Aimless
November 2nd, 2000, 00:16
Hullo,
As you know, I am a complete newbie, and am slowly trying to crawl my way up to the 'higher' levels. However, in my quest for 'higher' cracking proggies, I encountered a small proggie (about 19KB), which I am trying.
This is, obviously, having a time check ("Your trial period expired"
. My findings are:
1. It has got Anti-Disasm code. IDA does not disasm properly (IDA 4.04, BTW). W32dsm simply falls apart (havn't tried with Sourcer: yet.)
2. It has got anti-debugging code (IDT int 01, 03, 05) detection codes
3. It has got anti-Sice code (Interrupt Detection for int 03).
4. It also has an additional section (.yado) which is obviously, user made, and the entry-point goes there.
5. Its packed and/or encrypted.
Whew!
Now, the issue is I am trying to tackle things one-by-one. My aim here is to first prise the anti debugging/software code. Note that here, TRW2000 and SICE 4.05 (w9x), just hang! I have to re-boot to get it working.
However, a very good s-ice and anti-debugger hooks was revealed to me by FrogsICE (god bless him!) in FrogICE's return codes 05 and codes 00.
Therefore, after all these explanations, my questions:
(1): Frog's print has accurately shown me the op-code and the cs:eip where this occurs. The problem is nopping/bypassing the instruction does not help at all. Therefore, what is the next logical step to follow ?
(2): I have not yet tried dumping the active process. But would that be helpful ? COnsidering these extra protections, I am sure there would be an anti-dumping thingy too.
Any reponses shall be gratefully appreciated.
As ever
As you know, I am a complete newbie, and am slowly trying to crawl my way up to the 'higher' levels. However, in my quest for 'higher' cracking proggies, I encountered a small proggie (about 19KB), which I am trying.
This is, obviously, having a time check ("Your trial period expired"

1. It has got Anti-Disasm code. IDA does not disasm properly (IDA 4.04, BTW). W32dsm simply falls apart (havn't tried with Sourcer: yet.)
2. It has got anti-debugging code (IDT int 01, 03, 05) detection codes
3. It has got anti-Sice code (Interrupt Detection for int 03).
4. It also has an additional section (.yado) which is obviously, user made, and the entry-point goes there.
5. Its packed and/or encrypted.
Whew!
Now, the issue is I am trying to tackle things one-by-one. My aim here is to first prise the anti debugging/software code. Note that here, TRW2000 and SICE 4.05 (w9x), just hang! I have to re-boot to get it working.
However, a very good s-ice and anti-debugger hooks was revealed to me by FrogsICE (god bless him!) in FrogICE's return codes 05 and codes 00.
Therefore, after all these explanations, my questions:
(1): Frog's print has accurately shown me the op-code and the cs:eip where this occurs. The problem is nopping/bypassing the instruction does not help at all. Therefore, what is the next logical step to follow ?
(2): I have not yet tried dumping the active process. But would that be helpful ? COnsidering these extra protections, I am sure there would be an anti-dumping thingy too.
Any reponses shall be gratefully appreciated.
As ever