Results 1 to 3 of 3

Thread: IS this the correct way to write hasp emulator

  1. #1

    IS this the correct way to write hasp emulator

    Hi guys,
    I am trying to write a hasp 3 emulator. The software works absolutely fine with glasha's hasp emulator still i would love to learn to write my own emulator.

    The services called are

    service 1 (two times)
    Service 5 ( Once)
    Service 32 (twice with diffrent para)
    Service 6
    Service 33 ( once)
    Service 6 (again)

    This is my first attempt to write emulator. please help
    //Service 1 is called

    CMP BH,01
    JNZ @service 5
    MOV EAX,00000001
    RET



    //service 5:
    cmp BH, 05h
    jnz @service 32
    mov ax, 0001
    mov bx, 0001
    mov cx, 0066
    mov dx, 1F4A

    //service 32 (Read):


    cmp BH, 32h
    jnz @service ?
    mov ax, 000D
    mov bx, 0007
    mov cx, 0000
    mov dx, 6000

    //Service 32 called again with seprate para (Why i have no idea)

    cmp BH, 32h
    jnz @service ?
    mov ax, 0000
    mov bx, 0014
    mov cx, 0000
    mov dx, 6000

    //Then service 6 is called

    cmp BH, 6h
    jnz @service 33
    mov ax, 0DFC
    mov bx, 393C
    mov cx, 0000
    mov dx, 012C

    //Then service 33 is called

    cmp BH, 33
    jnz @service ??
    mov ax, 0000
    mov bx, 0033
    mov cx, 0000
    mov dx, 6000



    //Then service 6 is called again

    cmp BH, 6h
    jnz @service 33
    mov ax, 0DFC
    mov bx, 393C
    mov cx, 0000
    mov dx, 012C

  2. #2
    Naides is Nobody
    Join Date
    Jan 2002
    Location
    Planet Earth
    Posts
    1,647
    Quote Originally Posted by rituraj
    Hi guys,
    I am trying to write a hasp 3 emulator. The software works absolutely fine with glasha's hasp emulator still i would love to learn to write my own emulator.

    The services called are

    service 1 (two times)
    Service 5 ( Once)
    Service 32 (twice with diffrent para)
    Service 6
    Service 33 ( once)
    Service 6 (again)

    This is my first attempt to write emulator. please help
    //Service 1 is called

    CMP BH,01
    JNZ @service 5
    MOV EAX,00000001
    RET



    //service 5:
    cmp BH, 05h
    jnz @service 32
    mov ax, 0001
    mov bx, 0001
    mov cx, 0066
    mov dx, 1F4A
    RET
    //service 32 (Read):

    cmp BH, 32h
    jnz @service 6h
    // here do another comp that distinguishes one call to service 32 from the //other perhaps the paramenters passed
    cmp ax, 0032 / I just made it up
    //OR cmp ebp, the return address of this call
    jnz @ service 32B

    mov ax, 000D
    mov bx, 0007
    mov cx, 0000
    mov dx, 6000
    RET
    //Service 32B called again with seprate para (Why i have no idea)

    cmp BH, 32h // do the same comp, what the heck
    jnz @service 6

    //If there are only two calls, this will get it by default, so no more tests are needed
    mov ax, 0000
    mov bx, 0014
    mov cx, 0000
    mov dx, 6000
    RET
    //Then service 6 is called

    cmp BH, 6h
    jnz @service 33
    // similar discriminator, place a cmp that helps you determined which service 6 //call you are dealing with
    cmp ax, 0001 //(another paramater out of my ass)
    jnz @ service 6B
    mov ax, 0DFC
    mov bx, 393C
    mov cx, 0000
    mov dx, 012C
    RET
    //Then service 33 is called

    cmp BH, 33
    //jnz @service ?? no need to jump nowhere, unless there are other calls to //emulate
    mov ax, 0000
    mov bx, 0033
    mov cx, 0000
    mov dx, 6000
    RET


    //Then service 6 is called again
    // Service 6B
    cmp BH, 6h
    //jnz @service 33
    mov ax, 0DFC
    mov bx, 393C
    mov cx, 0000
    mov dx, 012C
    RET
    You get the idea, I hope

  3. #3
    Hiya,

    It would be wise to reconstruct your emulation for services 32 and 33 (ReadBlock & WriteBlock) respectively. From your returns from Service 5 I'm assuming your emulating a MemoHASP-1.

    I'm recalling this from memory only so it might well be slightly wrong. As I remember it.

    At hasp() with service 32/33.

    EAX = pointer to buffer where memory will be returned
    ECX = number of words to read
    EDI = offset into dongle memory to start reading from

    Returns.

    EAX = EDI
    EBX = number of words read
    ECX = status of operation (should be 0)
    EDX = EAX (i.e. pointer to returned data)

    Working with this information it ought to be pretty simple to setup a delta offset to some fake memory and then return the simulated 'memory' as required by the API.

    Regards

    CrackZ.

Similar Threads

  1. what is the correct path
    By Silkut in forum The Newbie Forum
    Replies: 1
    Last Post: December 20th, 2010, 10:23
  2. Which tool is correct:
    By Bengaly in forum Tools of Our Trade (TOT) Messageboard
    Replies: 17
    Last Post: April 13th, 2009, 04:05
  3. hasp emulator
    By david_hi in forum The Newbie Forum
    Replies: 11
    Last Post: February 24th, 2007, 04:42
  4. Help finding the correct api
    By michelinok in forum OllyDbg Support Forums
    Replies: 6
    Last Post: December 27th, 2005, 16:49

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •