Hi guys. I've been into cracking for a while although I'm still a newbie and in the past few days I faced this problem:
I've been hapilly cracking with Windows 98 but since times are changing I decided to follow the flow and use DriverStudio under WinXP. Everything fine SoftICE was breaking and all. But then I applied a crack I had done a little while ago in Windows 98 (which was working fine) and in XP wasn't functioning properly.
Let me explain: proggie's name was Backup Xpresso. It generates a site code which is probably dependant on the registry and then expects you to enter a registration code. What I have done was to turn the proggie to it's own Keygen. Since there was a memory echo of the reg code I followed the programme flow upto a MessageBox and I changed the last PUSH to point to the location of the reg code in memory.
This in Win98 works like a charm. Why doesn't it work with XP? I mean the CS changes but the address should remain the same (or am I wrong)?
One last question. Could anybody tell me some good breakpoints for XP? (mostly if there's an equivalent to hmemcpy -- not memcpy --)
Thanks for your patience and by the way it's a great forum!

What is not working? Your registration code is not working, or the dialog box now shows corrupted text rather than the reg code?

It is dificult to know without tracing the code oneself but:

-You are right, the code segment changes, but the address of the serial string is either in the DS data segment or in the stack which also change. in general, relative addresses like parameters in the stack are conserved in different OS, but indirect pointers
may change.

It is possible that some XP API work in a different fashion, and the Reg code address was passed through indirect pointers. The crack you made for W98 may be pointing to the wrong place in mem now.

There is only one way to find out, is to trace the code in your new winXP and see if the Reg code address and the address pointed by your crack coincide or not.



The story around hmemcpy have been discussed at nauseum in old threads, give it a search.

Thanks to both of you guys (sorry squidge for not being clear enough). Naides thanks for helping out. The fact is that I would trace the proggie if I could find a damn breakpoint that works. The only one that breaks is Createfile but when I do a pret (F12) it just throws back to the programme. Any help for some usefull bp's for WinXP?

A lot of happy new year's to all the guys in the forum!!!

well, there are several issues here.

In XP, the MOST helpful BP is break at the entry point.

searchback the Message board, and DL Kayaker patch, if you have not done it before. nOW LEARN TO PLACE A bREAK pOINT AT THE ENTRY POINT OF YOUR APP.

Once then you can place BPX on the app code, close to he area where your crack used to work. the cs address you see in Sice is the same you see in a Dissasm of your app.

Then Sice breaks close to where the action is taking place.

Thanks a lot for your help! I've just tried Kayaker's patch but it ain't working. I used the universal patch since I have version 2.6.
I fire Sumbol Loader load the module but all I get is the initial screen of my target. Any help here? Am I supossed to configure SoftICE in a certain manner for the patch to work?

You have driver studio v 2.6 ? Just as I thought the first WindowsXP compatible version of DS was 2.7.

Ooooooooops didn't know 'bout that ! Sorry for my ignorance! Off to download DriverStudio v2.7. Thanks a thousand squidge!

However thanks to the help I got on this forum I finally made it and cracked my target. This Olly Debugger is awesome!!!!

Thanks again for your help!

Have to agree, OllyDbg rox Most of the time now I don't even need SoftIce

Have to agree with you on that one Squidge. I am fairly new to cracking and was having an awful time with softice studio under xp. It runs fine under 98 but seems to have some real problems with XP.

Ollydbg is better in my opinion for newbies. It is so much easier to use in my opinion. The gui is just so much nicer than SI. There is a lack of tuts for using it for cracking but there are a few. It does seem that it is becoming more popular as a tool.

For all of you newbies having trouble with SI, get Olly and try it. I don't think that you will be sorry.

Sloppysam