[source]
쿠키 변조를 할 수 있는지를 물어보는 문제이다.
Cooxie Toolbar라는 쿠키 변조 프로그램을 이용해서 쿠키가 5초과 이면서 6미만인 값으로 쿠키 user_lv를 변조해주면 되는 문제다.
즉, float 형식으로 user_lv 값을 넣어주면 된다.
[clear]
| 회원가입 문제 (0) | 2015.10.11 |
|---|
Webhacking.kr 회원 가입이다.
웹해킹 사이트라 그런지 회원 가입부터 문제이다.
메인 홈페이지를 살펴보면 회원가입 버튼은 존재하지 않고 Login 밖에 존재하지 않는다.
개발자도구를 사용해서 메인 홈페이지를 살펴보면
Register 버튼이 주석 처리 되어있는 것을 확인할 수 있다.
따라서 주석을 지워주면,
Register 버튼이 나타남을 확인할 수 있다.
Register 버튼을 눌러 진입하면,
ID/PW/EMAIL/Decode_Me를 확인할 수 있다.
여기서 Decode_Me 박스안에있는 값을 복호화 하지않고 Submit하게 되면 Wrong페이지로 넘어가기 때문에
암호를 해독해주어야 회원가입에 성공할 수 있다.
위의 암호문은 Base64로 암호화된 String이다.
Base64 암호문의 특징은 의미가 있어보이는 String, String의 끝에 =/==이 붙는다는 점이다.
웹으로 지원하는 Base64 deceoder를 사용하여 몇차례 반복하다보면 의미가 있는 값이 나타나게 된다.
그 값을 넣어준뒤 Submit 하게되면 회원가입에 성공하게 된다.
[Success]
| prob1 (0) | 2015.10.11 |
|---|
headers.h ,codes.h에 선언된 내용들 끌어와 machine, subsystem, Characteristics에
상황에 맞게 값이 들어가도록 case 선언해주는 부분이다
실질적으로 끌어와서 써주는 부분이라 PE manual에서 reserved로 선언된 부분이 있는데
그부분을 볼수있다
어제도 포스팅 하면서 말햇지만 확실히 이번에 본 소스가 예전에 봣던 소스보다 훨씬 낫다 ㅡㅡ ;
#ifndef UTILS_H_
#define UTILS_H_
#include <math.h>
#include “header.h”
#include “codes.h”
//machine type case 문
char* read_machine_type(PE_Header* pe_head)
{
switch(pe_head->Machine)
{
case 0x0:
return IMAGE_FILE_MACHINE_UNKNOWN;
break;
case 0x1d3:
return IMAGE_FILE_MACHINE_AM33;
break;
case -31132:
return IMAGE_FILE_MACHINE_AMD64;
break;
case 0x1c0:
return IMAGE_FILE_MACHINE_ARM;
break;
case 0x1c4:
return IMAGE_FILE_MACHINE_ARMNT;
break;
case 0xaa64:
return IMAGE_FILE_MACHINE_ARM64;
break;
case 0xebc:
return IMAGE_FILE_MACHINE_EBC;
break;
case 0x14c:
return IMAGE_FILE_MACHINE_I386;
break;
case 0x200:
return IMAGE_FILE_MACHINE_IA64;
break;
case 0x9041:
return IMAGE_FILE_MACHINE_M32R;
break;
case 0x266:
return IMAGE_FILE_MACHINE_MIPS16;
break;
case 0x366:
return IMAGE_FILE_MACHINE_MIPSFPU;
break;
case 0x466:
return IMAGE_FILE_MACHINE_MIPSFPU16;
break;
case 0x1f0:
return IMAGE_FILE_MACHINE_POWERPC;
break;
case 0x1f1:
return IMAGE_FILE_MACHINE_POWERPCFP;
break;
case 0x166:
return IMAGE_FILE_MACHINE_R4000;
break;
case 0x1a2:
return IMAGE_FILE_MACHINE_SH3;
break;
case 0x1a3:
return IMAGE_FILE_MACHINE_SH3DSP;
break;
case 0x1a6:
return IMAGE_FILE_MACHINE_SH4;
break;
case 0x1a8:
return IMAGE_FILE_MACHINE_SH5;
break;
case 0x1c2:
return IMAGE_FILE_MACHINE_THUMB;
break;
case 0x169:
return IMAGE_FILE_MACHINE_WCEMIPSV2;
break;
default:
return "...";
break;
}
}
//subsystem case문
char* read_windows_subsystem_pe32(PE_Optional_Header* pe_opt_head)
{
switch(pe_opt_head->Subsystem)
{
case 0:
return IMAGE_SUBSYSTEM_UNKNOWN;
break;
case 1:
return IMAGE_SUBSYSTEM_NATIVE;
break;
case 2:
return IMAGE_SUBSYSTEM_WINDOWS_GUI;
break;
case 3:
return IMAGE_SUBSYSTEM_WINDOWS_CUI;
break;
case 7:
return IMAGE_SUBSYSTEM_POSIX_CUI;
break;
case 9:
return IMAGE_SUBSYSTEM_WINDOWS_CE_GUI;
break;
case 10:
return IMAGE_SUBSYSTEM_EFI_APPLICATION;
break;
case 11:
return IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER;
break;
case 12:
return IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER;
break;
case 13:
return IMAGE_SUBSYSTEM_EFI_ROM;
break;
case 14:
return IMAGE_SUBSYSTEM_XBOX;
break;
default:
return "...";
break;
}
}
//64bit의 subsystem case문
char* read_windows_subsystem_pe32_plus(PE_Optional_Header_Plus* pe_opt_head)
{
switch(pe_opt_head->Subsystem)
{
case 0:
return "IMAGE_SUBSYSTEM_UNKNOWN";
break;
case 1:
return "IMAGE_SUBSYSTEM_NATIVE";
break;
case 2:
return "IMAGE_SUBSYSTEM_WINDOWS_GUI";
break;
case 3:
return "IMAGE_SUBSYSTEM_WINDOWS_CUI";
break;
case 7:
return "IMAGE_SUBSYSTEM_POSIX_CUI";
break;
case 9:
return "IMAGE_SUBSYSTEM_WINDOWS_CE_GUI";
break;
case 10:
return "IMAGE_SUBSYSTEM_EFI_APPLICATION";
break;
case 11:
return "IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER";
break;
case 12:
return "IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER";
break;
case 13:
return "IMAGE_SUBSYSTEM_EFI_ROM";
break;
case 14:
return "IMAGE_SUBSYSTEM_XBOX";
break;
default:
return "...";
break;
}
}
int* read_characteristics(PE_Header* pe_head)
{
int* flags = (int*)malloc(16);
int i = 0 ;
int is_set = 0 ;
for(i=0;i<16;i++)
{
if((pe_head->Characteristics & (1 << i)) == (1 << i))
{
flags[i] = 1;
}
}
return flags;
}
void print_characteristics(int* flags)
{
if(flags[(int)log2(CHARACTERISTICS_RELOCS_STRIPPED)] == 1)
{
printf(IMAGE_FILE_RELOCS_STRIPPED);
printf("\n");
}
if(flags[(int)log2(CHARACTERISTICS_EXECUTABLE_IMAGE)] == 1)
{
printf(IMAGE_FILE_EXECUTABLE_IMAGE);
printf("\n");
}
if(flags[(int)log2(CHARACTERISTICS_LINE_NUMS_STRIPPED)] == 1)
{
printf(IMAGE_FILE_LINE_NUMS_STRIPPED);
printf("\n");
}
if(flags[(int)log2(CHARACTERISTICS_LOCAL_SYMS_STRIPPED)] == 1)
{
printf(IMAGE_FILE_LOCAL_SYMS_STRIPPED);
printf("\n");
}
if(flags[(int)log2(CHARACTERISTICS_AGGRESSIVE_WS_TRIM)] == 1)
{
printf(IMAGE_FILE_AGGRESSIVE_WS_TRIM);
printf("\n");
}
if(flags[(int)log2(CHARACTERISTICS_LARGE_ADDRESS_AWARE)] == 1)
{
printf(IMAGE_FILE_LARGE_ADDRESS_AWARE);
printf("\n");
}
if(flags[(int)log2(CHARACTERISTICS_reserved)] == 1)
{
printf("(reserved)\n");
}
if(flags[(int)log2(CHARACTERISTICS_BYTES_REVERSED_LO)] == 1)
{
printf(IMAGE_FILE_BYTES_REVERSED_LO);
printf("\n");
}
if(flags[(int)log2(CHARACTERISTICS_32BIT_MACHINE)] == 1)
{
printf(IMAGE_FILE_32BIT_MACHINE);
printf("\n");
}
if(flags[(int)log2(CHARACTERISTICS_DEBUG_STRIPPED)] == 1)
{
printf(IMAGE_FILE_DEBUG_STRIPPED);
printf("\n");
}
if(flags[(int)log2(CHARACTERISTICS_REMOVABLE_RUN_FROM_SWAP)] == 1)
{
printf(IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP);
printf("\n");
}
if(flags[(int)log2(CHARACTERISTICS_NET_RUN_FROM_SWAP)] == 1)
{
printf(IMAGE_FILE_NET_RUN_FROM_SWAP);
printf("\n");
}
if(flags[(int)log2(CHARACTERISTICS_SYSTEM)] == 1)
{
printf(IMAGE_FILE_SYSTEM);
printf("\n");
}
if(flags[(int)log2(CHARACTERISTICS_DLL)] == 1)
{
printf(IMAGE_FILE_DLL);
printf("\n");
}
if(flags[(int)log2(CHARACTERISTICS_UP_SYSTEM_ONLY)] == 1)
{
printf(IMAGE_FILE_UP_SYSTEM_ONLY);
printf("\n");
}
if(flags[(int)log2(CHARACTERISTICS_BYTES_REVERSED_HI)] == 1)
{
printf(IMAGE_FILE_BYTES_REVERSED_HI);
printf("\n");
}
//free(flags); // free the heap memory we declared in read_characteristics
}
int* read_dll_characteristics_pe32(PE_Optional_Header* pe_opt_head)
{
int* flags = (int*)malloc(16);
int i = 0;
int is_set = 0;
for(i=0;i<16;i++)
{
if((pe_opt_head->DllCharacteristics & (1 << i)) == (1 << i))
{
flags[i] = 1;
}
}
return flags;
}
int* read_dll_characteristics_pe32_plus(PE_Optional_Header_Plus* pe_opt_head)
{
int* flags = (int*)malloc(16);
int i = 0;
int is_set = 0;
for(i=0;i<16;i++)
{
if((pe_opt_head->DllCharacteristics & (1 << i)) == (1 << i))
{
flags[i] = 1;
}
}
return flags;
}
void print_dll_characteristics(int* flags)
{
if(flags[(int)log2(DLLCHARACTERISTICS_reserved1)] == 1)
{
printf("(reserved)\n");
}
if(flags[(int)log2(DLLCHARACTERISTICS_reserved2)] == 1)
{
printf("(reserved)\n");
}
if(flags[(int)log2(DLLCHARACTERISTICS_reserved3)] == 1)
{
printf("(reserved)\n");
}
if(flags[(int)log2(DLLCHARACTERISTICS_reserved4)] == 1)
{
printf("(reserved)\n");
}
if(flags[(int)log2(DLLCHARACTERISTICS_DYNAMIC_BASE)] == 1)
{
printf(IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE);
printf("\n");
}
if(flags[(int)log2(DLLCHARACTERISTICS_FORCE_INTEGRITY)] == 1)
{
printf(IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY);
printf("\n");
}
if(flags[(int)log2(DLLCHARACTERISTICS_NX_COMPAT)] == 1)
{
printf(IMAGE_DLLCHARACTERISTICS_NX_COMPAT);
printf("\n");
}
if(flags[(int)log2(DLLCHARACTERISTICS_NO_ISOLATION)] == 1)
{
printf(IMAGE_DLLCHARACTERISTICS_NO_ISOLATION);
printf("\n");
}
if(flags[(int)log2(DLLCHARACTERISTICS_NO_SEH)] == 1)
{
printf(IMAGE_DLLCHARACTERISTICS_NO_SEH);
printf("\n");
}
if(flags[(int)log2(DLLCHARACTERISTICS_NO_BIND)] == 1)
{
printf(IMAGE_DLLCHARACTERISTICS_NO_BIND);
}
if(flags[(int)log2(DLLCHARACTERISTICS_reserved5)] == 1)
{
printf("(reserved)\n");
}
if(flags[(int)log2(DLLCHARACTERISTICS_WDM_DRIVER)] == 1)
{
printf(IMAGE_DLLCHARACTERISTICS_WDM_DRIVER);
printf("\n");
}
if(flags[(int)log2(DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE)] == 1)
{
printf(IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE);
printf("\n");
}
//free(flags); // free the heap memory we declared in read_dll_characteristics
}
#endif // UTILS_H_
| (PEViewer) codes.h (0) | 2015.06.01 |
|---|---|
| (PEViewer)headers.h (0) | 2015.06.01 |
| (PEViewer)Main.c (0) | 2015.05.31 |
| PE viewer 다시 만들어보기 (0) | 2015.05.31 |
// PE view [codes.h]
// PE 에서 특정 값을 가져야하는 Machine, flag, characteristics ,subsystem에서 사용하는 값들에 대한 값들을 선언해둠
//딱히 이 부분은 일일이 타이핑해볼 이유가 없을것 같아 COPY &PASTE 하였다 ..
//예전에 따라가본 소스코드는 구간이 명확하지 않아서 main부분이 좀많이 복잡햇는데 이번에 따라가보는 코드는
// 예전꺼에 비해 구간이 딱딱 떨어져 있어서 이해하기가 굉장히 쉽다 ( ㄱㅇㄷ )
//PE machine type code
#define IMAGE_FILE_MACHINE_UNKNOWN "IMAGE_FILE_MACHINE_UNKNOWN"
#define IMAGE_FILE_MACHINE_AM33 "IMAGE_FILE_MACHINE_AM33"
#define IMAGE_FILE_MACHINE_AMD64 "IMAGE_FILE_MACHINE_AMD64"
#define IMAGE_FILE_MACHINE_ARM "IMAGE_FILE_MACHINE_ARM"
#define IMAGE_FILE_MACHINE_ARMNT "IMAGE_FILE_MACHINE_ARMNT"
#define IMAGE_FILE_MACHINE_ARM64 "IMAGE_FILE_MACHINE_ARM64"
#define IMAGE_FILE_MACHINE_EBC "IMAGE_FILE_MACHINE_EBC"
#define IMAGE_FILE_MACHINE_I386 "IMAGE_FILE_MACHINE_I386"
#define IMAGE_FILE_MACHINE_IA64 "IMAGE_FILE_MACHINE_IA64"
#define IMAGE_FILE_MACHINE_M32R "IMAGE_FILE_MACHINE_M32R"
#define IMAGE_FILE_MACHINE_MIPS16 "IMAGE_FILE_MACHINE_MIPS16"
#define IMAGE_FILE_MACHINE_MIPSFPU "IMAGE_FILE_MACHINE_MIPSFPU"
#define IMAGE_FILE_MACHINE_MIPSFPU16 "IMAGE_FILE_MACHINE_MIPSFPU16"
#define IMAGE_FILE_MACHINE_POWERPC "IMAGE_FILE_MACHINE_POWERPC"
#define IMAGE_FILE_MACHINE_POWERPCFP "IMAGE_FILE_MACHINE_POWERPCFP"
#define IMAGE_FILE_MACHINE_R4000 "IMAGE_FILE_MACHINE_R4000"
#define IMAGE_FILE_MACHINE_SH3 "IMAGE_FILE_MACHINE_SH3"
#define IMAGE_FILE_MACHINE_SH3DSP "IMAGE_FILE_MACHINE_SH3DSP"
#define IMAGE_FILE_MACHINE_SH4 "IMAGE_FILE_MACHINE_SH4"
#define IMAGE_FILE_MACHINE_SH5 "IMAGE_FILE_MACHINE_SH5"
#define IMAGE_FILE_MACHINE_THUMB "IMAGE_FILE_MACHINE_THUMB"
#define IMAGE_FILE_MACHINE_WCEMIPSV2 “IMAGE_FILE_MACHINE_WCEMIPSV2"
//PE characteristics codes
#define IMAGE_FILE_RELOCS_STRIPPED "IMAGE_FILE_RELOCS_STRIPPED"
#define IMAGE_FILE_EXECUTABLE_IMAGE "IMAGE_FILE_EXECUTABLE_IMAGE"
#define IMAGE_FILE_LINE_NUMS_STRIPPED "IMAGE_FILE_NUMS_STRIPPED"
#define IMAGE_FILE_LOCAL_SYMS_STRIPPED "IMAGE_FILE_SYMS_STRIPPED"
#define IMAGE_FILE_AGGRESSIVE_WS_TRIM "IMAGE_FILE_AGGRESSIVE_WS_TRIM"
#define IMAGE_FILE_LARGE_ADDRESS_AWARE "IMAGE_FILE_LARGE_ADDRESS_AWARE"
#define IMAGE_FILE_BYTES_REVERSED_LO "IMAGE_FILE_BYTES_REVERSED_LO"
#define IMAGE_FILE_32BIT_MACHINE "IMAGE_FILE_32BIT_MACHINE"
#define IMAGE_FILE_DEBUG_STRIPPED "IMAGE_FILE_DEBUG_STRIPPED"
#define IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP "IMAGE_FILE_REMOVEABLE_RUN_FROM_SWAP"
#define IMAGE_FILE_NET_RUN_FROM_SWAP "IMAGE_FILE_NET_RUN_FROM_SWAP"
#define IMAGE_FILE_SYSTEM "IMAGE_FILE_SYSTEM"
#define IMAGE_FILE_DLL "IMAGE_FILE_DLL"
#define IMAGE_FILE_UP_SYSTEM_ONLY "IMAGE_FILE_UP_SYSTEM_ONLY"
#define IMAGE_FILE_BYTES_REVERSED_HI “IMAGE_FILE_BYTES_REVERSED_HI"
//subsystem code
#define IMAGE_SUBSYSTEM_UNKNOWN "IMAGE_SUBSYSTEM_UNKNOWN"
#define IMAGE_SUBSYSTEM_NATIVE "IMAGE_SUBSYSTEM_NATIVE"
#define IMAGE_SUBSYSTEM_WINDOWS_GUI "IMAGE_SUBSYSTEM_WINDOWS_GUI"
#define IMAGE_SUBSYSTEM_WINDOWS_CUI "IMAGE_SUBSYSTEM_WINDOWS_CUI"
#define IMAGE_SUBSYSTEM_POSIX_CUI "IMAGE_SUBSYSTEM_POXIS_CUI"
#define IMAGE_SUBSYSTEM_WINDOWS_CE_GUI "IMAGE_SUBSYSTEM_WINDOWS_CE_GUI"
#define IMAGE_SUBSYSTEM_EFI_APPLICATION "IMAGE_SUBSYSTEM_EFI_APPLICATION"
#define IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER "IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER"
#define IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER "IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER"
#define IMAGE_SUBSYSTEM_EFI_ROM "IMAGE_SUBSYSTEM_EFI_ROM"
#define IMAGE_SUBSYSTEM_XBOX "IMAGE_SUBSYSTEM_XBOX"
// characteristics flag
#define CHARACTERISTICS_RELOCS_STRIPPED 0x0001
#define CHARACTERISTICS_EXECUTABLE_IMAGE 0x0002
#define CHARACTERISTICS_LINE_NUMS_STRIPPED 0x0004
#define CHARACTERISTICS_LOCAL_SYMS_STRIPPED 0x0008
#define CHARACTERISTICS_AGGRESSIVE_WS_TRIM 0x0010
#define CHARACTERISTICS_LARGE_ADDRESS_AWARE 0x0020
#define CHARACTERISTICS_reserved 0x0040
#define CHARACTERISTICS_BYTES_REVERSED_LO 0x0080
#define CHARACTERISTICS_32BIT_MACHINE 0x0100
#define CHARACTERISTICS_DEBUG_STRIPPED 0x0200
#define CHARACTERISTICS_REMOVABLE_RUN_FROM_SWAP 0x0400
#define CHARACTERISTICS_NET_RUN_FROM_SWAP 0x0800
#define CHARACTERISTICS_SYSTEM 0x1000
#define CHARACTERISTICS_DLL 0x2000
#define CHARACTERISTICS_UP_SYSTEM_ONLY 0x4000
#define CHARACTERISTICS_BYTES_REVERSED_HI 0x8000
//characteristics code
#define IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE "IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE"
#define IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY "IMAGE_DLL_CHARACTERISTICS_FORCE_INTEGRITY"
#define IMAGE_DLLCHARACTERISTICS_NX_COMPAT "IMAGE_DLL_CHARACTERISTICS_NX_COMPAT"
#define IMAGE_DLLCHARACTERISTICS_NO_ISOLATION "IMAGE_DLLCHARACTERISTICS_NO_ISOLATION"
#define IMAGE_DLLCHARACTERISTICS_NO_SEH "IMAGE_DLLCHARACTERISTICS_NO_SEH"
#define IMAGE_DLLCHARACTERISTICS_NO_BIND "IMAGE_DLLCHARACTERISTICS_NO_BIND"
#define IMAGE_DLLCHARACTERISTICS_WDM_DRIVER "IMAGE_DLLCHARACTERISTICS_WDM_DRIVER"
#define IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE “IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE"
//DLL characteristics flag
#define DLLCHARACTERISTICS_reserved1 0x0001
#define DLLCHARACTERISTICS_reserved2 0x0002
#define DLLCHARACTERISTICS_reserved3 0x0004
#define DLLCHARACTERISTICS_reserved4 0x0008
#define DLLCHARACTERISTICS_DYNAMIC_BASE 0x0040
#define DLLCHARACTERISTICS_FORCE_INTEGRITY 0x0080
#define DLLCHARACTERISTICS_NX_COMPAT 0x0100
#define DLLCHARACTERISTICS_NO_ISOLATION 0x0200
#define DLLCHARACTERISTICS_NO_SEH 0x0400
#define DLLCHARACTERISTICS_NO_BIND 0x0800
#define DLLCHARACTERISTICS_reserved5 0x1000
#define DLLCHARACTERISTICS_WDM_DRIVER 0x2000
#define DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE 0x8000
#endif // CODES_H_
| (PEViewer)utils.h (0) | 2015.06.02 |
|---|---|
| (PEViewer)headers.h (0) | 2015.06.01 |
| (PEViewer)Main.c (0) | 2015.05.31 |
| PE viewer 다시 만들어보기 (0) | 2015.05.31 |
// PE view [headers.h]
말그대로 헤더부분이여서 딱히 특별한 부분은 없다.. 원래 개발자도 intel 에서 제공하는 PE 메뉴얼을 보고 사이즈들을 지정해준것 같고, main부분에서 PE32 / PE32+(64bit)를 나눠주엇기 때문에 , 좀더 편하게 하기위해서 헤더부분에서도 32 비트와 64비트의 PE의 파라메터들을 각각 선언해 준것 같다.
#ifndef HEADERS_H_
#define HEADERS_H_
typedef struct PE_Header // IMAGE_FILE_HEADER
{
char sig[4 * sizeof(char)];
short Machine;
short NumberOfSections;
int TimeDateStamp;
int PointerToSymbolTable;
int NumberOfSymbols;
short SIzeOfOptionalHeader;
short Characteristics;
} PE_Header;
typedef struct PE_Optional_Header //32bit
{
short Magic;
char MajorLinkerVersion;
char MinorLinkerVersion;
int SizeOfCode;
int SizeOfinitializedData;
int SizeOfUninitializedData;
int AddressOfEntryPoint;
int BaseOfCode;
int BaseOfData;
//Windows-Specific
int ImageBase;
int SectionAlignment;
int FileAlignment;
short MajorOperationSystemVersion;
short MinorOperationSystemVersion;
short MajorImageVersion;
short MinorImageVersion;
short MajorSubsystemVersion;
short MinorSubsystemVersion;
int Win32VersionValue;
int SizeOfImage;
int SizeOfHeaders;
int Checksum;
short Subsystem;
short DllCharacteristics;
int SizeOfStackReserve;
int SizeOfStackCommit;
int SizeOfHeapReserve;
int SizeOfHeapCommit;
int LoaderFlags;
int NumberOfRvaAndSIzes;
//Data_Directory
long ExportTable;
long ImportTable;
long ResourceTable;
long ExceptionTable;
long CertificateTable;
long BaseRelocationTable;
long Debug;
long Architecture;
long GlobalPtr;
long TLSTable;
long LoadConfigTable;
long BoundImport;
long IAT;
long DelayImportDescriptor;
long CLRRuntimeHeader;
long reserved;
} PE_Optional_header;
typedef struct PE_Optional_Header_Plus // 64bit
{
short Magic;
char MajorLinkerVersion;
char MinorLinkerVersion;
int SizeOfCode;
int SizeOfinitializedData;
int SizeOfUninitializedData;
int AddressOfEntryPoint;
int BaseOfCode;
int BaseOfData;
//Windows-Specific
long ImageBase;
int SectionAlignment;
int FileAlignment;
short MajorOperationSystemVersion;
short MinorOperationSystemVersion;
short MajorImageVersion;
short MinorImageVersion;
short MajorSubsystemVersion;
short MinorSubsystemVersion;
int Win32VersionValue;
int SizeOfImage;
int SizeOfHeaders;
int Checksum;
short Subsystem;
short DllCharacteristics;
int SizeOfStackReserve;
int SizeOfStackCommit;
int SizeOfHeapReserve;
int SizeOfHeapCommit;
int LoaderFlags;
int NumberOfRvaAndSIzes;
//Data_Directory
long ExportTable;
long ImportTable;
long ResourceTable;
long ExceptionTable;
long CertificateTable;
long BaseRelocationTable;
long Debug;
long Architecture;
long GlobalPtr;
long TLSTable;
long LoadConfigTable;
long BoundImport;
long IAT;
long DelayImportDescriptor;
long CLRRuntimeHeader;
long reserved;
} PE_Optional_Header_Plus;
#endif // HEADERS_H_
| (PEViewer)utils.h (0) | 2015.06.02 |
|---|---|
| (PEViewer) codes.h (0) | 2015.06.01 |
| (PEViewer)Main.c (0) | 2015.05.31 |
| PE viewer 다시 만들어보기 (0) | 2015.05.31 |
특이사항 보다는 안써본함수가 있어서 그거에 대한 내용은 주석에다가 달아두었고 ,
PE 포맷임을 확인하는 signature를 확인하고 IMAGE_FILE_HEADER를 뽑아주고.
magic을 기준으로 PE 32, PE32+(64bit)를 나눈뒤 IMAGE_OPTIONAL_HEADER값들을 뽑아주는 형식으로 진행된다
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
#include <string.h>
#include “..\include\headers.h”
#include “..\include\utils.h”
#include “..\include\codes.h”
int main(int argc,char** argv[])
{ //인자값 체크
if(argc <2)
{
printf(“Usage: %s file\n”, argv[0]);
}
const char* filename = argv[1];
FILE* file = fopen(filename, “rb”);
long size = 0;
char* data;
if(!file)
{ //파일포맷이 맞지않을때 오류
fprintf(stderr, “Failed to open file. \n”);
return EXIT_FAILURE;
}
fseek(file,0,SEEK_END);
// fseek() 함수 레퍼런스 , 파일에서 위치 찾는 함수
//http://www.tipssoft.com/bulletin/board.php?bo_table=old_bbs&wr_id=298
size = ftell(file); //ftell() : 현재사용하는 파일 포인터의 작업위치 알려줌, 보통 파일크기 알아낼때 사용
rewind(file); //파일의 읽기/쓰기 위치를 처음으로 다시 초기화 시킴
data = (char*)malloc(size * sizeof(char));
if(data == NULL)
{
fprintf(stderr, “Failed to allocate memory/ \n”);
}
int bytes_read = fread(data, sizeof(char), size, file);
if(bytes_read < size)
{
perror(“Failed to read file.\n”);
}
if(size <= 133) // 최소한의 PE파일 크기 check
{
printf(“Not a valid PE file. \n”);
return EXIT_SUCCESS;
}
union
{
char* ptr;
int* num;
}t;
//union 레퍼런스
//http://forum.falinux.com/zbxe/index.php?document_srl=557139&mid=lecture_tip
t.ptr = &data[60];
if((*t.number + 3 ) >size) //범위check
{
printf(“Not a valid PE file\n”);
return EXIT_SUCCESS;
}
char pe_sig[4] = {data[*t.num], data[*t.num+1],
data[t.num+2], data[*t.num+3]};
union // PE Header 유니온 설정
{
PE_Header* pe_head;
char* data;
}u;
u.data=&data[*t.num];
if(strcmp(pe_sig, “PE”) !=0) //PE signature확인
{
printf(“Not a valid PE file.\n”);
return EXIT_SUCCESS;
}
time_t timestamp = (time_t)u.pe_head->TimeStamp;
printf(“%s:\n\n”, argv[1]);
// information start
printf(“PE HEADER INFORMATION\n”);
printf(“Machine : %s\n”, read_machine_type(u.pe_head));
printf(“NumberOfSections: %i\n”, u.pe_head->NumberOfSections);
printf(“TimeDateStamp: %s”, ctime(×tamp));
printf(“PointerToSymbolTable: %x\n”, u.pe_head->PointerToSymbolTable);
printf(“NumberOfSymbols: %i\n”, u.pe_head->NumberOfSymbols);
printf(“SizeOfOptionalHeader: %i\n”, u.pe_head->SizeOfOptionalHeader);
printf(“Characteristics:\n”);
print_characteristics(read_characeteristics(u.pe_head));
if(u.pe_head->SizeOfOptionalHeader >0)
{
printf(“\nPE OPTIONAL HEADER INFORMATION”);
int opt_head_start = *t.num+(24 * sizeof(char));
int opt_head_end = opt_head_start + u.pe_head->SizeOfOptionalHeader;
char magic_str[2] = {data[opt_head_start], data[opt_head_start+1]};
union
{
char* str;
short* magic;
}v;
//magic을 기준으로 PE32 PE64 구분
v.str=magic_str;
if(*v.magic==0x10b)
{
//PE32
printf( “PE32\n”);
union
{
PE_Optional_Header* pe_opt_head;
char* data;
}w; // Optional header 기준
w.data = &data[opt_head_start];
printf("MajorLinkerVersion: %i\n", w.pe_opt_head->MajorLinkerVersion);
printf("MinorLinkerVersion: %i\n", w.pe_opt_head->MinorLinkerVersion);
printf("SizeOfCode: %i\n", w.pe_opt_head->SizeOfCode);
printf("SizeOfInitializedData: %i\n", w.pe_opt_head->SizeOfInitializedData);
printf("SizeOfUninitializedData: %i\n", w.pe_opt_head->SizeOfUninitializedData);
printf("AddressOfEntryPoint: %#x\n", w.pe_opt_head->AddressOfEntryPoint);
printf("BaseOfCode: %#x\n", w.pe_opt_head->BaseOfCode);
printf("ImageBase: %#x\n", w.pe_opt_head->ImageBase);
printf("\n");
printf("SectionAlignment: %i\n", w.pe_opt_head->SectionAlignment);
printf("FileAlignment: %i\n", w.pe_opt_head->FileAlignment);
printf("MajorOperatingSystemVersion: %i\n", w.pe_opt_head->MajorOperatingSystemVersion);
printf("MinorOperatingSystemVersion: %i\n", w.pe_opt_head->MinorOperatingSystemVersion);
printf("MajorImageVersion: %i\n", w.pe_opt_head->MajorImageVersion);
printf("MinorImageVersion: %i\n", w.pe_opt_head->MinorImageVersion);
printf("MajorSubsystemVersion: %i\n", w.pe_opt_head->MajorSubsystemVersion);
printf("MinorSubsystemVersion: %i\n", w.pe_opt_head->MinorSubsystemVersion);
printf("Win32VersionValue: %i\n", w.pe_opt_head->Win32VersionValue);
printf("SizeOfImage: %i\n", w.pe_opt_head->SizeOfImage);
printf("SizeOfHeaders: %i\n", w.pe_opt_head->SizeOfHeaders);
printf("CheckSum: %i\n", w.pe_opt_head->CheckSum);
printf("Subsystem: %s\n", read_windows_subsystem_pe32(w.pe_opt_head));
printf("DLLCharacteristics:\n");
print_dll_characteristics(read_dll_characteristics_pe32(w.pe_opt_head));
printf("SizeOfStackReserve: %i\n", w.pe_opt_head->SizeOfStackReserve);
printf("SizeOfStackCommit: %i\n", w.pe_opt_head->SizeOfStackCommit);
printf("SizeOfHeapReserve: %i\n", w.pe_opt_head->SizeOfHeapReserve);
printf("LoaderFlags: %i\n", w.pe_opt_head->LoaderFlags);
printf("NumberOfRvaAndSizes: %i\n", w.pe_opt_head->NumberOfRvaAndSizes);
}
else if(*v.magic == 0x20b)
{
// PE32+ 64비트 기준
printf("(PE32+)\n");
union
{
PE_Optional_Header_Plus* pe_opt_head;
char* data;
}w; //optional header기준
w.data = &data[opt_head_start];
printf("MajorLinkerVersion: %i\n", w.pe_opt_head->MajorLinkerVersion);
printf("MinorLinkerVersion: %i\n", w.pe_opt_head->MinorLinkerVersion);
printf("SizeOfCode: %i\n", w.pe_opt_head->SizeOfCode);
printf("SizeOfInitializedData: %i\n", w.pe_opt_head->SizeOfInitializedData);
printf("SizeOfUninitializedData: %i\n", w.pe_opt_head->SizeOfUninitializedData);
printf("AddressOfEntryPoint: %#x\n", w.pe_opt_head->AddressOfEntryPoint);
printf("BaseOfCode: %#x\n", w.pe_opt_head->BaseOfCode);
printf("ImageBase: %#x\n", w.pe_opt_head->ImageBase);
printf("\n");
printf("SectionAlignment: %i\n", w.pe_opt_head->SectionAlignment);
printf("FileAlignment: %i\n", w.pe_opt_head->FileAlignment);
printf("MajorOperatingSystemVersion: %i\n", w.pe_opt_head->MajorOperatingSystemVersion);
printf("MinorOperatingSystemVersion: %i\n", w.pe_opt_head->MinorOperatingSystemVersion);
printf("MajorImageVersion: %i\n", w.pe_opt_head->MajorImageVersion);
printf("MinorImageVersion: %i\n", w.pe_opt_head->MinorImageVersion);
printf("MajorSubsystemVersion: %i\n", w.pe_opt_head->MajorSubsystemVersion);
printf("MinorSubsystemVersion: %i\n", w.pe_opt_head->MinorSubsystemVersion);
printf("Win32VersionValue: %i\n", w.pe_opt_head->Win32VersionValue);
printf("SizeOfImage: %i\n", w.pe_opt_head->SizeOfImage);
printf("SizeOfHeaders: %i\n", w.pe_opt_head->SizeOfHeaders);
printf("CheckSum: %i\n", w.pe_opt_head->CheckSum);
printf("Subsystem: %s\n", read_windows_subsystem_pe32_plus(w.pe_opt_head));
printf("DLLCharacteristics:\n");
print_dll_characteristics(read_dll_characteristics_pe32_plus(w.pe_opt_head));
printf("SizeOfStackReserve: %i\n", w.pe_opt_head->SizeOfStackReserve);
printf("SizeOfStackCommit: %i\n", w.pe_opt_head->SizeOfStackCommit);
printf("SizeOfHeapReserve: %i\n", w.pe_opt_head->SizeOfHeapReserve);
printf("LoaderFlags: %i\n", w.pe_opt_head->LoaderFlags);
printf("NumberOfRvaAndSizes: %i\n", w.pe_opt_head->NumberOfRvaAndSizes);
}
}
free(data);
return EXIT_SUCCESS;
}
| (PEViewer)utils.h (0) | 2015.06.02 |
|---|---|
| (PEViewer) codes.h (0) | 2015.06.01 |
| (PEViewer)headers.h (0) | 2015.06.01 |
| PE viewer 다시 만들어보기 (0) | 2015.05.31 |
http://thehackernews.com/2015/05/iPhone-Crash-text.html
لُلُصّبُلُلصّبُررً ॣ ॣh ॣ ॣ 冗 < =
며칠전에 아이폰에서 아랍어랑 이상한게 섞여있는 문자를 받앗다
나도 아이폰을 사용하고 있는 입장이여서 카카오톡이 튕기는 현상이 발생햇다
(다른 사람중에 메세지로 받은사람은 메세지 어플이 튕기고 들어가지지 않앗다)
위에 링크를 걸어놓은 기사에서 이에 대한 원인과 대처법을 잘설명해준거 같다
위 문자를 자세히 보면 아랍어 뿐만 아니라 스펠링도 있고 한문도 있고 여러문자들이 섞여잇어서
유니코드에서 문제가 생긴거 같다 그래서 그런지 기사에서는 killer unicode string 이라는
말을 사용하고 있다
다시 만들어봐야 될일이 생기기도 했고, 까먹은게 많아서 다시 공부할겸 만들어보기로 하였다
우선은
깃헙에서 좋은 소스를 찾앗고,
Copyright (c) 2015 Jack McPherson
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
막써도 된다고 라이센스에 써잇으니 마구 주물러 볼 예정이다.. 지금 VM에 VS가 안깔려있어서 세팅중
+)2015.06.01
소스코드를 정리하면서 보기 쉽게 정리해봣다 .. 보는 사람이 도움 되길 바라며 ..
예전에 따라 만들어본 깃헙에서 가져온 코드는 main에다가 난잡하게 코드를 짜놔서 이해하기 어려웠는데
이번에 복습하면서 본 코드(지금 설명하고 있는 코드)는 기능별로 잘 나눠줘서 확실히 이해가 잘된다
자세한 소스들은 다음포스팅 부터 소스별 코드를 첨부한다
| (PEViewer)utils.h (0) | 2015.06.02 |
|---|---|
| (PEViewer) codes.h (0) | 2015.06.01 |
| (PEViewer)headers.h (0) | 2015.06.01 |
| (PEViewer)Main.c (0) | 2015.05.31 |
| 2015.03.08 KSIA 세미나 발표 (0) | 2015.03.11 |
|---|---|
| IT4U 세미나 (0) | 2014.10.29 |
| 영남권 KUCIS 세미나 (0) | 2014.10.29 |
Gaussian Process.pdf
EXPLOIT STUDY Using CTF.pptx