MTB
November 6th, 2001, 19:27
The target is Co__V, a ray trace program used in optics, protected by an Activator dongle.
IDA version 4.04 seems to have problems dissassebling it, however W32dasm 8.93 seems to be working ok. First section of both dissassemblies are posted below.
First can I get IDA to work on this code?
Second why didn't IDA pick a sigature file for it?
I probably can crack it using W32dasm, but really would prefer to use IDA since it does a significantly better job.
Thanks
MTB
--------------------------------------------------------------------------
IDA posted below
5F401000 ; Format : Portable executable for IBM PC (PE)
5F401000 ; Section 1. (virtual address 00001000)
5F401000 ; Virtual size : 0009628B ( 615051.)
5F401000 ; Section size in file : 00096400 ( 615424.)
5F401000 ; Offset to raw data for section: 00000600
5F401000 ; Flags 60000020: Text Executable Readable
5F401000 ; Alignment : 16 bytes ?
5F401000 ; Exported entry 3030.
5F401000
5F401000 model flat
5F401000
5F401000 ; ---------------------------------------------------------------------------
5F401000
5F401000 ; Segment type: Pure code
5F401000 _text segment para public 'CODE' use32
5F401000 assume cs:_text
5F401000 ;org 5F401000h
5F401000 assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
5F401000
5F401000 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
5F401000
5F401000
5F401000 public MFC42_3030
5F401000 MFC42_3030 proc near ; CODE XREF: MFC42_1168+Ap
5F401000 ; MFC42_1169+11p ...
5F401000
5F401000 arg_0 = dword ptr 0Ch
5F401000
5F401000 push esi
5F401001 push edi
5F401002 mov edi, ecx
5F401004 cmp dword ptr [edi], 0
5F401007 jz short loc_5F401032
5F401009
5F401009 loc_5F401009: ; CODE XREF: MFC42_3030+43j
5F401009 mov eax, dword_5F4CB000
--------------------------------------------------
W32dasm below
:00401000 CC int 03
:00401001 CC int 03
:00401002 CC int 03
:00401003 CC int 03
:00401004 CC int 03
:00401005 E90F030000 jmp 00401319
* Referenced by a CALL at Address:
|:009A34A5
|
:0040100A E9BA020000 jmp 004012C9
* Referenced by a CALL at Address:
|:009A3719
|
:0040100F E997020000 jmp 004012AB
* Referenced by a CALL at Address:
|:0040128B
|
IDA version 4.04 seems to have problems dissassebling it, however W32dasm 8.93 seems to be working ok. First section of both dissassemblies are posted below.
First can I get IDA to work on this code?
Second why didn't IDA pick a sigature file for it?
I probably can crack it using W32dasm, but really would prefer to use IDA since it does a significantly better job.
Thanks
MTB
--------------------------------------------------------------------------
IDA posted below
5F401000 ; Format : Portable executable for IBM PC (PE)
5F401000 ; Section 1. (virtual address 00001000)
5F401000 ; Virtual size : 0009628B ( 615051.)
5F401000 ; Section size in file : 00096400 ( 615424.)
5F401000 ; Offset to raw data for section: 00000600
5F401000 ; Flags 60000020: Text Executable Readable
5F401000 ; Alignment : 16 bytes ?
5F401000 ; Exported entry 3030.
5F401000
5F401000 model flat
5F401000
5F401000 ; ---------------------------------------------------------------------------
5F401000
5F401000 ; Segment type: Pure code
5F401000 _text segment para public 'CODE' use32
5F401000 assume cs:_text
5F401000 ;org 5F401000h
5F401000 assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
5F401000
5F401000 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
5F401000
5F401000
5F401000 public MFC42_3030
5F401000 MFC42_3030 proc near ; CODE XREF: MFC42_1168+Ap
5F401000 ; MFC42_1169+11p ...
5F401000
5F401000 arg_0 = dword ptr 0Ch
5F401000
5F401000 push esi
5F401001 push edi
5F401002 mov edi, ecx
5F401004 cmp dword ptr [edi], 0
5F401007 jz short loc_5F401032
5F401009
5F401009 loc_5F401009: ; CODE XREF: MFC42_3030+43j
5F401009 mov eax, dword_5F4CB000
--------------------------------------------------
W32dasm below
:00401000 CC int 03
:00401001 CC int 03
:00401002 CC int 03
:00401003 CC int 03
:00401004 CC int 03
:00401005 E90F030000 jmp 00401319
* Referenced by a CALL at Address:
|:009A34A5
|
:0040100A E9BA020000 jmp 004012C9
* Referenced by a CALL at Address:
|:009A3719
|
:0040100F E997020000 jmp 004012AB
* Referenced by a CALL at Address:
|:0040128B
|