hallo everybody

I have a problem when I try to use "bpx getdlgitemtexta" on this crackme (attached). When softice break I press F5 and it breaks again (name/serial). After that I press F11 once to go back to the caller.

Normally it looks like this:

push xxx
push xxx
push xxx
push xxx
call User32!GetDlgItemTextA
...
...

But now it shows something I don't understand. Please guide me.

how to save/dump the assembler-code in softice into a tekst file?

Thx


Chitech

hi chitech,
i have take a look to the crackme.
it uses a method to make your life hard while you are stepping the code.
there are many useless instruction like jmp, call, pushad/popad, pushf/popf between the real instructions used by the crackme for the name/serial check.
when you are stepping, remember that all the instructions between a pushad-popad and pushf-popf block are completely useless so don't take a closer look to them

here is the first 3 useful intruction:
402D1E: test eax, eax
402D59: jnz 40309E
403186: mov esi, 40701B
use them in order to understand how the flow proceed

the crackme seems not much difficult (i haven't reverse it yet...) but the problem is the stepping and the fact that you'll find instructions like:
shl ecx, 18
shr ecx, 18
that are here only for kidding you.
the command /dump of icedump is what you are looking for but imho don't help you too much in this specific case.
use ida, it's optimus for this subject; you can see all the code used by the crackme...

anyway i suggest to put this thread in the mini project area and see if anyone wants to join you in this project.

hope it helps!
regards,
ZaiRoN

thx u.....now I see the light

I will put this thread in the mini project area and continue my reversing there


Chitech