van_Hauser
February 5th, 2004, 20:11
I have read some tutorials about reverse engeniering.
Most of them are easy to understand and the programs
were easy too.
Now in "real" it's not so easy anymore :-(
I tried "bpx getwindowtexta" in SofIce which works well.
After jumping out with F11 I see this code:
LEA EAX, [EBP-58] ;d eax = EC 5E D3 77 00 00 00 00 - ...
PUSH 1D
PUSH EAX
PUSH 0000041D
PUSH DWORD PTR [EBX+000001C4]
CALL ESI ;the first bpx getwindowtexta was for the name,
;now is this the call to get the number from the dialog ?
PUSH EAX
CALL EDI ;call and do something with the window registry ?
LEA ECX,[EBP-18]
CALL 00DC6E30 ;jesus another call i dont understand
AND DWORD PTR[ESP-04],00
PUSH 80000001 ;STATUS_GUARD_PAGE_VIOLATION
PUSH 00DDDAD0 ; yeah keep pushing stuff on the stack in dont understand
LEA ECX,[EBP-18]
CALL 00DC6E65
TEST EAX,EAX
JNZ 00DC78C3 ; NO JUMP
...
I have read the nice tutorial about "Basic Key Generation File Routines"
but cant find similar code :-(
I can dive into the calls with F8 but the routines there wont help me
and there are many other calls.
How can I find out what all the calls do and where to start
understandig what the program does ?
Most of them are easy to understand and the programs
were easy too.
Now in "real" it's not so easy anymore :-(
I tried "bpx getwindowtexta" in SofIce which works well.
After jumping out with F11 I see this code:
LEA EAX, [EBP-58] ;d eax = EC 5E D3 77 00 00 00 00 - ...
PUSH 1D
PUSH EAX
PUSH 0000041D
PUSH DWORD PTR [EBX+000001C4]
CALL ESI ;the first bpx getwindowtexta was for the name,
;now is this the call to get the number from the dialog ?
PUSH EAX
CALL EDI ;call and do something with the window registry ?
LEA ECX,[EBP-18]
CALL 00DC6E30 ;jesus another call i dont understand
AND DWORD PTR[ESP-04],00
PUSH 80000001 ;STATUS_GUARD_PAGE_VIOLATION
PUSH 00DDDAD0 ; yeah keep pushing stuff on the stack in dont understand
LEA ECX,[EBP-18]
CALL 00DC6E65
TEST EAX,EAX
JNZ 00DC78C3 ; NO JUMP
...
I have read the nice tutorial about "Basic Key Generation File Routines"
but cant find similar code :-(
I can dive into the calls with F8 but the routines there wont help me
and there are many other calls.
How can I find out what all the calls do and where to start
understandig what the program does ?