Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > Reverse Code Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 05-14-2005, 05:52 PM
LemanRuss LemanRuss is offline
Junior Member
 
Join Date: May 2005
Posts: 3
Talking

Hi everyone!

I'm new so please don't hate me for this, but i have a silly problem.

My problem is that when i decompile the .exe program i am using (with W32dsm) , i get this:
Code:
Disassembly of File: Program.exe
Code Offset = 00000000, Code Size = 00000000
Data Offset = 0030A600, Data Size = 00014800

Number of Objects = 0012 (dec), Imagebase = 00400000h

 * Object01: * * * * *RVA: 00001000 Offset: 00000400 Size: 001AA000 Flags: C0000040
 * Object02: * * * * *RVA: 004A2000 Offset: 001AA400 Size: 00007800 Flags: C0000040
 * Object03: * * * * *RVA: 004C7000 Offset: 001B1C00 Size: 00000000 Flags: C0000040
 * Object04: * * * * *RVA: 004CD000 Offset: 001B1C00 Size: 00004000 Flags: C0000040
 * Object05: * * * * *RVA: 004D1000 Offset: 001B5C00 Size: 00000200 Flags: C0000040
 * Object06: * * * * *RVA: 004D2000 Offset: 001B5E00 Size: 00000000 Flags: C0000040
 * Object07: * * * * *RVA: 004D3000 Offset: 001B5E00 Size: 00000200 Flags: C0000040
 * Object08: * * * * *RVA: 004D4000 Offset: 001B6000 Size: 00000000 Flags: C0000040
 * Object09: .rsrc * *RVA: 00516000 Offset: 001B6000 Size: 00110000 Flags: C0000040
 * Object10: JCLDEBUG RVA: 00626000 Offset: 002C6000 Size: 00044600 Flags: C0000040
 * Object11: .data * *RVA: 006AA000 Offset: 0030A600 Size: 00014800 Flags: C0000040
 * Object12: .adata * RVA: 006BF000 Offset: 0031EE00 Size: 00000000 Flags: C0000040


+++++++++++++++++++ MENU INFORMATION ++++++++++++++++++

 * * * *There Are No Menu Resources in This Application

+++++++++++++++++ DIALOG INFORMATION ++++++++++++++++++

Number of Dialogs = * *1 (decimal)

Name: DLGTEMPLATE, # of Controls=001, Caption:""
 * * 001 - ControlID:045F, Control Class:"" Control Text:"" 

+++++++++++++++++++ IMPORTED FUNCTIONS ++++++++++++++++++
Number of Imported Modules = * *0 (decimal)


+++++++++++++++++++ IMPORT MODULE DETAILS +++++++++++++++

+++++++++++++++++++ EXPORTED FUNCTIONS ++++++++++++++++++
Number of Exported Functions = 0000 (decimal)




+++++++++++++++++++ ASSEMBLY CODE LISTING ++++++++++++++++++
//********************** Start of Code in Object ***************
Program Entry Point = 00401000 (Program.exe File Offset:00001000)
Then i get arround 2 pages of blank lines, then:
Code:
:FFFFFFFF * *End Of Listing
However, if I use HIEW, i can see all of the assembly code, but not the text that i am looking for when using W32dsm.

Can anyone shed some light on what i am doing wrong?

Oh, and while I am asking, does anyone know how to get Softice working on an XP Pro PC or should I get my old bucket PC out my loft with Win 95 on it?
Reply With Quote
  #2  
Old 05-14-2005, 06:00 PM
CoDe_InSiDe CoDe_InSiDe is offline
Member
 
Join Date: Nov 2003
Posts: 28
Default

Hi LemanRuss,

I don't see much section names which probably indicates that the program has been protected/encrypted.
Try using PEiD on it and it probably tells you what protector or packer has been used, then continue with that info

Regards,

CoDe_InSiDe
Reply With Quote
  #3  
Old 05-15-2005, 04:24 PM
LemanRuss LemanRuss is offline
Junior Member
 
Join Date: May 2005
Posts: 3
Default

Thanks for the PEiD tip.

Ok, so now i know it is ASProtect 1.23 RC4 - 1.3.08.24 (Thats what PEiD says)
I read up on how to unpack it using OLLYDBG, and I can understand the Shift-F9 - 1 routine, but after that i get lost.
Can someone (at least try) to ram the knowlage into my thick skull?
Reply With Quote
  #4  
Old 05-15-2005, 06:13 PM
Kreet Kreet is offline
Junior Member
 
Join Date: Mar 2005
Posts: 2
Default

If you're lazy, you could just go to hxxp://protools.reverse-engineering.net/, go to the unpackers section, and pick up a copy of stripper or caspr.
Reply With Quote
  #5  
Old 05-17-2005, 02:07 PM
LemanRuss LemanRuss is offline
Junior Member
 
Join Date: May 2005
Posts: 3
Default

Quote:
Originally posted by Kreet@May 15 2005, 11:13 PM
If you're lazy, you could just go to hxxp://protools.reverse-engineering.net/, go to the unpackers section, and pick up a copy of stripper or caspr.
Thanks again for the tip.
However, when I use stripper to unpack it, the program will no longer run or be unscrambled in W32dsm.

Any ideas on how to fix it?
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.