Hi all,
I have some trouble with Softice (Drivers Studio 2.7),
I've install it on WinMe, and when loading my exe files, and setting SI to break at WinMai, no thing happens (the exe runs whithout breaking at winamin!!!), if any one had encouter that problem please let me know, note that I've try it also under win 98.
Thanx

DId you try using the Search button at the top of the forum?


Plus, I'd like to take this opportunity to ask all ppl out there, - WHY DOES EVERYONE WANT TO BREAK ON WIN FREAKING MAIN?

There's so many other better ways to do things ! Learn how to use your tools.


-nt20

Hi, try this patch of nmtrans.dll and see if it works.

http://www.woodmann.net/forum/showthread.php?threadid=3982

Kayaker

For the same reason I like to see the begining of every movie I watch

I have never used the symbol loader ONCE in my entire cracking career, I just don't think it's necessary. If you want to break into the program, just use break 'n enter or bpx on some other API IMHO.

-nt20

That's right man
I know how to break in using API's, but I only want to "KNOW" what's wrong in my case.
Regards

What's wrong is you did not use the Search button. This question has been asked many many many many times.

Either of the 2 problems:

1. WinME and DS 2.7 is slightly "odd" combo for cracking purposes. As it is, Win2k and WinXP give ICE a hard time. To use Win ME will, well, make the system unpredictable.

2. However, it could also be that you need to change the code section attributes. You can get a PE File Header Editor and make the necessary section changes.

But if NEITHER of them solve the issue, its time to get dirty. Here are the steps:

1. Turbo Dump the executable (just to find out its entry-point. If you can get the entry point using some other tools, no probs)

2. Convert that RVA/VA into a physical address. Understand how the conversion works, or get a converter. You will find a flood of them on

www.programmerstools.org

3. Hex edit the file and go to the physical address that represents the entry point

4. Put in opcode "CC" (without quotes) over there. This stands for "INT 03". Make sure you put the CC in the HEX part and not the ASCII part

5. Save the file (a good idea is to copy the original file as backup)

6. Change to softice and type command "INT03 HERE".

7. Run your program. From explorer, from RUN menu, from basically anywhere, you WILL stop at the winmain/entry-point.

8. Hope that when you changed the code in the file to CC, you also noted the code that was already existing there.

9. Use the E command to edit the memory and put the opcode there.

10. You can then carry on as required.