Using IDA Pro Making me crazy

--------------------------------------------------------------------------------

Hi Everyone!

I am trying to crack an application that has security levels. You can have more menu's and buttons enabled depending on security level. Now I have spent 2 days killing myself over this program and now I need some help :O(

Here is a part

.method public static hidebysig specialname unsigned int8 get_pSecurityLevel()
// CODE XREF: sub_3E460+4Cp
// sub_40570+52p ...
{
ldsfld unsigned int8 HGSTool.GUI.Form1::SecurityLevel
ret
}

I can only ever find the "byte" for security level when using crack.net but I cannot change that byte.

Anyone willing to take a look and guide me a little?

Thanks for any help :O)))

FirstTime

IDAPro cannot edit .Net applications. Try byte patching. Alternately use Reflector with the Reflexil addon and try editing the IL.

yes I know that IDA cannot do that :O(

Thanks for the tip on Reflexil....Looks like exactly what I want :O)

Well I managed to change the security level. Now one of the .dll files is causing me problems.. Cannot find a method in the .dll

Can someone please take a look and see where this first timer is going wrong? :O)

Thanks for anyhelp.... Link below

It's for disk drive repair so it may help some of you...:cool:

http://rapidshare.com/files/202859809/HiTest_SetupPackage-2.12S_06.zip

isn't that a free test app for your hitachi drives ? why u wanna "crack" it

isn't that a free test app for your hitachi drives ? why u wanna "crack" it

Because software has 3 levels of functionality

1: Standard
2: Expert
3: Master

And this version is configured to STANDARD

And I want to be Master :O) of this software.. More bells and whistles!!!

No body wants to download the entire package !

If you didn't read any tutors on the .NET topic please do and then ask about what you can't reverse.

Try to give us more details about the problem and what you wanna do and what you did ?? what was the error message, a snapshot can be useful too.

Ok Here is the link to the small .dll file which goes with the software..

http://rapidshare.com/files/203170140/DirectIO.dll

And this is the error produced by the main (patched) .exe program when I hit the SCAN button - see below

See the end of this message for details on invoking
just-in-time (JIT) debugging instead of this dialog box.

************** Exception Text **************
System.MissingMethodException: Method not found: 'Int32 HGSToolDirectIO.DirectIO.set_cardInfo(Int32, UInt32, Byte, UInt32, UInt32, UInt32, UInt32, UInt32)'.
at HGSTool.GUI.Form1.btnScan_Click(Object sender, EventArgs e)
at HGSTool.GUI.Form1.toolBar1_ButtonClick(Object sender, ToolBarButtonClickEventArgs e)
at System.Windows.Forms.ToolBar.OnButtonClick(ToolBar ButtonClickEventArgs e)
at System.Windows.Forms.ToolBar.WmReflectCommand(Mess age& m)
at System.Windows.Forms.ToolBar.WndProc(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.O nMessage(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.W ndProc(Message& m)
at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)


************** Loaded Assemblies **************
mscorlib
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.3082 (QFE.050727-3000)
CodeBase: file:///c:/WINDOWS/Microsoft.NET/Framework/v2.0.50727/mscorlib.dll
----------------------------------------
HiTest
Assembly Version: 1.0.0.0
Win32 Version: 1.0.0.0
CodeBase: file:///C:/Program%20Files/HiTest/HiTest.Patched.exe
----------------------------------------
System.Windows.Forms
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.3053 (netfxsp.050727-3000)
CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/System.Windows.Forms/2.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
----------------------------------------
System
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.3053 (netfxsp.050727-3000)
CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/System/2.0.0.0__b77a5c561934e089/System.dll
----------------------------------------
System.Drawing
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.3053 (netfxsp.050727-3000)
CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/System.Drawing/2.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
----------------------------------------
DirectIO
Assembly Version: 0.0.0.0
Win32 Version:
CodeBase: file:///C:/Program%20Files/HiTest/DirectIO.DLL
----------------------------------------
msvcm90
Assembly Version: 9.0.21022.8
Win32 Version: 9.00.21022.8
CodeBase: file:///C:/WINDOWS/WinSxS/x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022. 8_x-ww_d08d0375/msvcm90.dll
----------------------------------------
AspiIO
Assembly Version: 1.0.2524.17527
Win32 Version:
CodeBase: file:///C:/Program%20Files/HiTest/AspiIO.DLL
----------------------------------------
AxInterop.MSFlexGridLib
Assembly Version: 1.0.0.0
Win32 Version: 1.0.0.0
CodeBase: file:///C:/Program%20Files/HiTest/AxInterop.MSFlexGridLib.DLL
----------------------------------------
Interop.MSFlexGridLib
Assembly Version: 1.0.0.0
Win32 Version: 1.0.0.0
CodeBase: file:///C:/Program%20Files/HiTest/Interop.MSFlexGridLib.DLL
----------------------------------------
pcickdll
Assembly Version: 1.0.1445.38849
Win32 Version:
CodeBase: file:///C:/Program%20Files/HiTest/pcickdll.DLL
----------------------------------------
System.Xml
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.3082 (QFE.050727-3000)
CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/System.Xml/2.0.0.0__b77a5c561934e089/System.Xml.dll
----------------------------------------
System.Management
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.3053 (netfxsp.050727-3000)
CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/System.Management/2.0.0.0__b03f5f7f11d50a3a/System.Management.dll
----------------------------------------
Accessibility
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.3053 (netfxsp.050727-3000)
CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/Accessibility/2.0.0.0__b03f5f7f11d50a3a/Accessibility.dll
----------------------------------------

************** JIT Debugging **************
To enable just-in-time (JIT) debugging, the .config file for this
application or computer (machine.config) must have the
jitDebugging value set in the system.windows.forms section.
The application must also be compiled with debugging
enabled.

For example:

<configuration>
<system.windows.forms jitDebugging="true" />
</configuration>

When JIT debugging is enabled, any unhandled exception
will be sent to the JIT debugger registered on the computer
rather than be handled by this dialog box.

any comments welcome :O)

The main exe file I have pathched to top security level which is Expert. Everything looks ok and the buttons are visible. However, I think when in "Expert" mode the software will try to access the portio.dll drive with a different method.. So I guess there must be a special DIRECTIO.dll for the Expert version..

I have spent 3-4 days now reading.. I have read the tuts and patched the security. But im no guro at reversing .dll's

This is the output for the function from IL DASM for direcIO.dll

.method public instance int32 set_cardInfo(int32 idx,
uint32 modopt([mscorlib]System.Runtime.CompilerServices.IsLong) dwBaseAddr,
uint8 bMode,
uint32 modopt([mscorlib]System.Runtime.CompilerServices.IsLong) VendorID,
uint32 modopt([mscorlib]System.Runtime.CompilerServices.IsLong) DeviceID,
uint32 modopt([mscorlib]System.Runtime.CompilerServices.IsLong) SlotID,
uint32 modopt([mscorlib]System.Runtime.CompilerServices.IsLong) dwAddrSp,
uint32 modopt([mscorlib]System.Runtime.CompilerServices.IsLong) dwStartAddr) cil managed
// SIG: 20 08 08 08 20 2D 09 05 20 2D 09 20 2D 09 20 2D 09 20 2D 09 20 2D 09

This is the failure output from the software I want to patch

************** Exception Text **************
System.MissingMethodException: Method not found: 'Int32 HGSToolDirectIO.DirectIO.set_cardInfo(Int32, UInt32, Byte, UInt32, UInt32, UInt32, UInt32, UInt32)'.
at HGSTool.GUI.Form1.btnScan_Click(Object sender, EventArgs e)
at HGSTool.GUI.Form1.toolBar1_ButtonClick(Object sender, ToolBarButtonClickEventArgs e)
at System.Windows.Forms.ToolBar.OnButtonClick(ToolBar ButtonClickEventArgs e)
at System.Windows.Forms.ToolBar.WmReflectCommand(Mess age& m)
at System.Windows.Forms.ToolBar.WndProc(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.O nMessage(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.W ndProc(Message& m)
at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)

Error says function not found.. Although this function exists in the directio.dll or have I just lost the plot?

Help .... please :confused:

H,

Does anyone know another forum which is a little more expert for this kind of thing? I understand that this task probably needs some pro's at reversing.

Thanks!

oh dear, sorry if we are not up to the level of your request !!

the thing is that you didn't explain the problem well and it seems like a crack request rather than a help request !!

by the way,, this DLL is a mixed-mode assembly, i.e you can reverse it using OLLY !! so .NET reversing is not useful.

hehe true..I do want to crack it. However, simple tasks like NOP'ing or other byte patching I seem to have grasped quite quickly for a first timer :O)

mixed-mode DLL ?

You mean it can work with .net and other application software which is not compiled on .net platform?

How would I go about OLLY if I was you?

Thanks for your reply!

You mean it can work with .net and other application software which is not compiled on .net platform?

It means that it's written with C++ .NET !! so the real working code can be disassembled using old tools like OLLY and Wdsm32.

If you don't know how to go with OLLY then you have to read many tutors, I recommend LENA's series.

you can find more here : http://portal.b-at-s.info/news.php

good luck

Hi Again..

I get the method error even when I edit another part of the main .exe

Could it be becasue reflector and the plugin I use "Reflexil" is not very good? Could it be because REFLEXIL manipulates the saved file incorrectly? I have read a little about RVA index points to methods. Could this be the cause???

Please throw me a bone!

:O) Thanks

well worked it out for myself..in the end...

I guess I can call myself a pro reverser NOW LMFAO