Results 1 to 2 of 2

Thread: Stuck with registry query

  1. #1
    toones
    Guest

    Stuck with registry query

    I am working with TARGET NAME DELETED. I have been reading numerous tutorials and have gotten stuck. The program will take any key entered, thank you for registering, write the value to the registry, then ask you to restart. On open (restarting), using regmon I find that it reads the input key from the registry. I suspect that the compare is done then, but have no idea where/how to set the breakpoint in SoftIce since it is done before any dialogs.

    In addition to all of that, I find that using W32DASM only shows a details page when opening the exe. If I dissassemble the exe I get all of the code, but can edit/patch the code. I think the program is VB from the DLLs it installs, so it may be a p-code/native issue. Unfortuantely with the tutorials I have read, I can't find anything that identifies how to tell which is used.

    If anyone can help, or point me to a tutorial that will "clear things up" for me I would appreciate it.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    IF you had actually read the FAQ you would realize that your post is within a hair's breath of violating the Rule which states:

    "DO NOT POST TARGET SPECIFIC CODE THAT INCLUDES THE NAME OF THE TARGET: this means do not post code that shows where and how to patch/keygen blah blah blah on a specific target. Keep your code snippets as generic as possible while explaining your problem."

    While you didn't actually post any "target specific code," you did post the "name of the target" and invite "someone else" to give you the point in the code "for that specific target" where that compare might be done. That is not permitted here. With the name of the "target" deleted, someone can give you "general" concepts on how you might find a compare of the key you entered with one that "works" without violating this Rule. Otherwise your post falls in the nature of a "Crack Request," and would disappear. I hope, for your sake, you understand the difference. If someone responds with questions about the target, such things may be discussed by PM or e-mail only.

    By the way, regmon should tell you "where" the program is reading that registry entry. That might not be a bad place to start with your search. That call comes from somewhere "within" the program, and then the program must "do" something with what it has "read" don't you think????? Does that not suggest a breakpoint on the registry read regmon shows you? Doesn't it give you the title of the API????

    Regards,
    JMI

Similar Threads

  1. Stuck with an App
    By LOUZEW in forum The Newbie Forum
    Replies: 10
    Last Post: November 22nd, 2003, 11:39
  2. Stuck on aspr
    By fALC0N in forum Malware Analysis and Unpacking Forum
    Replies: 10
    Last Post: April 6th, 2002, 12:36
  3. Stuck with MosASCII
    By RenHoek in forum Malware Analysis and Unpacking Forum
    Replies: 5
    Last Post: March 4th, 2002, 00:04
  4. Reversing Query - Please Help!!! (BTW first RCE query on the new Board) ???
    By ReD_AnT in forum Malware Analysis and Unpacking Forum
    Replies: 12
    Last Post: November 8th, 2000, 05:15

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •