[2012 codeengn conference 07] 퍼다우크 - manual unpack by debugger
DESCRIPTION
2012 CodeEngn Conference 07 실행압축 툴의 본래 취지는 크게 크래커로부터 개발자들의 소프트웨어를 보호하고 온라인 상으로 전송되는 바이너리의 크기를 줄여주는 순기능 역할과 악성코드나 불법적인 바이너리의 내용이나 분석을 어렵게 만드는 역기능 역할의 양면성이 존재한다. 학문적인 접근으로, 실행압축에 대한 리버스엔지니어링 도전은 더 나은 소프트웨어에 대한 발전과 더불어 안전한 소프트웨어 산업 발전을 증진시키는 촉매제 역할을 할 수 있다고 본다. Themida와 UPX 알고리즘을 디버거로 따라가면서 살펴보는 것은 리버시엔지니어에게 안티디버깅을 비롯하여 가상화, 다형성 등의 원리를 이해하고 공부하는데 많은 도움을 줄 것으로 기대한다. http://codeengn.com/conference/07TRANSCRIPT
![Page 1: [2012 CodeEngn Conference 07] 퍼다우크 - Manual UnPack by Debugger](https://reader031.vdocuments.pub/reader031/viewer/2022012401/54b48dda4a7959d6398b47c7/html5/thumbnails/1.jpg)
Copyright (c) AhnLab, Inc. 1988-2012. All rights reserved.Copyright (c) AhnLab, Inc. 1988-2012. All rights reserved.
Manual UnpackBy Debugger
2012-12-01A-FIRST고흥환책임연구원
www.CodeEngn.com7th CodeEngn ReverseEngineering Conference
![Page 2: [2012 CodeEngn Conference 07] 퍼다우크 - Manual UnPack by Debugger](https://reader031.vdocuments.pub/reader031/viewer/2022012401/54b48dda4a7959d6398b47c7/html5/thumbnails/2.jpg)
Copyright (c) AhnLab, Inc. 1988-2012. All rights reserved.
Packer
Debugger Detection
Virtual Machine Detection
Anti Tracing
Manual Unpack UPX
Manual Unpack Themida 1.9.X
Manual Unpack Themida 2.1.8.0
Contents
![Page 3: [2012 CodeEngn Conference 07] 퍼다우크 - Manual UnPack by Debugger](https://reader031.vdocuments.pub/reader031/viewer/2022012401/54b48dda4a7959d6398b47c7/html5/thumbnails/3.jpg)
Copyright (c) AhnLab, Inc. 1988-2012. All rights reserved. 2
Packer
![Page 4: [2012 CodeEngn Conference 07] 퍼다우크 - Manual UnPack by Debugger](https://reader031.vdocuments.pub/reader031/viewer/2022012401/54b48dda4a7959d6398b47c7/html5/thumbnails/4.jpg)
Copyright (c) AhnLab, Inc. 1988-2012. All rights reserved. 3
Name Latest stable Software license x86-64 support
.netshrink 2.3 (March 29, 2012 (2012-03-29))[1] Proprietary Yes
Armadillo Packer 8.60 (July 6, 2011 (2011-07-06)) Proprietary Yes
ASPack 2.29 (August 3, 2011 (2011-08-03)) Proprietary ?
ASPR (ASProtect) 1.64 (September 1, 2011 (2011-09-01)) Proprietary ?
BoxedApp Packer 2.2 (June 16, 2009 (2009-06-16))[2] Proprietary Yes
CExe 1.0b (July 20, 2001 (2001-07-20)) GPL No
Enigma Protector 3.80 (August 2, 2012 (2012-08-02))[3] Proprietary Yes
EXE Bundle 3.11 (January 7, 2011 (2011-01-07))[4] Proprietary ?
EXE Stealth 4.14 (June 29, 2011 (2011-06-29))[5] Proprietary ?
eXPressor 1.8.0.1 (January 14, 2010 (2010-01-14)) Proprietary ?
MPRESS 2.19 (January 2, 2012 (2012-01-02)) Freeware Yes
Obsidium 1.4.6 (July 18, 2012 (2012-07-18))[6] Proprietary Yes
PELock 1.0.694 (January 23, 2012 (2012-01-23))[7] Proprietary No
PESpin 1.33 (May 3, 2011 (2011-05-03)) Freeware Yes
RLPack Basic 1.21 (October 31, 2008 (2008-10-31)) GPL No
Smart Packer Pro 1.7 (November 5, 2011 (2011-11-05)) Proprietary Yes
Themida 2.2.1.0 (July 25, 2012 (2012-07-25)) Proprietary ?
UPX 3.08 (December 12, 2011 (2011-12-12)) GPL No
VMProtect 2.1 (September 26, 2011 (2011-09-26)) Proprietary Yes
XComp/XPack 0.98 (February 18, 2007 (2007-02-18)) Freeware No
Executable compression= Runtime Packer= Packer
is any means of compressing an executable file and combining the compressed data with decompression code into a single executable.
I. EncryptionII. CompressionIII. RedirectionIV. SubstitutionV. ObfuscationVI. PolymorphismVII. MetamorphismVIII.ProtectionIX. Virtualization
![Page 5: [2012 CodeEngn Conference 07] 퍼다우크 - Manual UnPack by Debugger](https://reader031.vdocuments.pub/reader031/viewer/2022012401/54b48dda4a7959d6398b47c7/html5/thumbnails/5.jpg)
Copyright (c) AhnLab, Inc. 1988-2012. All rights reserved. 4
2011 AhnLab 10,000,000 파일 대상
Invalid(21.1%)
Microsoft C(22.2%)
Nothing(14.2%)
UPX(7.8%)
PolyCryptor(6.4%)
Visual Basic(4.4%)
Nullsoft(2.1%)
Not a Valid PE(1.6%)
ASPack(1.5%)
Anti007(1.3%)
PeCompact(1.3%)
FSG(0.87%)
ASM(0.69%) MPRESS (0.45%)
ASProtect (0.40%)
Themida (0.38%)SFX (0.38%)nSPack (0.31%)Upack (0.21%)VMProtector(0.13%)Armadillo (0.12%)
etc(3.5%)
Delphi(8.0%)
Themida & UPX
![Page 6: [2012 CodeEngn Conference 07] 퍼다우크 - Manual UnPack by Debugger](https://reader031.vdocuments.pub/reader031/viewer/2022012401/54b48dda4a7959d6398b47c7/html5/thumbnails/6.jpg)
Copyright (c) AhnLab, Inc. 1988-2012. All rights reserved. 5
Debugger Detection
![Page 7: [2012 CodeEngn Conference 07] 퍼다우크 - Manual UnPack by Debugger](https://reader031.vdocuments.pub/reader031/viewer/2022012401/54b48dda4a7959d6398b47c7/html5/thumbnails/7.jpg)
Copyright (c) AhnLab, Inc. 1988-2012. All rights reserved.
BeingDebugged (PEB+0x2)
NtGlobalFlag (PEB+0x68)
ProcessHeap (PEB+0x18)
Flags(ProcessHeap+0x0C)
ForceFlags (ProcessHeap+0x10)
PEB_LDR_DATA(PEB+0x0C)
![Page 8: [2012 CodeEngn Conference 07] 퍼다우크 - Manual UnPack by Debugger](https://reader031.vdocuments.pub/reader031/viewer/2022012401/54b48dda4a7959d6398b47c7/html5/thumbnails/8.jpg)
Copyright (c) AhnLab, Inc. 1988-2012. All rights reserved.
IsDebuggerPresent()
TEB (Thread Environment Block)
PEB (Process Environment Block)
![Page 9: [2012 CodeEngn Conference 07] 퍼다우크 - Manual UnPack by Debugger](https://reader031.vdocuments.pub/reader031/viewer/2022012401/54b48dda4a7959d6398b47c7/html5/thumbnails/9.jpg)
Copyright (c) AhnLab, Inc. 1988-2012. All rights reserved.
CheckRemoteDebuggerPresent(ProcessId, &bPresent)
![Page 10: [2012 CodeEngn Conference 07] 퍼다우크 - Manual UnPack by Debugger](https://reader031.vdocuments.pub/reader031/viewer/2022012401/54b48dda4a7959d6398b47c7/html5/thumbnails/10.jpg)
Copyright (c) AhnLab, Inc. 1988-2012. All rights reserved.
timeGetTime(), GetTickCount(), NtQueryPerformanceCounter(), RDTSC
Garbage Codes
Garbage Codes
timeGetTime()
![Page 11: [2012 CodeEngn Conference 07] 퍼다우크 - Manual UnPack by Debugger](https://reader031.vdocuments.pub/reader031/viewer/2022012401/54b48dda4a7959d6398b47c7/html5/thumbnails/11.jpg)
Copyright (c) AhnLab, Inc. 1988-2012. All rights reserved.
SEH (Structured Exception Handler)
Stack
Exception Handler
Exception Handler
![Page 12: [2012 CodeEngn Conference 07] 퍼다우크 - Manual UnPack by Debugger](https://reader031.vdocuments.pub/reader031/viewer/2022012401/54b48dda4a7959d6398b47c7/html5/thumbnails/12.jpg)
Copyright (c) AhnLab, Inc. 1988-2012. All rights reserved.
CreateFileA “\\.\SICE”
HANDLE WINAPI CreateFile(__in LPCTSTR lpFileName,__in DWORD dwDesiredAccess,__in DWORD dwShareMode,__in_opt LPSECURITY_ATTRIBUTES lpSecurityAttributes,__in DWORD dwCreationDisposition,__in DWORD dwFlagsAndAttributes,__in_opt HANDLE hTemplateFile
);
“\\.\SIWVID”
“\\.\NTICE”
![Page 13: [2012 CodeEngn Conference 07] 퍼다우크 - Manual UnPack by Debugger](https://reader031.vdocuments.pub/reader031/viewer/2022012401/54b48dda4a7959d6398b47c7/html5/thumbnails/13.jpg)
Copyright (c) AhnLab, Inc. 1988-2012. All rights reserved.
FindWindow “FilemonClass”
“File Monitor – Sysinternals: www.sysinternals.com”
“Filem”
“DeepFrz”
“PROCMON_WINDOW_CLASS”
“Process Monitor – Sysinternals: www.sysinternals.com”
“PROCEXP”
“RegmonClass”
“Registry Monitor – Sysinternals: www.sysinternals.com”
“18467-41”
“REGMON”
“regsys”
“sysregm”
“PROCMON”
![Page 14: [2012 CodeEngn Conference 07] 퍼다우크 - Manual UnPack by Debugger](https://reader031.vdocuments.pub/reader031/viewer/2022012401/54b48dda4a7959d6398b47c7/html5/thumbnails/14.jpg)
Copyright (c) AhnLab, Inc. 1988-2012. All rights reserved.
NtQuerySystemInformation “iceext.sys”
“ntice.sys”
“Syser.sys”
“HanOlly.sys”
“extrem.sys”
“FRDTSC.sys”
NTSTATUS WINAPI NtQuerySystemInformation( _In_ SYSTEM_INFORMATION_CLASS SystemInformationClass,_Inout_ PVOID SystemInformation, _In_ ULONG SystemInformationLength, _Out_opt_ PULONG ReturnLength
);
![Page 15: [2012 CodeEngn Conference 07] 퍼다우크 - Manual UnPack by Debugger](https://reader031.vdocuments.pub/reader031/viewer/2022012401/54b48dda4a7959d6398b47c7/html5/thumbnails/15.jpg)
Copyright (c) AhnLab, Inc. 1988-2012. All rights reserved. 14
LoadLibraryA "~\SoftIce\NMTRANS.DLL“
RegOpenKeyA "SOFTWARE\NuMega\DriverStudio"
RegQueryValueEx “InstallDir"
GetProcAddress “NmSymIsSoftICELoaded“
Call NmSymIsSoftICELoaded
![Page 16: [2012 CodeEngn Conference 07] 퍼다우크 - Manual UnPack by Debugger](https://reader031.vdocuments.pub/reader031/viewer/2022012401/54b48dda4a7959d6398b47c7/html5/thumbnails/16.jpg)
Copyright (c) AhnLab, Inc. 1988-2012. All rights reserved. 15
Anti Tracing
![Page 17: [2012 CodeEngn Conference 07] 퍼다우크 - Manual UnPack by Debugger](https://reader031.vdocuments.pub/reader031/viewer/2022012401/54b48dda4a7959d6398b47c7/html5/thumbnails/17.jpg)
Copyright (c) AhnLab, Inc. 1988-2012. All rights reserved.
STI, INT 1
SetEvent, DelayExecution
![Page 18: [2012 CodeEngn Conference 07] 퍼다우크 - Manual UnPack by Debugger](https://reader031.vdocuments.pub/reader031/viewer/2022012401/54b48dda4a7959d6398b47c7/html5/thumbnails/18.jpg)
Copyright (c) AhnLab, Inc. 1988-2012. All rights reserved.
Garbage Code - Linear Sweep Disassembly
![Page 19: [2012 CodeEngn Conference 07] 퍼다우크 - Manual UnPack by Debugger](https://reader031.vdocuments.pub/reader031/viewer/2022012401/54b48dda4a7959d6398b47c7/html5/thumbnails/19.jpg)
Copyright (c) AhnLab, Inc. 1988-2012. All rights reserved.
DbgUiRemoteBreakin Patch
DbgBreakPoint Patch
![Page 20: [2012 CodeEngn Conference 07] 퍼다우크 - Manual UnPack by Debugger](https://reader031.vdocuments.pub/reader031/viewer/2022012401/54b48dda4a7959d6398b47c7/html5/thumbnails/20.jpg)
Copyright (c) AhnLab, Inc. 1988-2012. All rights reserved. 19
Virtual Machine Detection
![Page 21: [2012 CodeEngn Conference 07] 퍼다우크 - Manual UnPack by Debugger](https://reader031.vdocuments.pub/reader031/viewer/2022012401/54b48dda4a7959d6398b47c7/html5/thumbnails/21.jpg)
Copyright (c) AhnLab, Inc. 1988-2012. All rights reserved.
I. Virtual Machine Artifacts in Processes, File System, and Registry
II. Virtual Machine Artifacts in Memory
III.Virtual Machine Specific Virtual Hardware
IV.Virtual Machine Specific Processor Instructions and Capabilities
< On the Cutting Edge : Thwarting Virtual Machine Detection 참조 >
![Page 22: [2012 CodeEngn Conference 07] 퍼다우크 - Manual UnPack by Debugger](https://reader031.vdocuments.pub/reader031/viewer/2022012401/54b48dda4a7959d6398b47c7/html5/thumbnails/22.jpg)
Copyright (c) AhnLab, Inc. 1988-2012. All rights reserved.
RegOpenKeyA “Software\Wine”
LONG WINAPI RegOpenKey(__in HKEY hKey,__in_opt LPCTSTR lpSubKey,__out PHKEY phkResult
);
"HARDWARE\ACPI\DSDT\VBOX__"
![Page 23: [2012 CodeEngn Conference 07] 퍼다우크 - Manual UnPack by Debugger](https://reader031.vdocuments.pub/reader031/viewer/2022012401/54b48dda4a7959d6398b47c7/html5/thumbnails/23.jpg)
Copyright (c) AhnLab, Inc. 1988-2012. All rights reserved.
RegOpenKeyA “HARDWARE\DESCRIPTION\System”
RegQueryValueEx “SystemBiosVersion"
![Page 24: [2012 CodeEngn Conference 07] 퍼다우크 - Manual UnPack by Debugger](https://reader031.vdocuments.pub/reader031/viewer/2022012401/54b48dda4a7959d6398b47c7/html5/thumbnails/24.jpg)
Copyright (c) AhnLab, Inc. 1988-2012. All rights reserved.
010603FB B8 68584D56 MOV EAX,564D5868 // Magic Number "VMXh"01060400 B9 14000000 MOV ECX,14 // BACKDOOR_COMMAND_NUMBER01060405 66:BA 5856 MOV DX,5658 // Port Number01060409 ED IN EAX,DX // I/O command
0105F878 B9 0A000000 MOV ECX,0A0105F87D B8 04D75548 MOV EAX,4855D7040105F882 05 6481F70D ADD EAX,0DF781640105F887 BB 65D48586 MOV EBX,8685D4650105F88C BA 40B63400 MOV EDX,34B6400105F891 81EA E85F3400 SUB EDX,345FE80105F897 ED IN EAX,DX // I/O command0105F898 81FB 68584D56 CMP EBX,564D58680105F89E 75 0A JNZ SHORT 0105F8AA
Vmware
![Page 25: [2012 CodeEngn Conference 07] 퍼다우크 - Manual UnPack by Debugger](https://reader031.vdocuments.pub/reader031/viewer/2022012401/54b48dda4a7959d6398b47c7/html5/thumbnails/25.jpg)
Copyright (c) AhnLab, Inc. 1988-2012. All rights reserved. 24
Manual Unpack UPX 1.9.3
![Page 26: [2012 CodeEngn Conference 07] 퍼다우크 - Manual UnPack by Debugger](https://reader031.vdocuments.pub/reader031/viewer/2022012401/54b48dda4a7959d6398b47c7/html5/thumbnails/26.jpg)
Copyright (c) AhnLab, Inc. 1988-2012. All rights reserved.
IAT Table
resource
Unpack Code
Packed Data
Extracted Data
.rsrc HEADER.UPX1 HEADER.UPX0 HEADER
IMAGE NT HEADERIMAGE DOS HEADER
EntryPoint
![Page 27: [2012 CodeEngn Conference 07] 퍼다우크 - Manual UnPack by Debugger](https://reader031.vdocuments.pub/reader031/viewer/2022012401/54b48dda4a7959d6398b47c7/html5/thumbnails/27.jpg)
Copyright (c) AhnLab, Inc. 1988-2012. All rights reserved.
EntryPoint
Extracting
Initialize Decompress
E8 09 or E9 09Address Correction
Retrieves the API Address
JUMP OEP
Yes
No
![Page 28: [2012 CodeEngn Conference 07] 퍼다우크 - Manual UnPack by Debugger](https://reader031.vdocuments.pub/reader031/viewer/2022012401/54b48dda4a7959d6398b47c7/html5/thumbnails/28.jpg)
Copyright (c) AhnLab, Inc. 1988-2012. All rights reserved.
UPX0 – Compressed Data / UPX1 – Decompressed Data
Extracting Algorithm
…
![Page 29: [2012 CodeEngn Conference 07] 퍼다우크 - Manual UnPack by Debugger](https://reader031.vdocuments.pub/reader031/viewer/2022012401/54b48dda4a7959d6398b47c7/html5/thumbnails/29.jpg)
Copyright (c) AhnLab, Inc. 1988-2012. All rights reserved.
E8 09 (CALL) / E9 09 (JMP) Address Correction
![Page 30: [2012 CodeEngn Conference 07] 퍼다우크 - Manual UnPack by Debugger](https://reader031.vdocuments.pub/reader031/viewer/2022012401/54b48dda4a7959d6398b47c7/html5/thumbnails/30.jpg)
Copyright (c) AhnLab, Inc. 1988-2012. All rights reserved.
Retrieves the address
UPX->IAT
![Page 31: [2012 CodeEngn Conference 07] 퍼다우크 - Manual UnPack by Debugger](https://reader031.vdocuments.pub/reader031/viewer/2022012401/54b48dda4a7959d6398b47c7/html5/thumbnails/31.jpg)
Copyright (c) AhnLab, Inc. 1988-2012. All rights reserved. 30
Manual Unpack Themida 1.9.X
![Page 32: [2012 CodeEngn Conference 07] 퍼다우크 - Manual UnPack by Debugger](https://reader031.vdocuments.pub/reader031/viewer/2022012401/54b48dda4a7959d6398b47c7/html5/thumbnails/32.jpg)
Copyright (c) AhnLab, Inc. 1988-2012. All rights reserved. 31
Themida ?
l ThemidaAdvanced Windows SoftwareProtection System
l WinLicenseProfessional Software Protection & Licensing Management
l Code VirtualizerTotal Obfuscation against Reverse Engineering
![Page 33: [2012 CodeEngn Conference 07] 퍼다우크 - Manual UnPack by Debugger](https://reader031.vdocuments.pub/reader031/viewer/2022012401/54b48dda4a7959d6398b47c7/html5/thumbnails/33.jpg)
Copyright (c) AhnLab, Inc. 1988-2012. All rights reserved.
IAT Table
SFX
.idata Section
.rsrc Section
Packed Data
.rsrc HEADER.UPX1 HEADER.UPX0 HEADER
IMAGE NT HEADERIMAGE DOS HEADER
EntryPoint
Version 1.9.X
![Page 34: [2012 CodeEngn Conference 07] 퍼다우크 - Manual UnPack by Debugger](https://reader031.vdocuments.pub/reader031/viewer/2022012401/54b48dda4a7959d6398b47c7/html5/thumbnails/34.jpg)
Copyright (c) AhnLab, Inc. 1988-2012. All rights reserved. 33
![Page 35: [2012 CodeEngn Conference 07] 퍼다우크 - Manual UnPack by Debugger](https://reader031.vdocuments.pub/reader031/viewer/2022012401/54b48dda4a7959d6398b47c7/html5/thumbnails/35.jpg)
Copyright (c) AhnLab, Inc. 1988-2012. All rights reserved. 34
VirtualAlloc, CreateFile, ReadFile “ADVAPI32.DLL”
VirtualAlloc, CreateFile, ReadFile “USER32.DLL”
VirtualAlloc, CreateFile, ReadFile “KERNEL32.DLL”
Subsystem Virtualization
![Page 36: [2012 CodeEngn Conference 07] 퍼다우크 - Manual UnPack by Debugger](https://reader031.vdocuments.pub/reader031/viewer/2022012401/54b48dda4a7959d6398b47c7/html5/thumbnails/36.jpg)
Copyright (c) AhnLab, Inc. 1988-2012. All rights reserved. 35
Multi-Thread
![Page 37: [2012 CodeEngn Conference 07] 퍼다우크 - Manual UnPack by Debugger](https://reader031.vdocuments.pub/reader031/viewer/2022012401/54b48dda4a7959d6398b47c7/html5/thumbnails/37.jpg)
Copyright (c) AhnLab, Inc. 1988-2012. All rights reserved. 36
Decode & ReEncode
Themida SFX
SFX (Self-Extracting Archive) Algorism
1’st Decoding & Processing
2’st Decoding & Processing
3’st Decoding & Processing
4’st Decoding & Processing
…
n’st Decoding & Processing
…
UnPacking
![Page 38: [2012 CodeEngn Conference 07] 퍼다우크 - Manual UnPack by Debugger](https://reader031.vdocuments.pub/reader031/viewer/2022012401/54b48dda4a7959d6398b47c7/html5/thumbnails/38.jpg)
Copyright (c) AhnLab, Inc. 1988-2012. All rights reserved. 37
Manual Unpack Themida 2.1.8.0
![Page 39: [2012 CodeEngn Conference 07] 퍼다우크 - Manual UnPack by Debugger](https://reader031.vdocuments.pub/reader031/viewer/2022012401/54b48dda4a7959d6398b47c7/html5/thumbnails/39.jpg)
Copyright (c) AhnLab, Inc. 1988-2012. All rights reserved. 38
New Version 2.1.8.0
![Page 40: [2012 CodeEngn Conference 07] 퍼다우크 - Manual UnPack by Debugger](https://reader031.vdocuments.pub/reader031/viewer/2022012401/54b48dda4a7959d6398b47c7/html5/thumbnails/40.jpg)
Copyright (c) AhnLab, Inc. 1988-2012. All rights reserved. 39
![Page 41: [2012 CodeEngn Conference 07] 퍼다우크 - Manual UnPack by Debugger](https://reader031.vdocuments.pub/reader031/viewer/2022012401/54b48dda4a7959d6398b47c7/html5/thumbnails/41.jpg)
Copyright (c) AhnLab, Inc. 1988-2012. All rights reserved. 40
![Page 42: [2012 CodeEngn Conference 07] 퍼다우크 - Manual UnPack by Debugger](https://reader031.vdocuments.pub/reader031/viewer/2022012401/54b48dda4a7959d6398b47c7/html5/thumbnails/42.jpg)
Copyright (c) AhnLab, Inc. 1988-2012. All rights reserved. 41
![Page 43: [2012 CodeEngn Conference 07] 퍼다우크 - Manual UnPack by Debugger](https://reader031.vdocuments.pub/reader031/viewer/2022012401/54b48dda4a7959d6398b47c7/html5/thumbnails/43.jpg)
Copyright (c) AhnLab, Inc. 1988-2012. All rights reserved.
Decode Code
Encoded SFX
Extracted SFX
.idata Section
EntryPoint
.rsrc Section
Packed Data
.rsrc HEADER.UPX1 HEADER.UPX0 HEADER
IMAGE NT HEADERIMAGE DOS HEADER
Version 2.1.8.0
![Page 44: [2012 CodeEngn Conference 07] 퍼다우크 - Manual UnPack by Debugger](https://reader031.vdocuments.pub/reader031/viewer/2022012401/54b48dda4a7959d6398b47c7/html5/thumbnails/44.jpg)
Copyright (c) AhnLab, Inc. 1988-2012. All rights reserved.
… 어렵다
www.CodeEngn.com7th CodeEngn ReverseEngineering Conference