TBone
February 23rd, 2005, 15:06
You are in a maze of twisty little passages, all alike.
I feel your pain. It's not that you want people to teach you how to crack, it's that you need someone to teach you how to teach yourself how to crack

It's kind of a "meta" problem or bootstrap problem; I'm not sure what you'd call it.
Don't get me wrong, the "help yourself before you get smacked around" principle exists for a good reason, but sometimes you've got to know when to bend the rules just a bit to help save someone's sanity. The "dark codewoods" as JMI is fond of saying are just so
vast that it's an impressively large hurdle just to know how to start. A beginner who truly wants to read and figure things out on his/her own can spend days and weeks just spinning their wheels - they're putting out tons of effort reading, etc., but it's not very effective if you're spending your time on the wrong things.
I'm trying to work on being concise, so there's not a lot of explanation given here for why I would do things in this particular order:
1) Learn IA-32 assembly. 64-bit stuff can wait. Don't fret over x87 (FPU) or MMX opcodes for now. If you need more detail later, you can always dive into it. Intel's IA-32 Architecture Software Developer's Manual is the prime source for this. Volume I is worth reading cover-to-cover, IMHO. I don't recommend that for volume II, but it is an essential reference of every opcode. Volume III is ring-0 stuff. Save it until you need it.
2) Learn the PE/COFF format. For now, you just need to know the PE header, the section table, and to understand the process of loading an executable into memory. Before long, you'll want to understand the IAT, too. MS maintains the official specification, but various other sources are probably more "friendly", and may cover things that MS doesn't document.
3) Learn how stack frames work, and learn the most common calling conventions. It's not totally essential to know this, but it helps a lot. There's not really a good source for this; info is scattered all over the place.
4) Get a general feel for how windows programs are structured. Iczelion's tutorials a good source for this. Reading them all isn't necessary, but I'd read at least the first few.
5) Grab a good decompiler and debugger and get cracking. W32DASM is only useful for quick deadlistings since it can't intelligently follow code. IDA is highly recommended. Dede is specifically for delphi programs - I haven't messed with it yet, but it's supposed to much better than a general decompiler for delphi apps. Debuggers are a matter of personal preference. SICE is highly venerated by many, and it's probably your only viable choice for ring-0 debugging. It's also a b#&%* to get working on modern systems, often times. Ollydbg is ring-3 only, but it's a very nice tool for beginners. It has some bugs in its tracing functions, but it's still pretty early in its life cycle.
At this point, it's all pretty much hands-on and lots of tutorial reading for specific protection schemes. Nearly all programs these days are wrapped by some kind of a crypter/packer. They range from the easy, like UPX, to the insanely hard, like Starforce. I'd start by doing some simple reversing of unprotected apps like Winzip. Do some serial fishing just for fun and then move on to the protected targets. Start with simple packers like UPX and ASPack, then move on to medium level stuff like ASProtect. After that are the advanced schemes like Armadillo.
Most importantly, stay organized. I actually have a "Reverser" directory on my computer. Inside this are 3 directories: tools, reference, and "shit to be cracked"

If you don't keep your tutorials, references, notes, etc. divided up into some kind of logical order, you'll go insane.