Cracking Tools

by Ray Robbins.
Share
|
Homepage | Submit your article | Contact | TOS
More articles on software  

You are here: Categories » Computers and technology » Software

If you don't know your enemy's weapons, you cannot defeat him. Let's take a look at the programs most commonly used by crackers.

SoftICE SoftICE from Compuware (http://www.compuware.com) is one of the best debuggers in the DOS environment. You will not find anything better for Windows 9x and NT. Many crackers therefore say that NuMega (the producer of SoftICE) is their favorite company.

TRW2000 This is a debugger for Windows 9x. It isn't as good as SoftICE, but its price is acceptable considering the high quality. You'll find shareware versions online.

WinDasm Together with IDA (discussed below), WinDasm is the best disassembler in the Windows environment. Compared to IDA, WinDasm's disassembled code is shorter and easier to understand. It's a great loss that , unlike IDA , WinDasm is no longer in development . You can find shareware versions online.

SmartCheck SmartCheck from Compuware is an IDE tune-up tool for programs written in Visual Basic. It is better than SoftICE for debugging Visual Basic applications.

IDA Pro (Interactive DisAssembler Pro) IDA, by Ilfak Guilfanov, is a wonderful disassembler for DOS and Windows programs. It is not a static disassembler like WinDasm, and it even lets you manage the translation manually. (This is a great feature to have when a program that you want to study uses various tricks to protect it from disassembly.) IDA has many other great features. You can request a demo of IDA Pro from http://www.ccso.com.

Sourcer Sourcer, from VCOM, is a wonderful disassembler for DOS programs, but it is not widely used for Windows. You can get it at http://www.v-com.com.

Hex Workshop Hex Workshop, from BreakPoint Software (http://www.bpsoft.com) is a hex editor for the Windows environment.

Hiew (Hacker's View) Probably the best HEX editor for the DOS environment.

SoftICE Basics

Before you can work with SoftICE, you must enable Windows API calls. You can do so in SoftICE's winice.dat file where you will see the following text: 

; ***	**Examples of export symbols that can be included for Windows 95***	**
; Change the path to the appropriate drive and directory

You'll see various libraries listed below the preceding text, from which you can export symbols into SoftICE. Remove the semicolon (;) characters from in front of the kernel32.dll and user32.dll libraries. The text will then look like this: 

EXP=c:\windows\system\kernel32.dll EXP=c:\windows\system\user32.dll

You have just permitted functions to be exported to SoftICE from kernel32.dll and user32.dll and from their Windows API calls. Now you can set breakpoints for these calls in SoftICE. For example, you can directly use the command bpx MessageBoxA to set a breakpoint for this API call.

Another way to export to SoftICE is through the SoftICE loader menu, where you select Edit and SoftICE initialization settings. Select Exports in this menu and use the self-explanatory Add to add further exports and Remove to remove them.

Once you have made these changes, you must restart your computer so that SoftICE can be reinitialized. In the following sections I will explain the basics of using SoftICE.

Key Commands

To get into SoftICE, you can use the key combination CTRL+D. This combination always works, whether you are at the Windows desktop or running a program or game.

If you press F10, the program you are debugging will be traced, one instruction after another, and the trace will not nest into call procedures. If you press F8 or entering the T (Trace) command, the program will be traced, one instruction after another, and the trace will nest into call procedures.

The F11 key is very important. If a breakpoint is set to an API call, SoftICE will stop at the beginning of this call. Pressing F11 again is like calling the RET function, though the API call will be performed before SoftICE stops. The advantage to this is that you don't have to perform manual call tracing, which can be time-consuming.

The BPX Command

The BPX [API call or an ADDRESS] command sets the breakpoint to that API call or address in the program . For example , BPX GETDRIVETYPEA would set the breakpoint to the Windows API GetDriveTypeA function. (You don't have to worry about lowercase or capital letters.) When using the BPX ADDRESS command, you enter a program address where the breakpoint should be set, and if the running program encounters this address, it will be stopped and you will be switched back into SoftICE.

The BPR Switch

The BPR [address1 address2] switch sets the breakpoint within a memory range, specified from address1 to address2. When anything reads from this range or writes to it, the program will be stopped and you will be switched into SoftICE. The switch has three options: r (read), w (write), and rw (read or write).

The BPM Switch

The BPM [address] command sets the breakpoint to a certain memory location. If anything reads from this location or writes to it, the program will be stopped and you will be switched into SoftICE. Like the BPR switch, this switch has three options: r (read), w (write), and rw (read or write).

If you use an x value as the switch, the so-called debug breakpoint will be set. This breakpoint will be written directly into the processor debug registers, and an INT 3h will not be set at the address, as with normal breakpoints. This kind of a breakpoint is much more difficult to discover.

Display Commands

The display commands are as follows: • d [address] This command will show the memory contents in DWORD (4 bytes) beginning at the location defined by the address.

ed [address] This command will let you edit memory contents in DWORD (4 bytes), beginning at the location defined by the address.

• r [register value] This command will change the register value. You can use it with conditional jumps.

You can also change special register values.

s [address1 address2 string or byte1, byte2 and so on] This command will search the memory for a string or bytes from address1 to address2. For example, s 400000 401000 "test" will search for a "test" string from address 400000 to address 401000.

s This command will continue searching for a string or bytes from the last found one.

code on This command will show instruction prefixes.

• wf This command will show coprocessor register values.

exp This command will show exports.

rs This command will show the program window in the actual state, and will return to SoftICE when you press any key.

address This command will let you insert program code in assembler directly from the entered address.

hboot This command will reset the computer. It is useful in case of a system crash.

Of course , SoftICE also contains many other commands . You can find all of them in the SoftICE documentation.

Share
Leave a comment or ask a question
Total comments: 0

Software Disclaimer

  • The e-articles directory is not responsible for any and all copyright infringements by writers and authors. If you suspect the information contained by this page for any copyright infringements, please contact us to investigate the issue
Detecting SoftICE by Calling INT 3h - This is one of the most well known anti-debugging tricks, and it uses a back door in SoftICE itself. It works in all versions of Windows, and it is based on calling INT 3h with registers containing (more...)
Detecting SoftICE by Calling INT 68h - Here's a way to detect the presence of SoftICE in memory by calling INT contain the value 43h before calling INT be in the AX register. 68h. The AH register must 68h. If SoftICE is active in memor (more...)
How Can You Increase Your computer performance - Basic computer knowledge or/ and appropriate technical assistance can help you increase computer performance. Computers have become an expected supporter in this modern world. O (more...)
Detecting SoftICE by Searching Memory - This detection searches the memory in the V86 mode for the WINICE.BR string. Because this method is infrequently used, it's worth considering, though it can only be used in Windows 9x. Thi (more...)
Fight for the Future, Digital Future: Google VS Apple - We can be proud as we watch one of the greatest virtual wars unleashing at the digital market. If 15 years ago it was Apple Vs Windows confrontation, today it has slightly changed its main parties (more...)
The Beginner's Guide to iPad Video Conversion on Mac - So, you've just taken in a shiny new iPad and impressed by its beautiful display. There are several possible sources of content that you will want to convert for viewi (more...)
Touch and View: iPad application - iPad application development has become an extremely popular topic at numerous conferences and workshops since the product introduction keynote. Mobile software companies went boldly into the une (more...)
Deciding on TIFF vs. JPEG Output for Scanned Images - It can be difficult to understand which file type is best for saving your scanned images. Here's a brief breakdown of the two most common options. Preserving beloved memories is on (more...)
Photoshop Clipping Path and Masking Techniques :: Wonderful Technique to Knock Out Image Background - Graphic design is being the promotional key in every spare of business and individual life. Business organizations seek graphic tools to have publicity by dint of bill board, catalogs, magazines, w (more...)
Tips on Getting MP3 from CD as iPhone Ringtone on Mac - Many people must have favorite CDs filled with their bookcase or CD case somewhere at home due to the songs they loved while they still need to pay $0.99 each to get the same songs as their iPhone (more...)
 
free content
    Copyright © 2006 - 2012 e-articles.info.
The texts, articles and tutorials in the directory are property of their respective owners and authors.