Hi,
I have a prog here that is programmed in Flash MX (could see it with an hexeditor). There are some "edit"-fields on the form and a "Check"-Button.

Now my question is: How can I jump to the code, where the information are read of that editfield ?

Thank you very much for your help!

Greetings,
giorgio

Hi,
Did you take the time reading the faq?
There are important informations regarding about this board.

I have dealt with Macromedia written apps before, and Flash MX is basically the newest version. They can be painful to reverse because none of the typical windows API calls are used, so BPX on GetWindowTextA, CreateWindow, etc etc simply do not work.

If I remember correctly, this is the way I finally defeated it:

First I used an API spy program, Ispy was its name, and found out the handle of the window that received my password along with the window messages it was seeing.
Then I entered a bogus password in the edit field and put, in SoftIce, a break point: BMSG Handle_of_the_Window WM_LBUTTONUP

When you click the OK button, Sice breaks. Search in memory the bogus password bytes, and put a BPM on the location, which is high in memory. Then you let the program run and the password gets serially copied to several places in memory by the Flash routines. keep track of these memory locations with BPM breakpoints. with patience, you eventually land in the code that evaluates and validates the password.

An alternative method, which was suggested to me but I never had the need to try, is to Download the MacroMedia Flash MX SDK, learn their proprietary API structure, load their symbols in Sice or IDA and Put BP on the functions they use to capture and manipulate text form edit boxes, which, as I said before, are different from the better known windows API routines.

Hope this makes sense to you.

Hi naides,
thank you for your answer. This is a great tip and I will try it as soon as I can. Then I will post the results/next questions in this thread!
So as I said, thank you very much for the help, naides!

@esther: I have read the board FAQ and I have also thought about the way I post my question. If something is not correct it would be very nice if you would tell me e x a c t l y what is incorrect. Thanks.

Greetings,
giorgio

Hi,
You didn't mention about what tools you are using to crack.
You didn't put codes explaining where you are stuck.
Guessing what you do is not a good idea

don't know if it works for mx, but sothink's swf decompiler is a great tool

esther - did you get your all 186 posts from newbie bashing ?

:-P

mac

Hi disavowed,
thank you for your tip. I have downloaded the decompiler here: http://www.srctec.com/flashdecompiler/ (for everybody else who is interested in it...).

@esther:
hi, you said:
"You didn't mention about what tools you are using to crack." <- I've forgotten to tell you that I am using Softice, if someone knows what it is, maybe not ?
"You didn't put codes explaining where you are stuck." <- I can't put codes in here, cause no bpms on normal apis work.
But thanks for your advice.

@esther:
I nearly thought that too, but I don't dare...

Thank you for your help!

Greetings,
giorgio

Hi,

zip all the post send it to me or get bashed!