Results 1 to 5 of 5

Thread: help with first reverse engineering attempt

  1. #1

    help with first reverse engineering attempt

    i found this little puzzle game called aargon deluxe but the demo only lets you play a few of the levels, all of the other levels are there they are just blocked. so i decided to try to crack it myself. not having any real experience with programming i just kind of fumbled around a bit. i've dissassembled it and found a few spots were it says that an action is disabled in the demo and found a few jumps and calls that are common. i have tried to change the code to not do what i think is checking if it is the demo but nothing changes or the program just doesn't work. i also just found a reference to a fuction in a dll thats is called version info. i tried changing this but every thing i did made the program not work. i know i probably sound stubid but i have never done anything more than some programming in basic on my calculator. if someone could give me a little direction it would be very helpfull, i don't want to just give up.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Go to Tsehp's site, and learn what you can from the essays, then try again. Also check out Sandman's page for good newbie essays. Read, learn, do.

    Blue skies

  3. #3
    i have been around and read a bunch of essays. here is a little more about what i have found.
    this is the imported fuction that is all over the place when there is something about it being a demo:
    1000107B 55 PUSH EBP
    1000107C 8BEC MOV EBP,ESP
    1000107E A120300010 MOV EAX,[10003020]
    10001083 5D POP EBP
    10001084 C3 RET

    after it returns it tests eax and then jumps to variouse places. here is what i understand about this section.
    i don't know what push does, it moves what is in ebp into esp. it moves eax to somthing, somewhere? i don't know. i'm not sure what pop does and then it returns. if someone could give me a better idea about what this means i may be able to figure out if this is the right piece and what to change.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    I DID IT!!!!
    there was probably a better way than what i did but it still worked. after each of the calls to the VersionInfo fuction there was a test and then either a je or jne, if it was a je i changed it to a jne and visa-versa. and it worked!!
    just thought i'd let you know, if any of you cared.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5

    Just thought I'd try and clear up a few things for you.
    First of all, push XXX pushes the value of/in the XXX part onto the top of the stack. In your case it's the value in the EBP register.
    MOV instructions work the other way around from what you said. MOV EBP, ESP copies the value of the ESP register into the EBP register.
    MOV EAX,[10003020] copies the value stored in memory address 10003020 into the EAX register. If you wanted to approach your crack from a different perspective, you could have used a disassembler to try and see where that value in 10003020 comes from, then make sure the correct value is always put into that location.
    POP EBP removes the top value from the stack and places it into the EBP register
    RET just returns to the calling function.

    If you want to learn more about how these intstructions and other instructions work, read up on assembly language. There are plenty of good books out there. I personally recommend "The Art of Assembly". You can find links to it around the web with a bit of searching.

    Hope this helps!

    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. reverse engineering and IRC
    By blahh in forum Off Topic
    Replies: 5
    Last Post: July 15th, 2011, 23:31
  2. what happened to
    By owl in forum Off Topic
    Replies: 21
    Last Post: June 12th, 2011, 10:50
  3. The fun of reverse engineering
    By owl in forum Mini Project Area
    Replies: 1
    Last Post: October 7th, 2008, 09:43
  4. reverse engineering
    By silhouette in forum OllyDbg Support Forums
    Replies: 8
    Last Post: November 9th, 2006, 23:36
  5. linux reverse engineering
    By himanshu in forum Tools of Our Trade (TOT) Messageboard
    Replies: 1
    Last Post: December 24th, 2002, 16:20


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts