Log in

View Full Version : Really my first steps ?


OHPen
January 28th, 2003, 06:42
@Woodmann

You are right i have to read more and i done it
Read about 12 Essay's(Pilgrim, Dan, NB, Macilaci, ACME, Amante and so on). In most of them is written read other Essay before so i concentrated on them in which it was not written. There are parts i don't understand and parts i do.

Okay, know i know whether i have a FlexLM-Target or not.
LM can be linked statically in the Target's EXE or dynamc from DLL.

With the LM tool, i can look which version i have in front of me.

But i have still problems.
I have a target where my lm is statically linked and i was told to break on lm_init, lm_..... and so on, before i loaded the exports in SymbLoader.
I can set the BPX no prob, but sice doesn't break. I don't know why.

Ansoft is another problem, try to replic the way it's described in the tut but it won't work. Is the Version of Ansoft's Serenade 8.5 different from the one used in the past `?

Finally i was not able to get any keys or seeds.( For Example: The es points to a addr in code (432342...., something like this)
but there is no address like that. I use the same prog Ansoft Serenade v8.5.

Is it my fault ?

I'm using Win2k, and sure the mem addresses are different, but the file addresses should be the same, or !?

Another question:

Is it possible that my app deliveres the lmgr*.dll, but it doesn't use it, so it uses a stically linked one. In order to fool us ?

Hope someone have some answers for me

@Woodman I'm an learning by doing guy, no matter. So i have to learn by making mistakes AND by reading essays about it. Hope you can accept this.

There is one thing i want to say, i really interessted in lerning this stuff and i will spend a big amount of my freetime to learn it.
It will be great if you guys can support me with it.

thx

OHPen

squidge
January 28th, 2003, 11:28
If it's statically linked, then you can't BPX on lm_init. You need to find the appropriate address in the file and set the breakpoint there.

To find the address, apply a sig to the exe file in IDA.

You can detect difference between static and dynamic by setting breakpoint on DLL load, just using the sig file in IDA to start with.

Woodmann
January 28th, 2003, 17:44
Howdy,

You helped yourself

You answered some of your own questions, this is good.
If you are willing to put in the time then you will never be without
any ideas about how softs work.

Example: Serenade 8.5.
I dont know anything about this soft but, there is a very good chance that a newer version is different from an older one.
This is how they keep one step ahead of the crack makers.

Later, Woodmann