i had a couple of cases that freeze or don't even let dasm start its job. the program is not even packet, sure is crypted with blowfish or something similar borland C++ 1999 written as PEid 0.8 says. IDA seems to work but it won't disassemble the file correctly or complete as i've note. i'm missing something?? are these new trick agains disassembling..? i tried to change some charateristhics sections to E0000020 but it won't make any change.

maybe these are fool cuestions for some of the reversing experts that contribute and participate in this board.. but... any tips or help will be great

here's the target:

http://www.choung.net/download/st153.exe

thanks for all who contribute to keep the knowledge alive!!! i want to say that this board is great.. greetings to all of you

It's related to the exports - don't know why though on this target.

Zero the export info in PE header and w32dasm will behave just fine on this proggy! Obviously this is a bad fix for certain RE work like on dll's where this info is needed. Maybe Bratalarm, Cold Coder, Harlequin, or one of the other w32dasm patch experts will come up with a fix for this.

Related to other w32dasm 'hangs', w32dasm only allocates 252 bytes for each export name and this is frequently not enough. If this is increased to say 512 bytes, many w32dasm 'hangs' are eliminated. This can be done by replacing FFFFFF04 with FFFFFE00 in w32dasm.exe at 17 address locations between 0045d3c4 and 0045dbee.

yes my friend i'm glad you reply.. it works.. it took more time disassembling than reversing i did in seconds.. only one byte change so time limit and nag is gone.. a tip for those interested... change a Push (55) to a Ret (C3) job done! you have to find where to patch there are some other ways to kick this trial.. but i usually like the faster way..

Anybody got any URLs for w32dasm patches/updates ?

http://www.woodmann.net/protools