Log in

View Full Version : How to find referenced strings pre-loaded by DLL's


CADZzz
February 27th, 2003, 05:50
1)What is the problem....
MIDAS/gen , program for analysing steelstructures (www.midasit.com)

2)What is the protection.....
Sentinel

3)What tools are you using....
Ollydbg1.09

4)What tutorials have you read....
Cyberheg /Crackz (respect)/Goatass etc...

5)Show your output listing WITH comments....

Text strings referenced in wg_meng:.text, item 1489
Address=06F58385
Disassembly=PUSH wg_meng.06F88EF8
Text string=ASCII "Lock is not detected.
Please confirm if the Lock is properly connected to a Parallel Port."

6)NOW ask your question....

First i want to say is that i am totally not interested in the protection itself , my interest goes out to testing and evaluating as much as CAD/FEA programs as there r on the market, just for evalution purposes only (believe me or not)...and make a good choise for buying licenses for my construction company...

To fully test CAD programs its mostly neccesary to have full working versionsu can play with. Thats why i learned a little ASM and mega lots of ZEN for the programs that i cant find cracked in the warez scene.

As i dont understand enough ASM to emulate and reverse dongles i most times search for the piece of code that triggers the program and patch it. Mostly my chances a pretty good when the protection also includes a trial period, cause most developers just build in switches for triggering the program how to run.

My recent target r the MIDAS programs....

I managed to crack 1 out of three already...the FEModeler...because it was easy to find where the program was triggered...by referenced text strings.
Next r MIDAS/gen and MIDAS/civil.

But the other 2 programs pre-load all the text strings in memory (cause its multilanguage i guess).
I found the dll with all the english text in it, but no calls were made to that dll at all (tested by setting bp's).

Hehe...finally my question:

How can i find the place where the text is stored in memory and more important where its called from!

Regards,
CADZzz

dELTA
February 27th, 2003, 07:53
One way would be to use e.g. softice (or any other debugger capable of setting memory-read breakpoints). Then loading the application and searching the entire memory space of it for the string (e.g. by using the search command in softice, or any other memory search tool), and then setting a memory-read breakpoint on the first character of the string.

CADZzz
February 28th, 2003, 09:53
Thanks a lot!
I found a dll that handles the strings...

Regards,
CADZzz