Pyrae
April 14th, 2002, 16:19
Well, 'dead' means that no live approach (debugging) is possible and disassemblers give messy results, though the target is obviously neither packed nor encrypted.
In this particular case it's the timebomb routine in WINLOGON.EXE/LICDLL.DLL of WinXP Embedded Eval (which btw is a build-it-yourself WinXP Pro and therefore the most useful version of WinXP), but I only need some basic ideas on OS level cracking.
Here is what I've tried so far:
-disassembling LICDLL.DLL, which contains the 'expired' nag's text using IDA, W32Dasm, PEDasm
(all give nonsense listings with lots of unresolved jumps etc., see attached snippet)
-getting Softice to run on XP Embedded Eval
('EXP=\%SystemRoot%\system32\kernel32.dll Error Opening file. Status=C0000225' (same for all other libs, no working solution found) -> no useful breakpoints possible)
-looking for string refs/refs to string offsets with hiew (nothing useful found)
-looking for infinite jumps/inline calls which might confuse disassemblers (nothing found)
So I'm running out of useful ideas on this one, perhaps someone can help me out with any alternative approaches...
Thanks very much, Pyrae
In this particular case it's the timebomb routine in WINLOGON.EXE/LICDLL.DLL of WinXP Embedded Eval (which btw is a build-it-yourself WinXP Pro and therefore the most useful version of WinXP), but I only need some basic ideas on OS level cracking.
Here is what I've tried so far:
-disassembling LICDLL.DLL, which contains the 'expired' nag's text using IDA, W32Dasm, PEDasm
(all give nonsense listings with lots of unresolved jumps etc., see attached snippet)
-getting Softice to run on XP Embedded Eval
('EXP=\%SystemRoot%\system32\kernel32.dll Error Opening file. Status=C0000225' (same for all other libs, no working solution found) -> no useful breakpoints possible)
-looking for string refs/refs to string offsets with hiew (nothing useful found)
-looking for infinite jumps/inline calls which might confuse disassemblers (nothing found)
So I'm running out of useful ideas on this one, perhaps someone can help me out with any alternative approaches...
Thanks very much, Pyrae