Page 1 of 2 12 LastLast
Results 1 to 15 of 18

Thread: I need to trace thru a prog

  1. #1
    Crackin_Newbie
    Guest

    I need help with registration file.......

    this program (repo info) is very difficult for me to follow. I have found that the program registration key is the name of the file that contains registration info (minus the .txt extension). The program runs tat but then it has scripting errors (i think thats right) because of what it expects isnt there, and I am not sure to figure out what it wants. Here's a question for yall: If I break into the program and find the correct flow to register, should I change the program or make a correct registration file ( if the later, does anyone know how I can figure out what the program is looking for in the registration file?)

    Anyways, Thanks yall!!!!
    Crackin_Newbie
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Well, any debugger will do that.

    NuMega's SoftICE is the reference tool, but there are quite some other nice ones around, i.e. TRW2000 or OllyDbg.

    Looking at your question, I think you're having some reading about this topic ahead.

    "/TraceX" is a command in ICEDump, which is a useful addon for SoftICE.

  3. #3
    Crackin_Newbie
    Guest

    How do u set up, icedump?

    I have icedump, but dont know how to properly install and use. Any suggestions?

    How do u use tracex?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    Hmm, I won't write RTFM, but how about reading README.TXT?

    I think you're trying to get results too fast - reversing is a time-consuming business...


    Btw, please continue posting to the first thread.



    Pyrae

  5. #5
    DakienDX
    Guest
    Hello Crackin_Newbie !

    I just merged the two threads to keep it more clear.

    As Pyrae said, please RTFM. (Read The FAQ and the Manual )

    You can ask questions here after you've tried anything you can imagine.
    To learn new things always search, then read, then try to understand and ask only if you've done all you should have done before asking.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    Crackin_Newbie
    Guest

    Check this out

    The ice dump i got doesnt have a file that explains installation and usage. Is there a website yall can suggest where I can figure it out?

    Thanks and Laterzzzzz
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  7. #7
    Try h**p://icedump.cjb.net ! As you will see, there are no official docs yet, but the readmes contain enough info to get you started...

  8. #8
    DakienDX
    Guest
    Hello Crackin_Newbie !

    Where is the big problem?
    Just look what SoftICE version you have, go to the directory with the right OS and version number and execute ICEDUMP.EXE.
    You'll find anything you need to know in the [OS]\DOC directory.

    Or do you think ICEDump is a stand-alone application? No, it is not, it is an addon for SoftICE. You can't use ICEDump without SoftICE.
    But you would better start to learn how to work with SoftICE before starting with the ICEDump commands.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  9. #9
    Crackin_Newbie
    Guest

    Thanks

    That got Ice Dump working, I read files but dont comprehend trace and tracex usage, any suggestions?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  10. #10

    ***

    * Download Ollydbg 1.06

    * Load your program

    * Select Debug->RunTraceOver (or INTO) as you'd prefer

    * As soon as you select, the proggy runs

    * Wait till its over, or you reach the point that you want to monitor

    * Switch back to OllyDbg, select View->Run Trace

    * A window opens with traced instructions AND registers that have changed with each instruction

    * Right Click anywhere on that window to save the ENTIRE history to a log file

    * WARNING!! Saving the run trace INTO of a commercial app can cause your log file to swell upto 99MBs!!! And that's only for displaying of the main window!!!

    * So be careful of what you log

    * You can optionally turn off and on the logging

    ...Have Phun
    Blame Microsoft, get l337 !!

  11. #11
    Crackin_Newbie
    Guest

    Thanks a Mill !!

    I appreciate your help aimless!! I hope it works out how I think it will. May u b blessed !!!!! LOL

    More postings to Follow.

    Crackin_Newbie 4 Now
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  12. #12
    Crackin_Newbie
    Guest

    Log Files are 1 gig a piece

    is there a way i can make it just log jmp, je, etc... ?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  13. #13
    Hi cracking newbie,

    I is quite simple to code a jump logger... grab Iczellion's debug API tutorial and you will be acle to write jump logger in asm :>.... It is not that hard....

    There is such a prog out there but it is slow cos of single stepping and the file will be big anyway... it is fun to play with it but use it to crack isnt really good, you learn nothing from the protection if you just compare the 2 log files to find the jump...

    regards,
    crUsAdEr

  14. #14
    Crackin_Newbie
    Guest

    Thanks but HELP ! LOL

    I know this is lame way of cracking but this program means alot!! I am so frustrated trying to figure it out. Everytime I think of a way to get what I want, I find I cant do that. LOL
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  15. #15

    Backtrace Range

    Originally posted by Crackin_Newbie
    I know this is lame way of cracking but this program means alot!! I am so frustrated trying to figure it out.
    Quite to the contrary, using a backtrace tool to *analyze* code flow is not a lame approach... A pure jump logger, however, might be pushing the definition of lameness since it takes little intelligent analysis to brute-force-patch every jump you see till you get the right one

    Alternately to /tracex and Ollydbg, SoftICE itself posseses the capability to log program execution in a backtrace buffer. A trace is set using the range style breakpoint, bprw.

    syntax: bprw "module name" T

    I believe Sandman even has a fairly detailed tut on the usage of the SI bactrace buffer if you need more info than is provided in the SoftICE docs. Do a search for "Sandman + Softice Resource Center"

    The whole key to *effectively* using the execution backtrace, is your choice of trace range and judicious placement of breakpoint traps. You probably don't want to trace from the OEP of an app, through all of its initialization code, nag screens, ect until you get to the reg dialog or whatever. This can get VERY big (+++Megs), will be unweildly to examine, and provide little meaninful insight into the behavior of your target due to the high level of background noise. You want to use an API monitor or some other tool to select breakpoints that narrow down your range as much as possible. Only then will you get meaninful results. The backtrace is essentially useless unless used intelligently. Unfortunately, SoftICE does not natively have the functionality to log your traces to a file (as it logs only addresses, not opcodes, and disassembles them on the fly via the "show" and "trace" commands). Kayaker and myself are working on an application that will extend the functionality of the winice backtrace buffer to provide this much needed logging feature, but it is not yet publicly available. First, read the manual and then ask if you have further questions not answered in the documentation.

    Cheers,
    Clandestiny

Similar Threads

  1. OllyDbg problem, hit trace and run trace features dissapeared.
    By cap232 in forum OllyDbg Support Forums
    Replies: 0
    Last Post: August 7th, 2009, 01:26
  2. # 3 lines C-prog hurts MS VC
    By nezumi-lab in forum Blogs Forum
    Replies: 1
    Last Post: January 13th, 2009, 14:21
  3. Hasp4 Emulation w/16 bit prog
    By Valleywoo in forum The Newbie Forum
    Replies: 3
    Last Post: June 18th, 2008, 10:37
  4. String refs for a VB prog in IDA?
    By crassy in forum The Newbie Forum
    Replies: 0
    Last Post: November 11th, 2003, 12:25
  5. Unpacked prog. does not run on different OS.
    By Harding in forum Malware Analysis and Unpacking Forum
    Replies: 5
    Last Post: September 5th, 2003, 22:09

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •