|
PDW v108 Paging for the Cyber Age |
||
| Date 5/15/01 |
by Sojourner
|
|
|
There is a crack, a crack in everything. That's how
the light gets in. |
||
| Rating |
(x)Beginner (
)Intermediate ( )Advanced ( )Expert |
This one was
very easy and is perfect for newbies.
|
|
This is a paging program that you can now have on your own computer. Here is their own excerpt
About PDW
PDW when combined with a suitable radio/scanner can be used
for the
off-air decoding of either POCSAG/FLEX paging signals
or VHF ACARS
signals.
PDW has the following features:
POCSAG 512, 1200 and 2400 baud rates.
FLEX 1600, 3200 and 6400 baud
rates.
Serial port input for POCSAG/FLEX/ACARS signals (2 & 4 level
FSK)
Soundcard input for POCSAG/FLEX/ACARS signals (2 & 4 level
FSK)
Real-Time filtering.
Unlimited filters.
Separate filter files.
Command file option.
Signal indicator.
Auto
invert data option.
Print option.
Message logging with Time & Date
stamp.
Statistics logging.
Please note: Serial port input is supported for Win95 & Win98
only.
|
|
w32dasm 8.x--your choice of flavors
hex editor needed- UltraEdit 7.xx or whatever you want to use----NOT NEEDED!!!
resource editor--restorator 2.5 is my fave
|
|
http://www.pcapaging.ic24.net/
Just go to this site and then download what you need.
|
|
What to do - Register this baby!! :-) Why? Because of this: PDW is fully functional as a Shareware version. The only restriction
is that the program will close/exit every 20 minutes.
|
|
Are you ready to rock and roll here today? This tutorial is based on a request from a fellow learner out there. As you saw above, our main objective is to register this guy, but as we go we'll pick up a few details on the way. First, go download and install this prog wherever you want, then do a quick disassembly. It only takes a few seconds actually. The execuable is very small. Let's go forward. Time to try and register this guy. Go ahead and put something in the registration area which is found in the Help area on the taskbar at top. Unfortunately you'll get a messagebox saying "Key-Code is incorrect." What a pity we're so lame. Not to fret though. There are a couple of thoughts about how to attack this problem. One way would be to see if we can just brute-force crack this prog. If you search as I did, you'll actually find a beautiful variable named [0043AAD0] . After studying it I discovered that it had to be set to zero to perform properly. Of course, one of the ways to insure this is to register it properly. Otherwise, you might want to set some breakpoints in w32dasm on that variable itself: 00401A83, 00401BA0, 00401E17, 00402D27, 00403442, 00405A82, 00405A8C. You can play with it either way. It's a learning experience nevertheless. If you use your resource editor you will find some useful dialogs. You will see one that deals with a shareware message, a registered dialog, and a screen to register with a particular format. Always makes life easier to know some of these things. There is also a dialogboxparama that starts it all. You need to locate this just for grins. I won't tell you where this one is. Now let's get back to the business at hand and fix out little program so it will finally and once and for all be registered to us. Start w32dasm and load your disassembly through it and then run your prog. Now get to the registration dialog and enter your name and some set of numbers, or alpha characters. It doesn't matter at this time. Please set breakpoints on all msvcrt.atol function calls. This call changes your input data from ascii to longs. FYI. You will find that you will catch a breakpoint at 00405A33. Follow the code and you will see your input in eax at 00405A50. The next code just below there, dword ptr [ebp-04], is one of your number inputs. Can you tell which one it is? You should also be seeing that this is an important comparison between your particular input and the hex number 00011985, which equals 72069 in decimal. You should see now that this is a comparison between your first set of inputs and 72069(d). Bear in mind that the prog is using a hex conversion of your input. Following along now we see a comparison coming up at 00405A5E. This set is comparing the hex number 00005599 with whatever you input for slot number three. So what do we do about slot two you may ask? Indeed that is a great question. Jump to the next section of code.
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004059D2(C)
|
:00405A10 803DD4AA430000 cmp byte ptr [0043AAD4], 00
:00405A17 7473 je 00405A8C
:00405A19 803DDAAA430000 cmp byte ptr [0043AADA], 00
:00405A20 746A je 00405A8C
:00405A22 803DE0AA430000 cmp byte ptr [0043AAE0], 00
:00405A29 7461 je 00405A8C
:00405A2B 83C4F4 add esp, FFFFFFF4
:00405A2E 68D4AA4300 push 0043AAD4
* Reference To: msvcrt.atol, Ord:0208h
|
:00405A33 E89CD40200 Call 00432ED4
:00405A38 83C410 add esp, 00000010
:00405A3B 89C0 mov eax, eax
:00405A3D 8945FC mov dword ptr [ebp-04], eax
:00405A40 83C4F4 add esp, FFFFFFF4
:00405A43 68E0AA4300 push 0043AAE0
* Reference To: msvcrt.atol, Ord:0208h
|
:00405A48 E887D40200 Call 00432ED4
:00405A4D 83C410 add esp, 00000010
:00405A50 89C0 mov eax, eax <--HERE#1
:00405A52 8945F8 mov dword ptr [ebp-08], eax
:00405A55 817DFC85190100 cmp dword ptr [ebp-04], 00011985
:00405A5C 752E jne 00405A8C
:00405A5E 817DF899550000 cmp dword ptr [ebp-08], 00005599 <--HERE#2
:00405A65 7525 jne 00405A8C
:00405A67 83C4F8 add esp, FFFFFFF8
:00405A6A 68DAAA4300 push 0043AADA
:00405A6F 6860584000 push 00405860
* Reference To: msvcrt._stricmp, Ord:004Ch <--HERE#3
|
:00405A74 E89BD30200 Call 00432E14
:00405A79 83C410 add esp, 00000010
:00405A7C 89C0 mov eax, eax
:00405A7E 85C0 test eax, eax
:00405A80 750A jne 00405A8C
:00405A82 C705D0AA430000000000 mov dword ptr [0043AAD0], 00000000
This
is where you need to follow the call into msvcrt._stricmp and locate what you
seek. If all else fails I will give you my important hint: "Seek the river from whence it comes." by Sojourner
|
|
This was a simple lesson, but certainly having to look to figure things out. Until later. If you have any questions please feel free to contact me at jomamameister@yahoo.com
|
|