Results 1 to 12 of 12

Thread: MSComm32/Read parameters

  1. #1
    JohnnyBoy
    Guest

    MSComm32/Read parameters

    I have at last cracked the Alfano Go-Kart timer/datalogger software. The software check the serial number inside the datalogger device and compare it to the licensfile. The Software is a VB5 program an I have used SI for the crack.


    My problem now is that I want to make a copy of the download device for the datalogger. I have made somthing that communicate with the datalogger, but something is wrong in the design.
    I want to see what the original device is transmitting and compare it with the data my device is transmitting. There is alot of different "sniffers" around on the net, so thats no problem. The problem is how do I get the properties of MSComm32 in runtime.
    Tried SmartCheck to see if that gives me the properties of how MSComm32 is used inside the program.
    I have tried the trial-and-error method for to many hours.
    (9600/8/N/1 hmm dosent work, lets try 2400/8/N/1 hmm dosent work..... and so on)

    Some people say sleep can make marvelous things to the human race. It is 5:00 in the morning and I think I will give it a try ;-)
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    NikDH
    Guest

    Re: MSComm32/Read parameters

    Originally posted by JohnnyBoy

    The problem is how do I get the properties of MSComm32 in runtime.
    Tried SmartCheck to see if that gives me the properties of how MSComm32 is used inside the program.
    I have tried the trial-and-error method for to many hours.
    (9600/8/N/1 hmm dosent work, lets try 2400/8/N/1 hmm dosent work..... and so on)
    Hi to all,
    well i've not reversed the mscomm32.ocx yet (perhaps i'll do it who knows eheh) but if i remember well the serial port can be programmed by the int under simple dos
    Now i cant remember which r the specific interrupts and memory location to use but i think that if u look at ralph brown u'll surely catch them
    Using that informations think u'll be able to know the properties of the connection (but i'm not so sure about it coz lotsa time has passed)
    Make me know about it

    See ya
    NikDH
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    Sarge
    Guest
    I have "cracked" mscomm32.ocx, Version 6.0, as used under
    VB6. Might it be the same one you are using? If so, maybe I
    can help. I could talk you through analyzing the executable,
    or you could tell me were to get it, and I could try to do it
    for you.

    (Actually, this is one of the simplest OCX's to crack; it is quite small!)

    Sarge
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    JohnnyBoy
    Guest
    I have develop the hardware. Alot more difficult than the Software.
    I want to improve the software from Alfano.
    I want to know the baudrate,databits, parity and stopbits that the program use.
    The program uses MSComm32. I want to se the properties used/sent to the control.
    I think that they are sent just before receiving data, and they shoulkd not be changed until the close of the port.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    Sarge
    Guest
    Well, as I asked...How do you want to do it?
    Should I talk you through the code, or do you want to send me
    the program?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    JohnnyBoy
    Guest
    The software can be found at:
    h**p://alfano-usa.com/Download/alfano.zip

    The path thru the app to find the section where the MSComm32 is called is:

    Francais -> English: (More readable that way)
    Files -> Import Data from Alfano -> Start Scan

    Now the Comport is ready to receive data from the Alfano timer.

    What I want to know is only the parameters for MScomm32.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  7. #7
    Sarge
    Guest
    I downloaded the program just after my first reply; the OCX is the
    same one I have already done. (I had to check to be sure that
    my decompile of the MSCOMM 6.0 ocx used in VB6 would be the same as whatever was used in VB5).

    If you have a hex editor, I can show you how to find the control's
    default properties. Of course, they may change programatically,
    but if you look at them, they are the standard control setup in the app.
    (Hint: Baud is 9600)
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  8. #8
    JohnnyBoy
    Guest
    The first thing I tried was to set the hyperterminal to 9600/8/N/1 and tried to understand what the Alfano was sending.
    All I saw was rubbish.
    I belive that it is mutch slower than 9600. I think it can be as slow as 300.

    I whant to understand how I can read the parameters to MSComm32 with SI in runtime, because I think the parameters are changed by the program.
    To do that I need to have a BP on a "ComOpen" function in MSComm32. I do not know what function inside MSComm to set the BP on.
    Another way is to look in the memory for a register for the comport. The problem is that I do not know what to look for.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  9. #9
    Sarge
    Guest
    Well, I can only say two things:

    1. 9600 (among other things) is what is in the comm control in the app.
    This does NOT mean that this is what the com port will actually
    run at; the program may change this.

    2. You say you see only garbage; I assume you mean you don't
    see text. Are you sure that you SHOULD see text? How do you know that the data isn't binary. Did you try the monitor mode?
    It may give you a clue. (Since I obviously don't have the hardware, I can't generate or look at "live" data).

    If you think that investigating the comm control is worthwhile, I will help you decipher the app data. But remember, this is only the configuration of the control as it is initialized, the program may change this during the runtime.

    Sarge
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  10. #10
    JohnnyBoy
    Guest
    I will start looking at the "garbage" bytes I get and try to get the binary data that I get.
    When I get the data fo a file I will try some ideas I have.
    First I will test a simple XOR.
    Second try will be that 1:st nibble is one figure and second nibble is the second.

    Is there a decompiler for VB5 like there is one for VB3 (Dodi)?

    It will take at least to after this weekend

    IŽll be back!!
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  11. #11
    Sarge
    Guest
    Ok, thats the spirit! Attack the program!

    Some thoughts:

    So far, you only have the baud rate (again, assuming what is in the control is what the app uses); you will need at least the full setting data, ie: 9600,N,8,1 or whatever. I agree that, given the 9600, you can probably assume the rest, but you might want to make sure first. The second most common is 9600,E,7,1.

    You can make a good guess as to the baud rate that is actually used just by watching how fast the data streams into the Procomm monitor window. There is an easily determined difference between 9600 and 300; if you are not sure, make come kind of connection to another serial source (another computer, or a second com port on the same computer) and send data to yourself at both baud rates. You will certainly see the difference! If the data is coming at 9600, then the rest of the settings in the control probably ARE the settings in the app.

    If you need help to "decode" the rest of the control settings, I'll be happy to walk you through the code.

    Good luck

    Sarge
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  12. #12
    NikDH
    Guest
    Originally posted by JohnnyBoy
    To do that I need to have a BP on a "ComOpen" function in MSComm32. I do not know what function inside MSComm to set the BP on.
    Hi to all,
    well i can suggest u a little that shoudl work to find the bpx on the ComOpen function

    Load the ocx into one of urs vb project and uses the ADDR
    vb instruction to show u the addr in memory of the
    ComOpen() function (use a dialogbox to show the address)
    So use sice to locate that addr in mem and see whats the corresponding position in the ocx file when u find it
    well patch the ocx putting a int3 where that function starts
    So sice will pop everytime that function is called everywhere

    See ya
    NikDH
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. parameters
    By Shadlol in forum OllyDbg Support Forums
    Replies: 1
    Last Post: January 11th, 2009, 15:13
  2. load exe with parameters
    By bOU in forum OllyDbg Support Forums
    Replies: 1
    Last Post: May 3rd, 2005, 13:06
  3. Rocognizing calls parameters?
    By Anonymous in forum OllyDbg Support Forums
    Replies: 2
    Last Post: August 27th, 2003, 10:33
  4. parameters
    By death in forum Advanced Reversing and Programming
    Replies: 1
    Last Post: March 20th, 2002, 19:12
  5. parameters passed to a call
    By The Keeper in forum Advanced Reversing and Programming
    Replies: 4
    Last Post: March 7th, 2002, 12:22

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •