-
-
[讨论]脱壳的艺术 部分翻译
-
发表于: 2010-6-20 18:24
-
译文:
概述:脱壳是一门艺术,它绝对是对你智力上的一种挑战,有的老外把它比作是逆向工程
领域中最令人兴奋思维游戏之一。(感觉这个比喻挺别扭的,呵呵。)一般而言,搞逆向
的哥们必须要了解一定的操作系统内核的知识才能弄懂一些壳中运用的牛逼的反逆向技术
。耐心和头脑是决定你能否脱壳成功的至关重要的两个因素。脱壳其实是个统称,它涉及
到两个方面,一是写壳,一是把写出来的壳给脱掉。
我写这篇文章的首要目的是想和大家探讨一下壳中运用的反逆向技术、分享一些在逆向工
程中用到的工具。对于那些搞研究的,尤其是那些分析恶意代码的哥们,当你被壳中的一
些反逆向代码迷惑的时候,看一下这篇文章吧!你一会从中受益的。其次,我公布了这篇
文章之后,一些更高级的壳就会被开发出来并被运用到软件当中来减慢软件被逆向的速度
。当然了,如果你是一个技术牛逼、知识面广、意志坚定的人,我相信,即使有更高级的
壳出来,对你也是小菜一碟吧 。
关键字: 逆向工程 壳 软件保护 反调试 反逆向
在逆向工程这个领域中,最有意思的事情之一莫过于脱壳了,在这个过程中,你可以获得更
多关于操作系统内核 逆向技巧 及一些工具使用技巧等知识.
壳(本文章中用到的壳是一个总称,既包括保护壳也包括压缩壳)是用来保护可执行文件
不被分析,一些公司是为了防止软件信息泄露 软件被篡改和盗版才在软件中加入了壳.
不过,悲剧的是,出于同样的目的许多恶意的代码也加了壳.
由于大量加壳恶意代码的出现,搞逆向的哥们也被迫研究脱壳技术了,因为只有脱了壳
才能进行更好的分析。 随着时间的推移 新的反逆向技术被频繁的运用到壳中
来干扰脱壳。 如此往复循环, 新的反逆向技术被开发出来,逆向的哥们也不示弱
也发展他们的脱壳技术并开放一些工具来应战.
原文:
Abstract: Unpacking is an art—it is a mental challenge and is one of the most
exciting mind games in the reverse engineering field. In some cases, the
reverser needs to know the internals of the operating system in order to
identify or solve very difficult anti-reversing tricks
employed by packers/protectors, patience and cleverness are also major
factors in a successful unpack. This challenge involves researchers creating
the packers and on the other side, the researchers that are determined to
bypass these protections.
The main purpose of this paper is to present anti-reversing techniques employed by executable packers/protectors and also discusses techniques and publicly available tools that can be used to bypass or disable this protections. This information will allow researchers, especially, malcode analysts to identify these techniques when utilized by packed malicious code, and then be able decide the next move when these anti-reversing techniques impede successful analysis. As a secondary purpose, the information presented can also be used by researchers that are planning to add some level of protection in their software by slowing down reversers from analyzing their protected code, but of course, nothing will stop a skilled, informed, and determined reverser.
Keywords: reverse engineering, packers, protectors, anti-debugging, anti reversing
In the reverse engineering field, packers are one of the most interesting
puzzles to solve. In the process of solving these puzzles, the reverser gains
more knowledge about a lot of things such operating system internals,
reversing tricks, tools and techniques. Packers (the term used in this paper
for both compressors and protectors) are created to protect an executable from analysis. They are used legitimately by commercial applications to prevent information disclosure, tampering and piracy. Unfortunately, malcodes also use packers for the same reasons but for a malicious purpose.
Due to a large number of packed malcode, researchers and malcode analysts
started to develop the skills to unpack samples for analysis. However, as time goes by, new anti-reversing techniques are constantly added into packers to prevent reversers from analyzing the protected executable and preventing a successful unpack. And the cycle goes on - new anti-reversing techniques are developed while reversers on the other side of the fence develop the skills, techniques, and tools to defeat them.
最近想翻译一些外文资料,由于本人是新手 ,所以先找个练手的资料 在外文区找了半天精华
发现了一篇 《脱壳的艺术》,已经又大牛翻译过了,如果我翻译过程中遇到不懂的也可以参考一下大牛的文章 呵呵
我只翻译了一部分,我对翻译的理解是 没必要一字一句的翻译,在保证文章意思不变的情况下
完全可以加入自己的话润色一下 这样使文章不再生硬,阅读起来也更爽一些,现在按照这个原则
翻译出来一部分 ,欢迎大家批评指正!
概述:脱壳是一门艺术,它绝对是对你智力上的一种挑战,有的老外把它比作是逆向工程
领域中最令人兴奋思维游戏之一。(感觉这个比喻挺别扭的,呵呵。)一般而言,搞逆向
的哥们必须要了解一定的操作系统内核的知识才能弄懂一些壳中运用的牛逼的反逆向技术
。耐心和头脑是决定你能否脱壳成功的至关重要的两个因素。脱壳其实是个统称,它涉及
到两个方面,一是写壳,一是把写出来的壳给脱掉。
我写这篇文章的首要目的是想和大家探讨一下壳中运用的反逆向技术、分享一些在逆向工
程中用到的工具。对于那些搞研究的,尤其是那些分析恶意代码的哥们,当你被壳中的一
些反逆向代码迷惑的时候,看一下这篇文章吧!你一会从中受益的。其次,我公布了这篇
文章之后,一些更高级的壳就会被开发出来并被运用到软件当中来减慢软件被逆向的速度
。当然了,如果你是一个技术牛逼、知识面广、意志坚定的人,我相信,即使有更高级的
壳出来,对你也是小菜一碟吧 。
关键字: 逆向工程 壳 软件保护 反调试 反逆向
在逆向工程这个领域中,最有意思的事情之一莫过于脱壳了,在这个过程中,你可以获得更
多关于操作系统内核 逆向技巧 及一些工具使用技巧等知识.
壳(本文章中用到的壳是一个总称,既包括保护壳也包括压缩壳)是用来保护可执行文件
不被分析,一些公司是为了防止软件信息泄露 软件被篡改和盗版才在软件中加入了壳.
不过,悲剧的是,出于同样的目的许多恶意的代码也加了壳.
由于大量加壳恶意代码的出现,搞逆向的哥们也被迫研究脱壳技术了,因为只有脱了壳
才能进行更好的分析。 随着时间的推移 新的反逆向技术被频繁的运用到壳中
来干扰脱壳。 如此往复循环, 新的反逆向技术被开发出来,逆向的哥们也不示弱
也发展他们的脱壳技术并开放一些工具来应战.
原文:
Abstract: Unpacking is an art—it is a mental challenge and is one of the most
exciting mind games in the reverse engineering field. In some cases, the
reverser needs to know the internals of the operating system in order to
identify or solve very difficult anti-reversing tricks
employed by packers/protectors, patience and cleverness are also major
factors in a successful unpack. This challenge involves researchers creating
the packers and on the other side, the researchers that are determined to
bypass these protections.
The main purpose of this paper is to present anti-reversing techniques employed by executable packers/protectors and also discusses techniques and publicly available tools that can be used to bypass or disable this protections. This information will allow researchers, especially, malcode analysts to identify these techniques when utilized by packed malicious code, and then be able decide the next move when these anti-reversing techniques impede successful analysis. As a secondary purpose, the information presented can also be used by researchers that are planning to add some level of protection in their software by slowing down reversers from analyzing their protected code, but of course, nothing will stop a skilled, informed, and determined reverser.
Keywords: reverse engineering, packers, protectors, anti-debugging, anti reversing
In the reverse engineering field, packers are one of the most interesting
puzzles to solve. In the process of solving these puzzles, the reverser gains
more knowledge about a lot of things such operating system internals,
reversing tricks, tools and techniques. Packers (the term used in this paper
for both compressors and protectors) are created to protect an executable from analysis. They are used legitimately by commercial applications to prevent information disclosure, tampering and piracy. Unfortunately, malcodes also use packers for the same reasons but for a malicious purpose.
Due to a large number of packed malcode, researchers and malcode analysts
started to develop the skills to unpack samples for analysis. However, as time goes by, new anti-reversing techniques are constantly added into packers to prevent reversers from analyzing the protected executable and preventing a successful unpack. And the cycle goes on - new anti-reversing techniques are developed while reversers on the other side of the fence develop the skills, techniques, and tools to defeat them.
最近想翻译一些外文资料,由于本人是新手 ,所以先找个练手的资料 在外文区找了半天精华
发现了一篇 《脱壳的艺术》,已经又大牛翻译过了,如果我翻译过程中遇到不懂的也可以参考一下大牛的文章 呵呵
我只翻译了一部分,我对翻译的理解是 没必要一字一句的翻译,在保证文章意思不变的情况下
完全可以加入自己的话润色一下 这样使文章不再生硬,阅读起来也更爽一些,现在按照这个原则
翻译出来一部分 ,欢迎大家批评指正!
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
