Im guessing this is an elimentary question but just need some confirmation as to what is going: I am attempting to crack my first prog - im not going for anything glamorous, just a 'jz' to 'jmp' if poss.

I have dissambled in w32dasm and seen that the address range goes upto ~0044xxxx. Back in Wice I break the prog using
'bpx getdlgitem' at the 'incorrect password' dialog, no probs. the thing is, the address in the code window is in the 77xxxxxxx kinda range - totally outside the exe.!

Does this mean it uses an imported (win) .dll (which means i cant mess with it, right) or am i doing something daft.

Forgive me if this is a dumb q, but I didnt even know what assembly was 2 days ago (is there a thing newer than a newb?!)

cheers all.

The reason it's in address range 77xxxxxx when it breaks is because that's where the function itself is; SI breaks on the function itself, not the call to it. Once it breaks on the function, you need to return from the call (hit F12) to see where it was called from. You can then go about manipulating your victim as you please.

Don't worry about being new; everyone starts somewhere.

nice one! I hoped it would be an easy one,

thanx.

Actually F11 will send you back to your program code.
F12 (pret) will take you only as far as the next ret instruction, which may still be up there inside the code bushes of the system dll(s).

to Bosey: The windows system dll(s) should not be messed with (not routinely anyway), but YOUR application dll can be modified for cracking purposes.

cheers, after a couple of minutes i twigged what was going on,

regards.