Hi experts out there...

cracking is an absolute new thing for me. Im using wm32dsm, got procdump32, softice, a hexeditor AND a prog to crack (WinZinsen 6.00b).

So, I started to search in the zinsen32.exe for StringDataRefs which may be discribe the ErrorMessage after I tried to enter a serial. I did also a lot of other things like searching the right address with Sice. Nothing.

Please give me some help via e-mail or icq. Oh, I just read thousends of tutorials but no one discribes a similar problem.

Thx
Cu
SoftKnight

Hullo,

I think you are trying your hand at something that you may not quite understand. You would NOT find these strings as:

* The .exe may contain U.N.I.C.O.D.E. strings. And your string search util could be searching ONLY ASCII.
* The .exe could be compressed
* The .exe could be crypted
* The .exe is normal. But the strings are generated on-the-fly. Dynamically!
* The strings may NOT be there at all.

The first thing to do, is NOT TO CRACK a program that are any of the above. Try cracking a simple program. An older version of Winzip (typically 6+ to 7) should do. And you will need JUST softice. Leave Procdump/IDA et al to the big 'uns.

And searching for strings using some dump utils is NOT ADVISABLE. Instead, try BPXing on the messagebox using SOFTICE only. And then carry on thence.

And most important. Learn how to use the BACKTRACE buffer in Softice. You'll see the entire damn code out there!!

If you are REALLY intent on searching for strings, I'd suggest strings.exe from www.systeminternal(s).com (check spelling however...)

This little babe searches for all files in a directory. Both ASCII and UNICODE.

Then carry on. And yes..if your strings are NOT in the program files (or its directory). Do not give up. Get FILEMON.exe from the same site. Check the files being accessed. If there is still nothing, then it IS one of the above reasons.

And oh yes, do not OVERESTIMATE the commercial programs. They "CAN" be broken. And even you C*A*N do it.

Above all, have fun...

Regards,

...justfelt the need to point out that it doesn't matter what version of WinZip you try....the protection routine is the EXACT SAME in ALL versions of it ;-)

but.....I do agree that WinZip is a GREAT 1st proggy for the absolute newbie

But at first: It is NOT WinZip, it's WinZinsen ;-)
In english it means WinInterest (banking language)

OK, the prog is not compressed or crypted like with UPX. I used the dump prog to get the StringDataRefs and now i can see them. But the text doesn't make any sense.

I will try the progs and I never give up. I'm just a little stressed because I got an big thing next week.

Once I have done my first crack the next will follow soon ... but step by step :-)


CU
SoftKnight