Hi
this is a problem with Strings in a EXE file
the file informations Are :
Compiler : visual c++ 6
Checksum : 00000000 and real Checksum is : 93E752D2

after opening it with W32DSm , w32dsm can not Find Any string in the file and Button of strings is Gray But if I open it with Exescop , it will detect some Strings completly. now how can I reverse this File and cack its Serial protection . how it reference to Texts in the Exe File.?

use ida instead of w32dasm
if you only want strings, use bintext

You see the Checksum in Exe File is : Zero all
But Real Checksum calculated by insPEctor is Differ . How About This?

My impression is that this exe file has some "atypical" features: like an incorrect Checksum number, Strings resources are not in the typical format that W32dsm recognizes, etc.

Search around for anti-w32dsm tricks, and you will find that these things are not uncommon.
You will have to do without W32dsm dead listing. Try Dissa suggestions, check if the file is packed???, try attack methods using a debugger instead.

tanx
but the program had a debugger detection system and can not use it
this is a nag screen alert saying bekos of security purposes ...
but i found this with binText(nice tool)
File pos Mem pos ID Text
======== ======= == ====
00096F8B 006F3F8B 0 Key is valid
but I couldnt find any reference to it like push command or any use of its Positions ..

a nag screen that detected SI have this

For security Purposes , this program will not run While system Debuggers are Active .please remove or disable system debugger before trying to run this program again (OK Button)

and i was see this nag before in some programs . is it a common Program for detecting Debuggers and an Anti For it ?

Hi

If you can not see strings in WDASM , see if the section header flags are C0000040 or something similar - if so change them to E0000060 then you should be able to read them

/hobferret

Yes. DEbugger detection devices are becoming more common. It also suggests that the protection of this program is not trivial.

There are anti(s) for debugger detection devices, search the board and you will find plenty of discussion about it. If you are using an NT based system ( winNT, win2000 or win XP) IceEXt is a good starting point.

most exe's have a checksum of 0, because the OS ignores the checksums. generally, the OS only validates PE checksums on drivers

However, most of the issues can be solved by realising that W32dasm cannot read unicode strings.

Best way to do it is to use a string dumping utility (www.sysinternals.com) called as strings.exe which will also tell you the offsets.

Note that all VB/Delphi proggies will hold the strings in the resource sections, therefore, it might also be a good idea to use a resource hacker like reshack (www.programmerstools.org/utilities)

Have Phun