hack3r2k
June 18th, 2002, 12:18
HaspServicesSpy © 2002, .:hack3r2k:.
Description:
HaspServicesSpy is routine included in HaspDongle.dll shipped along with this
document, and its target is to spy services called by the main program with the
help of haspreg().
To use this function you have to add to the target exe/dll a new import (HaspDongle.HaspServicesSpy). You need also to add to the PE file a new
section (with attributes 60000020) that will contain a call to spy procedure
from the dll.
Ex: call dword ptr [HaspDongle!HaspServicesSpy]
ret
Attention !!!
HaspDongle!HaspServicesSpy represents a 32bit number that corresponds to the address of the import)
In the end you must locate haspreg() call and divert it to our new section that calls the spy routine.
If you followed the steps above after the execution of the hasp protected program a window will popup eachtime when the program tries to execute a hasp service (full support for all kind of hasps).
Report any bugs at : danielciocarlan@hotmail.com
Questions/Help : danielciocarlan@hotmail.com
Features:
- full dump for all regs used by hasp
- the ability to display the type of the dongle and the name of the service called
- all the information is displayed in a window
- the tracing of the calls is now made in minutes without the need of any debugger/disassembler
- can be also used by hasp newbies that often have problems with tracing/hasp type/..(LOL ! I had the same problems some time ago)
- minimum memory requirements
- small size/very fast (is written in 32bit assembly)
To be done:
- regs editing/saving ;will be a very useful feature
F.A.Q :
Q: .:hack3r2k:. how the fuck can I find that damn haspreg() call.
A : Easy ! Disassemble the program (IDA/W32DASM) locate the hasp mark (cmp bh, 32h) and under this look for something similar to push ebp/call 00XXXXXX/pop ebp, call XX000000 represent the call to hasp regs and u must divert it to our new section created in order to be able to call spy routine.
Q: What about all the modif to the PE ??!
A: Use LordPE – RoyalTS (try to get it from www.exetools.com or http://y0da.cjb.net)
Greets fly out to:
CrackZ (thanx for telling me hasp reversing secrets), HypnoticZ/TNT (thanx to you too), goatass (help with reversing)
Description:
HaspServicesSpy is routine included in HaspDongle.dll shipped along with this
document, and its target is to spy services called by the main program with the
help of haspreg().
To use this function you have to add to the target exe/dll a new import (HaspDongle.HaspServicesSpy). You need also to add to the PE file a new
section (with attributes 60000020) that will contain a call to spy procedure
from the dll.
Ex: call dword ptr [HaspDongle!HaspServicesSpy]
ret
Attention !!!
HaspDongle!HaspServicesSpy represents a 32bit number that corresponds to the address of the import)
In the end you must locate haspreg() call and divert it to our new section that calls the spy routine.
If you followed the steps above after the execution of the hasp protected program a window will popup eachtime when the program tries to execute a hasp service (full support for all kind of hasps).
Report any bugs at : danielciocarlan@hotmail.com
Questions/Help : danielciocarlan@hotmail.com
Features:
- full dump for all regs used by hasp
- the ability to display the type of the dongle and the name of the service called
- all the information is displayed in a window
- the tracing of the calls is now made in minutes without the need of any debugger/disassembler
- can be also used by hasp newbies that often have problems with tracing/hasp type/..(LOL ! I had the same problems some time ago)
- minimum memory requirements
- small size/very fast (is written in 32bit assembly)
To be done:
- regs editing/saving ;will be a very useful feature
F.A.Q :
Q: .:hack3r2k:. how the fuck can I find that damn haspreg() call.
A : Easy ! Disassemble the program (IDA/W32DASM) locate the hasp mark (cmp bh, 32h) and under this look for something similar to push ebp/call 00XXXXXX/pop ebp, call XX000000 represent the call to hasp regs and u must divert it to our new section created in order to be able to call spy routine.
Q: What about all the modif to the PE ??!
A: Use LordPE – RoyalTS (try to get it from www.exetools.com or http://y0da.cjb.net)
Greets fly out to:
CrackZ (thanx for telling me hasp reversing secrets), HypnoticZ/TNT (thanx to you too), goatass (help with reversing)
