Lord Clito's
"How to get an editable disassembly-textfile with W32dasm6 demo ."
An idiots approach anyone able to move the 'puters mouse should be able to follow.


W32DASM6 is a nice Win32 Disassembler that can disassemble most Win 32 binaries. 

The full blown registered version lets you print and save the disassembly to 

an editable text file. Now the problem is that the (undoubtedly capable) 

programmer spreads his valuable work in the form of a crippeled demo 

version that lacks the abovementioned features. Now you little scholar of 

crackmanship want to follow +ORC's well done lesson about dead listing 

cracking (9.3), and ask yourself, since you weren't smart enough to find 

the registered version (I'm not going to even dare to ask you to crack it 

yourself): How the fuck do I get a textfile I can load in my editor or 

wordprocessor ?

    

Due to some strange events which occurred shortly after the big bang, the 

universe created nice people like me (and +ORC and all the other warriors 

that fight the giant), who is now going to tell you how to get your 

disassembly-textfile into your favourite editor.

    

Theory:    

W32DASM6 will write the disassembly of your target file to a hidden temporary 

file called winsys (no period-type file ending like winsys.xyz, just plain winsys), 

which will be placed in the same directory where your target file is sitting. 

You will of course only see it if you told Explorer to show hidden files, (incase 

you should not know how to do this, get a good game like diablo and forget about 

cracking) the w32dasm will keep the file open as long as it runs, so you cannot 

open the file with your editor as long as w32dasm is running. When you exit 

w32dasm it will immediately delete the file, so there should be no way to access 

it. But wait.....there always is a way. 



How to do it:

    

Windows NT :

Fire up w32dasm, let it disassemble your target binary. Then kill W32dasm with 

the NT-Taskmanager. The disassembly-textfile will remain in the directory of your 

target binary and will be named winsys (without file extension). You can now open 

it in any editor.

    



Windows 95 :  

Since Win95 is a toy-operating-system, it doesn't provide a tool to radically 

terminate a program, thus letting w32dasm do its deleting job on our desired 

winsys file, if you try it with Win95's Taskmanager. But dont worry young warrior, 

the tools needed to provide the necessary power to Win95 will be provided by me 

right here: They are called PS.EXE and KILL.EXE, those two are Win32 ports of 

common Unix commands. They are Freeware (thanks go out to their unknown developers).



How to do it:

1. Fire up w32dasm and let it disassemble your target binary.Don't shut w32dasm 

   down, yet!

2. Place PS.EXE and KILL.EXE in c:\Windows\command, or any other directory that 

   is included in your %PATH%

3. Open a MS-DOS window.

4. On your command prompt execute PS, its output will look like:

    

HWND     PID           PRIO          UTime       KTime        NAME

85c      -97543         NORM      00:00:12    00:00:08      URSOFT W32DASM6 DEMO 

blah blah blah

.......

.....lotsa lines looking equal

    

Depending on how many apps/progs are running this list can get very long, the 

numbers also will always vary. What you need to do is simply look for the PID 

of W32DASM which in this example is -97543.

    

5. Still being on the command prompt you now type:

   C:\>Kill -97543 (

   or whichever number PS.EXE showed you, I told you they will always vary)

6. W32DASM will instantly kick the bucket and vanish from your screen, leaving 

   you with the desired editable disassembly named winsys (without extension) 

   in your target binary's directory.

7. You can now open it in your favourite editor or wordprocessor.

    

Now if this How-To is to difficult to understand for you, stay away from cracking, 

I really tried to make it as plain and simple as I could, and since I myself use NT, 

I even worked out a way for humans using Win95, now isn't that nice ?

My next W32DASM HOW-TO will teach you how to render the w32dasmd.exe in such a way, 

that it will not delete the winsys file upon exit. Stay tuned to this great site 

and you wont miss it.

    

This How-To was written by LordClito in Feb. 97. All Copyright Shit of course 

applies.