Before understanding more about the Structure of the Memory Registers. to better understand what we know dl is memory and what it registers.
What is memory?
Memory is the storage place various forms of information as binary numbers. The information will not be resolved binary form (encoded) by the number of instructions that turns it into a sequence of numbers or figures. For example: The letter F is stored as a decimal number 70 (or binary) using one method of solving. More complex instructions that can be used to store pictures, sound, video, and various kinds of information. The information can be stored in a single sell is called a byte.
What is the Register?
Registers are some places in the microprocessor memory that can be accessed quickly. In the register is stored values - values that for us the crackers are very important to note.
How to browse Register? By using SoftICE, you can see the changes to the content of the Register. For that you need to active the "Register Window" in SoftICE by typing commands SoftICE WR in the environment. In the "Register Window" will be seen a variety of register and its contents. Register is important to note in the Register Kraking EAX, EBX, ECX, EDX, ESI, EDI, EBP, ESP EIP dam.
EAX, EBX, ECX and EDX are called "General Purpose Register". These registers are 32-bit register, if you crack 16-bit program that involved the Register is AX, BX, CX and DX. These registers can be broken.
for example, the contents of EAX is 00001234, then
----------------------------------------------------
EAX = 00 00 12 34 ==> 32 bits
---------------------------------------------------
AX = 12 34 ==> 16 bits
---------------------------------------------------
AH = 12 ==> 8 bit
---------------------------------------------------
AL = 34 ==> 8 bit
---------------------------------------------------
It appears that AX consists of AH and AL, H indicates high (on the left) and L means Low (on the Right).
ESI and EDI are the "Index Register". These registers are used as a pointer to a location in memory and is typically used for operations - String operations.
EBP and ESP are the "Pointer Register". The second register is coupled with the SS register. If the ESP (Stack Pointer) register pairs with SS (ESP: SS) is used to designate the address on the stack while the EBP (Base Pointer) will be paired with the SS register (EBP: SS) to refer to the memory address where data.
EIP is a "Pointer Index Register" is paired with the CS (CS: EIP) to refer to the memory address where the next command will be executed.
EAX, EBX, ECX and EDX are called "General Purpose Register". These registers are 32-bit register, if you crack 16-bit program that involved the Register is AX, BX, CX and DX. These registers can be broken.
for example, the contents of EAX is 00001234, then
----------------------------------------------------
EAX = 00 00 12 34 ==> 32 bits
---------------------------------------------------
AX = 12 34 ==> 16 bits
---------------------------------------------------
AH = 12 ==> 8 bit
---------------------------------------------------
AL = 34 ==> 8 bit
---------------------------------------------------
It appears that AX consists of AH and AL, H indicates high (on the left) and L means Low (on the Right).
ESI and EDI are the "Index Register". These registers are used as a pointer to a location in memory and is typically used for operations - String operations.
EBP and ESP are the "Pointer Register". The second register is coupled with the SS register. If the ESP (Stack Pointer) register pairs with SS (ESP: SS) is used to designate the address on the stack while the EBP (Base Pointer) will be paired with the SS register (EBP: SS) to refer to the memory address where data.
EIP is a "Pointer Index Register" is paired with the CS (CS: EIP) to refer to the memory address where the next command will be executed.
-----------------------------------------------------------------------------------
Glimpse of SoftICE
SoftICE is a kernel mode debugger for Microsoft Windows. Crucially, it is designed to run underneath Windows such that the operating system is unaware of its presence. Unlike an application debugger, SoftICE is capable of suspending all operations in Windows when instructed. For driver debugging this is critical due to how hardware is accessed and the kernel of the operating system functions. Because of its low-level capabilities, SoftICE is also popular as a software cracking tool.
Microsoft offers two kernel-mode debuggers, WinDbg and KD, for no charge. However, the full capabilities of WinDbg and KD are available only when two interlinked computers are used. SoftICE therefore is an exceptionally useful tool for difficult driver related development. The last released version was for Windows XP. Newer versions of Windows are seemingly unsupported as the tool is no longer listed on Compuware's website.
Older versions exist for DOS and compatible operating systems. SoftICE was originally produced by a company called NuMega, and was subsequently acquired by Compuware in 1997, which in turn sold the property to Micro Focus in 2009. Currently, Micro Focus owns the source code and patents, but is not actively maintaining SoftICE.
@keep smile & spirit\
be fun
Tidak ada komentar:
Posting Komentar