Log in

View Full Version : I need to trace thru a prog


Crackin_Newbie
April 2nd, 2002, 14:37
this program (repo info) is very difficult for me to follow. I have found that the program registration key is the name of the file that contains registration info (minus the .txt extension). The program runs tat but then it has scripting errors (i think thats right) because of what it expects isnt there, and I am not sure to figure out what it wants. Here's a question for yall: If I break into the program and find the correct flow to register, should I change the program or make a correct registration file ( if the later, does anyone know how I can figure out what the program is looking for in the registration file?)

Anyways, Thanks yall!!!!
Crackin_Newbie

Pyrae
April 2nd, 2002, 14:55
Well, any debugger will do that.

NuMega's SoftICE is the reference tool, but there are quite some other nice ones around, i.e. TRW2000 or OllyDbg.

Looking at your question, I think you're having some reading about this topic ahead.

"/TraceX" is a command in ICEDump, which is a useful addon for SoftICE.

Crackin_Newbie
April 2nd, 2002, 15:09
I have icedump, but dont know how to properly install and use. Any suggestions?

How do u use tracex?

Pyrae
April 2nd, 2002, 15:21
Hmm, I won't write RTFM, but how about reading README.TXT?

I think you're trying to get results too fast - reversing is a time-consuming business...


Btw, please continue posting to the first thread.



Pyrae

DakienDX
April 2nd, 2002, 17:28
Hello Crackin_Newbie !

I just merged the two threads to keep it more clear.

As Pyrae said, please RTFM. (Read The FAQ and the Manual )

You can ask questions here after you've tried anything you can imagine.
To learn new things always search, then read, then try to understand and ask only if you've done all you should have done before asking.

Crackin_Newbie
April 4th, 2002, 09:35
The ice dump i got doesnt have a file that explains installation and usage. Is there a website yall can suggest where I can figure it out?

Thanks and Laterzzzzz

Pyrae
April 4th, 2002, 11:09
Try h**p://icedump.cjb.net ! As you will see, there are no official docs yet, but the readmes contain enough info to get you started...

DakienDX
April 4th, 2002, 16:36
Hello Crackin_Newbie !

Where is the big problem?
Just look what SoftICE version you have, go to the directory with the right OS and version number and execute ICEDUMP.EXE.
You'll find anything you need to know in the [OS]\DOC directory.

Or do you think ICEDump is a stand-alone application? No, it is not, it is an addon for SoftICE. You can't use ICEDump without SoftICE.
But you would better start to learn how to work with SoftICE before starting with the ICEDump commands.

Crackin_Newbie
April 7th, 2002, 07:51
That got Ice Dump working, I read files but dont comprehend trace and tracex usage, any suggestions?

Aimless
April 7th, 2002, 11:42
* Download Ollydbg 1.06

* Load your program

* Select Debug->RunTraceOver (or INTO) as you'd prefer

* As soon as you select, the proggy runs

* Wait till its over, or you reach the point that you want to monitor

* Switch back to OllyDbg, select View->Run Trace

* A window opens with traced instructions AND registers that have changed with each instruction

* Right Click anywhere on that window to save the ENTIRE history to a log file

* WARNING!! Saving the run trace INTO of a commercial app can cause your log file to swell upto 99MBs!!! And that's only for displaying of the main window!!!

* So be careful of what you log

* You can optionally turn off and on the logging

...Have Phun

Crackin_Newbie
April 7th, 2002, 20:22
I appreciate your help aimless!! I hope it works out how I think it will. May u b blessed !!!!! LOL

More postings to Follow.

Crackin_Newbie 4 Now

Crackin_Newbie
May 5th, 2002, 21:31
is there a way i can make it just log jmp, je, etc... ?

crUsAdEr
May 5th, 2002, 21:56
Hi cracking newbie,

I is quite simple to code a jump logger... grab Iczellion's debug API tutorial and you will be acle to write jump logger in asm :>.... It is not that hard....

There is such a prog out there but it is slow cos of single stepping and the file will be big anyway... it is fun to play with it but use it to crack isnt really good, you learn nothing from the protection if you just compare the 2 log files to find the jump...

regards,
crUsAdEr

Crackin_Newbie
May 5th, 2002, 23:27
I know this is lame way of cracking but this program means alot!! I am so frustrated trying to figure it out. Everytime I think of a way to get what I want, I find I cant do that. LOL

Clandestiny
May 6th, 2002, 01:41
Quote:
Originally posted by Crackin_Newbie
I know this is lame way of cracking but this program means alot!! I am so frustrated trying to figure it out.


Quite to the contrary, using a backtrace tool to *analyze* code flow is not a lame approach... A pure jump logger, however, might be pushing the definition of lameness since it takes little intelligent analysis to brute-force-patch every jump you see till you get the right one

Alternately to /tracex and Ollydbg, SoftICE itself posseses the capability to log program execution in a backtrace buffer. A trace is set using the range style breakpoint, bprw.

syntax: bprw "module name" T

I believe Sandman even has a fairly detailed tut on the usage of the SI bactrace buffer if you need more info than is provided in the SoftICE docs. Do a search for "Sandman + Softice Resource Center"

The whole key to *effectively* using the execution backtrace, is your choice of trace range and judicious placement of breakpoint traps. You probably don't want to trace from the OEP of an app, through all of its initialization code, nag screens, ect until you get to the reg dialog or whatever. This can get VERY big (+++Megs), will be unweildly to examine, and provide little meaninful insight into the behavior of your target due to the high level of background noise. You want to use an API monitor or some other tool to select breakpoints that narrow down your range as much as possible. Only then will you get meaninful results. The backtrace is essentially useless unless used intelligently. Unfortunately, SoftICE does not natively have the functionality to log your traces to a file (as it logs only addresses, not opcodes, and disassembles them on the fly via the "show" and "trace" commands). Kayaker and myself are working on an application that will extend the functionality of the winice backtrace buffer to provide this much needed logging feature, but it is not yet publicly available. First, read the manual and then ask if you have further questions not answered in the documentation.

Cheers,
Clandestiny

Aimless
May 7th, 2002, 09:53
Either that, or:

1. ALL windows program have an application called FIND.EXE
2. Run that on your 1 GB file and get all words starting with J* and CALL

If you are using ICE, you can set a BPR on the entire application with the condition that the first byte of each instruction corresponds to a jump/jnz/jz/etc.. or a CALL. (warning: this may become a BIG breakpoint. Better to put it as a macro). Also put a action to ^G after the condition so that you do not pop into softice every time a j*/call is encountered, and yet all the same are logged into your command windows.

And hey, keep that video buffer high !!

...Have Phun

Crackin_Newbie
May 21st, 2002, 19:11
this program (repo info) is very difficult for me to follow. I have found that the program registration key is the name of the file that contains registration info (minus the .txt extension). The program runs tat but then it has scripting errors (i think thats right) because of what it expects isnt there, and I am not sure to figure out what it wants. Here's a question for yall: If I break into the program and find the correct flow to register, should I change the program or make a correct registration file ( if the later, does anyone know how I can figure out what the program is looking for in the registration file?)

ps/ what search engine yall recomend when searching for sandmans tuts and other good cracking resources?

pss/ Truthfully I appreciate everything !!! Yall have been a damn good help!!

Anyways, Thanks yall!!!!
Crackin_Newbie

Crackin_Newbie
May 25th, 2002, 04:05
I am seeking out how to find out what is needed in a registration type file. Repo Info wants somethings in the file but I am not sure what that is, is there a tut or anything to help me figure it out, if there is, please tell me where i might find it or a name of file and search enging to use to find it. Also I get lost real quick trying to follow the program code. I know it should be too hard to find the jmp that causes it to expire when the time runs out. I am getting stressed on this. I got tuts out the @ss and have tried there approaches and to no avail yet. I ve tried logging but I get so much logged that i dont have the HD space . Any more helpful suggestions? Thanks again. Pe@ce!