Some useful points in using Wdasm89 as a debugger Cracking Borland's Sidekick 98
Our tools Our tools
16 September 1998
by Lazy_Crack
Courtesy of Fravia's page of reverse engineering
fra_00xx98xxxxhandle1100NAPC< /td>
Well, this is not a 'target unrelated' essay, yet there are a coiuple of interesting points about the use of Wdasm as a debugger here (which is at times indeed great fun: you don't need to delve into sice, nor to dump code out of it). Besides this target has already been so widely cracked and universally widespread in its regged versions that I don't believe we are really disturbing anybody publishing this. Quite the contrary: Sidekick's programmers may be amazed to learn that you don't even need Softice to crack their application black and blue :-)
There is a crack, a crack in everything That's how the light gets in
Rating
(x)Beginner (x)Intermediate ( )Advanced ( )Expert
An easy way to view the input and results for a local function with Wdasm89
Using Wdasm to get more organised Wdasm's local function option
Written by Lazy _Crack
Introduction

Wdasm local function is a heaven sent for newbies like me, here I show it's

use with Sidekick 98

Tools required
Wdasm89
Target's URL/FTP
Sidekick 98 Pc Pro May 1998 U.K and others file name sk98_sf.exe
Program History
Your_target's_history (if any)
Essay

 Dear Fravia,

What a truly fascinating website, thankyou and I hope this is of



interest.



Target Sidekick 98 I had this vague idea I should get organised.



I submit that the method I used which I have used with some success, is a

feature of Wdasm89 that I haven't seen mentioned.



 Having installed Sidekick 98 I searched the string

references and found this snippet





* Reference To: USER32.GetDlgItemTextA, Ord:00F5h





:004067BC FF152C054400 	Call dword ptr [0044052C]..breakpoint here

:004067C2 BF70E14200   	mov edi, 0042E170

:004067C7 83C9FF       	or ecx, FFFFFFFF

:004067CA 33C0         	xor eax, eax

:004067CC F2	       	repnz

:004067CD AE		scasb

:004067CE F7D1		not ecx

:004067D0 49		dec ecx

:004067D1 83F90A	cmp ecx, 0000000A ..........Password Length

:004067D4 7431		je 00406807

:004067D6 8D442408 	lea eax, dword ptr [esp+08]





* Possible StringData Ref from Data Obj 	->"Sorry, that unlocking code is "

					 	->"not valid for this program."



From above I know my password is 10 characters long, I load process

in Wdasm, breakpoint on call above and run (f9).



I accept an offer to buy, and to be told by a human operator my unlocking code. 

I enter "my" unlocking code whatever it is and <enter>. 



Wdasm dutifully breakpoints.



An API window opens and we press get result from

USER32.GetDlgItemTextA namely "my" password. 

Close API result window.



 Now the feature, checkmark the first four boxes



 Enable Documented API Details.....check marked by default on mine



 Eable Undocumented API Details



 Enable Local Function Details



 Stop Auto on API



 and press auto step (f5).



 API window opens and we have an undocumented function and

 a ten letter result now whatever can that be ;.).



 Well actually it's not but

(f5) again and that ten letter result is compared

 to another which is.



 Sadly this program did not make me more organised !!



NB: the password is different everytime the unlocking screen is displayed.

So enter the code before you go.

Once the code is accepted and you see standard file copy animation

terminate process in Wdasm and sk98 caries on seemly unconcerned.
Final Notes

My setting's for Wdasm are basic no breaks on loading dll's etc. 

Ob Duh
I wont even bother explaining you that you should BUY this target program if you intend to use it for a longer period than the allowed one. Should you want to STEAL this software instead, you don't need to crack its protection scheme at all: you'll find it on most Warez sites, complete and already regged, farewell.

You are deep inside fravia's page of reverse engineering, choose your way out:
redhomepage redlinks redsearch_forms red+ORC redstudents' essays redacademy database redreality cracking redhow to search redjavascript wars redtools redanonymity academy redcocktails redantismut CGI-scripts redmail_fravia+
redIs reverse engineering legal?