Hello people!

I have a little problem, maybe u could help me.

I have this proggie with a dongle protection, quite a simple program, only one .exe file. When i want to do a specific function, it sas 'No dongle!'.
I disassembled it with w32dasm, but i can not find the part of the program that is calling this message - w32dasm cant find that part of the program. Looks ike this :

xxxxx ret

xxxx1 mov blahblah (here it moves the no dongle msg)
xxxx2 call ... (the popup window)

So i assume the message is called with something like : call [ebx + xxxxx]
so w32dasm cant find that call (or jump), beacouse it dos not know the values of registers. Could IDA be of any help, i havent got it??

And another question: since the msg is shown shortly after pushing a button, i could trace manually through the program with softice, if i could stop the execution after the button has been pushed.

So could someone tell me how to make i breakpoint on the button?

TIA

hehe

i find this topic a *little* advanced for the classic newbie. dongles are a hard nut to crack but if you are persistant even the most impossible tasks can be accomplished.

http://zencrack2.cjb.net

CrackZ site should have plenty of information on dongles.

Hey there, well you mentioned that you know where the call to the messagebox is so just look in the disdassembly and see from where that is called. If you don't know where it is you can set a BPX on the button like this: bmsg HWND WM_LBUTTONUP
HWND is the window handler for that button, get it by typing HWND in SoftIce and looking for the name of your application and to the right of that it should say "button".

Other BPXs for dongles would be:
bpio -h 378 --> breaks when accessing the parallel port
bpx CreateFileA --> breaks if a dongle opens a DLL or VXD

It really depends on what dongle the program uses, HASP, sspro, DESKey whatever.

checkout CrackZ site he has tons of great info.
zencrack2.cjb.net

goatass

Do this:

W32DASM, IDA or any such cannot find the caller if it has been called by something like call [esi+43] and such code. So what do you do in this case. I'm afraid that you have no choice but to use SOFT-ICE.

In this case BPX on the call. Do a "BPX @ESP". Run the proggie. It will break at the next instruction from where your call was.

Eg:

call [esi+90] << this is what makes your call
test eax, eax << upon breaking, you'll be here!!
:::etc, etc....

Hope that helps.

Try the following breakpoints
bpio -h 378 rw (I/O port Access)
bpio -h 278 R
DeviceIOControl
FreeEnviornmentStringA
Hope that this helps....cracking dongles is definitely not for newbies.......and no problem with trying......just that cracking is like lifting weights.....you start out lite.....then move up.....
C ya