Log in

View Full Version : Learning to RE installshield, am i doing it right?


ear plug
October 28th, 2004, 08:16
Ok this is proberly old news looking at the dates on some of the posts reguarding installshield.
It's my first attemp to reverse engineer anything, having read tuts by zee zee (decompiling installshield scripts), Natzgul installshield script cracking and a one from this site, krobar serial attack.txt, i though i'd have a go fishing for a serial in an installsheild script.

I'm using win98 and softice 4.05 with the hmemcpy command
am i using the best software for a newbie.
(it's the one I can follow with help from the tuts)

i work through the setup.ins file with softice and can find the location of the serial number i entered (015F:00402AB2) with a push eax command. but can't find the compared serial, would this compare each number by number one at a time if so any pointers.

in fact any help would be grateful as i'm struggling to get any further.
could'nt post any of the code around this location for you to look at as it's on my laptop, but i put the setup.ins file in this location below. ( please delete this link if not allowed. I read the FAQ and though this would be ok but I could be wrong)

<link deleted>

Thanks EarPlug

dELTA
October 28th, 2004, 14:31
For your first serial fishing exercise, an InstallShield based protection might be unnecessarily messy, you should try something like Winzip or similar instead.

Also, all serial protections don't necessarily compare anything directly (i.e. there won't be any serial to fish), and if they do, it can be done in any number of ways, only the imagination of the author of the program sets the limit.

And yeah, I deleted your link. No code/data that can be used to identify the target here please.

ear plug
October 28th, 2004, 17:20
Thanks for the reply delta, Guess it's going to be one of those things I’ll keep going back to, hopefully with a bit of luck rather than skill.

Cheers EarPlug

Thanks for removing the link hope I have not offended anyone.