Log in

View Full Version : KeyLib16/32


JohnnyBoy
August 27th, 2001, 02:15
Anyone who has hints about how to crack a program protected by keylib16.
In my case the program is written in VB3.
I have used Dodi VB decompiler and found som ineresting functions and what values they should return.
How can I set breakpoints on functions inside KeyLib16.dll? (=pp_tcode)
(I use TRW200 and/or SI)
The DLLs are from the company h**p://www.softwarekey.com/

Eeth
August 31st, 2001, 14:29
Sorry for replying that late, but was too busy. The keylib type of protection is quite easy to defeat. i reversed it a few months ago. first of all i advise you to get the protection api documentation from their web/ftp-site. they have well documentated how to call their functions and what they. there are several weaknesses how to get around the protection. first of all you can just patch the dll. but more elegantly: code a proxy dll which handles all the calls and always replies that the app is registered. only the calls to vital functions like the checksums will be routed through to the original dll. but, as i guess it's not really an answer to your question.

JohnnyBoy
September 11th, 2001, 05:01
I got all the documentation about keylib32. Hope its the same for the 16 bit version.
How do I get breakpoints on the functions inside the DLL. SI & TRW do not accept my tries. (pp_tcode for example)
If you have done this. Is it possible that you can guide me thru in small steps. I do NOT want the hole solution. I want to learn something aswell.

JohnnyBoy
September 12th, 2001, 06:35
Added Keylib16.dll to winice.dat
Still not possible to set a breakpoint at pp_tcode.
Tried w32dasm on keylib16.dll to se if I spelled something wrong. The function is there.
If I look at the VB3 program with w32dasm I cant see thet it is using keylib16 Is this because it runs thru VBRUN300.dll
Other functions used is pp_compno, pp_copyadd

Solomon
September 13th, 2001, 04:19
Can 32-bit SoftICE symbol loader deal with the 16-bit dll symbols?

I just wonder.