/head>
Cracking W32Dasm v8.5 (*NEW protection scheme!*) - by Frog's Print - Right after downloading this brand new version of W32Dasm ("MMX Compatible"!) I just thought that I would crack it as usual but wait....what a surprise: -No more 'DeletefileA'! -No more 'dec dword ptr[ebx+xxxxxxx]! I run it, load a file and run the good old PS.COM and...nothing! The W32DSMxx.TMP file has been deleted! Another (good) surprise is that now, we can select the fonts. This option was disable in the previous versions (a lot of people seemed to have problems with the default one). Anyway, let's have a deeper look and crack it: 1/ The counter I cracked versions 6, 7 and 8, therefore I know that the counter's setup occurs between the following 2 calls: -OWL50f.TFindReplaceDialog -KERNEL32.GlobalAlloc In W32Dasm80 (i.e. previous version 8.0) we had: * Reference To: OWL50f.TFindReplaceDialog::TData::TData(ulong,int), Ord:0000h :0044110B E830D70300 Call 0047E840 :00441110 83C40C add esp, 0000000C :00441113 C7837958540001000000 mov dword ptr [ebx+00545879], 00000001 :0044111D C783364C540054010000 mov dword ptr [ebx+00544C36], 00000154 ;"\W32DEMO8.HLP" :00438FA0 BE4B474800 mov esi, 0048474B :00438FA5 8DBBE0605400 lea edi, dword ptr [ebx+60E0] ; *** BEFORE pressing CTRL-D to let W32Dasm running DISABLE them (':bd *') otherwise you will lock-up your PC. ****** Open a file "to disassemble" inside wdasm and then enable the three breakpoints (':be *'). SoftIce pops out here : :0043ADF4 55 push ebp :0043ADF5 8BEC mov ebp, esp :0043ADF7 8B550C mov edx, dword ptr [ebp+0C] :0043ADFA 8B4508 mov eax, dword ptr [ebp+08] :0043ADFD 33C9 xor ecx, ecx :0043ADFF 89880B625400 mov dword ptr [eax+620B], ecx :0043AE05 8B88584D4900 mov ecx, dword ptr [eax+4D58] :0043AE0B 0FB68900040000 movzx ecx, byte ptr [ecx+00000400] ; "\w32dsm%02d.tmp" ;
You are deep inside Fravia's page of reverse engineering, choose your way out:
homepage
links
anonymity
+ORC
students' essays
tools
cocktails
search_forms
mailFraVia