[OTHER TOOLS] ~
[TIPS & TRICKS]
Make sure you check (and contribute to) the tools of our trade messageboard!
Reversers need tools: from debug.com (the swiss knife of a cracker) to Smartcheck, a great
variety of 'snooping' and reversing tools have been produced, many by great programmer wizards, some of them by ourselves... this
section of my site will just give you some 'basic understanding' about the main tools of our trade: Ida,
Softice, Wdasm... you would be well advised to visit my various tools pages in
order to gather other possibly useful tools. Keeping my 'don't
steal, reverse!' traditional code of conduit, you will NEVER
be able to find any stolen or cracked application on my site. There's no need. Not only
the 'uncracked' versions are very easy to reverse, but also, as
explained elsewhere, everything is on the web already, regged and
complete if you'r a lamer, as trial version if you'r a real reverser...
just have to find it. But I'll tell you something: I paid for ALL tools I use (albeit
through pseudonymous addresses and identities :-)
Yes, I paid for wdasm -for instance-, since I, personally, never use a
tool that I find really useful more than a year without registering it.
I register them (when I find it fit, of course, not when somebody else would like me to)
even if the protections are a joke (as it often happens... at
times I have the impression that Numega -for instance- is just faking a 'sort of' bogus and
easy to reverse
protection on all its beautiful products... probably in order to spread million copies of (stolen) softice in every corner of
the world). This 'registering' attitude is not just silly 'correctness', which does not
mean anything to us, the reason is much more deep: being 'quit' is vital
for your own
development: of course we
crack protections but we don't (and won't) STOP there! As soon as 'real' reversers
'really' use somebody else's code (which does
not happen too often, after all) they want to modify it, they (usually) want to
create something new with it, and this is great fun, and this is useful, and this
teaches us a lot... so the price we gladly pay is the price of our own pleasure.
IDA PRO 3.7
Commercial -very powerful-
disassembler for almost any type of processors
and file types. Made (with Watcom C and Borland C++) by the russian genius
Freeware version of Ida Pro "Ida37fw" can
be found in the
Ida's philosophy, main settings, how to start
21 October 1998
THE GREAT IDA PRIMER
Mammon_'s Tales to Reverser+'s Grandson
30 October 1998
An IDA enhancer
Patching the IDA.WLL
12 November 1998
Softice, the debugger par excellence, its first dos version have been
made by the mightiest programmer
gods of this planet in the forgotten times of the older ones... Numega has since
provided all reversers with a series of incredible ameliorations of its tool.
A tough tool to use, though. OF COURSE
you should read the (heavy) documentation, available almost everywhere.
Don't go shooting around targets
with this weapon without knowing what it can do. IMO you would be then
well advised to
Start with good wizard
Mankind comes into the Ice Age
there you will find a COMPLETE 'how to use Softice' text with two VERY IMPORTANT exercises:
Debugging an existing application and Regaining
No beginner should be left alone with Softice without this mighty help!
Of course, if you are a total newbye, and cannot even INSTALL softice, you better have a look
The Ultimate Beginner - Session 1: SoftICE Install for Beginners, by i_magnus
Softice's breakpoints, an interesting list
Softice's conditional breakpoints settings and macros
Project two: a complete +HCU project
You'll follow the 'history' of cracking and using softice reading many essays
by various students
How to trick
Numegas registration routines (and download everything you want from Numega's site)
disassembling Softice itself
by +OCHE SATRIANI & +OBLEK
So you wanna register sice with your own name and 'correct' serial number? Nothing
Smartcheck, by Numega, is another incredible reversing tool. Smartcheck is a 'flow analyzer",
that, if the settings are correct will easily let you individuate which parts
of an alien code are running when something you are investigating happens, giving
you the exact code location that has called a particular API or hook.
W32Dasm is a Windows Program Disassembler/Debugger
by Peter Urbanik, URSoftware.
A demo version can be found in the
Project zero: a concluded +HCU project about wdasm
You'll follow the 'history' of cracking and using wdasm in nine essays
by various students
|26 May 97
||An interesting tool: BRW
|31 Mar 98
||How to perform some magic reversing with good old BRW
|02 Dec 98
||Using BRW: How to make passwords hidden by "stars" visible
You are deep inside reverser's page of reverse engineering,
choose your way out:
How to protect better
Packers & Unp
TIPS & TRICKS
[Disassembled code in Delphi] ~
[Boot softice yes/no?] ~
1) DISASSEMBLED CODE IN DELPHI
In Delphi 2.0, it is possible to see disassembled code at runtime.
This feature isn't documented. Here's how you do it:
1. Run REGEDIT
2. Open register HKEY_CURRENT_USER
3. Select or add the key \Software\Borland\Delphi 2.0\Debugging
4. Add new value: EnableCPU="1"
5. Close register.
Now you'll notice that the View menu has a new entry named CPU. Give it a try!
2) BOOT SOFTICE YES/NO?
Put this at the end of your autoexec.bat
REM begin boot options ------------------------
set Winice1="Load WinIce"
set Winice2="Not Using WinIce Today"
echo Please Specify Whether You Want To Use WinIce
echo Press 1 for %Winice1%
echo Press 2 for %Winice2%
choice /c:12 /T:2,2 Choose an option
if errorlevel 2 goto NoLo
if errorlevel 1 goto Lo
echo WinIce Will Not Be Loaded.
REM end boot options
Explanation of /T:2,2:
the first "2" is the option if you don't press anything.
The second "2" is the number of seconds if no instructions are given.
So /T:2,2 means the default is 2 after 2 seconds of no instructions.
Is reverse engineering legal?
Reverser+ 1995, 1996, 1997, 1998. All rights reserved