Trying to Crack a program written in VB3. The key is calculated in a DLL called keylib16. The function that do the calculation is pp_tcode. This function is returning a 0 if the key is wrong. A 1-7 gives me access to the softvare.

I try to set a bpx pp_tcode but SI tells me this symbol is not defined. I add keylib16.dll to winice.dat, but no change.

How do I get SI to set a bpx on the funcion pp_tcode

When I try the Symbol loader it tells me that no debug information is available.

(As you can see, I am new to this)

Hallo,

I suggest that you understand the following first:

What exactly is the API call? I mean take ANY API. Let us see..hmm, lets take 'ExitProcess' as the API.

Now, Microsoft and ourselves can easily refer to 'ExitProcess' as a means of calling that function.

However, the machine cannot understand any of this 'ExitProcess' junk. It can understand only addresses. What it means is that for each API, there is an address. How does softice load all addresses, and thereby, the names ? It simply opens the file as exports from the Loader.

What has happened is, you know that a function called as 'some_vb_func' is being called. You put a breakpoint on that. BUT, the softice does not know this. It can know only addresses. And this conversion from name to address is done by adding the exports to softice, using the loader. And pray, how do you load it? You first need to find out in which dll, the func resides as an exported function. Then give the name of that dll in the export. And voila.

Have Phun

I have tried to load the keylib16.dll into SI. Cant see the functions inside SI.
I have tried to use the SI loader. Same result.
The keylib16.dll is a 16bit DLL. Is this why I cant load the dll?

I just wont to get a breakpoint inside the function pp_tcode to see what values the function is returning and change them to somthing that opens the software.

the software can be found at: h**p://www.performancetrends.com/programs/DyDM-w95.exe

Are you trying to use softice on a 32 bit opsystem? If so, then it will not recognise the 16 bit DLL name when setting breakpoints as it considerers the app to be all running under a 16 bit VM.

If you are running on Win 3.x with a suitable version of SI, then I have no explanation.

Yes, I am running SI on Win98/second edition.

Ok! I have the knowlage abot what function I want to debug but I cant get the name as a bpx. I can see in w32dasm the adresses the functions have. Can I use this info to search for the call with an adress instead of a name and set a bpx on that adress?