpCaption uawmh acgif;pOf&JUpmom;&Sd&m offset jzpfygw,f/
uType uawmh MB_OK? MB_OKCANCEL? MB_ICONERROR wdkUvdk wefzdk;awG aygif;pyfxm;wm
jzpfygw,f/
3/
MessageBox twGuf string ESpfckudk MudKwifowfrSwfygw,f/
.data
MsgText db "Hello world!",0
MsgTitle db "This is a messagebox",0
¾ .data uawmh data section &JU tpudk nTefjyygw,f/ db uawmh byte jzpfjyD; \0 eJU tqHk;owfatmif
vdkU 0 udk xnfhxm;wmjzpfygw,f/ aemufwpfaMumif;uae ay:apcsif&ifawmh ... (13 = Carriage
Return, 10= Line Feed)
.data
MsgText db "Hello world!",13,10
db "I'm a messagebox",13,10
db "Hello again!",0
¾ MsgText uawmh yxr string &JU offset udk odrf;ygw,f/ MsgTitle uawmh 'kwd, string udk
odrf;ygw,f/ ckcsdefrSmawmh oifhtaeeJU MessageBox function udk oHk;vdkU&ygjyD/
invoke MessageBox, NULL, offset MsgText, offset MsgTitle, NULL
¾ invoke udk toHk;jyKxm;wmaMumifh oifhtaeeJU (ydkrdkpdwfcs&atmif) offset tpm; ADDR udk
toHk;jyKEdkifygw,f/
invoke MessageBox, NULL, ADDR MsgText, ADDR MsgTitle, NULL
¾ uRefawmfwdkUtaeeJU aemufqHk; parameter udk bmrSrowfrSwfcJhayr,fh aumif;aumif;MuD; tvkyfvkyf
ygw,f/ bmaMumifhvJqdkawmh MB_OK (OK button eJU message box) u 0 (NULL) eJU nDvdkU
yg/ 'gayr,fh oifhtaeeJU tjcm;b,fyHkpHudkrqdk toHk;jyKvdkU&ygw,f/
yHk(2)
4/
uType &JU t"dyÜm,fuawmh yHk(2)eJU yHk(3) twdkif; jzpfygw,f/
yHk(3)
(10.5) Win32 API
Windows API rSm Windows twGufvdktyfwJh y&dk*&rfawGzefwD;EdkifzdkU data type awG? constant
awG? function awGeJU structure awGyg0ifygw,f/ uRefawmfwdkUtoHk;jyKcJhwJh ExitProcess tygt0if API
function awmfawmfrsm;rsm;udk t"du DLL zdkif3ckjzpfwJh kernel32.dll? gdi32.dll eJU user32.dll wdkUrSm xm;&Sd
wmyg/
KERNEL32.DLL - Low level kernel services
GDI32.DLL - Graphics Device Interface: yHkqGJjcif;ESifh yHkESdyfjcif;/
USER32.DLL - User Interface controls? windows ESifh messaging services
BOOL SetWindowText(
HWND hWnd, // handle of window or control
LPCTSTR lpString // address of string);
'guawmh C yHkpHa&;xm;wmyg/ yHkpHtaeeJU jyefa&;jy&&if -
PUSH lpString
PUSH hWnd
CALL SetWindowText
(11) &dk;&Sif;aom Dialog Box y&dk*&rf a&;om;jcif;
'DwpfcgrSmawmh Windows &JU zGJUpnf;wnfaqmufyHkudkausmfvdkufjyD; vufawGUy&dk*&rfa&;Munfhygr,f/
(tcgtcGifhoifhcJh&ifawmh &Sif;jyygr,f/) WinAsm Studio &JU File menu u New Project udk a&G;vdkufyg/
Project u Add new Rc udk a&G;vdkufyg/ jyD;&if Add New Dialog udka&G;yg/ 'DaemufrSmawmh caption
wpfck? button ESpfckeJU editbox wpfckudk zefwD;vdkufyg/ jyD;&if screen atmufajcem;u Resources tab udk
a&G;yg/ Caption box ukd ESpfcsufESdyfjyD; 'Simple Dialog Box Program' vdkU &dkufyg/ jyD;&if toolbox u edit
button udka&G;jyD; yHk(4)twdkif; qGJyg/
yHk(4)
jyD;&if button ESpfckudk zefwD;jyD; button awGrSm 'Say Hello' eJU 'Exit' vdkU jyifvdkufyg/ yHk(5)/
yHk(5)
'gqdk F12 udkESdyfjyD; uRefawmfwdkUzefwD;xm;wJh dialog box udk uk'ftaeeJU MunfhvdkufMu&atmif/
;This Resource Script was generated by WinAsm Studio.
#define IDD_DLG1001 1001
#define IDC_EDIT1002 1002
#define IDC_BUTTON1003 1003
#define IDC_BUTTON1004 1004
IDD_DLG1001 DIALOGEX 0,0,170,72
CAPTION "Simple Dialog Box Program"
FONT 8,"MS Sans Serif"
STYLE 0x10cc0000
EXSTYLE 0x00000000
BEGIN
CONTROL "",IDC_EDIT1002,"Edit",0x50010080,10,9,121,19,0x00000200
CONTROL "Say Hello",IDC_BUTTON1003,"Button",0x50010000,17,46,51,16,0x00000000
CONTROL "Exit",IDC_BUTTON1004,"Button",0x50010000,102,46,50,16,0x00000000
END
uRefawmfwdkUtaeeJU Dialog Box template eJUywfoufwJhuk'fawGudk a&;EdkifatmifvdkU dialogbox?
editbox? button wdkUeJUywfoufwJh trnfawGeJU control ID awGudk odxm;zdkU vdkygw,f/ 'gudk resource
script &JU tay:yxrqHk; 4aMumif;rSm awGUEdkifygw,f/ jyD;&if dialogbox.asm udka&G;jyD; atmufyguk'fawGudk
&dkufxnfhvdkufyg/
option casemap:none
include WINDOWS.INC
include user32.inc
include kernel32.inc
includelib USER32.LIB
includelib KERNEL32.LIB
DlgProc proto :DWORD,:DWORD,:DWORD,:DWORD
.data
Message db "Hello World", 0
.data?
hInstance HINSTANCE ?
.code
start:
invoke GetModuleHandle, NULL
mov hInstance, eax
invoke DialogBoxParam, hInstance, 1001, NULL, addr DlgProc, NULL
invoke ExitProcess, eax
⊕ DlgProc proc hWnd: HWND, uMsg: UINT, wParam: WPARAM, lParam: LPARAM
.if uMsg = = WM_COMMAND
mov eax, wParam
.if eax = = 1003
invoke SetDlgItemText, hWnd, 1002, ADDR Message
.elseif eax = = 1004
invoke SendMessage, hWnd, WM_CLOSE, 0, 0
.endif
.elseif uMsg = = WM_CLOSE
invoke EndDialog, hWnd, 0
.endif
xor eax, eax
Ret
DlgProc EndP
end start
yHk(6)
'Duk'fawGudk exe zdkiftjzpfajymif;vdkuf&if yHk(7)twdkif; awGU&rSmyg/
yHk(7)
(12) Keygen y&dk*&rf a&;om;jcif;
'Doifcef;pmuawmh cracker awGtwGuf tvGefta&;MuD;ygw,f/ bmaMumifhvJqdkawmh cracker awG
twGuf keygen [m r&Sdrjzpf toHk;vdkvdkUyg/ Keygen &SdrSom rdrdESpfouf&m oHk;pGJoltrnfeJUoufqdkifwJh
registration uk'fudk xkwfay;EdkifvdkUyg/ erlem keygen tcsdKUudk Munfhyg/ yHk(8)/
yHk(8)
aumif;jyD? keygen udk pa&;MunfhvdkufMu&atmif/ WinAsm Studio udkzGifhvdkufjyD; atmufygyHktwdkif;
jrif&atmif vkyfvdkufyg/ yHk(9)/ Edit control ESpfck? static text ESpfck? button oHk;ck &Sd&ygr,f/
yHk(9)
Static text ESpfckudk SS_CENTERIMAGE vdkU ajymif;ay;jyD; Serial editbox udk
ES_READONLY vdkU ajymif;yg/ Dialogbox udkawmh DS_CENTER vdkU ajymif;jyD; keygen.rc udk odr;f
qnf;yg/ jyD;&ifawmh keygen.asm rSm uk'fawGudk atmufygtwdkif; &dkufxnfhyg/ Main body rSm &dkufxnfh&rSm
uawmh -0001

0001 .386
0002 .model flat, stdcall
0003 option casemap:none
0004 include windows.inc
0005 include kernel32.inc
0006 include user32.inc
0007 includelib kernel32.lib
0008 includelib user32.lib
0009
0010 DlgProc proto :DWORD,:DWORD,:DWORD,:DWORD
0011
0012 .data?
0013 hInstance HINSTANCE ?
0014 NameBuffer db 32 dup(?)
0015 SerialBuffer db 32 dup(?)
0016
0017 .const
0018 IDD_KEYGEN equ 1001
0019 IDC_NAME equ 1002
0020 IDC_SERIAL equ 1003
0021 IDC_GENERATE equ 1004
0022 IDC_COPY equ 1005
0023 IDC_EXIT equ 1006
0024 ARIcon equ 2001
0025
0026 .code
0027 start:
0028 invoke GetModuleHandle, NULL
0029 mov hInstance, eax
0030 invoke DialogBoxParam, hInstance, IDD_KEYGEN, NULL, addr DlgProc, NULL
0031 invoke ExitProcess, eax
yHk(10)
'Dhaemuf uyfvdkufvmrSmuawmh Dialog procedure yJjzpfygw,f/
0033 DlgProc proc hWnd:HWND, uMsg:UINT, wParam:WPARAM, lParam:LPARAM
0034 .if uMsg == WM_INITDIALOG
0035 invoke LoadIcon, hInstance, ARIcon
0036 invoke SendMessage, hWnd, WM_SETICON, 1, eax
0037 invoke GetDlgItem, hWnd, IDC_NAME
0038 invoke SetFocus, eax
00399 .elseif uMsg == WM_COMMAND
0040 mov eax, wParam
0041 .if eax == IDC_GENERATE
0042 invoke GetDlgItemText, hWnd, IDC_NAME, addr NameBuffer, 32
0043 call Generate
0044 invoke SetDlgItemText, hWnd, IDC_SERIAL, addr SerialBuffer
0045 .elseif eax == IDC_COPY
0046 invoke SendDlgItemMessage, hWnd, IDC_SERIAL, EM_SETSEL, 0, ‐1
0047 invoke SendDlgItemMessage, hWnd, IDC_SERIAL, WM_COPY, 0, 0
0048 .elseif eax == IDC_EXIT
0049 invoke SendMessage, hWnd, WM_CLOSE, 0, 0
0050 .endif
0051 .elseif uMsg == WM_CLOSE
0052 invoke EndDialog, hWnd, 0
0053 .endif
0054 xor eax, eax
0055 Ret
0056 DlgProc EndP
yHk(11)
jyD;&ifawmh serial number udk xkwfay;r,fh Generate procedure udk a&;&ygr,f/
0058 Generate proc
0059 invoke lstrlen, addr NameBuffer
0060 test eax, eax
0061 jle NOINPUT
0062 mov ecx, eax
0063 mov esi, offset NameBuffer
0064 mov edi, offset SerialBuffer
00655 @@:
0066 dec ecx
0067 mov dl, BYTE ptr [esi+ecx]
0068 mov BYTE ptr[edi], dl
0069 inc edi
0070 or ecx, ecx
0071 ja @b
0072 NOINPUT:
0073 Ret
0074 Generate EndP
0075 end start
yHk(12)
ckcsdefupjyD; yHk(10^11^12)rSm jyxm;wJhuk'fawGudk avhvmMunfhygr,f/
- pmaMumif;a& 14eJU 15rSmawGU&wmuawmh uninitialized string awGjzpfjyD; y&dk*&rfoHk;pGJolu &dkufxnfhwJh
trnfeJU wGufcsuf&&Sdvmr,fh serial udk odrf;zdkU jzpfygw,f/
- Generate function uawmh OyrmtaeeJU jyxm;wJh routine wpfckyg/ Name editbox rSm &dkufxnfhvdkufwJh
pmom;udk ajymif;jyefjyefpDay;wmyg/ lstrlen uawmh Name editbox rSm pmvHk;b,fESpfvHk;&dkufxnfhovJqdkwm
ppfygw,f/ &dkufxnfhvdkufwJh pmom;awGudk NameBuffer rSmxm;jyD; pmvHk;ta&twGufudkawmh EAX rSmxnfh
ygw,f/ wu,fvdkUbmpmvHk;rS r&dkufxnfhcJh&ifawmh NOINPUT qDa&mufoGm;rSmyg/
- wu,fvdkU &dkufxnfhvdkufwJhpmvHk;ta&twGuf[m oknxufMuD;cJh&ifawmh EAX xJupmvHk;ta&twGufudk
mov instruction oHk;jyD; ECX xJxnfhrSm jzpfygw,f/ ECX [m pmvHk;awGudk a&wGuf&mrSm oHk;ygw,f/
NameBuffer eJU SerialBuffer wdkU&JU rSwfOmPf address awGudkawmh ESI eJU EDI qDrSm odrf;ygw,f/ 'D
register ESpfckudkawmh string awGudk udkifwG,fwJhtcg source eJU destination udk nTef;zdkUtwGuf toHk;jyKyg
w,f/
- @@ uawmh trnfrJh label udk aMunm&mrSmoHk;ygw,f/ Routine t&SnfMuD;awGrSmawmh ESpfouf&m label
trsdK;rsdK;udk toHk;jyKMuayr,fh jump tao;pm;av;awGeJU loop tao;pm;av;awGtwGufudkawmh label trnf
odyfrwyfMuygbl;/ wu,fvdkU label ae&mrSm @f vdkUwyf&if teD;pyfqHk;a&SU label qDa&mufrSmjzpfjyD; @b
qdk&ifawmh teD;pyfqHk; label qDaemufjyefqkwfrSm jzpfygw,f/
- String udk ajymif;jyefvkyfay;wJh routine av;&JU tvkyfvkyfyHkuawmh 'Dvdkyg/ yxrqHk; counter jzpfwJh ECX
udk wpfEIwfvdkufygw,f/ 'gaMumifhvJ aemufqHk;tMudrf loop rSm wpftpm; okneJUtqHk;owfwmyg/ (qdkvdkwm
u? wu,fvdkU Name string &JUpmvHk;ta&twGuf[m ajcmufvHk;&Sdr,fqdk&if ECX [mcsufcsif;yJ 5 jzpfoGm;jyD;
5 uae okntxd routine [m ajcmufMudrfwdwd tvkyfvkyf(EIwf) oGm;rSmyg/) ESI rSmawmh NameBuffer &JU
yxrpmvHk;&JU address ygvmrSmjzpfjyD; ECX=0 jzpfcsdefrSmawmh ESI+ECX [m yxrpmvHk;udknTefrSmjzpfjyD;
ECX=5 jzpfcsdefrSmawmh ESI+ECX [m aemufqHk;pmvHk;udk nTefrSmyg/ yxr mov instruction uawmh
NameBuffer xJrSm&SdwJhaemufqHk;pmvHk;udk EDX register &JU aemufydkif;jzpfwJh DL xJudk ul;xnfhvdkufygw,f/
'kwd, mov instruction uawmh &&SdvmwJh 'DpmvHk;udk SerialBuffer &JU yxrpmvHk;ae&mxJudk ul;xnfhyg
w,f/ (EDI rSm odrf;wmyg/) 'DvdkeJU pmvHk;awGudk ajymif;jyefvSnfhjyD; xnfhvm&mrSm ECX [m oknra&mufcif
txd logical OR udk aqmif&GufjyD; zero flag udkowfrSwfygw,f/ Zero flag rjzpf&ifawmh @@ udka&muf
oGm;jyD; routine udk xyfvkyfrSmjzpfygw,f/
- 'guawmh &dk;&Sif;vSwJh a&;enf;yg/ oifhtaeeJU API function awGudkoHk;jyD; jyD;jynfhpHkwJh routine awGa&;
om;Edkifygw,f/
jyD;awmh uRefawmfwdkU&JU keygen y&dk*&rfxJudk "mwfyHkawG^toHawGxnfhMunfhEdkifygw,f/
tcef;(4) - aqmhzf0Jvf protection
(þoifcef;pmudk a&;om;&mwGif y&dk*&rfrmwpfa,muf tjrifjzifh a&;om;xm;jcif;om jzpfonf/ y&dk*&rfrmrsm;
u ¤if;wdkU\aqmhzf0Jvfudk rnfonfhenf;rsm;jzifh protect vkyfxm;onfudk aqG;aEG;jcif;jzpfygonf/ rnfodkU
crack vkyf&rnfudk þtcef;wGif vHk;0aqG;aEG;rnf r[kwfyg/)
'Dwpfcgoifcef;pmuawmh crack vkyf&mrSm rjzpfraeMuHKawGU&r,fh aqmhzf0Jvf protection taMumif;
jzpfygw,f/ oifem;vnfxm;&rSmu z,f&Sm;vdkUr&wJh^z,f&Sm;zdkUrjzpfEdkifwJh protection qdkwm r&Sdao;bl;qdkwJh
tcsufudkyg/ (pum;csyf/ / wpfcgu rdkbdkif;aqmhzf0Jvfa&mif;csjcif; pme,fZif;&Sif;vif;yGJwpfckrSm jrefrmy&dk*&rf
rmwpfa,mufu olwdkUaqmhzf0Jvfudk b,fvdkrS crack vkyfvdkUr&EdkifwJhtaMumif; &Sif;jyzl;ygw,f/ urÇmUtawmf
qHk; cracker wpfOD;jzpfwJh lena151 uawmh b,fvdkrS crack vkyfzdkUrjzpfEdkifwJh aqmhzf0Jvfwpfckudk ola&;zl;
aMumif;? 'gayr,fh oludk,fwdkifyif jyefjyD; crack vkyfEdkifaMumif; 0efcHcJhzl;ygw,f)/
'Dtcef;rSm oHk;EHI;r,fh protection qdkwm pack vkyfjyD; protect vkyfwmudk ajymcsifwm r[kwfygbl;/
(pack vkyfjyD; protect vkyfwJhenf;udkawmh ]Packer (Protector) rsm;} tcef;a&mufrS aqG;aEG;rSm jzpfygw,f/)
0g&ifhy&dk*&rfrmawGuvGJvdkU usefy&dk*&rfrm awmfawmfrsm;rsm;[m olwdkU&JU aqmhzf0JvfawGudk protection vkyf
xm;&mrSm tm;enf;rI? csdKU,Gif;csufav;awG &SdMuygw,f/ Protection udk rSefuefpGm a&;om;jcif; rjyKcJhEdkif&if
olwdkU&JUy&dk*&rfawGrSm jyoemay:vmrSm aMumufwJhtwGuf protection ydkif;ukd cufcJeufeJatmif ra&;Muygbl;/
(Oyrm - My Driver 3.11 qdk&if registration uk'fudk rSefuefpGm &dkufxnfhayr,fhvJ registration vkyfaqmif
csuf[m cPom atmifjrifygw,f/ 0,foHk;oludk,fwdkifyif tMudrfMudrf register vkyfae&ygw,f/) 'gaMumifhrdkU
olwdkU&JU y&dk*&rfawGudk vG,fulpGmyif protect vkyfxm;jyD; tcsdKUqdk protection rvkyfxm;oavmuf &Sdygw,f/
(jrefrmEdkifiHu aqmhzf0JvfawGrSmqdk protect vkyfxm;wm vufcsdK;a&wGufvdkU&ygw,f/)
Protection trsdK;tpm;awGtaMumif; odrSom crack vkyfwm vG,fulatmifjrifrSmyg/ EdkifiHwumrSm
y&dk*&rfrmawG t"dutoHk;jyKaeMuwJh aqmhzf0Jvf protection trsdK;tpm; 4rsdK;&Sdygw,f/ tJ'gawGuawmh-
(1) Registration number rsm;toHk;jyKjcif;
(2) tcsdef? tMudrfuefUowfcsufxm;jcif;
(3) Key zdkifrsm; toHk;jyKjcif;
(4) Hardware key (Dongle) rsm;toHk;jyKjcif; wdkYjzpfygw,f/
(1) Registration number rsm;toHk;jyKjcif;
Registration number rsm;toHk;jyKjcif;eJU ywfoufjyD; (5)rsdK; xyfjyD;cGJjcm;Edkifygw,f/
(1.1) Registration number tm; rlaoxm;jcif;?
(1.2) Registration number onf xnfhoGif;aoma'wmay:rlwnfí ajymif;vJjcif;?
(1.3) Registration number onf oHk;pGJol\ uGefysLwmay:rlwnfí ajymif;vJjcif;?
(1.4) Registration number udk Visual Basic odkUr[kwf Delphi y&dk*&rfrsm;jzifh jyKvkyfMujcif;?
(1.5) Registration number udk tGefvdkif;wGif ppfaq;jcif;wdkU jzpfygw,f/
(1.1) Registration number tm; rlaoxm;jcif;?
'Denf;udktoHk;jyKxm;wJh y&dk*&rfqdk&if oHk;pGJolwpfOD;[m registration number udk &dkufxnfhzdkU
vdkygw,f/ Registration number udk rlaoxm;wmaMumifh reversing vkyfwJholwpfa,muf[m registration
number udk debug vkyfjyD; tvG,fwul &SmazGawGU&SdEdkifygw,f/ yHk(1)/
yHk(1)
'Denf;udktoHk;jyKjcif;&JU tusdK;aus;Zl;wpfckuawmh tjcm;enf;awGudk toHk;jyKwmxufpm&if xnfhvdkuf
wJha'wmawGudk memory rSm rodrf;qnf;bJ tjcm;enf;awGeJU XOR vkyfjcif; (odkUr[kwf) jyefvnfwGufcsuf
jcif; jyKvkyfygvdrfhr,f/ rSefuefwJh registration number udk jyefvnfwGufcsufjyD; &&SdvmwJh&v'fawGudk
jyefvnfEdIif;,SOfygvdrfhr,f/ wu,fawmh oif[m registration number rSefudk &v'fawGuae jyefvnf&&SdzdkY
cufcJatmifjyKvkyfjcif;jzifh cracker awG em;vnfzdkYrvG,fulwJh &IyfaxG;vSwJh wGufcsufrIawGudk ydkrdkjyKvkyf&yg
r,f/
(1.2) Registration number onf xnfhoGif;aoma'wmay:rlwnfí ajymif;vJjcif;?
'Denf;uawmh rMumcPtoHk;jyKavh&SdMuwJhenf;yg/ 'Denf;rSmawmh registration number udk r&dkuf
xnfhcif trnf (odkY) ukrÜPDtrnf (odkU) tjcm;tcsuftvufawGudk t&ifjznfh&rSmyg/ jznfhoGif;vdkufwJh a'wm
awGay:rlwnfjyD; registration number uajymif;vJaerSmyg/ yHk(2)/
yHk(2)
y&dk*&rfrm[m ydktawGUtMuHK? t&nftcsif;&Sdav cracker awGtwGuf protection udk zsufqD;zdkY
ydkrdkcufcJatmif vkyfEdkifavygyJ/ bmyJjzpfjzpf b,fvdk&IyfaxG;wJh wGufcsufrIenf;pepfawGoHk;oHk; cracker
awGtaeeJYuawmh rSefuefwJh registration number udk&&SdzdkU y&dk*&rfuk'fawGudk aemufa,mifcHMutkef;rSmygyJ/
(1.3) Registration number onf oHk;pGJol\ uGefysLwmay:rlwnfí ajymif;vJjcif;?
'Denf;uawmh cracker awGtwGuf rtDromjzpfapwJh trsdK;tpm;yg/ *&krxm;wJh cracker qdk&if
aMumifawmifaMumifoGm; Edkifavmufygw,f/ bmvdkYvJqdkawmh olwdkU[m olwdkUuGefysLwmrSm b,fvdkyJ register
vkyfvkyf vkyfvdkYr&vdkUyg/ bmaMumifhvJqdkawmh registration number [m (Oyrm - hard drive &JY serial
number ay:rlwnfjyD;) ajymif;vJaevdkYyg/ yHk(3)/ (ta&;tMuD;qHk;u registration number udk owdxm;jyD;
azsmufxm;zdkYyg/ wu,fvdkY registration number udk awGYoGm;vdkU&Sd&if vG,fvifhwul rlaoeHygwfajymif;jyD;
y&dk*&rfudk b,fpufrSmrqdk wlnDwJh registration number eJU register vkyfEdkifvdkYyg/)
yHk(3)
(1.4) Registration number udk Visual basic odkUr[kwf Delphi y&dk*&rfrsm;jzifh jyKvkyfMujcif;
Visual Basic (VB) rSma&;xm;wJh registration number udk crack vkyf&wm[m rvG,fulvSygbl;/
bmvdkUvJqdkawmh y&dk*&rf bmompum;udk,fwdkifudku high level jzpfaevdkUygyJ/ uRefawmfwdkUtaeeJU crack
vkyfzdkUtwGuf debugger (disassembler) awGudk oHk;&wmjzpfwJhtwGuf high level jzpfvmavav
debugger u assembly uk'ftjzpfajymif;ay;&wm cufavavygyJ/ 'gaMumifh VB eJUa&;xm;wJh y&dk*&rfawG
udk debugger awGu bmomjyefay;jyD; xGufvmwJh assembly uk'f[m vlopfwef; cracker awG em;vnfzdkU
cufcJvSygw,f/
VB y&dk*&rfawGudk 'Dvdktkyfpk (3)pk cGJjcm;Edkifygw,f/
(1.4.1) VB4?
(1.4.2) VB5 ESifhtxuf?
(1.4.3) VB5 ESifhtxuf? (packed code wGif compile vkyfxm;aom)
(1.4.1) VB4
oHk;pGJolawmfawmfrsm;rsm;twGuf rodomvSaomfvnf; VB4 [m y&dk*&rfawGxJrSmawmh pdwfcs&rI
tvGefenf;ygw,f/ tawGUtMuHK&SdwJh cracker taeeJUuawmh registration number udk 5rdepftwGif; &SmawGU
Edkifygw,f/ yHk(4)/ bmaMumifhvJqdkawmh VB4 y&dk*&rfawG[m rsm;aomtm;jzifh &dkufoGif;vdkufwJh registration
number eJU MudKwifowfrSwfxm;wJh registration number udk EdIif;,SOfzdkU vb40016.dll (odkU) vb40032.dll
zdkifudk toHk;jyKvdkUyg/
yHk(4)
(1.4.2) VB5 ESifhtxuf
VB5 eJU umuG,fxm;wJh y&dk*&rfudk crack vkyf&wm[m VB4 eJUEdIif;,SOf&if tawmfav;ydkcufvmyg
w,f/ Cracker awmfawmfrsm;rsm;[m VB5 udk debugger awGeJU debug vkyfzdkU odyfjyD;pdwfrygMuygbl;/
bmvdkUvJqdkawmh uk'fawG[m zwfzdkUeJU em;vnfEdkifzdkU cufvdkUyg/ jyD;awmh ajc&maumufzdkYvnf; cufvdkYyg/
y&dk*&rfawGudk crack vkyfzdkY olwdkY&JYenf;vrf;awGuawmh oHk;pGJolwpfOD;wnf;oHk;EdkifwJh registration number
udkomxkwfay;jcif; (keygen rsm; ra&;om;jcif;udk qdkvdkygonf/) eJU vlwdkif;rdrdESpfouf&m registration
number udk xnfhoGif;Edkifatmif y&dk*&rfuk'fudk jyKjyifrGrf;rHjcif;wdkUom jyKvkyfMuygonf/ tawmfqHk; cracker
awGuom keygen awGudk a&;om;Muygw,f/ Cracker awGMum;rSmawmh VB5 y&dk*&rfawG[m rausmfMum;
vSygbl;/ bmvdkYvJqdkawmh registration number generator awGa&;zdkU cufcJvdkUyg/
'gqdk&if EdkifiHwumu y&dk*&rfrmawG[m olwdkU&JU y&dk*&rfawGudk VB eJU bmvdkUra&;MuygovJ/
uRefawmf a&SUrSmwifjycJhwmu VB y&dk*&rfawGudk debugger awGeJU uk'fjyefazmfwJhenf;yg/ Debugger awGeJU
uk'fjyefazmf&wm[m tvGefcufcJvSwJhtwGuf 'DjyoemawGudk ajz&Sif;EdkifzdkU taumif;qHk;enf;awGukd cracker
awGu &SmazGawGU&SdvmMuygw,f/ 'Denf;uawmh Smart Check eJU VB Decompiler tool awG&JU tultnDeJU
uk'fawGudk jyefazmfMuvmwmyg/ 'DtcgrSm jyefazmfvdkU&wJhuk'f[m b,favmufxdawmif vG,fulvmovJqdk
awmh compile rvkyfcif rl&if; soucre uk'ftxdeD;eD;wlwJhuk'fudk &atmiftxd jyefazmfvmEdkifygw,f/ 'Dvdk tool
awGudkawmh debugger vdkU rac:a0:bJ decompiler vdkUom ac:a0:Muygw,f/ 'D tool awG[m VB6 txd
aumif;aumif; decompile vkyfEdkifygw,f/ 'D tool awG ay:csdefupjyD; VB eJUa&;om;aeMuwJhy&dk*&rfrmawG
'ku©a&mufukefMujyD; Microsoft uvJ VB bmompum;udk qufvuftqifhjrifha&mif;csjcif; r&Sdawmhygbl;/
'gaMumifhrdkU VB [m version 6 rSmyJ &yfwefUaecJh&ygw,f/ oleJUtwl a&mif;cscJhwJh Visual C++ uawmh
vuf&SdrSm version 8 txd xGuf&SdaejyD; toHk;trsm;qHk; jzpfaevsuf&Sdygw,f/
VB y&dk*&rfawGudk b,folrS ra&;MuawmhbJ bmaMumifh &Sif;jyaewmvJvdkU oifhtaeeJU xifaumif;
xifaeygvdrfhr,f/ EdkifiHwumrSm y&dk*&rfawG[m 2001ckESpfem;avmufrSm ed*Hk;csKyfoGm;cJhygw,f/ 'gayr,fh
jrefrmEdkifiHrSmawmh vuf&Sd 2009ckESpfxd aqmhzf0JvfawG&JU 50&mcdkifEIef;ausmfudk VB eJU a&;om;aeMuwkef;ygbJ/
'Davmufqdk em;vnfavmufjyD xifygw,f/
(1.5) Registration number udk tGefvdkif;wGif ppfaq;jcif;
tcsdKUy&dk*&rfawG[m registration number udk awmfwnfhrSefuefpGm toHk;jyKapzdkU aemufqHk;ay: enf;
ynmawGudk toHk;jyKvmMuygw,f/ Registration number udk &dkufoGif;vdkuf&if y&dk*&rfu tJ'gudk ppfaq;zdkU
twGuf tifwmeufuwqifh ydkYvdkufygw,f/ qmAmu tJ'Duk'f rSefrrSefudk prf;oyfjyD; taMumif;jyefygw,f/
y&dk*&rfuawmh rSefuefpGm register vkyfxm;jcif; &Sd^r&Sd ppfaq;ygw,f/ yHk(5)/ 'DvdktrsdK;tpm;awGeJU umuG,f
jcif;[m vG,fulvGef;vSwJhtwGuf tawGUtMuHK&SdwJh cracker awGuawmh tvG,fwul z,f&Sm;ypfEdkifygw,f/
yHk(5)
(2) tcsdef? tMudru f efUowfcsufxm;jcif;
tcsdefuefUowfcsuf&SdwJh y&dk*&rfawG[m oHk;pGJzdkUcGifhjyKxm;wJh umvausmfvGefjcif; &Sd^r&Sd ppfaq;yg
w,f/ 'Dvdkenf;eJUumuG,fwm[m odyfjyD;awmh xda&mufrIr&SdvSygbl;/ bmvdkYvJqdkawmh cracker wpfa,muf
[m tcsdefuefUowfcsufudk z,f&Sm;vdkuf&HkeJU y&kd*&rfudk vGwfvyfpGmtoHk;jyKEdkifvdkUyg/ yHk(6)/ Unregistered
version awGrSm oHk;pGJEdkifpGrf;yrmPudk uefUowfjcif;u ydkjyD; tqifajyygvdrfhr,f/ y&dk*&rf&JU vkyfaqmifEdkifpGrf;
tukefvHk;udk oHk;pGJcsif&ifawmh registered version udk 0,f,lapjcif;eJY oHk;pGJoludk zdtm;ay;EdkifrSmyg/
yHk(6)
tcsdefuefUowfcsufudk enf;rsdK;pHkeJY a&;om;avh&SdMuygw,f/ jzpfEdkifwmawGuawmh-
(2.1) rSefuefaom registration number xnfhjcif;jzifh tcsdefuefUowfcsufudk z,f&Sm;jcif;?
(2.2) Registration zdkifxnfhjcif;jzifh tcsdefuefUowfcsufudk z,f&Sm;jcif;?
(2.3) tcsdefuefUowfcsufudk z,f&Sm;jcif;jzifh full version udk roHk;pGJEdkifjcif;? (0,f,lrSom tjynfht0 oHk;pGJEdkif
jcif;)
(2.4) tcsdefuefUowfcsufudk Visual Basic jzifha&;om;jcif;?
(2.5) oHk;pGJrIuefUowfcsufudk oHk;pGJonfhtMudrfta&twGufESifhom owfrSwfjcif;/
(2.1) rSefuefaom registration number xnfhjcif;jzifh tcsdefuefUowfcsufudk z,f&Sm;jcif;?
'Denf;[m registration number enf;eJU twlwlygyJ/ rSefuefwJh registration number udk xnfhay;
vdkuf&HkeJY tcsdefuefUowfcsufudk z,f&Sm;ay;EdkifrSmyg/ yHk(7)/ uGJjym;wmwpfckuawmh rSefuefwJh registration
number rxnfhoGif;Edkif&if cGifhjyKxm;wJh tcsdefumvausmfomG ;wJhtcg y&dk*&rfudk vHk;0oHk;pGJvdkY r&atmif jyKvkyf
vdkufwmygyJ/
owdjyK&rSmuawmh 'Dvdky&dk*&rfudk a&;om;r,fqdk&if yxrqHk; y&dk*&rfudk pwifoHk;pGJwJYaeUudk registry
(odkUr[kwf) zdkifwpfzdkifrSm taotcsmrSwfxm;zdkYygyJ/ 'DvdkrSr[kwf&ifawmh oHk;pGJolu olUuGefysLwm&JU &ufpGJudk
aemufqkwfvdkuf&HkeJU uefUowfcsufudk ausmfvTm;oGm;ygvdrfhr,f/
yHk(7)
(2.2) Registration zdkifxnfhjcif;jzifh tcsdefuefUowfcsufudk z,f&Sm;jcif;?
'Denf;uawmh odyfoHk;avhoHk;xr&SdwJh tHhtm;oifhp&menf;yg/ pOf;pm;oifhwJhtcsufuawmh registrati-
on zdkifudk tifwmeufuae rydkYrdzdkYygyJ/ Cracker awG[m tcsdefuefUowfcsufudk a&;xm;wJh routine udk t"d
uxm;&SmazGygvdrfhr,f/ 'gaMumifh oif[m 'D&efuumuG,fEdkifatmif routine udk vHkjcHKrI&Sdatmif aqmif&Guf
&ygr,f/ Cracker wpfa,muf[m rSefuefwJh registration zdkifudk zefwD;cJygw,f/ yHk(8)/ bmvdkUvJqdkawmh
'DvdkvkyfzdkU tawmfav;cufvdkYyg/ olUtwGufydkvG,fwmu y&dk*&rfxJrSmygwJh tcsdefuefUowfcsuf routine udk
z,f&Sm;jcif;yJ jzpfygw,f/
<IDA Pro key file v5.1>

rhythm, 1 user, professional edition, 3/2009
#d@*â€RA®ÉÓ™j±Ê¦§-°ČkyĆ0-ă
yHk(8)
y&dk*&rfa&;om;wJhtcgrSm registration zdkifudk y&dk*&rf&JU directory atmufrSm &Sd^r&SdeJU zdkifxJrSm
rSefuefwJh a'wmawG yg^ryg ppfaq;wJh function awG ra&;rdygapygeJU/
(2.3) tcsdefuefUowfcsufudk z,f&Sm;&Hkjzifh full version udk roHk;pGJEdkifjcif;? (0,f,rl Som tjynfht0 oHk;pGJEdkif
jcif;)
Demo version y&dk*&rfawGuawmh 'Denf;udk toHk;rsm;ygw,f/ 'Dvdky&dk*&rfawGrSmqdk registration
number &dkufxnfhvdkYr&ygbl;/ oufwrf;ukefoGm;&if y&dk*&rfudk vHk;0oHk;pGJvdkU r&awmhygbl;/ oHk;pGJcsif&if
y&dk*&rfudk rjzpfrae 0,f&ygawmhr,f/ yHk(9)/
yHk(9)
Cracker awGuawmh tcsdefuefUowfcsuf routine udk&SmjyD; y&dk*&rfuk'fukd wkduf&dkuf ausmfvdkufyg
w,f/ 'gaMumifh y&dk*&rf[m oufwrf;ukef^rukef ppfaq;raeawmhyJ olUvkyfjrJtvkyfudk vkyfygawmhw,f/
(2.4) tcsdeu f efUowfcsufudk Visual Basic jzifha&;om;jcif;?
'Denf;udk ckacwfrSm us,fjyefUpGm toHk;rjyKMuawmhygbl;/
(2.5) oHk;pGJrIuefUowfcsufudk oHk;pGJonfhtMudrfta&twGufESifhom owfrSwfjcif;/
'Denf;[m tjcm;tcsdefuefUowfcsufenf;awGeJU tajccHtm;jzifh twlwlygyJ/ 'gayr,fh olu oHk;pGJwJh
aeUudk a&wGufwJhtpm; oHk;pGJwJhtMudrfudkom a&wGufjcif;yg/ 'Dvdka&wGufjcif;u reverser awGudk
taESmifht,Sufawmfawmf ay;ygw,f/ bmvdkUvJqdkawmh y&dk*&rf[m &ufpGJudk pHkprf;aep&m rvdkawmhbJ
oHk;pGJwJhtMudrf ta&twGufudkom registry (odkU) zdkifwpfckckrSm odrf;qnf;&efvdkvdkYyg/
(3) Key zdkifrsm; toHk;jyKjcif;
'Denf;uawmh rsm;aomtm;jzifh key zdkifudk aqmhzf0Jvfudk install vkyfxm;wJh directory atmufrSm
xm;&Sdygw,f/ y&dk*&rf[m 'DzdkifxJrSmygwJh taMumif;t&mawGudk zwf&Ippfaq;ygw,f/ wu,fvdkUom key
zdkif[m rSefuefcJhr,fqdk&if y&dk*&rf[m registered version tjzpf aqmif&Gufygw,f/ wu,fvdkUom key
zdkif[m aysmufysuf^rSm;,Gif;aer,fqdk&if y&dk*&rf[m unregistered version uJhodkUaqmif&Gufjcif; (odkU) vHk;0
tvkyfrvkyfbJ aeygvdrfhr,f/ key zdkifxJrSm oHk;pGJoleJU ywfoufwJh tcsuftvufawG? 0SufpmawGyg0ifaumif;
ygaeygvdrfhr,f/
'DvdktrsdK;tpm;udk (2)ydkif;cGJjyD;avhvmEdkifygw,f-
(3.1) rSefuefaomzdkifudk toHk;rjyKygu tcsdKUaomt*Fg&yfrsm;udk toHk;rjyKEdkifatmif wm;jrpfxm;jcif;?
(3.2) rSefuefaomzdkifudk toHk;rjyKygu y&dk*&rfudk tcsdefuefUowfcsuf xm;&Sdjcif;/
(3.1) rSefuefaomzdkifudk toHk;rjyKygu tcsdKUaomt*Fg&yfrsm;udk toHk;rjyKEdkifatmif wm;jrpfxm;jcif;
'Denf;uawmh tvGefaumif;wJhenf;yg/ Cracker awGuawmh 'Denf;udk rMudKufMuygbl;/ 'gayr,fhvJ
tjcm;enf;awGvdkyJ 'Denf;[mvJ z,f&Sm;cHEdkif&ygw,f/ 'Denf;rSmawmh rSefuefwJh key zdkifudk toHk;rjyK&if tcsdKU
t*Fg&yfawGudk toHk;rjyKEdkifatmif wm;jrpfxm;ygw,f/ qdk;wmu 'Denf;rSm y&dk*&rf[m key zdkifudk vdkuf&SmjyD;
rSefuefrI&Sd^r&Sd vdkufppfwmyJjzpfw,f/ yHk(10)/ 'gaMumifh cracker [m 'D routine udk vdkuf&SmvdkufjyD; y&dk*&rf
udkvSnfhpm;jcif; (odkU) registration zdkif&JU wnfaqmufyHkudk routine xJrSm avQmhcsvdkufygw,f/
yHk(10)
wu,fvdkY oif[m 'Denf;udk toHk;jyKr,fqdk&if registration zdkifudk encode vkyfzdkYvdkygw,f/ 'grSom
reverser [m registration zdkifudk vG,fvifhwul rzefwD;EdkifrSm jzpfygw,f/
(3.2) rSefuefaomzdkifudk toHk;rjyKygu y&dk*&rfudk tcsdefuefUowfcsuf xm;&Sdjcif;/
Antivirus ukrÜPDtrsm;pkuawmh 'Denf;udk toHk;jyKMuygw,f/ rSefuefwJh registration zdkifudk
toHk;rjyKygu y&dk*&rf[m unregistered jzpfjyD; tcsdefuefUowfcsuf &SdrSmjzpfygw,f/
(4) Hardware key (Dongle) rsm;toHk;jyKjcif;
Hardware key awGeJU umuG,fjcif;[m tjcm;enf;vrf;wpfckjzpfjyD; toHk;vJenf;vSygw,f/ cdk;ul;
wmudk umuG,fwJhypönf;jzpfwJh dongle udk uGefysLwm&JY I/O aygufrSm wyfqifjyD; toHk;jyKr,fh y&dk*&rfudkvJ
run xm;&ygr,f/
olUrSmawmh umuG,fjcif; (2)rsdK; &Sdygw,f/
(4.1) Hardware key rygbJ y&dk*&rfudk rpwifEdkifjcif;?
(4.2) y&dk*&rf\ vkyfaqmifcsuftcsdKUudk hardware key rygvQif toHk;jyKcGifh ray;jcif;/
HASP eJU Sentinel uawmh toHk;rsm;qHk; hardware key awGyg/ taumif;qHk;awGvdkUvJ ajymvdkU
&ygw,f/
(4.1) Hardware key rygbJ y&dk*&rfudk rpwifEdkifjcif;?
tcsdKU hardware key awGuawmh awmfawmf&dk;&Sif;ygw,f/ y&dk*&rfu a'wmudk hardware key
wyfxm;wJh port qD ydkUvdkufygw,f/ jyD;awmh taMumif;jyefwmudk apmifhygw,f/ wu,fvdkU bmrSrwHkUjyefcJhbl;
qdk&ifawmh error message ay:vmygvdrfhr,f/ yHk(11)/
ydkjyD;tqifhjrifhwJh hardware key awGuawmh ydkUvdkufwJh a'wmudk encode vkyfvdkufygw,f/
'grSr[kwf hardware key awGrSm EPROM awG ygvmEdkifygw,f/ jyD;&if hardware key awGrSm y&dk*&rf&JY
wpdwfwa'oudk yg0ifxnfhoGif; vmEdkifygw,f/ 'gqdk&if reverser awGrSm y&dk*&rf&SdcJh&ifawmif hardware
key r&SdvdkU protection udk rz,f&Sm;Edkifoavmuf eD;eD;yg/
yHk(11)
(4.2) y&dk*&rf\ vkyaf qmifcsuftcsdKUudk hardware key rygvQif toHk;jyKcGifh ray;jcif;/
'Denf;uawmh tvGef &dk;&Sif;ygw,f/ hardware key wyfxm;csdefrSm y&dk*&rfu tvkyfvkyfjyD; rwyf
xm;csdefrSm y&dk*&rf&JU tcsdKUvkyfaqmifrIawG tvkyfrvkyfygbl;/ bmvdkUvJqdkawmh y&dk*&rf&JY tcsdKUaomvkyf
aqmifcsufawGudk hardware key xJrSm wcgwnf; xnfhoGif;xm;vdkYyg/ 'Denf;uawmh tvGefyJ aumif;rGefvS
ygw,f/ Key awGtwGif;rSm rSwfOmPfxJ function awGudk decode vkyfzdkU uk'fawGawmif ygwwfygw,f/
Encoding uom aumif;aecJhr,fqdk&if protection udk key rygbJ z,f&Sm;zdkYqdkwm rjzpfEdkifygbl;/
HASP key
HASP key udk Aladdin Knowledge Systems rS xkwfvkyfygw,f/ yHk(12)/ HASP [m aqmhzf
0Jvfudk install vkyfcsdefrSm hardware key eJY csdwfqufvdkU&atmif olU&JUudk,fydkif driver awGudk install vkyfyg
w,f/
yHk(12)
Sentinel key
Rainbow Technology (www.rainbow.com) rS xkwfvkyfygw,f/ Sentinel [m HASP eJU
tvGefwlygw,f/ yHk(13)/
yHk(13)
tcef;(5) - Cracker wpfOD;twGuf vdktyfaom tool rsm;
Cracking vkyf&mrSm txl;wDxGifxkwfvkyfxm;wJh tool awGvdktyfygw,f/ 'D tool awG[m omreftm;
jzifhawmh uGefysKwmoHk;pGJolawmfawmfrsm;rsm;eJU &if;ESD;uRrf;0ifrSm r[kwfygbl;/ (aqmhzf0Jvfa&;om;ol awGawmif
tuRrf;0ifcsifrS 0ifEdkifrSm jzpfygw,f/) 'D tool awGudk tcrJhay;wm&Sdovdk? a&mif;cswmvJ&Sdygw,f/ (rsm;aom
tm;jzifh tcrJhay;avh&Sdygw,f/)/ 'D tool awGeJU &if;ESD;uRrf;0ifrSom xl;cRefwJh cracker aumif;wpfa,muf
jzpfvmrSm jzpfygw,f/ Tool awGudk atmufygtwdkif; 5rsdK;ydkif;jcm;jyD; aqG;aEG;rSm jzpfygw,f/ (rSwfcsuf/ /
azmfjyyg tool rsm;tm;vHk;onf Windows pepfoHk; OS rsm;twGufom jzpfygonf/ usef OS rsm;twGuf tool
rsm;udk csefvSyfxm;ygonf/)
(u) Disassemblers
(c) Decompilers
(*) Debuggers
(C) Hex Editors
(i) tjcm; tool rsm;
(u) Disassemblers
(1) Disassemblers qdkwmbmvJ/
Disassmebler qdkwm assembler &JU qefUusifzuf jzpfygw,f/ Assembler u assembly
bmompum;eJU a&;xm;wJhuk'fawGudk ESpfvDpepfoHk; machine uk'ftjzpfajymif;csdefrSm? disassembler uawmh
ESpfvDuk'fawGudk assembly uk'ftjzpf jyefzefwD;zdkU MudK;yrf;wmyg/
Assembly bmompum;awGrSm toHk;jyKwJh y&dkqufqmay:rlwnfjyD; rwlnDwJh instruction uk'fawG
&Sdygw,f/ Disassembly vkyfief;pOfuawmh &dk;&Sif;vSygw,f/ pmvHk;awGudkvdkufzwfjyD; oleJUudkufnDwJh uk'f
tjzpf bmomjyefay;ygw,f/ Oyrm 55 (1010101) qdk&if PUSH EBP qdkwJh instruction rSef; disassem-
bler uodygw,f/
Disassmebler awmfawmfrsm;rsm;uawmh assembly instruction udkxkwfay;&mrSm Intel (odkU) AT &
T (odkU) HLA taeeJU xkwfay;Edkifygw,f/
(2) Professional tool rsm;
IDA Pro
IDA Pro uawmh aps;MuD;vSwJh tool wpfckjzpfygw,f/ Cracker awGtwGuftvGefaumif;rGefwJh tool
wpfckjzpfjyD; yg0ifwJh feature awGuvJ tvGefrsm;jym;vSygw,f/ IDA Pro &JU Standard single-user edition
twGuf $439 usygw,f/ Download vkyfEdkifwJh link uawmh atmufygtwdkif;jzpfygw,f/
http://www.datarescue.com/idabase/
PE Explorer
PE Explorer uawmh toHk;jyK&wm? &SmazG&wm vG,fulrIudk t"duxm;ygw,f/ IDA Pro wdkUvdk
feature awGjynfhraeayr,fh $130 qdkwJhaps;EIef;uawmh oifhwifhygw,f/
http://www.heaventools.com
W32DASM
W32DASM uawmh Windows twGuf taumif;qHk; 16/32 bit disassembler jzpfygw,f/
http://members.cox.net/w32dasm/
(3) Freeware tool rsm;
IDA 3.7
IDA 3.7 uawmh DOS GUI tool jzpfjyD; IDA Pro vdkygyJ/ olU&JUuefUowfcsufuawmh Z80? 6502?
Intel 8051? Intel i860? PDP-11 eJU x86 intsruction xkwfay;wJhtydkif;rSmawmh 486 y&dkqufqmtxdyJ &yg
w,f/
http://www.simtel.net
IDA Pro Freeware 4.1
IDA Pro eD;eD;awmh pGrf;aqmifay;ygw,f/ 'gayr,fh Intel uxkwfwJh x86 y&dkqufqmawGtwGufyJ
assembly uk'fxkwfay;EdkifjyD; Windows rSmom tvkyfvkyfygw,f/ Disassemble instruction awGuawmh
2003rwdkifrDxGuf&SdwJh y&dkqufqmawGtwGufom jzpfygw,f/
http://www.themel.com
IDA Pro Freeware 4.3
xGufjyD;om; version awGxufawmh GUI aumif;vmygw,f/
http://www.datarescue.be
BORG Disassembler
BORG uawmh GUI eJUjzpfjyD; taumif;qHk; Win32 disassembler jzpfygw,f/
http://www.caesum.com
HT Editor
HT Editor uawmh Intel x86 instruction awGudk analyze vkyfwJh disassembler jzpfygw,f/
aemufqHk;xkwf version uawmh Windows rSm tvkyfvkyfEdkifwJh console GUI y&dk*&rfjzpfygw,f/
http://the.sourceforge.net
diStorm64
disStorm uawmh open-source jzpfjyD; 80x86 eJU AMD64 y&dkqufqmawGtwGuf jzpfygw,f/
http://ragestorm.net
(4) Disassembler ESiyhf wfoufonfhord w
S zf ,
G &f mrsm;
uk'fESifha'wmudk oD;jcm;jzpfapjcif;
a'wmeJU (uk'f)awG[m exe zdkifxJrSm binary a'wmtaeeJU odrf;qnf;xm;wmaMumifh 'Dae&mrSm
ar;cGef;xkwfzdkU jzpfvmygw,f/ Disassembler [m uk'fvm;? a'wmvm; b,fvdkajymEdkifygovJ/ zwfvdkufwJh
pmvHk;wpfvHk;[m variable wpfckvm;? 'grSr[kwf instruction wpfck&JU tpdwftydkif;jzpfygovm;/
wu,fvdkUom a'wmawGudk exe zdkif&JU .data section rSmyJxm;&if? uk'fawGudkvJ .code section
rSmyJxm;&if jyoemr&Sdygbl;/ a'wmawGudk .code section xJ wdkuf&dkufxnf;oGif;Edkifovkd (Oyrm... jump
address tables eJU constant strings)? exe uk'fawGudkvJ .data section xJrSm odrf;qnf;xm;Edkifygw,f/
(pepftopfawGrSmawmh 'Dudpöudk vHkjcHKa&;taMumif;jycsufeJU wm;qD;zdkU MudK;pm;aeygw,f/)
Disassembler awmfawmfrsm;rsm;uawmh oHk;pGJolawGudk uk'fjzpfap? a'wmjzpfap uk'f segment
awGudk ajymif;vJEdkifzdkU a&G;cs,fcGifhay;xm;ygw,f/ 'gayr,fhtcsdKU disassembler awGuawmh oD;jcm;jzpfapzdkU
tvkdtavsmufjyKvkyfygvdrfhr,f/
exe y&dk*&rfuae uk'feJUa'wmawGudk cGJjcm;jcif;&JU a,bl,sjyóemuawmh y&dk*&rf&yfwefUrIjyóem
eJU tvm;oP²mefwlygw,f/ tusdK;quftaeeJUuawmh disassembler [m y&dk*&rftm;vHk;twGuf uk'feJU
a'wmawGudk rSefuefpGm cGJjcm;ay;EdkifzdkUqdkwm rjzpfEdkifygbl;/ Rice &JUoDtdk&rft& y&dk*&rfawG&JU*kPfowådeJU
ywfoufjyD; pdwf0ifpm;p&maumif;wJh ar;cGef;tm;vHk;[m tqHk;tjzwfray;Edkifayr,fhvJ cracking ynm&yf[m
'DvdkoDtkd&Dydkif;qdkif&muefUowfcsufawGeJU jynfhESufaeygw,f/
tcsuftvufrsm; qHk;&HI;jcif;
y&dk*&rfudk compile vkyfcsdefrSm tcsuftvufawmfawmfrsm;rsm; aysmufqHk;ukefygw,f/ yHkrSeftm;jzifh C
uk'ftwGufqdk&if local variable trnfawG[m tzwfq,fr&atmif aysmufqHk;ukefygw,f/ Compilation udk
debug option eJUwGJjyD; vkyfr,fqdk&if function awG&JUtrnfawG? variable awG&JU trnfawG[m image
wpfckxJrSm &Sdaumif;&SdEdkifygw,f/ 'gayr,fhvJ 'DoauFwZ,m;awGudk stripping vdkUac:wJh process wpfcku
y,fzsufwm cH&Edkifygw,f/ taumif;pm; compiler uawmh jyefazmfay;Edkifaumif; ay;ygvdrhfr,f/ uk'fawG
xJu comment tm;vHk;udkawmh compiler u vspfvsL&Iygw,f/ 'gayr,fh olUae&meJUola&;xm;wJhuk'fawG?
inline function wpfcktjzpfa&;xm;wJhuk'fawG? C-preprocessor macro tjzpfa&;xm;wJhuk'fawGMum;u
uGJjym;jcm;em;rIudkawmh tqHk;tjzwfay;EdkifzdkU rjzpfEdkifygbl;/ udpöawmfawmfrsm;rsm;rSmawmh function (odkU)
variable awG&JU lexicographical scope udkqHk;jzwfzdkUqdkwm rjzpfEdkifygbl;/ wu,fvdkUom file1.c eJU file2.c
vkdUac:wJhzdkifESpfckudk twl compile vky?f link vkyfr,fqdk&if source zdkifawGMum;u delineation [m linking
tqifhrSmyJ aysmufuG,foGm;rSmyg/
(c) Decompilers
Disassembler eJU tvm;wlwJh decompiler awGuawmh exe uk'fawGudk high-level
bmompum;uk'ftaeeJU jyefxkwfay;wmjzpfygw,f/ rMumcPqdkovdkyJ high-level bmompum;[m C
jzpfaeygw,f/ bmaMumifhvJqdkawmh C [m decompilation vkyf&mrSm vG,fulacsmarGUapzdkU awmfawmfav;
&dk;&Sif;jyD; a&S;usvGef;ygw,f/ Decompilation vkyf&mrSmvJ olUtm;enf;csufeJUol jzpfygw,f/ bmaMumifhvJqdk
awmh compilation vkyfuwnf;uudk tcsuftvufawmfawmfrsm;rsm;[m aysmufqHk;oGm;vdkU jzpfygw,f/
'gawGudk decompilation u jyefjyD;azmfay;EdkifrSm r[kwfygbl;/ Decompilation enf;ynm[m rzGHjzdK;ao;
ygbl;/ 'gayr,fh &v'fuawmh aumif;aew,fvdkU ajym&rSmyg/
Decompilation vkyfEdkif^rvkyfEdkif
Compiler taumif;pm;awG ay:aewJhacwfrSm ]decompilation vkyfzdkU jzpfEdkifao;vm;} vdkU tar;cHcJh
&&if obm0usrSm r[kwfygbl;/ tajzuawmh rsm;aomtm;jzifh vkyfvdkU&w,fvdkU ajz&rSmjzpfygw,f/ bmyJ
ajymajym trSm;r&SdwJh taumif;qHk; decompiler uawmh ,aeUxdawmh ray:ao;bl;vdkU ajym&rSmjzpfygw,f/
vuf&Sd decompiler awGuawmh cracker awGtwGuf tultnD&&Hkoufoufavmufom &Sdygao;w,f/
Decompiler rsm;
DCC Decompiler
Dcc uawmh decompilation vkyf&mrSm taumif;qHk;jzpfayr,fh vuf&SdrSmawmh zdkiftao;pm;av;awG
udkyJ vufcHygw,f/
http://www.itee.uq.edu.au/~cristina/dcc.html
Boomerang Decompiler Project
Boomerang decompiler udkawmh tpGrf;xufwJh decompiler jzpfatmifjyKvkyfaejyD; ,cktxdawmh C
uk'ftaeeJUyJ decompile vkyfEdkifygao;w,f/
http://boomerang.sourceforge.net
Reverse Engineering Compiler
REC uawmh tpGrf;xufwJh decompiler jzpfjyD; assembly uk'fawGudk C yHkoP²mefuk'ftaeeJU
decompile vkyfay;ygw,f/ xGuf&SdvmwJhuk'f[m C eJU assembly ESpfrsdK;jzpfaejyD; assembly oufoufxuf
pm&ifawmh ydkjyD;zwf&wm tqifajyygw,f/
http://www.backerstreet.com/rec/rec.htm
ExeToC
ExeToC uawhm &v'faumif;awG&SdwJh decompiler wpfckjzpfygw,f/
http://sourceforge.net/projects/exetoc
code-dump
code-dump uawmh PowerPC (PPC) Objective-C decompiler jzpfygw,f/
http://sourceforge.net/projects/code-dump
(*) Debuggers
Debugger awGuawmh cracker awG&JU taumif;qHk;rdwfaqGjzpfjyD; oHk;pGJolawG[m y&dk*&rfuk'fawGudk
wpfqifhcsif; tvkyfvkyfEdkifatmif cGifhjyKygw,f/ jyD;awmh wefzdk;trsdK;rsdK;eJU vkyfaqmifcsuftrsdK;rsdK;wkdUudk ppfaq;
Edkifygw,f/
tqifhjrifh debugger awGrSmawmh rMumcPqdkovdkyJ tajccH disassembler wpfck? HEX uk'fawG
wnf;jzwfzdkUeJU assemble jyefvkyfzdkU t*Fg&yfawG tenf;qHk; yg0ifavh&Sdygw,f/ Debugger awG[m oHk;pGJol
awGudk instruction? function call eJU rSwfOmPfae&mawGrSm breakpoint owfrSwfvdkU&atmif vkyfay;ygw,f/
Windows Debugger rsm;
OllyDbg
OllyDbg uawhm tpGrf;xufwJh Windows debugger jzpfjyD; olUrSm disassembly eJU assembly
engine wcgwnf;yg0ifygw,f/ tvGefrsm;jym;wJh feature awGyg0ifjyD; wefzdk;uawmh tcrJhjzpfygw,f/
Patching? disassembling eJU debugging vkyfzdkUtwGuf tvGeftoHk;0ifvSygw,f/
http://www.ollydbg.de/
SoftICE
SoftICE udk local kernel debugging twGuf toHk;jyKEdkiygw,f/ 'g[m tvGef&Sm;yg;vSwJh feature
wpfckjzpfjyD; tvGefwefzdk;&SdvSygw,f/ SoftICE [m 2006? {jyDrSmawmh aps;uGufrSm t0,fvdkufygw,f/
WinDBG
WinDBG uawhm MicroSoft u tcrJhay;wJh aqmhzf0Jvftpdwftydkif;wpfckjzpfjyD; user-mode
debugging odkU remote kernel-mode debugging twGuf toHk;jyKEdkifygw,f/ WinDBG [m emrnfMuD;
Visual Studio Debugger eJU rwlayr,fh GUI aumif;aumif;eJU vmygw,f/ 32-bit eJU 64-bit version
awGtaeeJU xGuf&Sdygw,f/
http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx
IDA Pro
DataRescue uxkwfvkyfjyD; y&dkqufqmrsdK;pHk? OS rsdK;pHkrSm tvkyfvkyfEdkifygw,f/
http://www.datarescue.com
(C) Hex Editors
Hex editor awGuawmh cracking vkyf&mrSm emrnfMuD;wJh tool awGr[kwfayr,fh binary source file
awGudk Munfh&mrSm? wdkuf&dkufwnf;jzwf&mrSmawmh toHk;0ifvSygw,f/ Hex editor awG[m debugger?
decompiler? disassembler awGeJUrMunfhEdkifwJh png vdk? jpg vdk zdkiftrsdK;tpm;awGudk Munfh&mrSmawmh
tvGeftoHk;0ifygw,f/ awGtrsm;MuD;&Sdayr,fh toHk;trsm;qHk; awGudk azmfjyvdkufygw,f/
Windows Hex Editor rsm;
Cygnus Hex Editor FREE EDITION
tvGefjrefjyD; oHk;&vG,fulwJh jzpfygw,f/
http://www.softcircuits.com/cygnus/fe/
WinHex
zdkifeJU disk awGwnf;jzwfzdkU xkwfvkyfxm;wJh tool jzpfjyD; uGefysLwmrIcif;qdkif&meJU tcsuftvufjyef
vnf&SmazGa&;twGuf tqifhjrifhwJh pGrf;aqmif&nfrsm;ydkifqkdifygw,f/ (tpdk;&ydkif;qdkif&mESifh wyfrawmfwdkUwGif
vnf; toHk;jyKonf/)
http://www.x-ways.net/index-m.html
HexEdit
tpGrf;xufvSjyD; binary zdkifawGeJU disk awGudk wnf;jzwfEdkifygw,f/ Free version rSmawmh source
uk'fudk tcrJh&&SdEdkifjyD; shareware version vJ&Sdygw,f/
http://www.hexedit.com/
FlexHex
FAT32 zdkifawGxuf &IyfaxG;vSwJh NTFS zdkifawGtwGuf tjynfht0 toHk;jyKEdkifygw,f/ FlexHex
[m Sparse zdkifawGeJU b,f NTFS volume &JUzdkifawGeJU ywfoufwJh Alternate data stream udkvnf; vufcH
ygw,f/ OLE compound zdkifawG? flash card awGeJU tjcm; physical drive trsdK;tpm;awGtwGufvnf;
toHk;jyKEdkifygw,f/
http://www.heaventools.com/flexhex-hex-editor.htm
(i) tjcm; tool rsm;
'Dacgif;pOfatmufrSmawmh tool wpfckcsif;taMumif;udk tao;pdwf aqG;aEG;awmhrSm r[kwfygbl;/
SysInternals Tools
SysInternals uxkwfwJh tool awGrSm taumif;qHk; utility awGyg0ifjyD; olwdkUxJutrsm;pk[m
vHkjcHKa&;qdkif&muRrf;usifolawG? network administrator awGeJU cracker awGtwGuf tvGeftoHk;0ifvSyg
w,f/ txl;toHk;jyKoifhwJh utility awGuawmh Process Monitor? FileMon? TCPView? RegMon eJU
Process Explorer wdkU jzpfygw,f/
API Monitors
API monitor tool awGuawmh process (odkU) y&dk*&rfwpfck[m Win32 API &JU b,f function
awGudk ac:oHk;aew,fqdkwmudk apmifhMunfhay;wmyg/ 'gawG[m cracker awGtwGuf tvGefta&;ygvSygw,f/
Rohitab &JU API Monitor? Vitaly Evseenko &JU API Spy32? www.nektra.com &JU Spy Studio wdkUudk
toHk;jyKEdkifygw,f/
PE Tools
PE scanner uawmh udk,f debug vkyfcsifwJh exe y&dk*&rfudk b,fy&dk*&rfbmompum;eJU a&;xm;
w,f? b,f protector awGeJU umuG,fxm;w,fqdkwm ppfaq;ay;ygw,f/ 'ghtjyif tcsdKU tool awG[m PE
header udkvnf;wnf;jzwfEdkifygao;w,f/ PE tool awGuawmh Lord PE? PE Browse? PE Detective? PE
Disassembler? PE Explorer? PE Insight? PE Optimizer? PE Rebuilder? PE Tools? PE Viewer?
PEditor? PEiD? Stud PE? WPE eJU CFF Explorer wdkUjzpfygw,f/ toHk;trsm;qHk;uawmh Lord PE? PEiD
eJU CFF Explorer wdkUjzpfygw,f/
yHk(1) PEiD jzifh ppfaq;xm;yHk

Keygenning Tools
y&dk*&rfudk patch rvkyfbJ keygen yJa&;r,fqdk&if rdrdbmoma&;&wmrsm;ygw,f/ udk,fwdkif tptqHk;
ra&;csif&ifawmh olrsm;vkyfjyD;om; template ae&mrSm rdrduk'fudk xnfhjyD; keygen y&dk*&rfudk tvG,fwul
a&;om;Edkifygw,f/
NFO Editors
NFO editor awGuawmh patch (odkU) serial zdkifawGeJUtwl a&mxnfhay;zdkU .nfo zdkifzefwD;&mrSm
toHk;jyKygw,f/ .nfo zdkifawGrSm a&;om;avh&Sdwmuawmh cracker trnf? serial trSw?f craking team
trnf? crack zdkiftrsdK;tpm;wdkU jzpfygw,f/
Patch File Maker
Crack zdkifawGudk oHk;pGJolawGxHay;r,fhtpm; t&G,fao;i,fzdkUtwGuf cracker awG[m patch zdkifawG
udk udk,fwdkifa&;om;avh&Sdygw,f/ Patch file maker awG[m owfrSwfxm;wJh y&dk*&rf&JU offset ae&mudk
jyifqifjcif;? Windows registry &JU owfrSwfxm;wJh key udk jyifjcif;wdkUudk jyKvkyfygw,f/ toHk;trsm;qHk;
patch making tool awGuawmh uPPP eJU Diablo Universal Patcher (dUP) wdkUjzpfygw,f/ 'D tool awGeJU
oufqdkifwJh template awGudkawmh www.tuts4you.com rSm tcrJh download vkyfEdkifygw,f/
yHk(2) erlem patch zdkif
Resource Editors
Resource editor uawmh pmom;awG? &kyfyHkawGudk jyifzdkU&meJU resource topfawGudk xyfxnfh&mrSm
t"dutoHk;jyKygw,f/ toHk;trsm;qHk; resource editor awGuawmh Exe Scope? Resource Editor?
Resource Hacker? Restorator? Window Hack eJU XN Resource Editor wdkU jzpfygw,f/
yHk(3) System properties udk resource editor jzifh jyefjyifxm;yHk
Compilers
Compiler awGuawmh cracking qdkif&mjyoemawGajz&Sif;&mrSm toHk;jyKzdkU jzpfygw,f/ oifESpfouf&m
y&dk*&rfbmompum;ay:rlwnfjyD; compiler trsdK;tpm;uGJjym;oGm;ygvdrfhr,f/
Dictionary Files
Dictionary zdkifawGuawmh password awGudk jyefazmf&mrSm toHk;jyKzdkU jzpfygw,f/ pmvHk;pHkav
password jyef&Sm&mrSm ydkvG,favjzpfygw,f/
Password Recovery Tools
Password revovery tool awGudk password jyefazmf&mrSm toHk;0ifvSygw,f/ emrnfMuD; tool
awGuawmh Elcomsoft Password Recovery eJU Passware Kit Enterprise wdkUjzpfygw,f/ 'D tool awGudk
toHk;jyKjyD; e-mail? internet? MS Word? MS Excel? MS Access? MS Powerpoint? Windows
password tp&SdwmawGudk jyefvnfazmf,lEdkifygw,f/
csefvSyfxm;cJhaom Tool rsm;
wu,fawmh tao;pdwfr&Si;f jyyJ csefvSyfxm;cJhwJh tool awGtrsm;MuD; &Sdygw,f/ 'gawGuawmh Visual
Basic y&dk*&rfawGudk decompile vkyfwJhtcgtoHk;jyKwJh tool awGjzpfwJh SmartCheck eJU VB Decompiler?
Delphi y&dk*&rfawGtwGuf DeDe? Foxpro y&dk*&rfawGtwGuf UnFox All? Java y&dk*&rfawGtwGuf Java
Decompiler eJU DJ Java Decompiler? Flash (SWF) zdkifawGtwGuf Sothink SWF Decompiler? MSI
zdkifawGtwGuf MSI Unpacker? Dot.Net y&dk*&rfawGtwGuf Crack.NET ? DisSharp eJU RedGate
DotNet Reflector wdkUjzpfygw,f/ Packer/unpacker awGtaMumif;udkawmh ]Packer (protector) rsm;}
acgif;pOfatmufrSm aqG;aEG;rSm jzpfygw,f/
tcef;(6) - Olly Debugger rdwfquf
'Dtcef;rSm uRefawmfwdkUavhvmMu&rSmu cracking tool wpfckjzpfwJh OllyDbg taMumif;yg/
Cracker awGtwGufuawmh Oleh Yuschuk a&;om;wJh OllyDbg [m taumif;qHk; usermode debugger
yg/ olUrSm tvGeftpGrf;xufvSwJh disassembler ygvmygw,f/ tcsdKUaom beginner awG[m cracking
pwifvkyfaqmifzdkU MudK;yrf;MuwJhtcg Numega SoftICE vdk tvGef&IyfaxG;vSwJh tools awGeJU pwifMuwm
awGU&ygw,f/ ta&;MuD;wJh kernel-mode uk'fawGudk crack vkyfwmr[kwf&ifawmh OllyDbg &Sd&ifyJ
vHkavmufaeygjyD/ OllyDbg &JU tMuD;rm;qHk;pGrf;tm;uawmh uk'fawGudk cGJjcrf;pdwfjzmEdkifwJh olU&JUt*Fg&yfawG
ygyJ/ Oyrmajym&&if procedure &JU parameters awGeJU loops awGudk pdppfjcif;eJU constant? array? string
awGpHkprf;jcif;wdkUudk aumif;pGmvkyfay;Edkifygw,f/ 'Dvdk feature awGudk oleJUrsdK;wlwJhtjcm; debugger awGrSm
rawGUEdkifygbl;/ 'D debugger [m 80x86 EG,f0if y&dkqufqmtm;vHk;eJU tvkyfvkyfEdkifwJhtjyif awmfawmfrsm;
rsm;udkvnf; rSefuefpGm bmomjyefEdkifygw,f/ wu,fawmh Olly [m debugger tm;vHk;&JY taumif;qHk;
disassembly pGrf;aqmif&nfawG ydkifqdkifxm;w,f (IDA Pro debugger rSty) vdkU ajymr,fqkd&if vGefr,f
rxifygbl;/
Debugger Window
OllyDbg &JU t"dutusqHk; main window udk yHk(1)rSm jyxm;ygw,f/ 'ghtjyif main menu eJU
toolbar yg0ifygw,f/ Main window rSm informational pane 4ck yg0ifygw,f/ tJ'gawGuawmh
disassembler window (tay:b,f)? data window (atmufb,f)? registers window (tay:nm)?
stack window (atmufnm)/ 'ghtjyif tjcm; window awGvnf;&Sdygao;w,f/ toHk;jyKEdkifwJh windows
pm&if;udkawmh View menu rSm MunfhEdkifygw,f/ 'D windows awGxJu tcsdKUudkyJ &Sif;vif;azmfjyrSmjzpfjyD;
usefwJh[mawGudktoHk;jyKzdkU oifpdwf0ifpm;cJh&if udk,fwdkifyJ avhvmMunfhyg/
yHk(1)
Disassembler Window
Disassembler window rSm Address? Hex dump? Disassembly eJU Comment qdkjyD; aumfvH
4ck&Sdygw,f/ yHk(2)/
yHk(2)
Address — address aumfvH rSm memory ay:ul;wifr,fh command &JU virtual address yg0ifygw,f/
Column udk ESpfcsufEdSyfvdkuf&ifawmh address awGtpm; vuf&Sd address uae pwifa&wGufay;r,fh offset
awGtjzpf ajymif;vJoGm;rSm jzpfygw,f/ ($, $-2, $+4,… )
Hex dump — uk'faumfvHrSm uk'fawGudk operand wefzdk;taeeJY awGUjrif&ygvdrfhr,f/ 'ghjyif aumfvH[m
oifhtaeeJU y&dk*&rf&JUtvkyfvkyfyHkudk em;vnfapEdkifzdkU oauFwtrsdK;rsdK;udk jznfhpGrf;ay;ygw,f/ om"utm;
jzifh oauFwawG[m command awGudk b,fae&mudk jump (>) vkyf&r,f? jyD;awmh tay:âtmuf ( ˆ ? ˇ)
jump vkyfr,fqdkwm owfrSwfygw,f/ 'DaumfvHudk ESpc f sufEdSyfcJhr,fqdk&if yxraumfvHrSm&SdwJh address [m
teDa&mif highlight eJU jyaeygr,f/ qdkvdkwmu oifhtaeeJU tJ'D command (address) ae&mudk breakpoint
tjzpfowfrSwfvdkufwmygyJ/ 'Dae&ma&muf&if y&kd*&rftvkyfvkyfwm cP&yfay;ygvdkU cdkif;vdkufwmyg/
Disassembly — 'DaumfvHrSmawmh command twGuf Assembly &JU mnemonics awGyg0ifrSm jzpfyg
w,f/ Command udk ESpfcsufEdSyfcJhr,fqdk&if Assembly command udk wnf;jzwfEdkifzdkU window wpfck
ay:vmrSmjzpfygw,f/ tJ'Dae&mrSm oifhtaeeJU command udk MudKufovdk jyifqifEdkifygw,f/ jyifqifjyD;om;
command udkawmh rMumrD debug vkyf&mrSm toHk;jyKygvdrfhr,f/ 'Dhtjyif jyKjyifxm;wJh y&dk*&rfpmom; (uk'f)
awGudk executable module tjzpf ajymif;vJay;Edkifygw,f/ 'g[m tMuD;rm;qHk; tcGifhta&;wpf&yf jzpfyg
w,f/
Comment — 'DaumfvHrSmawmh command eJUywfoufwJh tjcm;tcsuftvufawG yg0ifygw,f/ 'Dae&mrSm
y&dk*&rf[m API functions eJU library functions awG&JU trnfawGudk pdppfygw,f/ 'DaumfvHudk ESpfcsufEdSyfcJh
r,fqdk&if oifhtaeeJU Assembly uk'f&JU vdkif;toD;oD;rSm&SdwJh comment awGrSm oifMudKufwmudk trSwft
om; vkyfEdkifygw,f/
The Data Window
'D window rSmawmh Address? Hex dump eJU ASCII (Unicode) qdkjyD; aumfvH 3ck ygygw,f/
'kwd,eJU wwd,aumfvHawGuawmh interpret vkyfwJhtcg ajymif;vJoGm;Edkifygw,f/ qdkvdkwmu cell xJrSm&SdwJh
pmom;awGudk Unicode tjzpfajymif;vJwJhtcg Hex dump aumfvHae&mrSm ASCII aumfvHa&muf&SdvmjyD;
Hex dump aumfvH aysmufoGm;rSmjzpfygw,f/ yHk(3)/
yHk(3)
The Registers Window
Registers window rSmawmh taxGaxGoHk; registers & FPU registers? taxGaxGoHk; registers &
MMX registers eJU taxGaxGoHk; registers & 3DNow registers qdkjyD; registers tkyfpk 3 pkyg0ifEdkifygw,f/
ESpfcsufEdSyfcJhr,fqdk&ifawmh oufqdkif&m register awGudk wnf;jzwfvdkU &ygw,f/ jrSm;awG tay:ESdyfcJh&if
registers window ajymif;vJaerSm jzpfygw,f/ yHk(4)/
yHk(4)
The Stack Window
Stack window uawmh stack xJrSm&SdwJht&mawGudk jyygw,f/ yxraumfvH (Address) uawmh
stack xJrSm&SdwJh cell address udk jyygw,f/ 'kwd,aumfvH (Value) uawmh cell xJrSmygwmawGudk
jyygw,f/ wwd,aumfvH (Comment) rSmawmh cell wefzdk;eJYywfoufwJh jzpfEdkifwJh comment awGyg0ifyg
w,f/ yHk(5)/
yHk(5)
tjcm; Windows rsm;
OllyDbg eJU pwifvkyfudkifawmhr,fqdk&if rSwfom;xm;oifhwmuawmh –
(u) b,f window rSmrqdk right click EdSyfcJhr,fqdk&if oufqdkif&m window &JU menu ay:vmygvdrfhr,f/ 'D
menu [m window ay:rlwnfjyD; uGJjym;aeygw,f/ 'D menu awGudk taotcsmavhvmzdkU tMuHjyKvdk
ygw,f/
(c) Window xJrSmygwJh t&mawG[m wpfckudkwpfck trSDo[J jyKaeygw,f/ Oyrmjy&&if? register awGudk
Munfhvdkufyg/ taxGaxGoHk; register xJuwpfckudk right click ESdyfMunfhvdkuf&if data area (follow in
dump) eJU stack area (follow in stack) rSm&SdwJh address awGvdkyJ olUxJrSm&SdwJht&mawGudk interpret
vkyfvdkU&ygw,f/
Debug Execution
Debugging qdkwm y&dk*&rfwpfyk'fudk mode toD;odD;rSm tvkyfvkyfapjyD; cGJjcrf;pdwfjzm pdppfwmyg/
'Dae&mrSm execution mode awGtaMumif; &Sif;jycsifygw,f/ Execute vkyfr,fhuk'fudk debugger rSm
xnfhoGif;xm;jyD;jyDvdkU rSwf,lvdkufyg/ Disassembler window [m Assembly uk'fudk jyoygw,f/ y&dk*&rf
udk execute vkyf&mrSm t"dutusqHk; mode awGuawmh –
(u) Procedure (tcsdKU y&dk*&rfbmompum;wGif procedure udk subroutine (odkU) function [k ac:a0:
onf/) awGudk ausmfvTm;wJh Step-by-step execution udk (step over) vdkUac:ygw,f/ F8 udk ESdyfxm;csdefrSm
vuf&Sd Assembly command udk tvkyfvkyfapygw,f/ Command awGudk tpDtpOfwus execute
vkyfjcif;jzifh tjcm; window (Register? Data? Stack) 3ck b,fvkd ajymif;vJoGm;ovJqdkwm jrifEdkifygw,f/ 'D
mode &JU wduswJht*Fg&yfuawmh wu,fvdkU aemuf command [m call procedure (CALL) udkom
tvkyfvkyfcJhr,fqdk&if procedure taeeJY zefwD;xm;wJh command tm;vHk;[m instruction wpfckwnf;taeeJU
om tvdktavsmuf execute vkyfrSmjzpfygw,f/ qdkvdkwmu call procedure (CALL) xJrSm&SdwJh uk'fawGudk
wpfaMumif;csif; ppfawmhrSm r[kwfygbl;/
(c) Procedure awGxJ 0ifa&mufvkyfEdkifwJh Step-by-step execution udk (step into) vdkUac:ygw,f/ 'D
mode rSm execute vkyfr,fqdk&ifawmh F7 udk ESdyfxm;&ygr,f/ jyD;cJhwJh mode eJU uGmjcm;csufuawmh CALL
command udk ac:,ltoHk;jyKcJhr,fqdk&if instruction tm;vHk;[m tpDtpOfwus execute vkyfrSm jzpfygw,f/
ckeuajymcJhwJhenf;vrf;awG (step over & step into) tpm; animation udk toHk;jyKjyD; tpm;xdk;Edkif
ygw,f/ mode toD;oD;twGuf <Ctrl>+<F8> eJU <Ctrl>+<F7> udk toHk;jyKEdkifygw,f/ 'D keyboard
shortcuts toD;oD;udk ESdyfjyD;csdefrSmawmh step over & step into command awG[m instruction
wpfckjyD;wpfckudk tcsdeftenf;i,f apmifhqdkif;jyD;vkyfygvdrfhr,f/ Instruction toD;oD;udk execute vkyfjyD;csdefrSm
awmh debugger window [m refresh vkyfay;rSmjzpfwJhtwGuf oifhtaeeJU ajymif;vJoGm;wmawGudk
ajc&mcHEdkifrSm jzpfygw,f/
b,ftcsdefrSmrqdk <Esc> key udk ESdyfcJhr,fqdk&if execute vkyfwmudk cP&yfay;rSmyg/ tvm;wlygyJ?
breakpoint udkawGU&ifvJ tvkyfvkyfaewm&yfoGm;rSmyg/ jyD;awmh debug vkyfcHae&wJh y&dk*&rfuvJ exception
wpfckudk xkwfay;rSm jzpfygw,f/
Step-by-step program execution &JY tjcm;enf;wpfckuawmh trace mode ygbJ/ Trace mode [m
animation eJU wlygw,f/ 'gayr,fh 'DtcsdefrSm debugger window [m tqifhwdkif;rSmawmh refresh vkyfrSm
r[kwfygbl;/ step over eJU step into wdkUeJUqdkifwJh tracing vdkufwJh enf;vrf; 2ckudkawmh <Ctrl>+<F12>
and <Ctrl>+<F11> key awGESdyfjyD; toHk;jyKEdkifygw,f/ Tracing rSmvnf; &yfcsif&ifawmh animation
rSmoHk;wJh enf;vrf;awGtoHk;jyKjyD; &yfwefUEdkifygw,f/ command toD;oD;udk execute vkyfjyD;csdefrSmawmh olU&JU
execution eJUqdkifwJh owif;tcsuftvufawGudk t"duuswJh tracing buffer xJudk ul;wifvdkufygw,f/
tJ'gudk View menu u Run trace command udk toHk;jyKjyD; Munfh&IEdkifygw,f/ qE´&Sd&ifawmh tracing
buffer xJrSm&SdwJh[mawGudk pmom;zdkiftaeeJU odrf;qnf;xm;Edkifygw,f/ tvm;wlyJ b,ftcsdefrSm tracing
vdkufwm&yfcsifovJqdkawm condition awGeJU t"dyÜm,fzGifhxm;Edkifygw,f/ (set trace condition) - <Ctrl>+
<T> / yHk(6)/
yHk(6)
Trace mode twGuf atmufyg condition awGudk owfrSwfEdkifygw,f –
(u) Break vkyfwJhtcg ae&m,lr,fh address awG&JU range?
(c) tajctaeowfrSwfcsufrsm; ( EAX>100000 uJhodkUaom)/ wu,fvdkU EAX>100000 om rSefuefcJhr,f
qdk&if tracing vkyfwm &yfoGm;rSm jzpfygw,f/
(*) Tracing vkyfaecsdefrSm &yfwefYr,hf tcsdKU command awG&JY ta&twGuf/
Procedure u return udk rawGUcifxdom uk'fudk execute vkyfapzdkY debugger udk ckdif;apzdkU
jzpfEdkifygw,f/ (execute till return)/ aemufwpfrsdK;ajym&&if vuf&Sd procedure &JY uk'ftm;vHk;udkom
execute vkyfrSm jzpfygw,f/ <Ctrl>+<F9> key udk toHk;jyKygw,f/
aemufqHk;taeeJU wu,fvdkU tracing vdkufaecsdefrSm wpfae&m&ma&mufvdkU oifhtaeeJY e,fuRHoGm;jyD
xifjyD; jyefxGufcJhcsif&ifawmh (execute till user code) command oHk;jyD; xGufvdkU&ygw,f/ 'grSr[kwf
<Alt>+<F9> key udk toHk;jyKEdkifygw,f/
Breakpoints
Breakpoint qdkwmuawmh wu,ftpGrf;xufvSwJh debugging tool wpfckyg/ Breakpoint awG[m
oifhudk y&dk*&rf&JUtvkyfvkyfyHkudk t&Sif;vif;qHk; em;vnfapEdkifygw,f/ owfrSwfxm;wJh tcsdefrSm&SdwJh registers?
stack eJU data awG&JU taetxm;udk rSwfom;ay;ygw,f/
Ordinary Breakpoints
Ordinary breakpoint awGudkawmh a&G;cs,fxm;wJh command awGeJU owfrSwfygw,f/ <F2> key
udk ESdyfjcif;jzifhaomfvnf;aumif;? (Hex dump) window ay:rSm ESpfcsufESdyfjcif;jzifhaomfvnf;aumif; toHk;jyK
Edkifygw,f/ &v'ftaeeJUuawmh yxraumfvHrSm&SdwJh address [m teDa&mifajymif;oGm;wmygyJ/ 'ghjyif
register? variable? stack awG&JU tajctaeudkvnf; ppfaq;Edkifygw,f/ <F2> key udk aemufwpfMudrfESdyf
&ifawmh breakpoint udk z,f&Sm;jyD;om; jzpfrSmyg/ 'D breakpoint udk b,fvdktcsdefrSm toHk;rsm;ovJqdkawmh
Windows API function awGudk apmifhMunfhwJhtcsdefrSm jzpfygw,f/
Conditional Breakpoints
Conditional breakpoint awGudkawmh <Shift>+<F2> key ESdyfjyD; toHk;jyKEdkifygw,f/ <Shift>+
<F2> key wGJudkESdyfvdkuf&if yHk(7)rSm jyxm;wJhtwdkif; combo box ay:vmrSmyg/ combo box xJrSm udk,fESpf
ouf&m condition wpfckudk xnfhoGif;xm;Edkifygw,f/ wu,fvdkU tJ'D condition [m rSefuefcJhr,fqdk&if
awmh command awGudk execute vkyfwm &yfoGm;rSmyg/ Debugger [m condition awGtrsm;MuD;ygwJh
&IyfaxG;vSwJh azmfjycsufawGudkawmif em;vnfygw,f/ 'D[mawGuawmh OyrmawGyg -
yHk(7)
(u) EAX = = 1 — 'guawmh EAX register [m wpfjzpfcJh&if debugger udk execute vkyfwm&yfapzdkU
trdefUay;wmyg/
(c) EAX = 0 and ECX > 10 — 'guawmh EAX register [m oknjzpfjyD; ECX register [m
wpfq,fxufMuD;cJh&if debugger tvkyfvkyfaewm&yfapzdkU trdefUay;wmyg/
(*) [STRING 427010] == 'Error' — 'guawmh virtual address (VA) 427010H rSm 'Error' qdkwJh
pmom;udk awGUcJU&if debugger udk execute vkyfwm&yfapzdkU trdefUay;wmyg/ 'DvdkvJa&;vdkU&ygw,f/ EAX =
= 'Error'/ 'gqdk EAX xJrSm&SdwJht&mtm;vHk;udk pointer uae pmom;tjzpfajymif;vJay;rSmyg/
(C) [427070] = 1231 — 'guawmh VA 427070H xJrSm&SdwJht&m[m 1231H eJU nDcJhr,fqdk&if
breakpoint udk owfrSwfrSmyg/
(i) [[427070]] = 1231 — 'guawmh address udk oG,f0dkuf toHk;jyKjcif;yg/ ajym&r,fqdk&if VA 427070H
xJrSm tjcm; VA wpfckygjyD; tJ'D VA xJrSm&SdwJht&m[m 1231H eJU nDrnDppfjyD; breakpoint udk
owfrSwfwmyg/
Conditional Breakpoints with a Log
oluawmh conditional breakpoints &JU tydkvkyfief;pOf extension wpfckom jzpfygw,f/
Conditional logging breakpoint udk owfrSwfzdkU <Shift>+<F4> key udk EdSyfEdkifygw,f/ b,ftcsdefrSmrqdk
'Dvdk breakpoint udk toHk;jyKcJhr,fqdk&if tJ'DjzpfpOfudk log zdkiftaeeJU rSwfwrf;wifxm;ygw,f/ Log
xJrSmygwJh t&mawGudk jyefMunfhcsifw,fqdk&if <Alt>+<L> key udk ESdyfjyD;aomfvnf;aumif;? View menu rS
Log command udk ESdyfjyD;aomfvnf;aumif; Munfh&IEdkifygw,f/ yHk(8)/
yHk(8)
Breakpoint to Windows Messages
Window function qD (twdtusajym&&if window class function qD) messages awG a&mufvm
wmaMumifh tcsdKU windows message rSm breakpoint udk owfrSwfEdkifzdkU application window [m
yGifhaezdkUvdkygw,f/ wenf;ajym&&if windowing application awG[m execution vkyfzdkUtwGuf pwif&yg
w,f/ &Sif;vif;vG,fulapzdkU &dk;&Sif;vSwJh application wpfckudk window wpfckeJYtwl debugger xJudk
oGif;vdkufygw,f/ 'D application udk pwifzdkUtwGuf <Ctrl>+<F8> udk ESdyfyg/ 'D application window [m
wpfpuúefUavmuf MumjyD;wJhtcgrSm touf0ifygw,f/ y&dk*&rf&JY wpfpdwfwpfa'oudk qufwdkuf execute
vkyfaecsdefrSmawmh owdxm;ay;yg/ Window function qDa&mufzdkU application u pHkprf;jyD; zefwD;xm;wJh
windows pm&if;udk ac:,l zdkUvdkygw,f/ 'gudk View menu u Windows udk toHk;jyKEdkifygw,f/ yHk(9)/
yHk(9)
yHk(9)rSm jyxm;wJh window [m investigator udk window descriptor? olU&JUtrnf? olU&JU
identifier eJU ta&;MuD;qHk;jzpfwJh window procedure &JU address (ClsProc)awG &SmazGapEdkifygw,f/
Window procedure &JY address eJY ywfoufwJh tcsuftvufawGu investigator udk window function
awG &SmEdkifapwJhtjyif omref breakpoint a&m? conditional breakpoint yg owfrSwfEdkifygw,f/ bmyJjzpfjzpf
window functions awGeJU tvkyfvkyfwJhtcg window message awG &SdwJhae&mrSm breakpoint awG
owfrSwfwm taumif;qHk;yg/ 'gaMumifh yHk(9)rSm jyxm;wJh window udk ESdyfvdkufjyD; context menu rS
Message breakpoint on ClassProc udk a&G;vdkufyg/ aemufxyf window wpfckay:vmrSmjzpfjyD; tJ'DrSm
atmufyg breakpoint parameter awGudk owfrSwfEdkifrSm jzpfygw,f/ yHk(10)/
(u) Drop-down list rS message udk a&G;yg/ atmufygwdkUudk rSwfom;yg/
(1) Message tpm; event udk a&G;cs,fvdkUvnf; &ygw,f/ tJ'D event awG[m window (odkU)
keyboard event awGudk zefwD;^zsufqD;jcif;uJhodkUaom message aygif;rsm;pGmjzpfEdkifygw,f/
(2) rdrdbmom rdrdowfrSwfEdkifwJh message awGudkvnf; a&G;cs,fEdkifygw,f/
(c) b,f message awG[m olwdkUxJub,folUqDuae a&mufvmovJqdkwmudk qHk;jzwfEdkifapzdkU track
vdkufr,fh window awGudk pm&if;jyKpkyg/ ay;xm;wJh window? ay;xm;wJh title eJY window tm;vHk;? (odkU)
window tm;vHk; yg0ifygw,f/
(*) Breakpoint b,fESpfMudrf touf0ifw,fqdkwm odapzdkU counter udk owfrSwfxm;yg/
(C) Breakpoint touf0ifcsdefrSm y&dk*&rftvkyfvkyfwmudk &yfoifh^ r&yfoifhqdkwm owfrSwfyg/
(i) Breakpoint touf0ifcsdefrSm record udk log xJ b,fvdka&;&rvJqdkwm owfrSwfxm;yg/
yHk(10)
Breakpoints to the Import Functions
Debug vkyfzdkY module xJudk import tvkyfcH&wJh trnfpm&if;udk vdkcsif&ifawmh <Ctrl>+<N> udk
ESdyfyg/ yHk(11)/ 'DhaemufrSm window udk right click ESdyfjyD; atmufygwdkUudkvnf; jyKvkyfEdkifygw,f-
(u) Import vkyfxm;wJh function udk ac:,ltoHk;jyKcsdefrSm breakpoint udk owfrSwfEdkifygw,f/ (Toggle
breakpoint on import)
(c) Import vkyfxm;wJh function udk ac:,ltoHk;jyKcsdefrSm conditional breakpoint udk owfrSwfEdkifyg
w,f/ (Conditional breakpoint on import)
(*) Import vkyfxm;wJh function udk ac:,ltoHk;jyKcsdefrSm conditional breakpoint udk log vkyfjyD;
owfrSwfEdkifygw,f/ (Conditional log breakpoint on import)
(C) owfrSwfxm;wJh trnfeJYqdkifwJh tcsdwftqufwdkif;rSm breakpoint udk owfrSwfEdkifygw,f/ (Set
breakpoint on every reference) {'D command u Find references to import (Enter key) eJU
wlygw,f/ jcm;em;csufu Find references to import u breakpoint udk udk,fvdkcsifrS
xyfrHa&G;cs,f&wmyg/}
(i) ay;xm;wJhJ trnfeJYqufEG,faewJh reference wdkif;rSm log vkyfjyD; breakpoint udk owfrSwfEdkifygw,f/
Set log breakpoint on every reference)
(p) Breakpoint tm;vHk;udk z,f&Sm;wmyg/ (Remove all breakpoints)
yHk(11)
Breakpoints at the Memory Area
OllyDbg debugger u memory area rSm breakpoint wpfckwnf;udk owfrSwfzdkY vufcHygw,f/
'DvdkvkyfzdkU disassembler window (odkU) data window udk a&G;cs,fyg/ 'Dhaemuf context menu rS
Breakpoint | Memory on access (odkU) Breakpoint | Memory on write command awGudk
a&G;cs,fEdkifygw,f/ 'gjyD;&ifawmh rMumcifuowfrSwfvdkufwJh breakpoint udk toHk;jyKzdkU toifhjzpfaerSmyg/
Breakpoint yxrwpfrsdK;uawmh (on access) uk'feJU a'wmawGtwGuf jzpfEdkifayr,fh 'kwd, breakpoint
wpfrsdK;uawmh (on write) uk'fawGtwGufom jzpfEdkifygw,f/ Breakpoint awGudk context menu rS
Breakpoint | Remove memory breakpoint udk a&G;cs,fjcif;jzifh z,f&Sm;Edkifygw,f/ yHk(12)/
yHk(12)
Breakpoints in the Memory Window
Memory window (Alt + M) uawmh debug vkyfxm;wJh y&dk*&rftwGuf (odkU) olUbmom
olUenf;olU[efeJY debug vkyfxm;wJh y&dk*&rfawGu oD;oefUcsefxm;wJh memory block awGudk jyoygw,f/ 'D
window rSm breakpoint wpfckudk owfrSwfzdkYom jzpfEdkifygw,f/ 'DvdkvkyfzdkU right-click rS Set memory
breakpoint on access udk (odkU) Set memory breakpoint on write udk a&G;cs,fyg/ Breakpoint udk
z,f&Sm;csif&ifawmh Remove memory breakpoint udk a&G;Edkifygw,f/
Hardware Breakpoints
omref breakpoint awGudkawmh INT 3 interrupt vector twGuf toHk;jyKygw,f/ 'Dvdk breakpoint
awGudk toHk;jyKjcif;u y&dk*&rfudk tvkyfvkyfcdkif;&mrSm aES;oGm;apygw,f/ b,fvdkyJqdkygap? Intel Pentium
microprocessor awGuawmh debug registers (DR0-DR3) 4ckudk jznfhpGrf;ay;xm;ygw,f/ 'D register
awGrSm breakpoint 4ckeJU vuf&Sdy&dk*&rf&JU virtual address wdkU yg0ifEdkifygw,f/ Command wpfcku
toHk;jyKxm;wJh address [m 'D register wpfckwpfavawGxJu address eJUnDaecsdefrSm? processor [m
debugger rSm &Sdxm;wJh exception wpfckudk xkwfvdkufygw,f/ Hardware breakpoint awGuawmh debug
vkyfxm;wJh y&dk*&rf&JY tvkyfvkyfyHkudkawmh aES;auG;aprSmr[kwfygbl;/ bmyJjzpfjzpf? olwdkUxJu 4ckrQom jzpfyg
w,f/ Hardware breakpoint wpfckudk owfrSwfr,fqdk&ifawmh disassembler window udk oGm;yg/ jyD;&if
context menu u Breakpoint | Hardware on execution commandudk a&G;yg/ 'grSr[kwf&if main
menu u Breakpoint | Hardware on access (odkU) Breakpoint | Hardware on write command
udk toHk;jyKEdkifygw,f/ Hardware breakpoint awGudk zsufcsif&ifawmh context menu u Breakpoint |
Remove hardware breakpoints command udk toHk;jyKyg/ yHk(13)/
yHk(13)
tjcm;pGrf;aqmifEdkifrIrsm;
Watch expressions Window
OllyDbg u expression awGudk apmifhMunfhzdkU special window wpfckudk ay;xm;ygw,f/
Conditional breakpoint awGtaMumif; &Sif;jycJhwkef;u expression awGtaMumif;ygvmcJhwmudk trSwf&yg/
Memory cell awGeJU register awGyg0ifwJh &IyfaxG;vSwJh expression awGudk toHk;jyKzdkUqdkwm jzpfEdkifygw,f/
'D expression awGudk vkdtyfovdk &IyfaxG;apvdkU &ygw,f/ Watch expressions window udk zGifhzdkUuawmh
View | Watches command udk toHk;jyKyg/ Watch expressions window yGifhvmcsdefrSmawmh right click
ESdyfjyD; Add Watches command udk a&G;cs,fyg/ 'gjyD;&ifawmh debugger u apmifhMunfhay;r,fh expression
wpfckudk owfrSwfEdkifygw,f/ aemufwpfrsdK;ajym&&ifawmh olU&JU HEX wefzdk;udk jyoygw,f/ yHk(14)rSm
expression 4ckyg0ifwJh Watch expressions window udk jyoxm;wmjzpfjyD; b,f processor &JU
command udkrqdk execute vkyfjcif;jzihf wefzdk;awGudk apmifhMunfhaejyD;jyoygw,f/
yHk(14)
tcsuftvufrsm;udk &SmazGjcif;
OllyDbg rSm MudKufwJhowif;tcsuftvuf (ASCII? UNICODE? HEX )awGudk <Ctrl>+<B>
key ESdyfjyD; &SmazGEdkifygw,f/ yHk(15)/ Command wpfckcsif;udk &Smr,fqdk&if <Ctrl>+<F> key? command
awGaygif;xm;wmudk &Smr,fqdk&if <Ctrl>+<S> key udk toHk;jyKEdkifygw,f/ <Ctrl>+<L> key (Next)
uawmh aemufqHk; &SmcJhwJh[mudkyJ xyf&Smay;wmyg/
yHk(15)
Executable Module udk jyifqifodrf;qnf;jcif;
OllyDbg rSm uRefawmfwdkU jyifcJhwJhuk'fawGudk odrf;qnf;jyD; executable y&dk*&rftopftjzpf
odrf;qnf;Edkifygw,f/ 'Dvdkvkyfcsif&if Copy to execution | Selection (odkU) Copy to execution | All
modifications command udk a&G;vdkuf&HkygyJ/ jyD;&if udk,fxm;csifwJhae&mrSm udk,fMudKufwJh zdkiftrnfopf
ay;jyD; odrf;qnf;vdkuf&HkygyJ/
tcef;(7) - PE Header
PE zdkifzGJUpnf;yHk
Portable Executable (PE) qdkwm 32-bit eJU 64-bit Windows OS awGrSm toHk;jyKaeMuwJh
executable (EXE) zdkif? object (DLL) zdkifawGtwGuf zdkifyHkpHwpfck jzpfygw,f/ Portable qdkwJhtoHk;tEIef;
udku 32-bit eJU 64-bit Windows OS awGMum; tjyeftvSef vG,fvifhwul toHk;jyKEdkifwmudk &nfnTef;wm
yg/ PE yHkpHqdkwm tajccHtm;jzifhawmh wrapped executable code awGudk pDrHzdkU Windows OS loader
twGuf vdktyfwJh owif;tcsuftvufawGudk encapsulate vkyfay;wJh data structure wpfckyg/ tJ'DrSm link
vkyfzdkUtwGuf dynamic library reference awG? API udk export eJU import vkyfzdkU table awG? resource
management data awGeJU TLS data awGyg0ifygw,f/ 'DyHkpHudk pdwful;xkwfvkyfcJhwmuawmh Microsoft
jzpfjyD; 1993rSmawmh pHjzpfvmygw,f/
"Portable Executable" vdkU a&G;cs,fvdkuf&wmuawmh intent [m Windows tm;vHk;twGuf tajccH
tusqHk;zdkifyHkpHjzpfjyD; CPU wdkif;rSm tvkyfvkyfEdkifvdkUyg/ ajym&&ifawmh Windows NT rsdK;quf? Windows
95 rsdK;qufeJU Windows CE wdkUrSm toHk;jyKEdkifvkdUyg/
yHk(1)rSm jyxm;wmuawmh PE zdkifwpfckrSmyg0ifwJh tajccHzGJUpnf;wnfaqmufyHk jzpfygw,f/
yHk(1)
tenf;qHk;awmh PE zdkifrSm section ESpfck&Sdygw,f/ wpfckuawmh uk'af wGtwGufjzpfjyD;? aemufwpfcku
awmh a'wmawGtwGuf jzpfygw,f/ Windows NT &JU application wpfckrSmawmh 9ck&Sdygw,f/ olwdkUawGu
awmh .text? .bss? .rdata? .data? .rsrc? .edata? .idata? .pdata eJU .debug wdkU jzpfygw,f/ tcsKdU application
awGuawmh 'D section awGtm;vHk; rvdkygbl;/ tcsdKUuawmh olwdkU&JUvdktyfcsufeJUywfoufjyD; 'DxufydkwmvJ
jzpfEdkifygw,f/
zdkifwpfckrSm tawGUrsm;wJh section awGuawmh ...
- executable code section (.text)
- data section (.data, .rdata, .bss)
- resources section (.rsrc)
- export data section (.edata)
- import data section (.idata)
- debug information section (.debug)
Section trnfawG[m wu,fawmh ta&;rygvSygbl;/ OS uvJ 'DtrnfawGudk vspfvsL&Ixm;yg
w,f/ ta&;MuD;wJhtcsufuawmh disk ay:rSm&SdwJh PE zdkifwpfck&JU zGJUpnf;yHk[m rSwfOmPfay:ul;wifvdkufcsdef
rSm&SdwJh tajctaeeJU wpfyHkpHwnf;ygbJ/ 'gaMumifhrdkU wu,fvdkU oifhtaeeJU tcsuftvufawGudk disk ay:u
zdkifrSm ae&mcsxm;Edkifr,fqdk&if? zdkifudk rSwfOmPfay: ul;wifvdkufcsdefrmS vJ 'DtcsuftvufawGudk &SmazGvdkU &&
ygr,f/
b,fvdkyJjzpfygap olUudk rSwfOmPfay: wpfyHkpHwnf; ul;wifvdkufwm r[kwfygbl;/ Windows loader
u b,ftydkif;awGudk map in vkyfzdkUvdkovJ? b,ftydkif;awGudk csefxm;cJh&rvJqdkwmudk qHk;jzwfygw,f/ Map
in rvkyfwJh tcsuftvufawGudkawmh map in vkyfr,fh b,ftydkif;udkrqdk ausmfvGefjyD; zdkif&JUaemufqHk;rSm ae&m
csxm;ygw,f/ (Oyrm - debug information)
rSwfOmPfay:ul;wifvdkufcsdefrSmeJU disk ay:rSm&SdwJh zdkif&JU item wpfck&JUwnfae&m[m uGJjym;avh&Sdyg
w,f/ bmaMumifhvJqdkawmh Windows utoHk;jyKwJh page udktajcjyKwJh virtual memoy management
pepfaMumifh jzpfygw,f/ Section awGudk RAM ay:ul;wifvdkufwJhtcg olwdkU[m 4KB &SdwJh memory page
awGeJU udkufnDatmifae&jyD; section toD;oD;[m page topfupwif&ygw,f/ Virtual memoy uawmh
yHk(2)twdkif; jzpfygw,f/
yHk(2)
Virtual memory &JU vkyfaqmifcsufuawmh aqmhzf0JvfawG[m physical memory udkwdkuf&dkuf
oHk;pGJapr,fhtpm; y&dkqufqmeJU OS wdkU[m olwdkUESpfckMum; rjrif&wJhtvTmwpfckudk zefwD;vdkufwmyg/
rSwfOmPfeJU csdwfqufzdkUMudK;pm;vdkufwkdif; y&kdqufqm[m b,f process uae b,f physical memory
address udk wu,foHk;pGJr,fqdkwmudk page table eJU nSdEdkif;ygw,f/ rSwfOmPfu pmvHk;toD;oD;twGuf table
entry wpfck&SdzdkUqdkwm vufawGUrSmawmh rjzpfEdkifygbl;/ (page table [m physical memory pkpkaygif;xuf
MuD;aeygw,f/) 'gaMumifh y&dkqufqmawG[m rSwfOmPfudk page awGtjzpf ydkif;jcm;&wmjzpfygw,f/ 'g&JU
tusdK;&v'fawGuawmh -
(1) ajrmufjrm;vSpGmaom address space awGudk zefwD;Edkifygw,f/ Address space qdkwmuawmh rSwfOmPf
eJU access vkyfzdkUom cGifhjyKxm;wJh oD;jcm; page wpfckjzpfygw,f/ qdkvdkwmuawmh vuf&Sd y&dk*&rf (odkU)
process eJUom oufqdkifygw,f/ aocsmwmu y&dk*&rfawG[m wpfckeJUwpfck oD;jcm;pD&SdaeMuwmyg/ 'gaMumifh
rdkUvJ y&dk*&rfwpfckrSm crash jzpfcJh&if tjcm;y&dk*&rfwpfck&JU address space udk taESmifht,Sufrjzpfapwmyg/
(2) rSwfOmPfudk b,fvdk access vkyf&rvJqdkwJh pnf;rsOf;awGtwGuf y&dkqufqmudk twif;tMuyfvkyfcdkif;
Edkifygw,f/ PE zdkifawGrSm section awGudk vdktyfygw,f/ bmaMumifhvJqdkawmh zdkifxJu e,fy,ftrsdK;rsdK;udk
module wpfck ul;wifvdkufcsdefwdkif; memory manager u rwlnDpGm oabmxm;vdkUyg/ ul;wifcsdefrSm
section header xJu olwdkU&JU setting awGtay: tajccHwJh section trsdK;rsdK;twGuf memory manager [m
memory page awGay:rSm access vkyfEdkifwJhtcGifhtmPmudk owfrSwfygw,f/ 'Dtcsufu owfrSwfxm;wJh
section [m zwfvdkU&wmvm;? a&;vdkU&wmvm;? execute vkyfvdkU&wmvm; qHk;jzwfygw,f/ Section toD;
oD;[m xHk;pHtwdkif;yJ fresh page wpfckuaepoifhw,fvdkU qdkvdkjcif;jzpfygw,f/
bmyJjzpfjzpf Windows twGuf page size uawmh 4096 bytes (1000h) jzpfygw,f/ Disk ay:u page
boundary twdkif; exe uk'fudk nSd,lr,fqdk&ifawmh tv[ójzpfue k frSmyg/ bmaMumifhvJqdkawmh vdktyfwm
xufydkjyD; t&G,ftpm;MuD;rm;aprSm jzpfvdkUyg/ 'gaMumifhrdkUvJ rSm rwlnDwJh ESpfck&Sdygw,f/ olwdkUawGuawmh
section alignment eJU file alignment yg/ Section alignment qdkwmuawmh tay:rSmqdkxm;wJhtwdkif;
rSwfOmPfxJrSm section awGudk b,fvdknSd,lrvJqdkwm jzpfygw,f/
(3) PE zdkifawGudk windows loader u rSwfOmPfxJudk ul;wifvdkufcsdefrSm &SdaewJhtaetxm;udk module vdkU
ac:ygw,f/ zdkif mapping pwifwJh yxrqHk; address udk HMODULE vdkUac:ygw,f/ rSwfOmPfxJrSm&SdwJh
module wpfck[m execution vkyfzdkUvdktyfwJh exe zdkifuae uk'f? a'wmeJU resource awGudk azmfjyEdkifygw,f/
DOS Header
PE zdkifawG[m DOS header eJU pavh&SdjyD; zdkif&JU yxrqHk; 64 bytes tjzpfawGU&ygw,f/ y&dk*&rf[m
DOS uaepwiftvkyfvkyf&wmjzpfygw,f/ 'gaMumifh DOS u rSefuefwJh executable zdkifjzpfaMumif; todt
rSwfjyKrSom header aemufrSm odrf;qnf;xm;wJh DOS stub udk tvkyfvkyfrSm jzpfygw,f/ DOS stub uawmh
yHkrSeftm;jzifh 'This program must be run under Microsoft Windows' qdkwJhpmom;udk xkwfay;avh&SdjyD;
oludk,fwdkifawmif DOS y&dk*&rfjzpfEdkifygw,f/ Windows application awGudk build vkyfcsdefrSm linker u
oifh&JU exe zdkifxJudk winstub.exe vdkUac:wJh stub y&dk*&rfudk link csdwfay;vdkufwm jzpfygw,f/
DOS header [m structure wpfckjzpfjyD; windows.inc (odkU) winnt.h zdkifawGrSm olUudk t"dyÜm,fzGifh
qdkxm;ygw,f/ (wu,fvdkU oifhrSm assembler (odkU) compiler vkyfjyD;om;&SdcJh&if olwdkUawGudk \include\
directory atmufrSm&SmEdkifygw,f/ DOS header rSm member ta&twGuf 19 ck&SdjyD; magic eJU lfanew
uawmh pdwf0ifpm;p&myg/
IMAGE_DOS_HEADER STRUCT
e_magic WORD ?
e_cblp WORD ?
e_cp WORD ?
e_crlc WORD ?
e_cparhdr WORD ?
e_minalloc WORD ?
e_maxalloc WORD ?
e_ss WORD ?
e_sp WORD ?
e_csum WORD ?
e_ip WORD ?
e_cs WORD ?
e_lfarlc WORD ?
e_ovno WORD ?
e_res WORD 4 dup (?)
e_oemid WORD ?
e_oeminfo WORD ?
e_res2 WORD 10 dup (?)
e_lfanew DWORD ?
IMAGE_DOS_HEADER ENDS
PE zdkifxJrSm&SdwJh DOS header &JU magic ydkif;rSmyg0ifwmuawmh 4Dh? 5Ah wefzdk; (MS-DOS &JU
rlvyHkpHjyKolawGxJuwpfOD;jzpfwJh Mark Zbikowsky udkudk,fpm;jyKwJh MZ pmvHk;) jzpfjyD;? ol[m rSefuefwJh
DOS header jzpfaMumif; oabmaqmifygw,f/ MZ [m yxrqHk; pmvHk;ESpfvHk;jzpfjyD; hex editor eJUzGifhxm;
wJh b,f PE zdkifrSmrqdk awGYjrifEdkifygw,f/
lfanew [m DWORD wpfckjzpfjyD; DOS header &JU tqHk;eJU DOS stub rpcifMum;rSm wnf&Sdyg
w,f/ olUrSmy&dk*&rftpeJUywfoufwJh PE header &JU offset yg0ifygw,f/ Windows loader u 'D offset udk
&SmazGygw,f/ 'gaMumifhrdkUvJ DOS stub udk ausmfEdkifjyD; PE header qDwdkuf&dkufoGm;Edkifwmyg/ (rSwf&ef/ /
DWORD (double word) = 4bytes (odkU) 32bit? WORD = 2bytes (odkU) 16bit/ wcgw&HrSm DWORD
udk dd vdkUvJ jrif&Edkifygw,f/ dw uawmh WORD jzpfjyD; byte twGufuawmh db yg/ yHk(3)/
yHk(3)
DOS header udkawmh PE zdkif&JU yxrqHk; 64 bytes tjzpfawGU&aMumif; ajymcJhygw,f/ qdkvdkwmu
yHk(3)&JU yxrqHk; 4aMumif; (offset 0000 uae offset 0040 xd)jzpfygw,f/ DOS stub rpcif aemufqHk;
DWORD rSm yg0ifwmuawmh 00h 01h 00h 00h jzpfygw,f/ aemufqHk;pmvHk;uae ajymif;jyefjyefpD&if
jzpfvmrSmuawmh 00 00 01 00h jzpfjyD;? PE header pwifr,fhae&mjzpfygw,f/ PE header [mvnf;
olUoauFwjzpfwJh 50h, 45h, 00h, 00h eJU pwifygw,f/ ("PE" qdkwJhpmvHk;aemufrSm oknawGvdkufygw,f/)
wu,fvdkUom PE header &JU oauFwae&mrSm PE tpm; NE vdkUawGU&if 'Dzdkif[m 16-bit
Windows rSmtvkyfvkyfwJh NE zdkifjzpfygw,f/ tvm;wl LE vdkUawGU&if Windows 3.x virtual device
driver (VxD) jzpfjyD;? LX vdkUawGU&if OS/2 2.0 zdkifjzpfygw,f/
PE Header
PE header uawmh IMAGE_NT_HEADERS vdkUac:wJh structure wpfckjzpfygw,f/ 'D structure
rSm Windows loader u r&SdrjzpfvdktyfwJh tcsuftvufawGyg0ifygw,f/ IMAGE_NT_HEADERS rSm
member 3ckyg0ifjyD; olwdkUudk windows.inc rSm t"dyÜm,fzGifhqdkxm;jyD;jzpfygw,f/
IMAGE_NT_HEADERS STRUCT
Signature DWORD ?
FileHeader IMAGE_FILE_HEDER <>
OptionalHeader IMAGE_OPTIONAL_HEADER32 <>
IMAGE_NT_HEADERS END
- Signature uawmh DWORD jzpfjyD; olUrSmyg0ifwmuawmh 50h, 45h, 00h, 00h qdkwJh wefzdk;
(oknawGvdkufwJh ]PE}) jzpfygw,f/
- FileHeader uawmh PE zdkif&JU aemufxyf 20bytes jzpfjyD; zdkif&JU physical layout eJU *kPfowdåawG
yg0ifygw,f/ (Oyrm- section ta&twGuf)
- OptionalHeader uawmh aemufxyf 224bytes jzpfjyD; PE zdkiftwGif;u logical layout eJU
ywfoufwJhtaMumif;awG yg0ifygw,f/ (Oyrm- AddressOfEntryPoint)/ olU&JUt&G,ftpm;udk ay;Edkifwm
uawmh FileHeader &JU member wpfckuyg/ 'D member awG&JU structure udkvnf; windows.inc rSm
t"dyÜm,fzGifhqdkxm;jyD;jzpfygw,f/
FileHeader udk atmufygtwdkif;azmfjyEdkifygw,f/
IMAGE_FILE_HEADER STRUCT
Machine WORD ?
NumberOfSections WORD ?
TimeDateStamp DWORD ?
PointerToSymbolTable DWORD ?
NumberOfSymbols DWORD ?
SizeOfOptionalHeader WORD ?
Characteristics WORD ?
IMAGE_FILE_HEADER ENDS
'DxJuawmfawmfrsm;rsm;udkawmh uRefawmfwdkU toHk;jyKrSmr[kwfygbl;/ 'gayr,fh NumberOfSections

udkawmh PE zdkifxJu section awGudk zsufcsif&ifyJjzpfjzpf? xyfxnfhcsif&ifyJjzpfjzpf toHk;jyK&ygw,f/
Characteristics rSmawmh flag awGyg0ifjyD; olwdkU[m PE zdkifudk executable zdkif(odkU) DLL zdkifvm;qdkwmudk
ajymay;Edkifygw,f/ PE header &JUtpuae 7ckajrmufpmvHk;[m NumberOfSections ygyJ/ Section b,fESpf
ckygovJqdkwm ajymygw,f/ yHk(4)/
yHk(4)
yHk(4)t& uRefawmfwdkU zGifhxm;wJh PE zdkifrSm section 5ck&Sdaewm awGU&ygw,f/ PE browse eJU Lord
PE wdkUudk toHk;jyKxm;ygw,f/
OptionalHeader uawmh 224bytes ae&m,lygw,f/ aemufqHk; 128bytes rSmawmh DataDirectory
yg0ifygw,f/
IMAGE_OPTIONAL_HEADER32 STRUCT
Magic WORD ?
MajorLinkerVersion BYTE ?
MinorLinkerVersion BYTE ?
SizeOfCode DWORD ?
SizeOfInitializedData DWORD ?
SizeOfUninitializedData DWORD ?
AddressOfEntryPoint DWORD ?
BaseOfCode DWORD ?
BaseOfData DWORD ?
ImageBase DWORD ?
SectionAlignment DWORD ?
FileAlignment DWORD ?
MajorOperatingSystemVersion WORD ?
MinorOperatingSystemVersion WORD ?
MajorImageVersion WORD ?
MinorImageVersion WORD ?
MajorSubsystemVersion WORD ?
MinorSubsystemVersion WORD ?
Win32VersionValue DWORD ?
SizeOfImage DWORD ?
SizeOfHeaders DWORD ?
CheckSum DWORD ?
Subsystem WORD ?
DllCharacteristics WORD ?
SizeOfStackReserve DWORD ?
SizeOfStackCommit DWORD ?
SizeOfHeapReserve DWORD ?
SizeOfHeapCommit DWORD ?
LoaderFlags DWORD ?
NumberOfRvaAndSizes DWORD ?
DataDirectory IMAGE_DATA_DIRECTORY
IMAGE_OPTIONAL_HEADER32 ENDS
AddressOfEntryPoint - PE loader u PE zdkifudk run zdkUtoifhjzpfcsdefrSm yxrqHk;tvkyfvkyfr,fh

instruction &Sd&m RVA/ oifhtaeeJU oifMudKufESpfouf&m instruction udk tvkyfvkyfapcsif&ifawmh RVA udk
ajymif;wmyJjzpfjzpf? instruction udk jyifwmyJjzpfjzpf jyKvkyfEdkifygw,f/ Packer awGuawmh rsm;aomtm;jzifh
olwdkU&JU decompression stub &Sd&mudk nTef;MuwmjzpfwJhtwGuf y&dk*&rfudk execute vkyfwJhtcgrSm rlv entry
point (OEP) &Sd&mudk ausmfvTm;jcif;jzpfygw,f/ Starforce enf;ynmeJU protect vkyfxm;wJh zdkifawG[m disk
ay:rSm wnf&SdcsdefrSm .CODE section qdkwm r&Sdygbl;/ Execute vkyfcsdefrSom virtual memory xJukd
a&mufvmwmyg/ olUudk virtual address eJU azmfjyygw,f/
ImageBase - PE zdkifawGtwGuf preferred oad ddress yg/ Oyrmajym&&if wu,fvdkU 'D field xJrSmyg0if
wJhwefzdk;[m 400000h jzpfcJhr,fqdk&if? PE loader u 400000h upwJh virtual address ae&mxJ zdkifudk
ul;wifzdkU MudK;pm;ygvdrfhr,f/ 'Preferred' qdkwJhtoHk;tEHI;&JU qdkvdkcsufuawmh tjcm; module wpfckckudk 'D
address range rSm awGU&r,fqdk&if PE loader [m 'D address rSm zdkifudk ul;wifay;rSm r[kwfygbl;/ 99&m
cdkifEIef;avmufuawmh 400000h jzpfygw,f/
SectionAlignment - rSwfOmPfxJwGif section rsm;udk alignment csxm;rI/ erlemjy&&if wu,fvdkU 'D field
xJuwefzdk;[m 4096 (1000h) jzpf&if section wdkif;[m 4096bytes &JUajrSmufazmfudef;*Pef;awGeJU pwif&yg
r,fvdkUqdkvdkwmyg/ wu,fvdkU yxrqHk; section [m 401000h rSm&SdjyD; olU&JUt&G,ftpm;[m 10bytes yJ&SdcJh
&ifawmif aemuf section [m 402000h rSm prSmyg/ 401000h eJU 402000h Mum;u vGwfaewJh address
ae&mawGudkawmh rsm;om;tm;jzifh toHk;jyKrSm r[kwfygbl;/
FileAlignment - zdkifxJwGif section rsm;udk alignment csxm;rI/ erlemjy&&if wu,fvdkU 'D field xJu
wefzdk;[m 512 (200h) jzpf&if section wdkif;[m 512bytes &JUajrSmufazmfudef;*Pef;awGeJU pwif&ygr,fvdkU
qdkvdkwmyg/ wu,fvdkU yxrqHk; section [m offset 200h rSm&SdjyD; olU&JUt&G,ftpm;[m 10bytes yJ&SdcJh&if
awmif aemuf section [m 400h rSm prSmyg/ 512 eJU 1024 Mum;u vGwfaewJh offset ae&mawGudkawmh toHk;
jyKrSm r[kwfygbl;/
SizeOfImage - rSwfOmPfxJu PE image &JU pkpkaygif;t&G,ftpm;jzpfygw,f/ SectionAlignment t&
align vkyfxm;wJh header tm;vHk;eJU section tm;vHk;&JUaygif;v'fjzpfygw,f/
SizeOfHeaders - section table eJU header tm;vHk;wdkU&JU t&G,ftpm;yJ jzpfygw,f/ jcHKajym&&if 'Dwefzdk;[m
zdkift&G,ftpm;xJuae zdkifxJrSm&SdwJh section tm;vHk;aygif;xm;wJh t&G,ftpm;udk EIwfjcif;eJU nDrQygw,f/
DataDirectory - IMAGE_DATA_DIRECTORY structure 16 ck&SdwJh array wpfckjzpfjyD; wpfckpD[m
import address table (IAT) vdk PE zdkifxJu ta&;MuD;wJh data structure wpfckpDeJU qufEG,faeygw,f/
yHk(5)rSm azmfjyxm;wmuawmh PE header &JU zGJUpnf;yHkudk hexeditor eJU Munfhxm;wmyg/ owdjyK&rSm
uawmh DOS header eJU PE header &JU b,ftpdwftydkif;rqdk hexeditor rSmMunfh&if t&G,ftpm;eJU
yHkoP²mefawG[m wlnDaerSmyg/ DOS STUB uawmh t&G,ftpm; ajymif;vJEdkifygw,f/
yHk(5)
PE header taMumif;udk Olly rSmvJ tao;pdwf MunfhvdkU&ygw,f/ Olly debugger udk zGifhjyD; Alt +
M udkESdyfyg/ yHk(6)twdkif; jrif&ygr,f/
yHk(6)
yHk(6)u PE header qdkwJh pmom;ae&mudk right-click ESdyfjyD; Dump in CPU udk a&G;&if yHk(7)twdkif;
jrif&rSm jzpfygw,f/
yHk(7)
yHk(7)u hex window rSm right-click ESdyfjyD; special u PE header udk a&G;vdkuf&ifawmh yHk(8)
twdkif; jrif&rSmyg/
yHk(8)
Data Directory
DataDirectory taMumif; xyfajym&r,fqdk&ifawmh DataDirectory qdkwm OptionalHeader &JU
aemufqHk; 128bytes yJjzpfygw,f/ OptionalHeader qdkwmuvJ PE header jzpfwJh IMAGE_NT_
HEADERS &JU aemufqHk; member jzpfygw,f/
a&SUrSmajymcJhovdk DataDirectory [m 16 ck&SdwJh IMAGE_DATA_DIRECTORY &JU array
wpfckjzpfjyD; structure wpfckpD[m PE zdkifxJu ta&;MuD;wJh data structure wpfckpDeJU qufEG,faeygw,f/
Array toD;oD;[m import table vdk MudKwifowfrSwfxm;whJ item wpfckpDudk &nfnTef;ygw,f/ Structure rSm
member ESpfck&SdjyD; wpfcku wnfae&meJU aemufwpfcku t&G,ftpm;udk jyygw,f/
IMAGE_DATA_DIRECTORY STRUCT
VirtualAddress DWORD ?
isize DWORD ?
IMAGE_DATA_DIRECTORY ENDS
VirtualAddress uawmh data structure &JU relative virtual address (RVA) jzpfygw,f/ isize
uawmh byte eJUjywJh data structure &JU t&G,ftpm;jzpfygw,f/
windows.inc rSm aMunmxm;wJh directory 16 ck&JUtrnfawGuawmh atmufygtwdkif; jzpfygw,f -
IMAGE_DIRECTORY_ENTRY_EXPORT equ 0
IMAGE_DIRECTORY_ENTRY_IMPORT equ 1
IMAGE_DIRECTORY_ENTRY_RESOURCE equ 2
IMAGE_DIRECTORY_ENTRY_EXCEPTION equ 3
IMAGE_DIRECTORY_ENTRY_SECURITY equ 4
IMAGE_DIRECTORY_ENTRY_BASERELOC equ 5
IMAGE_DIRECTORY_ENTRY_DEBUG equ 6
IMAGE_DIRECTORY_ENTRY_COPYRIGHT equ 7
IMAGE_DIRECTORY_ENTRY_GLOBALPTR equ 8
IMAGE_DIRECTORY_ENTRY_TLS equ 9
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG equ 10
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT equ 11
IMAGE_DIRECTORY_ENTRY_IAT equ 12
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT equ 13
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR equ 14
IMAGE_NUMBEROF_DIRECTORY_ENTRIES equ 16
LordPE rSm erlem exe zdkifwpfckudkMunfhr,fqdk&if yHk(9)twdkif; jrif&rSmyg/
yHk(9)
yHk(9)udk Munfhr,fqdk&if tjyma&mif highlight jc,fxm;wJh 4ckrSty usefwJhtoHk;rjyKwJhtuGufae&m
awGrSm oknawGeJU jynhfaewm awGU&rSmyg/
yHk(10)
yHk(10)udkMunfhr,fqdk&if import directory udk yef;a&mifeJU jyxm;ygw,f/ yxrqHk; 4bytes uawmh
40000h (ajymif;jyefpDwmjzpfygw,f) jzpfygw,f/ Import directory &JU t&G,ftpm;uawmh 1CDCh bytes
jzpfygw,f/ PE header &JUtpuae DWORD 80bytes [m tjrJwrf; import directory &JU RVA
yJjzpfygw,f/ t0ga&mifuawmh resource directory jzpfjyD;? c&rf;a&mifuawmh TLS directory jzpfygw,f/
wduswJh directory wpfckudk xm;&SdzdkUtwGuf oifhtaeeJU data directory uaepjyD; virtual address
udkwGufcsuf&ygr,f/ 'Dhaemufawmh b,f directory [m b,f section xJrSm&Sdw,fqdkwm odEdkifzdkU virtual
address udk toHk;jyKyg/ b,f section xJrSm b,f directory awGygovJqdkwm odwmeJU wduswJh offset udk
&SmEdkifzdkU 'D section &JU section header udk toHk;jyKyg/
Section Table
Section table uawmh PE header aemufrSm uyfvdkufvmwmyg/ ol[m IMAGE_SECTION_
HEADER structure yHkpH array wpfckjzpfjyD; member toD;oD;rSm attribute eJU virtual offset pwJh PE
zdkifxJu section toD;oD;&JUtaMumif;tcsufawGyg0ifygw,f/ Section ta&twGufudkazmfjyEdkifwmu file
header &JU 'kwd, member jzpfw,fqdkwm trSwf&yg/ (PE header &JUtprS 6bytes pmae&m)/ wu,fvdkU
om PE zdkifrSm section 8ck&Sdw,fqdk&if table xJu 'D structure xJrSmvJ tyGm; 8 ck&SdrSmyg/ Header
structure toD;oD;[m 40bytes &SdjyD; windows.inc rSm 'DvdkaMunmxm;ygw,f/
IMAGE_SECTION_HEADER STRUCT
Name1 BYTE IMAGE_SIZEOF_SHORT_NAME dup (?)
union Misc
PhysicalAddress DWORD ?
VirtualSize DWORD ?
ends
VirtualAddress DWORD ?
SizeOfRawData DWORD ?
PointerToRawData DWORD ?
PointerToRelocations DWORD ?
PointerToLinenumbers DWORD ?
NumberOfRelocations WORD ?
NumberOfLinenumbers WORD ?
Characteristics DWORD ?
IMAGE_SECTION_HEADER ENDS
IMAGE_SIZEOF_SHORT_NAME equ 8
'D structure xJu member wdkif;[m toHk;r0ifvSwJhtwGuf wu,fta&;MuD;wJh member

awGtaMumif;udkom &Sif;jyygr,f/
Name1 - ('D field [m 8bytes &Sdygw,f) trnf[m label wpfckrQomjzpfjyD; uGufvyftaeeJU xm;&ifawmif
&ygw,f/ owdxm;&rSmu ol[m ASCII string r[kwfwJhtwGuf \0 (null terminator) eJU tqHk;owfp&m
rvkdygbl;/
VirtualSize - (DWORD union) Section xJrSm&SdwJh a'wmawG&JU wu,fht&G,ftpm;jzpfjyD; byte eJU
jyygw,f/ ol[m disk ay:rSm&SdwJh section &JU t&G,ftpm; (SizeOfRawData) xuf enf;aumif;enf;Edkif
ygw,f/ wu,fvdkU 'Dwefzdk;[m SizeOfRawData xuf MuD;aeygu section rSm oknawGeJU jynfhaerSmjzpfyg
w,f/
VirtualAddress- Section &JU RVA jzpfygw,f/ PE loader [m rSwfOmPfxJ section udk map vkyfcsdefrSm
'D field xJu wefzdk;udk ppfaq;jyD; toHk;jyKygw,f/ 'gaMumifhrdkU wu,fvdkU 'D field xJu wefzdk;[m 1000h
jzpfr,fqdk&if PE zdkif[m 400000h rSm pwifjyD; section uawmh 401000h rSm prSmyg/
SizeOfRawData - Disk ay:u zdkifxJrSm&SdwJh section &JUa'wmt&G,ftpm;jzpfygw,f/ Module header rS
FileAlignment \ qwdk;udef;jzpfjyD;? wu,fvdkU olUwefzdk;[m virtual size xufi,fae&if section &JU
usefwJhtydkif;awG[m okneJU jynfhaerSm jzpfygw,f/ Section rSm uninitialized a'wmawG oufoufyJ &Sdcsdef
rSm 'Dae&m[m oknjzpf&ygr,f/
PointerToRawData - (Raw Offset) - PointerToRawData [m tvGeftoHk;0ifvSygw,f/ bmaMumifhvJ
qdkawmh ol[m zdkif&JUtpuae section &JUa'wmawGxd&SdwJh offset jzpfaevdkUyg/ wu,fvdkU ol[moknjzpfcJh&if
zdkifxJrSm section &JUa'wmawG ygrSmr[kwfygbl;/ ol[m module header u FileAlignment &JU qwdk;udef;
jzpf&ygr,f/ Section rSm unintialized a'wmawGoufoufyJ&SdcsdefrSm 'Dae&m[m oknjzpf&ygr,f/ PE loader
uawmh 'D field xJrSm&SdwJhwefzdk;udktoHk;jyKjyD; zdkifxJub,f section rSm a'wmawG&SdovJqdkwm &Smygvdrfhr,f/
Characteristics - section rSmyg0ifwJh exe uk'f? initialized data? uninitialized data pwmawGudk a&;jcif;^
zwfjcif;pwJh flag awGyg0ifygw,f/
FLAG EXPLANATION
00000008 Section should not be padded to next boundary
00000020 Section contains code
00000040 Section contains initialised data (which will become initialised with real values before the file is
launched)
00000080 Section contains unitialised data (which will be initialised as 00 byte values before launch)
00000200 Section contains comments for the linker
00000800 Section contents will not become part of image
00001000 Section contents comdat (Common Block Data)
00008000 Section contents cannot be accessed relative to GP
1-800000 Boundary alignment settings
01000000 Section contains extended relocations
02000000 Section can be discarded (e.g. .reloc)
04000000 Section is not cacheable
08000000 Section is pageable
10000000 Section is shareable
20000000 Section is executable
40000000 Section is readable
80000000 Section is writable
PE header rSmwkef;u section 5ckawGUcJh&wJh uRefawmfwdkU&JUy&dk*&rfudk hexeditor eJU Munfhvdkuf&if

yHk(11)twdkif; jrif&rSmyg/
yHk(11)
yHk(11)u tpdrf;a&mifeJU jyxm;wmuawmh PointerToRawData yg/ ydkjyD;&Sif;vif;atmif yHk(12)twdkif;
LordPE eJU Munfhygr,f/
yHk(12)
Section header tjyD;rSmawmh section awGudk &Smygw,f/ Disk ay:uzdkifxJrSmawmh section
toD;oD;[m wpfckuaepwifygw,f/ qdkvdkwmu Optional header rSmawGU&wJh FileAlignment wefzdk;&JU
ajrSmufazmfudef;tcsdKUuaejzpfygw,f/ Section toD;oD;&JU a'wmawGMum;rSmawmh oknawGjzpfaerSmyg/
RAM ay:udkul;wifcsdefrSm section awG[m page boundary ay:rSmyJtjrJwrf; pwifMuygw,f/
'gaMumifhrdkU section toD;oD;&JU yxrqHk; byte [m memory page eJU oufqdkifwmyg/ x86 CPU &JU page
awGuawmh 4kB eJU align vkyfxm;jyD; IA-64 uawmh 8kB eJU align vkyfxm;ygw,f/ 'D alignement
wefzdk;udkawmh OptionalHeader rSmvdkyJ SectionAlignment xJrSm odrf;xm;ygw,f/
Oyrmjy&&if? wu,fvdkU optional header [m file offset 981 rSmqHk;jyD; FileAlignment [m 512
jzpfr,fqdk&if yxrqHk; section [m byte 1024 rSm pygvdrfhr,f/ rSwfxm;&rSmuawmh oifhtaeeJU section
awGudk PointerToRawData (odkU) VirtualAddress uae &SmEdkifygw,f/ 'gaMumifh alignment awGeJU
tjiif;yGm;aep&m rvdkawmhygbl;/
PE File Sections
Section awGrSm yg0ifwmuawmh uk'f? a'wm? resource eJUtjcm; tcsuftvufawGyg0ifygw,f/
Section toD;oD;rSm header wpfckeJU body (raw data)wpfckyg0ifygw,f/ Section table xJrSm section
header awGyg0ifayr,fh section body awGrSm tMurf;zsif; zdkifzGJUpnf;yHk ryg&Smygbl;/ a'wmawGudk decipher
jyefazmfzdkU header rSm vHkavmufwJhtcsuftvufawGeJU jynfhpHkaeoa&GU linker u olwdkUudk pkpnf;csif&if
pkpnf;Edkifygw,f/
Windows NT application wpfckrSm MudKwifowfrSwfxm;wJh section trnf 9 ckavmuf&Sdygw,f/
olwdkUawGuawmh .text? .bss? .data? .rdata? .rsrc? .edata? .idata? .pdata eJU .debug wdkUjzpfygw,f/ tcsdKU
application awGrSmawmh 'D section awGtm;vHk;rvdkygbl;/ tcsdKUawGrSmawmh 'DxufydkjyD;vdktyfEdkifygw,f/
Executable code section
Windows NT rSmawmh code segment tm;vHk;[m .text (odkU) CODE vdkU ac:wJh section
wpfckwnf;rSmyJ &Sdygw,f/ Windows NT u virtual memory pDrHcefUcGJrIpepfudktoHk;jyKjyD;? MuD;rm;wJh code
secton wpfck&Sdjcif;u OS twGufa&m? application developer twGufyg pDrHcefUcGJ&mrSm vG,fulapygw,f/ 'D
secton rSm tapmydkif;uazmfjycJhwJh entry point eJU IAT &Sd&mudkjywJh jump thunk table wdkUyg0ifygw,f/
Data section
.bss section u function wpfck(odkU) source module xJu static tjzpfaMunmxm;wJh variable
tm;vHk;tygt0if application twGuf uninitialized data awGudk udk,fpm;jyKygw,f/
.rdata uawmh literal string? constant eJU debug directory information wdkUvdk read-only
a'wmawGudk udk,fpm;jyKygw,f/
tjcm; variable awGtm;vHk; (stack wGifawGU&aom automatic variable rSwyg;)udkawmh .data
section rSm odrf;wmjzpfygw,f/
Resource section
.rsrc section rSmawmh module wpfckeJU ywfoufwJh resource tcsuftvufawGyg0ifygw,f/ yxr
qHk; 16bytes uawmh tjcm; section trsm;pkvdkyJ header tjzpfyg0ifygw,f/ 'gayr,fh 'D section &JUa'wm
awGudk resource editor toHk;jyKjyD;Munhfr,fqdk&if resource tree taeeJUzGJUpnf;xm;wm jrif&rSmyg/
ResHacker uawmh tcrJh&&SdEdkifwJh tool wpfckjzpfjyD; resource awGudk topfxnfhjcif;? zsufjcif;? jyKjyifjcif;
jyKvkyfEdkifygw,f/ yHk(13)/
yHk(13)
'D tool udk dialog box awGMunfh&mrSm toHk;rsm;vSygw,f/ tcsdKU shareware application
awGrSmygwJh nag screen awGudkvG,fulpGmzsufypfEdkifygw,f/
Export data section
.edata section rSmawmh application (odkU) DLL twGufvdktyfwJh export directory yg0ifygw,f/
olUrSm export vkyfxm;wJh function awG&JU address awGeJU trnfawGyg0ifygw,f/ 'gudkawmh aemufydkif;usrS
tao;pdwf &Sif;jyygr,f/
Import data section
.idata section rSmawmh Import Directory eJU Import Address Table tygt0if import
vkyfxm;wJh function awGeJUywfoufwJh tcsuftvufrsdK;pHk yg0ifygw,f/ olUudkvJ aemufrSyJ tao;pdwf
aqG;aEG;rSm jzpfygw,f/
Debug inforamtion section
Debug information udkawmh .debug section rSm yxrqHk;xm;&Sdygw,f/ PE zdkif[m oD;jcm;pD&SdwJh
debug zdkifawGudk vufcHygw,f/ (omreftm;jzifhawmh .dbg extension eJU jzpfygw,f/) Debug section rSm
debug information awGyg0ifayr,fh debug directory awGuawmh tapmydkif;uajymcJhwJh .rdata section rSm
&SdMuwmyg/ Debug directory toD;oD;[m .debug section rSm&SdwJh debug information udkyJ jyefnTef;Mu
ygw,f/
Base Relocation section
Linker u exe zdkifwpfckudk zefwD;vdkufcsdefrSm rSwfOmPfxJu b,fae&may: zdkifudk map-in vkyfrvJ
qdkwmudk cefUrSef;ygw,f/ 'gudktajccHjyD; linker u exe zdkifxJudk uk'feJU a'wmwdkU&JU wu,fh address awG
vmxm;ygw,f/ wu,fvdkUom loader [m linker u ,lqvdkufwJh base address rSm&SdwJhzdkifudkom ul;wif
Edkifr,fqkd&if .reloc section a'wmudk vdkrSmr[kwfwJhtjyif vspfvsL&IcH&rSmyg/
.reloc section rSm&SdwJh entry awGudk base relocation vkdUac:ygw,f/ bmaMumifhvJqdkawmh olwdkUudk
toHk;jyKrI[m loaded image &JU base address ay:rlwnfvdkUyg/ Base relocation awGuawmh image xJu
location awGudkpkpnf;xm;wmjzpfjyD; olwdkUxJudkaygif;xnfhzdkU wefzdk;wpfckawmhvdkygvdrfhr,f/ Base relocation
&JU yHkpHuawmh enf;enf;av;xl;qef;aeygw,f/ Base relocation entry awGudk chunk wGJawGtaeeJU
package vkyfxm;wmyg/ Chunk toD;oD;[m image xJu 4KB page wpfcktwGuf relocation vdkU
azmfjywmyg/
Base relocation b,fvdktvkyfvkyfovJqdkwmod&atmif OyrmwpfckMunfh&atmif/ Exe zdkifwpfckudk
base address 0x10000 eJU csdwfxm;w,fvdkU ,lqMuygpdkU/ Image xJu offset 0x2134 [m string &JU
address ygwJh pointer wpfckjzpfygw,f/ String [m physical address 0x14002 u pygw,f/ 'gaMumifh
pointer rSm 0x14002 wefzdk;yg0ifygw,f/ zdkifudk load vkyfcsdefrSm loader u physical address 0x60000
rSmpwifwJh image udk map vkyfzdkUvdkaMumif; qHk;jzwfygw,f/ Linker-assumed base load address eJU
actual load address wdkUMum; jcm;em;csufudk delta vdkUac:ygw,f/ 'Dae&mrSmawmh delta [m 0x50000
jzpfygw,f/ Image wpfckvHk;[m rSwfOmPfxJrSm 0x50000bytes rsm;aewmaMumifh string [m cktcgrSmawmh
address 0x64002 rSm jzpfygw,f/ Pointer uae string udknTef;jcif;[m ckcsdefrSmawmh rrSefawmhygbl;/ exe
zdkifrSm string &Sd&mudknTef;wJh pointer &JU rSwfOmPfwnfae&mtwGuf base relocation wpfckyg0ifygw,f/
Base relocation udk qHk;jzwfzdkU loader u base relocation address rSm&SdwJhrl&if;wefzdk;rSm delta wefzdk;udk
vmaygif;ygw,f/ 'Dae&mrSmawmh loader u rl&if; pointer wefzdk;jzpfwJh 0x14002 rSm 0x50000 udk vmaygif;
rSmjzpfjyD; &v'fjzpfwJh 0x64002 udkawmh pointer &JUrSwfOmPfxJjyefodrf;rSm jzpfygw,f/
Export Sections
'D section uawmh DLL awGeJU t"duywfoufygw,f/ atmufrSmazmfjyxm;wJh pmydk'fawGuawmh
Win32 Programmer's Reference ujzpfjyD; DLL taMumif;udk &Sif;jyxm;wmjzpfygw,f/
In Microsoft® Windows® dynamic-link libraries (DLL) are modules that contain functions and data. A DLL is
loaded at runtime by its calling modules (.EXE or DLL). When a DLL is loaded it is mapped into the address space
of the calling process.
DLLs can define two kinds of functions: exported and internal. The exported functions can be called by other
modules. Internal functions can only be called from within the DLL where they are defined. Although DLLs can
export data its data is usually only used by its functions.
DLLs provide a way to modularize applications so that functionality can be updated and reused more easilly. They
also help reduce memory overhead when several applications use the same functionality at the same time because
although each application gets its own copy of the data they can share the code.
The Microsoft® Win32® application programming interface (API) is implemented as a set of dynamic-link libraries
so any process using the Win32 API uses dynamic linking.
Funtion awGudk DLL wpfcku trnftaeeJUaomfvnf;aumif; oridianl taeeJUaomfvnf;aumif;

enf;ESpfrsdK;eJU export vkyfEdkifygw,f/ Ordinal qdkwmuawmh 16-bit (WORD) *Pef;wpfckjzpfjyD; function
wpfckudk wduswJh DLL wpfckrSm xl;jcm;pGm owfrSwfxm;wmyg/ Ordinal enf;eJU export vkyfjcif;udk aemuf
ydkif;rSm aqG;aEG;ygr,f/
wu,fvdkU function wpfckudk trnft& export vkyfr,fqdk&if? tjcm; DLL awG (odkU) exe awGu
function udk ac:oHk;csdefrSm olwdkU[m GetProcAddress rSm&SdwJh olU&JUtrnfa&m? ordinal yg toHk;jyKygw,f/
GetProcAddress function [m export vkyfxm;wJh DLL &JU address ukdjyefydkUay;ygw,f/ Win32
Programmer's Reference uawmh GetProcAddress &JU tvkyfvkyfyHkudk atmufygtwdkif; &Sif;jyxm;ygw,f/
(wu,fawmh 'Dxufydk&Sdayr,fhvJ Microsoft u azmfjyjcif;r&Sdygbl;/) 'Dae&mrSm highlight jc,fxm;wmawGudk
owdxm;jyD; zwfapcsifygw,f/
GetProcAddress
The GetProcAddress function returns the address of the specified exported dynamic-link library (DLL) function.
FARPROC GetProcAddress(
HMODULE hModule, // handle to DLL module
LPCSTR lpProcName // name of function
);
Parameters
hModule
Identifies the DLL module that contains the function. The LoadLibrary or GetModuleHandle function
returns this handle.
lpProcName
Points to a null-terminated string containing the function name, or specifies the function's ordinal value. If
this parameter is an ordinal value, it must be in the low-order word; the high-order word must be zero.
Return Values
If the function succeeds, the return value is the address of the DLL's exported function.
If the function fails, the return value is NULL. To get extended error information, call GetLastError.
Remarks
The GetProcAddress function is used to retrieve addresses of exported functions in DLLs.
The spelling and case of the function name pointed to by lpProcName must be identical to that in the EXPORTS
statement of the source DLL's module-definition (.DEF) file.
The lpProcName parameter can identify the DLL function by specifying an ordinal value associated with the
function in the EXPORTS statement. GetProcAddress verifies that the specified ordinal is in the range 1 through
the highest ordinal value exported in the .DEF file. The function then uses the ordinal as an index to read the
function's address from a function table. If the .DEF file does not number the functions consecutively from 1 to N
(where N is the number of exported functions), an error can occur where GetProcAddress returns an invalid, non-
NULL address, even though there is no function with the specified ordinal.
In cases where the function may not exist, the function should be specified by name rather than by ordinal value.
See Also
FreeLibrary, GetModuleHandle, LoadLibrary
GetProcAddress u 'gudk bmaMumifhvkyfEdkifwmvJqdkawmh export vkyfxm;wJh function &JU trnf

awGeJU address awGudk Export Directory xJu structure wpfckrSm odrf;qnf;xm;vdkUyg/ uRefawmfwdkUtae
eJU Export Directory udk &SmazGEdkifygw,f/ bmaMumifhvJqdkawmh ol[m data directory xJu yxrqHk;
element jzpfjyD; oleJUywfoufwJh RVA [m PE header tp&JU offset 78h ae&mrSm &SdvdkUyg/
Export structure udk IMAGE_EXPORT_DIRECTORY vdkUac:ygw,f/ olUrSm member tae
eJU 11 ck&SdjyD; tcsdKUuawmh ta&;rMuD;ygbl;/
IMAGE_EXPORT_DIRECTORY STRUCT
Characteristics DWORD ?
TimeDateStamp DWORD ?
MajorVersion WORD ?
MinorVersion WORD ?
nName DWORD ?
nBase DWORD ?
NumberOfFunctions DWORD ?
NumberOfNames DWORD ?
AddressOfFunctions DWORD ?
AddressOfNames DWORD ?
AddressOfNameOrdinals DWORD ?
IMAGE_EXPORT_DIRECTORY ENDS
nName - Module &JU internal trnfjzpfygw,f/ 'D field [m vkdtyfygw,f/ bmaMumifhvJqdkawmh zdkif
trnfudk oHk;pGJolu ajymif;vJEdkifvdkUyg/ 'Dvkdajymif;cJhr,fqdk&if PE loader u 'D internal trnfudk toHk;jyKyg
vdrfhr,f/
nBase - Starting ordinal number (index awGudk function &JU address array tjzpf&SdaezdkUvdkygw,f/)
NumberOfFunctions - Module u export vkyfxm;wJh function pkpkaygif; (oauFwawGtjzpfvJ
&nfnTef;avh&Sdygw,f)
NumberOfNames - trnft& export vkyfxm;wJh oauFw*Pef;/ 'Dwefzdk;[m module xJrSm&SdwJh
function/symbol tm;vHk;&JU*Pef; r[kwfygbl;/ 'D*Pef;twGuf oifhtaeeJU NumberOfFunctions udk
ppfaq;zdkUvdktyfygw,f/ ol[m 0 jzpfEdkifygw,f/ 'Dae&mrSmawmh module udk ordinal taeeJUom export
vkyfEdkifygw,f/ wu,fvdkU yxrudpörSm export vkyfr,fh function/symbol omr&SdcJh&if? data directory
xJu export table &JU RVA [m oknjzpfygvdrfhr,f/
AddressOfFunctions - Module/Export Address Table (EAT) xJrSm&SdwJh function awG&JU RVA
eJUqdkifwJh pointer awG&JU array wpfckudk nTefjywJh RVA wpfck/ Module xJrSm&SdwJh function
awGtm;vHk;eJUqdkifwJh RVA awGudkawmh array wpfckrSm odrf;qnf;xm;jyD;? 'D field [m array &JU head udk
nTefjyaeygw,f/
AddressOfNames - Module/Export Name Table (ENT)xJrSm&SdwJh function trnfawGeJUqdkifwJh RVA
awG&JU array udk nTefjyaewJh RVA wpfck/
AddressOfNameOrdinals - trnf&SdjyD;om; function/Export Ordinal Table (EOT) awG&JU ordinal
awGyg0ifwJh 16-bit array wpfckudk nTefjyaewJh RVA wpfck/
yHk(14)
'gaMumifhrdkU IMAGE_EXPORT_DIRECTORY structure [m array oHk;ckeJU ASCII string
table wpfckudk nTefaeygw,f/ ta&;tMuD;qHk; array uawmh EAT jzpfjyD;? ol[m export vkyfxm;wJh
function awG&JU address awGyg0ifwJh function pointer awG&JU array wpfckjzpfygw,f/ tjcm; array ESpfck
(EAT eJU EOT)uawmh assending tpDtpOfeJU tjydKif run EdkifjyD; function trnfay:rlwnfygw,f/
'gaMumifhrdkU function wpfck&JU trnftwGuf binary search udk aqmif&GufEdkifwmjzpfjyD; tjcm; array
wpfckrSmawGU&SdwJh olU&JU ordinal rSm tajzxkwfygvdrfhr,f/ Ordinal uawmh &dk;&dk;wef;wef; index wpfckjzpfjyD;
'D function twGuf EAT jzpfygw,f/
EOT array [m trnfawGeJU address awGMum; linkage wpfcktjzpfwnf&SdwmaMumifh olUrSm ENT
array xuf element ydkjyD;yg0ifEdkifrSm r[kwfygbl;/ qdkvdkwmu trnftoD;oD;rSm associated address
wpfckom&SdEdkifvdkUyg/ ajymif;jyefqdk&ifawmh rrSefygbl;? address wpfckrSm associate vkyfxm;wJh trnftajrmuf
tjrm;&SdvdkUyg/ wu,fvdkU alias awGeJU function awG[m wlnDwJh address udkyJ &nfnTef;Mur,fqdk&if? 'Dh
aemufrSm ENT uvJ EOT xuf element awGydk&Sdvmygvdrfhr,f/
yHk(15)
Oyrmjy&&if? wu,fvdkU DLL wpfck[m function 40avmufudk export vkyfr,fqdk&if? AddressOf
Functions (EAT) u nTef;r,fh array xJrSm member 40avmufawmh&Sd&ygr,f/ NumberOfFunctions
field rSmvJ wefzdk;40avmuf &Sd&ygr,f/
Function wpfck&JU address udk olU&JU trnfuae&SmzdkUqdk&if OS u yxrqHk; Export Directory
xJu NumberOfFunctions eJU NumberOfNames wdkU&JUwefzdk;udk &&Sdxm;&ygr,f/ aemufwpfqifhuawmh
AddressOfNames (ENT) eJU AddressOfNameOrdinals (EOT) u nTefjywJh array [m function
trnfudk &Smygw,f/ wu,fvdkU ENT xJrSm trnfudk&SmawGUcJh&if EOT xJrSm&SdwJh associated element xJu
wefzdk;udk extract vkyfjyD; EAT twGuf index tjzpftoHk;jyKygw,f/
Oyrmjy&&if uRefawmfwdkU&JU function 40&SdwJh DLL xJrSm functionX udk &SmazGMunfhygr,f/
wu,fvdkU ENT xJu 39ckajrmuf element xJu uRefawmfwdkU functionX &JUtrnf(tjcm; pointer rS
oG,f0kdufjyD;)udk &Smcsderf Sm? uRefawmfwdkUtaeeJU ENT xJu 39ckajrmuf element xJrSmMunfhjyD; wefzdk; 5 udk
awGUygw,f/ 'Dhaemuf functionX &JU RVA udk&SmzdkU uRefawmfwdkU Munfh&rSmu EAT &JU 5ckajrmuf element
rSmjzpfygw,f/
wu,fvdkU function wpfck&JU ordinal &SdjyD;om;jzpfr,fqdk&if? oifhtaeeJU EAT qD wdkuf&dkufoGm;jcif;
jzifh olU&JU address udk &SmazGEdkifygw,f/ Function &JUtrnfudktoHk;jyKjcif;xuf ordinal uae function
wpfck&JU address udk&,ljcif;[m ydkjyD;vG,fulvsifjrefayr,fhvJ qdk;usdK;uawmh module udkxdef;odrf;zdkU&m cufcJ
vSygw,f/ wu,fvkdU DLL udk upgrade/update vkyfjyD; function awG&JU ordinal awG[mvJ ajymif;vJr,f
qdk&if? DLL ay:rSDcdkaewJh tjcm; y&dk*&rfawGvJ ysufukefygvdrfhr,f/
Ordinal jzifh export vkyfjcif;
NumberOfFunctions uawmh tenf;qHk; numberOfNames eJU nD&ygr,f/ bmyJjzpfjzpf wpfcg
w&HrSmawmh NumberOfNames [m NumberOfFunctions xufenf;aeygvdrfhr,f/ Function wpfck[m
ordinal oufoufeJUom export vkyfcH&r,fqdk&if ENT eJU EOT ESpfckpvHk;rSm entry awG&SdrSm r[kwfygbl;/
olUrSm trnfwpfckawmif &SdrSmr[kwfygbl;/ trnfr&SdwJh function awGudk ordinal oufoufeJUom export
vkyfEdkifrSm jzpfygw,f/
Oyrmjy&&if? wu,fvdkU function 70&SdjyD; ENT xJrSm entry 40yJ&Sdr,fqdk&if? module xJrSm ordinal
oufoufeJU export vkyfxm;wJh function 30yJ&Sdw,fvdkU qdkvdkwmyg/ cktcgrSmawmh 'D function awG[m
bmawGvJqdkwm b,fvdkavhvmprf;ppf&ygrvJ/ 'Dudpö[m rvG,fvSygbl;/ oifhtaeeJU exclusion eJU prf;ppf
oifhygw,f/ qdkvdkwmu EAT xJu entry awG[m ordinal oufoufeJU export vkyfxm;wJh function awG&JU
RVA awGyg0ifwJh EOT uae reference vkyfxm;jcif;r&SdvdkUyg/
y&dk*&rfrmuawmh .def zdkifxJrSm&SdwJh starting ordinal *Pef;udk owfrSwfEdkifygw,f/ Oyrmajym&&if?
yHk(15)u table [m 200 rSmpwifEdkifygw,f/ Array xJu yxrqHk; vGwfaewJh entry 200pmtwGufvdktyf
csufudk wm;qD;zdkU&mtwGuf nBase member rSm starting wefzdk;udkxnfhxm;jyD;? loader u EAT &JU rSefuef
wJh index udk&&SdEdkifzdkUtwGuf olUqDuae ordinal *Pef;udk subtract vkyfygw,f/
Import Sections
Import section (.idata) rSmawmh DLL uae import vkyfxm;wJh function awGtm;vHk;&JU
tcsuftvufawGyg0ifygw,f/ 'D tcsuftvufawGudk rsm;pGmaom data structure awGrSm odrf;qnf;xm;wm
yg/ olwdkUxJu ta&;tMuD;qHk;uawmh aemufydkif;rSmaqG;aEG;r,hf Import Directory eJU Import Address
Table wdkUjzpfygw,f/ tcsdKU executable zdkifawGrSm Bound_Import eJU Delay_Import directory wdkUvJ
&SdEdkifygw,f/ Delay_Import uawmh uRefawmfwdkUtwGuf odyfta&;rMuD;ygbl;/ 'gayr,fh Bound_Import
directory udkawmh aemufydkif;rSm aqG;aEG;rSm jzpfygw,f/
Windows loader &JUwm0efuawmh application u toHk;jyKwJh DLL awGxJutm;vHk;udk load
vkyfzdkUeJU olwdkUudk process address space tjzpf map vkyfay;zdkU jzpfygw,f/ 'ghjyif trsdK;rsdK;aom DLL
awGxJrSm&SdwJh import vkyfxm;wJh function awGtm;vHk;&JU address awGudk &SmazGzdkUvJjzpfjyD; load
vkyfcH&wJhtcsdefrSm executable twGuf toHk;jyKvdkU&atmifvJ vkyfay;ygw,f/
DLL wpfckxJu function awG&JU address awG[m static rjzpfygbl;/ 'gayr,fh DLL twGuf
updated version awGxGufvmcsdefrSmawmh ajymif;vJukefygw,f/ 'gaMumifh application awGudk
taotcsma&;om;xm;wJh function address awG toHk;jyKjyD; wnfaqmufvdkU r&Edkifawmhygbl;/
'DhtwGufaMumifh run aecsdefrSm executable zdkifwpfck&JUuk'fawGudk Mudrfzefrsm;pGm ajymif;vJrIvkyfp&mrvdkwJh
mechanism wpfckudk zefwD;zdkUvdktyfvmygw,f/ 'gudk Import Address Table (IAT) wpfcktoHk;jyKjyD;
ajz&Sif;Edkifygw,f/ 'g[m windows loader u DLL tjzpf load vkyfcsdefrSm jznfhqnf;ay;wJh function
address awGeJUqdkifwJh pointer awG&JU table wpfckomjzpfygw,f/
tcef;(8) -Cracker Test y&dk*&rfESifh yxrqHk; crack vkyfjcif;
rMumrDvmrnf/
tcef;(9) -Cracker rsm; owdxm;oifhaom Windows API rsm;
rMumrDvmrnf/
tcef;(10) -Packer (Protecter) rsm;
rMumrDvmrnf/
tcef;(11) -Visual Basic jzifh a&;om;xm;aom y&dk*&rfrsm;udk crack jcif;
rMumrDvmrnf/
tcef;(12) -Visual Dot.net jzifh a&;om;xm;aom y&dk*&rfrsm;udk crack jcif;
rMumrDvmrnf/
ActiveMark
ADD instruction
AND instruction
API
API redirection
Armadillo
array
ASCII
ASPack
ASProtect
assembler
Assembly
BadBoy
base address
base relocation table
binary
bit
bitwise operator
breakpoint
bypass
BYTE instruction
CALL instruction
carry flag
CDQ instruction
cell
cell address
character
checksum
class
CMP instruction
code segment
command
comment
compiler
conditional breakpoint
conditional jump
constant
CPU
crack
cracker
cracking
CrackMe
CRC
crypto
data segment
DB instruction
DD instruction
debug
debugger
DEC instruction
decimal
decompiler
decryption
delay import table
destination
disassembler
DIV instruction
dll
dongle
DOS header
DOS stub
double
driver
dump
dump window
DW instruction
DWORD instruction
EAX
EBP
EBX
ECX
EDI
EDX
EIP
encode
endian
entry point
EOP
EPROM
ESI
ESP
exe
executable
export table
extra segment
file alignment
fishing
flag
flag register
flat memory
float
FPU
freeware
FS
full version
function
GoodBoy
GS
handle
hardware breakpoint
hardware key
HASP
hexadecimal
HIEW
IAT
IDA
IDIV instruction
imagebase
immediate value
import table
INC instruction
index register
inline
inline patching
instruction
integrity check
interpret
interpreter
JNE instruction
jump
JZ instruction
kernel
keygen
KeygenMe
LARP
LEA instruction
link
linker
load configuration
loader
Luck007
MD5
memory
memory breakpoint
memory-mapped
MEW
MFK
Mimoza
mnemonic
module
MoleBox
Morphine
Mortal Team Crypter
MOV instruction
MOVX instruction
MPress
Mr Undetectable
MUL instruction
nag screen
NakedPacker
NeoLite
NOmeR1
nPack
NsPack
NTkrnl
Obsidium
octal
ocx
offset
Olly
opcode
Open Source Code Crypter
optional header
OR instruction
ordinary breakpoint
Orien
overflow flag
pack
packer
Packman
Pain Crew Protector
password
patch
PCGuard
PE file
PE header
PE signature
PE-Armour
PeBundle
PeCompact
PEDiminisher
PE-Lock
PeSpin
Pestil
Petite
pirate version
point to raw data
pointer
pointer register
polymorphic code
POP instruction
port
protector
PUSH instruction
QUADWORD instruction
queue
RAM
recursion
register
register
registration
registry
relocation table
resource
RET instruction
reverse engineering
reversing
rip
rotation
routine
RSA
RVA
SAL instruction
SAR instruction
section
section alignment
segment register
Sentinel
serial
SFX
shareware
shift
sign flag
signed
size of raw data
SLVc0deProtector
Smart Check
SoftICE
source
source code
stack
stack register
stack segment
stolen bytes
string
SUB instruction
tElock
TEST instruction
Themida
TimeDateStamp
TLS table
tracer
trial version
uncondition jump
UNICODE
uninitialized data
unpack
unpacker
unregistered
unsigned
virtual address
virtual memory
virtual size
WORD instruction
XCHG instruction
XOR instruction
zero flag
Crraacckkiinngg q
C qidk dki&f f&mm t
tiiw
f fwmmeeu
u0f f0u
ubf fbq
f fqu
dk dkufrfrssmm;;
(1) SND Team (Seek and Destroy)
http://www.tuts4you.com
(2) ARTeam
http://www.accessroot.com
(3) AORE (Art of Reverse Engineering)
http://www.at4re.com
(4) BiW Reversing
http://www.reversing.be
(5) Unpack Team (Chinese)
http://unpack.cn
http://www.cracktool.com
(6) Team ICU
http://www.teamicu.org
(7) AHTeam (Alien Hack)
http://www.ahteam.org
(8) RETeam (Reverse Engineering Team)
http://www.reteam.org
(9) True Team
http://www.lastepidemic.net/
(10) Cracking Tools (Russian)
http://www.cracklab.ru
(11) Cracking Tools (Chinese)
http://www.pediy.com
(12) Disassmebling Tools (Russian)
http://www.wasm.ru
(13) tjcm; Cracking qkdif&m0ufbq
f dkufrsm;
http://board.anticrack.de
http://www.secretashell.com/PEid/
http://www.alame.com/vb/
http://www.woodmann.com
http://reng.ru/board/
http://www.absolutelock.de
http://www.ibsensoftware.com
http://pro-hack.ru
http://azmoaore.reversedcode.com
http://www.securitylab.ru/tools/
(14) Cracked Version jzefUcsDaeaom0ufbfqdkufrsm;
http://www.appzworld.com
http://soft-best.net
http://0daycn.net
http://www.directdl.com
http://www.enfull.com
http://www.lugarus.com
http://www.megauploaded.com
http://www.rapidshared.org
http://www.9iv.com
http://www.ddlcentral.com
http://www.inethouse.com
http://www.freeserials.com
http://www.phazeddl.com
http://www.appzplanet.com
(15) Cracked Version jzefUcsDaeaomzdk&rfrsm;
http://www.projectxwarez.com
http://www.projectw.org
http://www.projectws.org
http://forumw.org
http://forum.ru
(16) y&dk*&rfa&;om;jcif;qdkif&m0ufbfqdkufrsm;
http://www.codeproject.com
http://www.functionx.com
http://www.ucancode.com
http://www.dreamincode.net
(17) Cracks? Serials ESifh Keygens jzefUcsDaeaom0ufbq
f dkufrsm;
http://www.crackteam.ws
http://keygen.us
http://www.allseek.info
http://www.anycracks.com
http://www.bestserials.com
http://www.crack-cd.com
http://www.crackspider.net
http://www.cracksportal.com
http://www.freeserials.com
http://www.icracks.net
http://www.mscracks.com
http://www.thebugs.ws
usrf;udk;
(1) Basic Rules of Cracking - ParaBytes
(2) Win32asm Tutorial - Thomax Bleeker
(3) Assembly for Beginners - The Cyborg
(4) Assembler : The Basics in Reversing - Lena151
(5) Assembly Tutorials - Ralph
(6) Win32 Assembler Coding for Crackers 1.1 - Goppit
(7) Disassembling Code: IDA Pro and SoftICE - Vlad Pirogov
(8) Portable Executable File Format - Goppit
(9) Disassembling Code: IDA Pro and SoftICE - Vlad Pirogov
(10) Reversing Tutorials (1-40) - Lena151
(11) Win32 Programmer Reference - Microsoft
(12) CrackProof Your Software - Pavol Cerven
(13) The Wikibook of Reverse Engineering
(14) The C Programming Language - Brian W. Kernighan & Dennis M. Ritchie
(15) Cracker Definition - ParaBytes
(16) PC Assembly Language - Paul A. Carter
(17) A Little Guide for Wannabe Reverser - Zephyrous
(18) The Wikibook of Reverse Engineering

Cracker Guide 1.0

Enviado por

Dados do documento

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Cracker Guide 1.0

Enviado por

Direitos autorais:

Formatos disponíveis

rmwdum

#include <stdio.h> /* 2nd C Program */

#include <stdio.h> /* 3rd C Program */

'Dwwd,ajrmuf y&dk*&rf[m 'kwd,y&dk*&rfeJU oabmcsif;wlygw,f/ bmaMumifh 'Dae&mrSm xyfxnfh

(1) yxryHkpHudkawmh tajctaewpfckck[m rSe^f rrSef qHk;jzwfwJhtcgrSm toHk;jyKygw,f/

(10) 5ckajrmuf C y&dk*&rf

while loop eJUywfoufwJh erlemy&dk*&rfudkawmh ra&;jyawmhygbl;/ bmaMumifhvJqdkawmh 'kwd,

+ (addition) Variable rsm; aygif;&mwGiftoHk;jyKonf/

(c) Unary operator

i++; (postincrement) Variable wefzdk;tm; wpfaygif;ay;onf/

yHkrSeftm;jzifhawmh olwdkUudk increment operator eJU decrement operator vdkU ac:a0:Muygw,f/

(C) Assignement operator

&& (AND) tajctaeESpfckpvHk;rSef&if tvkyfvkyfygw,f/

toHk;jyKyHkawGuawmh atmufygtwdkif; jzpfygw,f/

& (Bitwise AND)

toHk;jyKyHkuawmh atmufygtwdkif; jzpfygw,f/

AND OR XOR NOT

Source Bit 001100 1100110 1

&v'f 000101 1101101 0

'Dy&dk*&rfuawmh oif&dkufxnfhvdkufwJhpmom;rSm yg0ifwJh pmvHk;ta&twGufudk azmfjyjyD; owfrSwfxm;

strncpy(str1,str2,length) str2 rS owfrSwfxm;aomta&twGuftwdkif; pmom;rsm;udk str1 xJodkU ul;xnfhay;jcif;/

strcmp(str1,str2) str2 ESifh str1 wdkUudk EIdif;,SOfjcif;/

strcmpi(str1,str2) str2 ESifh str1 wdkUudk EIdif;,SOfjcif;/ (pmvHk;tMuD;tao;udk vspfvsL&I)

strlen(str) str \pmvHk;ta&twGufudk jyjcif;/

yHk(10)u y&dk*&rft&qdk&if strlen() function udk rdrdbmom rdrdzefwD;oGm;wm awGU&rSmyg/ wu,f

'Dy&dk*&rfuawmh jrefrmy&dk*&rfrmawmfawmfrsm;rsm; a&;avh&SdMuwJh password y&dk*&rfyg/ udD;bkwfu

zdkif function awmfawmfrsm;rsm;[m omref input/output vkyfwJh function awmfawmfrsm;rsm;eJU

C uk'f Assembly uk'f Raw output (hex)

'Dae&mrSm Assembly uk'f[m &dk;&dk;&Sif;&Sif;av;jzpfaewm owdjyKrdrSmyg/ Output uawmh C uk'fay:

low‐level bmompum; high‐level bmompum;

mov eax, 12345678h EAX = 12345678h (305419896)

mov cl, ah CL = 56h (86)

tay:rSma&;xm;wJhuk'fudk enf;enf;avmuf ppfaq;MunfhvdkufMu&atmif/ MOV instruction [m

EAX (Accumulator) ocsFmqdkif&mudpörsm;ESifh string rsm;udk odrf;qnf;&efoHk;onf/

EBX (Base) stack rsm;ESifh csdwfquf&mwGif oHk;onf/

ECX (Counter) *Pef;rsm;aygif;&mwGif oHk;onf/

EDX (Data) trsm;tm;jzifh ocsFmpm;v'frS t<uif;udk odrf;qnf;onf/

CS (Code segment) uk'frsm;udk odrf;qnf;xm;aom rSwfOmPftuefU

DS (Data Segment) tcsuftvufrsm;udk odrf;qnf;xm;aom rSwfOmPftuefU

ES (Extra Segment) AGD'D,dkudpö&yfrsm;twGuf toHk;rsm;onf/

FS (286+) taxGaxGoHk; segment

GS (386+) taxGaxGoHk; segment

esi (source index) string/array \ source udk owfrSwf&mwGifoHk;onf/

edi (destination index) string/array \ destination udk owfrSwf&mwGifoHk;onf/

eip aemuf instruction \ address udk odrf;xm;aomaMumifh wdkuf&dkuf

esp (stack pointer) stack rS wdusaom ae&mwpfckudk nTefjyonf/

ebp (base pointer) stack udpörsm;aqmif&Guf&ef stack pointer ESifh wGJokH;onf/

SEGMENT 1 SEGMENT 2 SEGMENT 3 SEGMENT

rSwfxm;&rSmu ckuRefawmf&Sif;jyaewm[m 16-bit y&dk*&rfawGtwGuf jzpfygw,f/ tay:uZ,m;u

Offset 1 Offset 2 Offset 3 Offset 4 Offset 5 and so on

Segment xJu ae&mwpfckudk nTef;csifw,fqdk&ifawmh offset udk toHk;jyKygw,f/ Offset qdkwm

ay;xm;wJhtrnfawG[m olwdkU&JU vkyfaqmifcsufudk,fpDudk azmfjyygw,f/ CS rSm vuf&Sdtvkyfvkyf

'D instruction udkawmh wefzdk;wpfckudk wpfae&muae aemufwpfae&mudk a&TUzdkU (ul;zdkU) toHk;jyKyg

(tuefUwpfckpDonf (byte) pmvHk;wpfvHk;udk udk,fpm;jyKonf/ )

Opcode awmfawmfrsm;rsm;[m wGufcsufrIawG jyKvkyfMuygw,f/ oifhtaeeJU olwdkU&JUtrnfawmfawmf

Destination Source Example

Register Register add ecx, edx

Register Immediate value add eax, 102

Memory Immediate value add dword ptr [401231h], 80

Memory Register add dword ptr [401231h], edx

'D instruction [m tvGef&dk;&Sif;ygw,f/ ol[m source &JUwefzdk;ukd&,ljyD; destination wefzdk;qDoGm;

Source t&G,ftpm; pm;jcif; pm;v'f t<uif;

BYTE (8-bits) ax / source AL AH

WORD (16-bits) dx:ax* / source AX DX

'Dwwd,ajrmuf y&dk&rf[m 'kwd,y&dk&rfeJU oabmcsif;wlygw,f/ bmaMumifh 'Dae&mrSm xyfxnfh

'Dy&dk&rfuawmh jrefrmy&dk&rfrmawmfawmfrsm;rsm; a&;avh&SdMuwJh password y&dk*&rfyg/ udD;bkwfu