how do i break on any of these functions? +++++++++++++++++++ IMPORT MODULE DETAILS +++++++++++++++

Import Module 001: kernel32.DLL

Addr:BFF9D545 hint(0000) Name: SystemTimeToFileTime



Import Module 003: MSVBVM50.DLL

Addr:0F0E9FC8 hint(02B2) Name: rtcSaveSetting
Addr:0F102FFC hint(0000) Name: MethCallEngine
Addr:0F0E0A2C hint(026E) Name: rtcStrConvVar
Addr:0F03C89B hint(0204) Name: rtcAnsiValueBstr
Addr:0F03AB67 hint(0271) Name: rtcCreateObject
Addr:0F03A479 hint(0206) Name: rtcLowerCaseVar
Addr:0F0D67E1 hint(0229) Name: rtcGetYear
Addr:0F0DC025 hint(0294) Name: rtcVarFromFormatVar
Addr:0F012135 hint(029D) Name: rtcCommandBstr
Addr:0F05E479 hint(012C) Name: GetMem2
Addr:0F0E89D6 hint(012D) Name: GetMem4
Addr:0F0D405A hint(0253) Name: rtcMsgBox
Addr:0F0261B4 hint(0256) Name: rtcDoEvents
Addr:0F03BF96 hint(0132) Name: PutMem2
Addr:0F0DF23C hint(0208) Name: rtcTrimVar
Addr:0F0E8AFF hint(0133) Name: PutMem4
Addr:0F0DF2B5 hint(0209) Name: rtcLeftTrimBstr
Addr:0F0DF4BC hint(020B) Name: rtcRightTrimBstr
Addr:0F00BCB0 hint(0277) Name: rtcMidCharBstr
Addr:0F0DF81E hint(020D) Name: rtcSpaceBstr
Addr:0F04306E hint(0278) Name: rtcMidCharVar
Addr:0F0DF860 hint(020E) Name: rtcSpaceVar
Addr:0F02299D hint(0000) Name: EVENT_SINK_AddRef
Addr:0F0DF88E hint(020F) Name: rtcUpperCaseBstr
Addr:0F0DF8B3 hint(0210) Name: rtcUpperCaseVar
Addr:0F01272A hint(0211) Name: rtcKillFiles
Addr:0F04F3E0 hint(0000) Name: DllFunctionCall
Addr:0F01218E hint(029E) Name: rtcCommandVar
Addr:0F0DE054 hint(0238) Name: rtcFileSeek
Addr:0F037FD1 hint(0000) Name: EVENT_SINK_Release
Addr:0F0D0A69 hint(0258) Name: rtcShell
Addr:0F03634A hint(0000) Name: EVENT_SINK_QueryInterface
Addr:0F022B59 hint(0000) Name: __vbaExceptHandler
Addr:0F0E8A73 hint(013A) Name: GetMemNewObj
Addr:0F0E8D19 hint(013B) Name: PutMemNewObj
Addr:0F04EBF6 hint(025F) Name: rtcStringVar
Addr:0F0E8E3E hint(013C) Name: SetMemNewObj
Addr:0F0D5C7F hint(0212) Name: rtcChangeDir
Addr:0F01BD44 hint(0260) Name: rtcVarBstrFromAnsi
Addr:0F0D5CA2 hint(0213) Name: rtcMakeDir
Addr:0F0D5CB3 hint(0214) Name: rtcRemoveDir
Addr:0F0D6033 hint(0215) Name: rtcChangeDrive
Addr:0F100284 hint(0000) Name: ProcCallEngine
Addr:0F050519 hint(0218) Name: rtcStrFromVar
Addr:0F01BCE6 hint(0219) Name: rtcBstrFromAnsi
Addr:0F0D6626 hint(021A) Name: rtcPackDate
Addr:0F040CDA hint(0285) Name: rtcDir
Addr:0F0D5A29 hint(0287) Name: rtcCurrentDir
Addr:0F0DE230 hint(023A) Name: rtcFileLength
Addr:0F00369C hint(0288) Name: rtcFreeFile
Addr:0F0D7E39 hint(023B) Name: rtcEndOfFile
Addr:0F01B43E hint(02A9) Name: rtcImmediateIf
Addr:0F054278 hint(0240) Name: rtcFileCopy
Addr:0F0D5D5F hint(0241) Name: rtcFileDateTime
Addr:0F00D607 hint(02AD) Name: rtcErrObj
Addr:0F036192 hint(0242) Name: rtcFileLen
Addr:0F00A1BF hint(0064) Name: ThunRTMain
Addr:0F0E9DFB hint(02B1) Name: rtcGetSetting
Addr:0F01B62E hint(0262) Name: rtcGetDateVar
Addr:0F058DD8 hint(0265) Name: rtcVarStrFromVar
Addr:0F012378 hint(0268) Name: rtcLeftCharBstr
Addr:0F00B8C4 hint(0269) Name: rtcLeftCharVar
Addr:0F0DED66 hint(026A) Name: rtcRightCharBstr
Addr:0F01238B hint(026B) Name: rtcRightCharVar
Addr:0F0D686F hint(021E) Name: rtcGetDayOfMonth
Addr:0F0D6828 hint(0221) Name: rtcGetMonthOfYear
Addr:0F0D5E62 hint(0244) Name: rtcSetFileAttr
Addr:0F0DD1FE hint(0245) Name: rtcR8ValFromBstr

ive tried bpx and bpm "CS:0F0D686F" rw, without the exclamation marks ? pls help me some1...BTW ive loaded every DLL that i can see that this program uses but alas im only a very young reverser (old person...39...but young reverser!! ...)the program is a 30 day time trial of Techno ejay...(PXD software)..any help here would be truly appreciated

hmm...if you have the VB5 runtime dll loaded in softice, you should be able to break on all of those listed under it....if it's a small d/l I'll check it out

..the msvbm50.dll is 1316KB

this is part of my winice dat...is the fact that i hace "two" msvbvm50.dll,s loaded the reason i cant braek on the ejay one?

; WINICE.DAT
; (SIW95\WINICE.DAT)
; for use with SoftICE Versions greater than 3.0 (Windows 95)
;

; *************************************************************************
; If your have MORE than 32MB of physical memory installed, change
; the PHYSMB line to the correct # of Megabytes.
; If you have LESS than 32MB you can save a bit of memory by
; specifying the correct # of Megabytes
; Example: PHYSMB=32
; *************************************************************************
; ***** Examples of sym files that can be included if you have the SDK *****
; Change the path to the appropriate drive and directory
;LOAD=c:\windows\system\user.exe
;LOAD=c:\windows\system\gdi.exe
;LOAD=c:\windows\system\krnl386.exe
;LOAD=c:\windows\system\mmsystem.dll
;LOAD=c:\windows\system\win386.exe
; ***** Examples of export symbols that can be included *****
; Change the path to the appropriate drive and directory
;EXP=c:\windows\system\vga.drv
;EXP=c:\windows\system\vga.3gr
;EXP=c:\windows\system\sound.drv
EXP=c:\windows\system\mouse.drv
;EXP=c:\windows\system
etware.drv
EXP=c:\windows\system\system.drv
EXP=c:\windows\system\keyboard.drv
;EXP=c:\windows\system\toolhelp.dll
;EXP=c:\windows\system\shell.dll
;EXP=c:\windows\system\commdlg.dll
;EXP=c:\windows\system\olesvr.dll
;EXP=c:\windows\system\olecli.dll
;EXP=c:\windows\system\mmsystem.dll
;EXP=c:\windows\system\winoldap.mod
;EXP=c:\windows\progman.exe

;***ejay files
EXP=C:\Program Files\Techno2\ejay\ejay\Asycfilt.dll
EXP=C:\Program Files\Techno2\ejay\ejay\Comcat.dll
EXP=C:\Program Files\Techno2\ejay\ejay\Ctl3d32.dll
EXP=C:\Program Files\Techno2\ejay\ejay\Dsetup.dll
EXP=C:\Program Files\Techno2\ejay\ejay\Dsetup6e.dll
EXP=C:\Program Files\Techno2\ejay\ejay\Dsetup6j.dll
EXP=C:\Program Files\Techno2\ejay\ejay\Msvbvm50.dll
EXP=C:\Program Files\Techno2\ejay\ejay\Msvcrt.dll
EXP=C:\Program Files\Techno2\ejay\ejay\Msvcrt20.dll
EXP=C:\Program Files\Techno2\ejay\ejay\Oleaut32.dll
EXP=C:\Program Files\Techno2\ejay\ejay\Olepro32.dll
EXP=C:\Program Files\Techno2\ejay\ejay\pxd32cl1.dll
EXP=C:\Program Files\Techno2\ejay\ejay\pxd32r4.dll
EXP=C:\Program Files\Techno2\ejay\ejay\pxd98db.dll
;********End of ejay files


; ***** Examples of export symbols that can be included for Windows 95 *****
; Change the path to the appropriate drive and directory
EXP=c:\windows\system\kernel32.dll
EXP=c:\windows\system\msvbm50.dll
EXP=c:\windows\system\msvcrt.dll
EXP=c:\windows\system\user32.dll
EXP=c:\windows\system\gdi32.dll
EXP=c:\windows\system\comdlg32.dll
EXP=c:\windows\system\shell32.dll
EXP=c:\windows\system\advapi32.dll
EXP=c:\windows\system\shell232.dll
EXP=c:\windows\system\comctl32.dll
EXP=c:\windows\system\crtdll.dll
EXP=c:\windows\system\version.dll
EXP=c:\windows\system
etlib32.dll
EXP=c:\windows\system\msshrui.dll
EXP=c:\windows\system\msnet32.dll
EXP=c:\windows\system\mspwl32.dll
EXP=c:\windows\system\mpr.dll

Hello.

1st, you should make a little check : replace the ejay version of the DLL with the normal windows one. If the proggy don't run, then you know why you can't break into it :-)

2nd, try commenting the msvbm50.dll that is in your "normal" windows exports symbols, and reboot. This way, SIce won't have to handle 2 *(maybe) different DLLs* with the same name.

3rd: is your proggy is in VB, you should consider using Smartcheck, an amazingly powerful and easy-to-use tool...

Hope that helps.

Aleph

Yup, you figured it out....softice is confused. I'd say the proggy uses the one in the system directory, you just included ALL .dlls used by the proggy in the part you added right? delete or jsut put a semi-colon in front of one to comment it out. reboot & try again. ;-)

As for Smartcheck....good suggestion...if it's not a pcoded app (smartcheck will tell you if it is). If so, might I suggest trying ExDec by JosephCo. It's a beutiful little tool for disassembling p-coded apps in VB5 & 6. Takes a little study to get the hang of it, but once you learn a few excodes, the disassembly tells you just about anything you want to know about the proggy ;-)

I don't have a URL handy for it, but I'm sure you could finesse one from somebody (JoCo?)

I know you can get it at #cracking4newbies on EFnet.

Good Luck

btw, LOL I meant if the proggy was a small d/l....11.5 MB....YIKES! hehe