Hello Everyone! I am following a old tutorial on how to make keygens and one of the problems I have encountered is the hmemcpy command. When I type in: bpx hmemcpy, softice says the command is invaild. After some research, I found out that it has been changed to memcpy, so I bpx memcpy and I type in some bullcrap data to register a program. When I try to ctrl+d to get back to the program, softice tells me this:

Break due to BPX ntoskrnl!memcpy.

So I really don't know what to do at this point. Any help would be appreciated.

You're likely better off not to bpx memcpy, it's too general and probably not even being set or hit in the context of your program. On the off chance it is.. well just F10 trace through memcpy until it returns to user mode. Then you'll find out if it's been hit because of your program.

You'd be better to break on some other API (set in the *context* of your program - research what context means in relation to setting breakpoints in Softice).

As to what API to set a bp on.. that will also take some research. Find out what API's the program imports that might be used in the registration mechanism, such as GetDlgItemText for example. There are also other methods such as breaking on WM_ messages, etc.

Once you get close to where you need to be, then you can set direct BPX or BPM breakpoints on memory copies to trace the route your serial number follows to the registration algorithm.

As a start, go to CrackZ page at the link under Some Useful Places on this page and download cRACKER's nOTES by TORN@DO from the bottom of his page. It will introduce you to some of the reversing API knowledge you need to get started.

Thanks! I'll try it out.

Ok I read lots of stuff from crackers note and that really gave me a better understanding of a lot of things. However, since memcpy probably is too general for setting a bpx on it then how may I research the api the app uses? Like do I research by using softice or something? Thx for the info!!!!

first off, check the imports, they might give you a good target api to hook on...
if that doesnt work, bpx on typical ones like wsprintf and so on (if it builds up some strings) and so on..

hardly rocket science, and probably something covered in the FAQ as well...

hmemcpy is a relic of 16bit/32 bit hybrid OS.
Ricardo Narvaja found an equivalent area in the code of XP OS called H point (Punto H)
Take a look at this tut, and see if it works for you:

http://ricardonarvaja.info/WEB/CURSO%20NUEVO/TEORIAS%20NUMERADAS/000-100/033-PUNTO_%20H%20INGLES.rar

It is conceived to work with Olly, but It will also work in Sice with a little tweaking

Hi zrs_guy.

Unless there's something you haven't told us, you should be using more up-to-date tutorials, and tools. SoftICE still has a place in the world but a better alternative probably exists for your situation. In particular, if you don't need a kernel debugger, don't use a kernel debugger. OllyDbg is the best option for exploratory work, with WinDbg putting in a good case for tasks better suited to scripted attack.

You'll probably have more luck breaking on an appropriate Win32 API function and tracing the remainder of the way, using the usual techniques decribed in current tutorials and books. If you want more specific advice, you'll need to tell us what it is you're trying to achieve, but I'd wager that you're currently doing things the hard way .

Shit, Admiral.
This was the only SoftIce novice we had in 5 years and you have to come and tempt him away with sinful ways and the easy life of olly.
Now Kayaker will be pissed . . .

I just want to say to all of you thanks SooOoooo much for all your guyz help! I know my questions may be stupid to ask but thanks for all the advice. I'll definitely try out all that kind of stuff like ollydebug. However, IMHO, Softice is by far the best debugger I have ever encountered. Very Powerful and I love the feel of it. My purpose for using Softice was to learn to make keygens for applications as you may have heard or read about. So with all that said thanks everyone for helping people like me who are just being introduced to the world of cracking.

I was a SICE novice in the last 5 years. I just never let you know it

Also zrs_guy have fun, SoftIce is much better for certain situations (than olly, etc). If you don't already, I recommend setting up a virtual machine to run it on. It's much more fun to debug on an OS/software setup that you don't care about and that can be easily fixed.


Personmans

zrs guy, glad to see you interested and excited. In your adventures may I suggest that you look at W32DASM, its old but worked for me back in the day and is easy....

I'm still on Sice

Ahhh hmemcpy, that brings back good memories from a time where things was simple, atleast it seems that way now

Anyways, try search the board for "hmemcpy", you might find some useful reading.