Hi everyone,

Im currently reading through tutorials, how-tos, instructionals, etc. Currently Im learning about debugging. I noticed that IDA seems to actually debug a while w32DSM doesn't (it wont even load the file, it just sits there). IDA seems to work well enough, but I was curious as to why its doing this. From what I've read W32DSM is a pretty valuable tool, so I wouldn't want to lose it. Anyone ever experience and get around this?

BTW I hope I read the FAQ well enough to not ask anything stupid. If I didn't then sorry and do what you must.

Read the post just below yours - the debugger in w32dasm wasn't discussed, because there aint much to discuss!

SiGiNT

I think I may of found the answer. Is it answered in this question from FAQ?:

I load a file but I am not able to see the string reference, is it possible?

whoa, ok been reading since 9:30PM....its now 3:20AM. Im gonna do this dammit. I have a question though. I have been reading up on Timelimits. So far I've only read about Time Trial (30 days, 20 days, etc.). I still haven't read about a specific one though. This one has no nag screen or anything. It has a timer and lets you use it for about 3 minutes until the program shuts down. I don't know the name of this protection. Does anyone have an idea of what its called so I can do some research on it?

Edit: I think I may just be starting a bit more advanced than I should be. Im sure someone knows this but I wont understand it until I read a lot more. Soooo....I'll give myself a week and see what happens.

Hi Dtox. Take it easy.

From first post: You need to get your concepts straight, Disassembler vrs. Debugger:

IDA and W32DSM are Disassemblers: They translate, in a static fashion, the binary code of an excutable file into the opcodes of assembly language. OK?

They also label disassembly listing of the program with visual aids, cross references, symbols, function limits an other bells and whistles, to help you understand the structure of the program but that is all they do.

A debugger analyzes the behavoir of a program WHILE it is running, by pausing the CPU. Debugging is live and direct: The variables hold real values, the branch points do branch and the loops go around in loops.

IDA and W32DASM do have rather primitive debuggers attached to them, But the best example of a debugger is Olly.

To confuse things a little, Olly, a DEBUGGER holds a very good disassembler attached to it, so that when you are tracing the execution of a program, Olly presents you with an Assembly language listing composed on "on the fly".

Question (Post) 2:
You have a lapse limited app, usually sound or video app demos have such devices.

Just like any reversing, you need to think: How can the computer find out that 3 mins have gone by?

Search for time keeping APIs like getTickCount, GetSystemTime.

Also, 3 mins later the program does not show a nag, but QUITS.
Finishing a program is a quite involved process: Disassemble your program and look for APIs that do the quiting, for instance PostQuitMessage, ExitProcess.

To add to what naides has posted, have you checked to see if your program is packed? - go to protools (google for it), and get a copy of PEiD - if it's packed, (says Arma, or asprotect or anything other than Visual C, Borland, or Visual Basic), then you are probably out of your league, and a debugger or disassembler will be of little help - come back here and let us know, just running in olly until it shuts down can give some clues, just hit the big blue "K" after shut down and trace back from the last reference from your target in the stack window.

SiGiNT

SetTimer is also a frequently used API for these sorts of time limits (and may also be used for anti-tracing methods as well).

Dtox,

You may want to first leave the time trials for a while if you are really starting out. I recommend breaking Winzip v6/7/8 or Mirc v5/6 first. Simple serial based productions...

If I were you, I take 2 weeks off from all this cracking stuff, and instead learn how to use my tools better...

FYI, W32dasm is dead. It is no longer a viable tool for debugging. Its like trying to debug a program with debug.exe, plus it also does not do UNICODE.

Better stick with IDA and a decent debugger.

Have Phun