View Full Version : paint shop pro 7..

Spekkel !
November 11th, 2000, 08:23
w32dasm craches at the moment it will make the disassemble listing, so it does the pre-disassembling,the jumps and calls and then it craches !! what could here be the problem ?????

( yes i know about ida...)

Thanks, SpeKKeL

November 12th, 2000, 01:11
There are several ways to do this...

Here's the one I've run into quite a bit.

Does it crash WHILE processing the jumps?

if so, look for say...

401000 JMP 402000
402000 JMP 401000

or the like....w32dasm hates infinite loops, it will keep processing those 2 jumps til it runs out of resources and crashes.

November 12th, 2000, 01:15
One more note:

That's why IDA works on most proggies that crash w32dasm....

W32Dasm starts at the beginning of the file and processes from there.

IDA starts at the program's entry point.

Since the jumps never actually get executed when the program runs...IDA doesn't worry about them

November 13th, 2000, 17:47
There is a simple way to get W32Dasm to disassemble Paint Shop Pro 7. Run the “psp.exe” in W32dasm. After a while you will get an error message ( I think you have seen it..) saying something like “.......an error occured in modul w32dsm89.exe at 0177:004164D3”.
Now, when you open up and disassemble W32dasm itself and go to the address pointed to in the error message, you will see this:

* Referenced by a (U)nconditional or (C)onditional Jump at Address:

:004164C4 8D04BF ea eax, dword ptr [edi+4*edi]
:004164C7 8D04C0 lea eax, dword ptr [eax+8*eax]
:004164CA 69D668040000 imul edx, esi, 00000468
:004164D0 8D0CD3 lea ecx, dword ptr [ebx+8*edx]
:004164D3 0FB784010A126400 movzx eax, word ptr [ecx+eax+0064120A]

If you go to the adress where this code was referenced from, you will see this this:

:004165B7 3BFA cmp edi, edx
:004165B9 0F8205FFFFFF jb 004164C4
:004165BF 46 inc esi

Take notis of the conditional jump at 004165B9. Open up the Softice loader and run W32dasm. Put a bpmb 004165B9 x at the Softice commandline and exit. Now try to disassemble the file “psp.exe” in W32dasm. When Softice finally breaks, just nop out the instructions at 004165B9, and then exit Softice. W32dasm will then disassemble the file as normal. But you will have a quite large file to work with, the size will be about 93 megs big if I remember it correctly......:-)

the snake
November 16th, 2000, 01:15
Hi Hob
Nice to see some "old" friends around..
How is life ? is evrything ok with ya ?
still reversing as before ?

take care
he snake

November 17th, 2000, 11:47
Hi Snake::-)
How are you doing? It's been quite awhile, that's for sure. I've been really busy IRL for quite a while (work, new girlfriend, responsibilites....).but I'm checking in every now and then to see what's going on. Haven't been too busy reversing lately (got pretty tired of the Asprotect discusssion too, actually). But you know how it is: Just have to do something.LOL.
So what's up in your part of the world? Still interested in keygen making? Or have you changed your prefernced field of interest?