|
Some useful points in using Wdasm89 as a debugger
Cracking Borland's Sidekick 98
|
Our tools
|
16 September 1998
|
by
Lazy_Crack
|
|
|
Courtesy of Fravia's page of
reverse engineering
|
|
fra_00xx98xxxxhandle1100NAPC<
/td> |
Well, this is not a 'target unrelated' essay, yet there are a coiuple of interesting
points about the use of Wdasm as a debugger here (which is at times indeed
great fun: you don't need to delve into sice, nor to dump code out of it). Besides
this target has already been so widely cracked and universally widespread in
its regged versions
that I don't believe we are really disturbing anybody publishing this. Quite the
contrary: Sidekick's programmers may be amazed to learn that you don't even need
Softice to crack their application black and blue :-)
|
|
|
There is a crack, a crack in everything
That's how the light gets in
| |
Rating
|
(x)Beginner (x)Intermediate ( )Advanced (
)Expert
|
|
An easy way to view the input and results for a local function with Wdasm89
Using Wdasm to get more organised
Wdasm's local function option
Written by
Lazy _Crack
Wdasm local function is a heaven sent for newbies like me, here I show it's
use with Sidekick 98
Wdasm89
Sidekick 98 Pc Pro May 1998 U.K and others file name sk98_sf.exe
Your_target's_history (if any)
Dear Fravia,
What a truly fascinating website, thankyou and I hope this is of
interest.
Target Sidekick 98 I had this vague idea I should get organised.
I submit that the method I used which I have used with some success, is a
feature of Wdasm89 that I haven't seen mentioned.
Having installed Sidekick 98 I searched the string
references and found this snippet
* Reference To: USER32.GetDlgItemTextA, Ord:00F5h
:004067BC FF152C054400 Call dword ptr [0044052C]..breakpoint here
:004067C2 BF70E14200 mov edi, 0042E170
:004067C7 83C9FF or ecx, FFFFFFFF
:004067CA 33C0 xor eax, eax
:004067CC F2 repnz
:004067CD AE scasb
:004067CE F7D1 not ecx
:004067D0 49 dec ecx
:004067D1 83F90A cmp ecx, 0000000A ..........Password Length
:004067D4 7431 je 00406807
:004067D6 8D442408 lea eax, dword ptr [esp+08]
* Possible StringData Ref from Data Obj ->"Sorry, that unlocking code is "
->"not valid for this program."
From above I know my password is 10 characters long, I load process
in Wdasm, breakpoint on call above and run (f9).
I accept an offer to buy, and to be told by a human operator my unlocking code.
I enter "my" unlocking code whatever it is and <enter>.
Wdasm dutifully breakpoints.
An API window opens and we press get result from
USER32.GetDlgItemTextA namely "my" password.
Close API result window.
Now the feature, checkmark the first four boxes
Enable Documented API Details.....check marked by default on mine
Eable Undocumented API Details
Enable Local Function Details
Stop Auto on API
and press auto step (f5).
API window opens and we have an undocumented function and
a ten letter result now whatever can that be ;.).
Well actually it's not but
(f5) again and that ten letter result is compared
to another which is.
Sadly this program did not make me more organised !!
NB: the password is different everytime the unlocking screen is displayed.
So enter the code before you go.
Once the code is accepted and you see standard file copy animation
terminate process in Wdasm and sk98 caries on seemly unconcerned.
My setting's for Wdasm are basic no breaks on loading dll's etc.
I wont even bother explaining you
that you should BUY this target program if you intend to use it for a
longer
period than the allowed one. Should you want
to STEAL this software instead, you don't need to crack its protection
scheme at all: you'll
find it on most Warez sites, complete and already regged, farewell.
You are deep inside Fravia's page of reverse engineering,
choose your way out:
homepage
links
search_forms
+ORC
students' essays
academy database
reality
cracking
how to
search
javascript
wars
tools
anonymity
academy
cocktails
antismut CGI-scripts
mail_Fravia
Is reverse
engineering legal?