Essay Reversing Technics

Submitted By JustynTemme1
Words: 3427
Pages: 14

HOW TO CRACK, by +ORC, A TUTORIAL

---------------------------------------------------------------------------

Lesson 2: tools and tricks of the trade

---------------------------------------------------------------------------

[INDY.EXE]

--------------------------------------

LOST IN THE DARK CODEWOODS

When you break into a program you end up in portions of code

that are unfamiliar to you. It is also not uncommon for the

breakpoints to occur outside of the confines of the program you

want to crack. Getting your bearings is, in these cases, very

important.

One of the handiest utilities is the memory dump tool -it

tells you where all the device drivers and TSR are loaded, in

which memory locations the program you are cracking dwells, how

much memory is left and what the next program load point is. The

tools you use should report on the following:

- the contents of interrupt vectors

- the state of the BIOS data area, beginning at address 40:0

- internal structures within DOS, such as the MCB chain, the

SFT (System File Table) chain, the chain of installed

device drivers, the PSPs and memory allocations associated

with installed TSRs

- memory allocation statistic from XMS and EMS drivers

When seeking to understand a section of foreign code, you

must be especially careful to seek the real intent of the code.

Consider using a profiler prior to undertaking an analysis of an

unfamiliar program. This will help you by ensuring that you don't

waste time studying sections of the program that aren't even

involved in the protection scheme you are chasing down.

Using a utility that charts a program's calling hierarchy

can give you an important perspective on how your babe conducts

its internal operations.

YOUR DEBUGGER: YOUR FAVOURITE TOOL

First and foremost, your debugger must be designed for use

with resident modules (or must be itself a resident module).

Trying to crack with simplistic [debug.com] is a sure way to get

absolutely nowhere. We recommend Softice.exe from Nu-Mega

technologies (Version 2.6 [S-Ice.exe] has been cracked by MARQUIS

DE SOIREE and its vastly available on the Web). You could also

use [Periscope] or [Codeview] or Borland's Turbodebugger... all

these programs have been boldly cracked and/or distributed and

are now on the Web for free... learn how to use YAHOO and find

them. In emergency cases you could fix some quick crack using

[debug] or [symdeb], but, as said above, most of the time these

older debuggers won't do. I'll nevertheless ALWAYS give the final

crack procedure for [debug.com], in order to permit even lusers

to crack programs.

When you first smell a protection, it can be tempting to

immediately begin your crack using invasive types of techniques.

While there is certainly nothing wrong with this approach,

provided that you are fairly familiar with the protection scheme

used, going in too deep too soon can be a problem when you don't

have a strong hunch. Most of the time you'll end up missing

important details. So first of all sit down and ponder... that's

the zen-way, the only one that really works.

Single-stepping is expensive, not only because of the time

it requires but also because of the amount of detail with which

you must contend. Your immediate goal is to home in on the

protection scheme through a series of successively refined traps,

your broader aim is to get an overview idea of the program's

action... the wise use of breakpoints will condense these

minutiae into an understandable form.

The first step is to try to identify the section of the

program where the protection scheme is snapping.

Once you are able to isolate a certain section of a program,

breakpoints can