Log in

View Full Version : open Delphi 4/5 prog with IDA


ph.schmidt
August 24th, 2005, 18:37
Hello.

I opened a prog with IDA.
There are some strings, but not the "Your Serial is correct" strings.
The Result of analyzing with PEiD and trID is 60% Delphi 4.0/5.0.
PEiD says, that the file ist NOT packed.
But, when I unpacked the file with the "PEiD Generic Unpacker" and open the new generated file with IDA there are
the strings im looking for in the string window.
i.e. "Thanks for Registration!"

Could it be, that the file is packed, but both analyzer cant detect it?
I've tried the Signatures "Delphi 4/5 Visual Component Library" and "Borland Delphi/C++Builder VCL" in IDA with the original file,
but the "hidden strings" doesnt appear.
Or do I need another Signature?

Any Ideas? This is my first Project. The Name of the program is CiDial and theres a annoying nagscreen.

greetings from Germany
Philipp

Woodmann
August 24th, 2005, 21:18
Howdy,

I do not find the EXE to be packed. Although when running peid I get
borland 4.0-5.0 overlay on the install file.
I spent about 30 minutes playing with this prog but had no success.
I think something is going on in memory but, I have not checked.

Woodmann

Karxarias
September 1st, 2005, 15:02
hello people ,
this is my first post here


ph.schmidt i dont think the program is packed , i opened it with olly and didnt see anything like that ,as for the string its not "Your serial is correct" but "The User Name and Registration code were accepted." and you can see it clearly in olly as it pushes the address of the string directly.

For a hint you can check at the CALL at 004132C9 if you wish.

Karxarias
September 1st, 2005, 15:29
wrong ADDRESS

but now that i've read the faq's i dont know if i should post it here ,the string "The User Name and Registration code were accepted." should be enough..

babar0ga
September 1st, 2005, 16:37
Hello ph.schmidt...

Like Karxarias sead "The User Name and Registration code were accepted." should be enough...

Still, there is few more tricks you can use. First, when you enter your code
there is delay until msgbox is shown. Because of that we can assume that
some kind of timer is used and look for that. In our case it's SetTimer api.
If you set a bp on it and examine the parametres of function you will be
lead closer to your goal...

Also, why not try using OllyDbg it could be easier for you. With it you could see the flaw of program and act accordingly...

Regards.

p.s.
Why don't you first try with crackmes?! There are lots of them
designed for beginners so you could learn from easy stuff and in time forward
to higher levels of difficulty.

I strongly recommend you take that path...