Following CrackZ essay on Sentinel LM, i should be able to get the vendor ID of my target. I am new in reversing and i am learning slowly but surely!

I am having some problems finding the Vendor ID of my target. Anyone can shed some light on this?

I dissasembled LSAPIW32.dll in IDA pro, applied the LM sigs and put a breakpoint on "_computevendorcode". Then, from IDA menu i go to "Debugger\process option" and set the path of my target executable. Then start debug and it reach the breakpoint on "_computevendorcode". My question is:

At that point how do i retrieve the Vendor ID?

If i do Ctrl-F7 (run until return) The content of EAX shows 0x00000FA0

so i thought it was the VendorID i was looking for so, i used the S\N Bruteforcer and reinstalled the SDK with the Matched S\N, created an Undongled Wlscgen but the codes generated doesnt work. That make me think i dont have the right Vendor ID. Anyone can help me out with that?

thanks in advance

hi

for targets that use sentinellm via lsapi32.dll you have 2 choice.
1: writing an emulator dll. it is a simple way and always work fine.
2: license generation. but some programs do not work with unlimited demo license. so possibly this is the reason of your problem.

however for finding vendorcode, working in ida is very time consuming. a better way is using ollydbg. always you can use godup plugin and load ida sig to olly. but for sentinellm i can recomend a shortcut that is good for all versions of sentinellm.(sentinellm ida sigs that currently can be found in internet is not good for lm ver >7.1). you can load your target to olly. open lsapi32.dll or other lm protected executable file in cpu window. then search for all reference strings. and then search for "%s error: illegal vendor identification.". one reference can be found that is in _computevendorcode function. the content of eax on return is vendorcode.

nikan (TORO)

Hi Nikan

First of all i want to thank you very very much for replying. It is very much appreciated!

Now, i downloaded ollydbg 1.10 and tried to familiarize with it. I can load lsapiw32.dll in ollydbg, find the reference string you mentionned and put a breakpoint on that same string, but how do i tell ollydbg to use my target (prog.exe) to start the debugging process???

thanks

hi

you must load your main exe file to olly and then press ALT+E and then select lsapi32.all.

there are many tut for olly on the net.

hi
I have some problem in using SLMtoolkit.exe. I use it to generate Wlscgen.exe. Running ,it says user file lmlicgen.usr missing. Then i creat the file, after running using administrator, it says no user . I wonder what can i do .thank a lot

i think slmtoolkit.exe have some problems,i tried some times,but failed to create a useful license.
so i now find the vendor id, create the SDK serial number by slmtookit,then crack the *.exe file followed by CyberHeg's tutorial. It's OK.

I also have found the vendor ID and the SDK #. You said you crack the *.exe file, I wonder whether the *.exe file was created by lm SDK or you just crack the file created by slmtoolit.exe. If it is the former , would you mind sending it to me ?

the *.exe I said was the Wlsc*.exe file created by LM SDK.
Use the tutorial wrote by CyberHeg at CrackZ's site. Just follow the steps mentioned by the tutorial is OK.

I see. But now , I have one big trouble that is I do not have LM SDK. Can you send it to me? I need LM SDK 7.2.
My mail is Removed for Violation of the Rules
Thank you!

Which part of the instructions from the FAQ, which state:

- Do not ask where to find the "tools"

or from the main listing on the Tools of the Trade Forum, which state:

Do not ask where to get the Tools of our Trade. Do not even think about asking for them.

did you PRESUME did NOT apply to YOU?????

Time to get with the program. The fact that YOU want a tool does not suspend the application of our Rules.

Regards,

Hello,

Sorry for asking "newbie" question. I already tried step above but unfortunately, i can't find _computevendorcode function.
Espescially, can someone explain step in this sentence:
"one reference can be found that is in _computevendorcode function. the content of eax on return is vendorcode."

TIA

1001A609 /$ 83EC 04 sub esp,4
1001A60C |. 8D4424 00 lea eax,dword ptr ss:[esp]
1001A610 |. 50 push eax ; /Arg2
1001A611 |. 8B4424 0C mov eax,dword ptr ss:[esp+C] ; |
1001A615 |. 83C0 18 add eax,18 ; |
1001A618 |. 50 push eax ; |Arg1
1001A619 |. E8 C0A00100 call lsapiw32.100346DE ; \lsapiw32.100346DE
1001A61E |. 83C4 08 add esp,8
1001A621 |. 85C0 test eax,eax
1001A623 |. 75 1B jnz short lsapiw32.1001A640
1001A625 |. 68 3C950710 push lsapiw32.1007953C ; /Arg3 = 1007953C ASCII "SentinelLM"
1001A62A |. 68 88AC0710 push lsapiw32.1007AC88 ; |Arg2 = 1007AC88 ASCII "%s error: Illegal vendor identification.
"
1001A62F |. 6A 00 push 0 ; |Arg1 = 00000000
1001A631 |. E8 28060000 call lsapiw32.1001AC5E ; \lsapiw32.1001AC5E
1001A636 |. 83C4 0C add esp,0C
1001A639 |. B8 FCFFFFFF mov eax,-4


i think the content of 101a621 eax is the vendor id,how can i display the eax content in ollydbg?

use trace function