Learning our art not far from fravia's fortress, by Bilibin

How to use
our tools

Updated: December 1998
Part of the redOur tools project
[Background
readings
]
~
[Related
essays
]

[IDA] ~ [SOFTICE] ~ [SMARTCHECK] ~ [WDASM] ~ [RESOURCE EDITORS]
[OTHER TOOLS] ~ [TIPS & TRICKS]

Make sure you check (and contribute to) the tools of our trade messageboard!


Reversers need tools: from debug.com (the swiss knife of a cracker) to Smartcheck, a great variety of 'snooping' and reversing tools have been produced, many by great programmer wizards, some of them by ourselves... this section of my site will just give you some 'basic understanding' about the main tools of our trade: Ida, Softice, Wdasm... you would be well advised to visit my various tools pages in order to gather other possibly useful tools. Keeping my 'don't steal, reverse!' traditional code of conduit, you will NEVER be able to find any stolen or cracked application on my site. There's no need. Not only the 'uncracked' versions are very easy to reverse, but also, as explained elsewhere, everything is on the web already, regged and complete if you'r a lamer, as trial version if you'r a real reverser... you just have to find it. But I'll tell you something: I paid for ALL tools I use (albeit through pseudonymous addresses and identities :-)
Yes, I paid for wdasm -for instance-, since I, personally, never use a tool that I find really useful more than a year without registering it. I register them (when I find it fit, of course, not when somebody else would like me to) even if the protections are a joke (as it often happens... at times I have the impression that Numega -for instance- is just faking a 'sort of' bogus and easy to reverse protection on all its beautiful products... probably in order to spread million copies of (stolen) softice in every corner of the world). This 'registering' attitude is not just silly 'correctness', which does not mean anything to us, the reason is much more deep: being 'quit' is vital for your own development: of course we crack protections but we don't (and won't) STOP there! As soon as 'real' reversers 'really' use somebody else's code (which does not happen too often, after all) they want to modify it, they (usually) want to create something new with it, and this is great fun, and this is useful, and this teaches us a lot... so the price we gladly pay is the price of our own pleasure.

red

IDA

IDA PRO 3.7      Commercial -very powerful- disassembler for almost any type of processors and file types. Made (with Watcom C and Borland C++) by the russian genius Ilfak Guilfanov.
     Freeware version of Ida Pro "Ida37fw" can be found in the simtelnet collections.


IDA
redIDA PRIMER
Ida's philosophy, main settings, how to start
by +Mammon
21 October 1998

red


IDA
redTHE GREAT IDA PRIMER
Mammon_'s Tales to Fravia+'s Grandson
by +Mammon
30 October 1998

red


IDA
redAn IDA enhancer
Patching the IDA.WLL
by Jean-Marc
12 November 1998

red

red

SOFTICE


Softice, the debugger par excellence, its first dos version have been made by the mightiest programmer gods of this planet in the forgotten times of the older ones... Numega has since provided all reversers with a series of incredible ameliorations of its tool.
A tough tool to use, though. OF COURSE you should read the (heavy) documentation, available almost everywhere. Don't go shooting around targets with this weapon without knowing what it can do. IMO you would be then well advised to

Start with good wizard +Mammon's Mankind comes into the Ice Age
there you will find a COMPLETE 'how to use Softice' text with two VERY IMPORTANT exercises:
Debugging an existing application and Regaining Lost Access.
No beginner should be left alone with Softice without this mighty help!

Of course, if you are a total newbye, and cannot even INSTALL softice, you better have a look at siceinst.htm: The Ultimate Beginner - Session 1: SoftICE Install for Beginners, by i_magnus
red

SOFTICE
redSOFTICE PRIMER
Softice's breakpoints, an interesting list
by +Greythorne

red

SOFTICE
redSOFTICE PRIMER
Softice's conditional breakpoints settings and macros
by Rhayader

red

SOFTICE
redSOFTICE PRIMER
Extending NuMega's SoftIce for Windows 95 using Protected Mode Debugger services API
by Iceman


red

SOFTICE
redProject two: a complete +HCU project about Softice
You'll follow the 'history' of cracking and using softice reading many essays
by various students


red

SOFTICE
redHow to trick Numegas registration routines (and download everything you want from Numega's site) disassembling Softice itself
by +OCHE SATRIANI & +OBLEK
So you wanna register sice with your own name and 'correct' serial number? Nothing easier...

red

SMARTCHECK

Smartcheck, by Numega, is another incredible reversing tool. Smartcheck is a 'flow analyzer", that, if the settings are correct will easily let you individuate which parts of an alien code are running when something you are investigating happens, giving you the exact code location that has called a particular API or hook.

27 Oct 97 Snatch ~ snatch1.htm An interesting tool: Numega Smartcheck 5.0 proj 2
proj 7
~ fra_0094
7 Nov 97 fravia+ ~ anonma2.htm An interesting tool: Numega's Smartcheck proj 2
proj 8
~ fra_00A5
25 Feb 98 Hs2L ~ smartc_2.htm An example of VB Cracking using SmartCheck proj 8 ~ fra_00EA
04 May 98 +Indian_Trail ~ ind_tra1.htm BEGINNERS:Pluckit 3.0 ~ Hip Hip Hurray for Smartcheck proj 8 ~ fra_010F


red

WDASM

Win32dasm V8.9      W32Dasm is a Windows Program Disassembler/Debugger by Peter Urbanik, URSoftware.
     A demo version can be found in the simtelnet collections.


red

WDASM
redProject zero: a concluded +HCU project about wdasm
You'll follow the 'history' of cracking and using wdasm in nine essays
by various students

red

RESOURCE EDITORS


red
26 May 97 fravia+ ~ ultrae2.htm An interesting tool: BRW unass. ~ fra_001C
31 Mar 98 F_KingKrazy ~ kk_cunei.htm How to perform some magic reversing with good old BRW unass. ~ fra_00FE
02 Dec 98 LordCaligo ~ caligo4.htm Using BRW: How to make passwords hidden by "stars" visible howtouse ~ fra_016F

You are deep inside fravia's page of reverse engineering, choose your way out:
USEFUL
Programmer's corner
TOUGH
Our Protections
protec
How to protect better
TOUGH
Packers & Unp

red

OTHER TOOLS


red

TIPS & TRICKS

[Disassembled code in Delphi] ~ [Boot softice yes/no?] ~

1) DISASSEMBLED CODE IN DELPHI


In Delphi 2.0, it is possible to see disassembled code at runtime. 
This feature isn't documented. Here's how you do it:

1. Run REGEDIT

2. Open register HKEY_CURRENT_USER

3. Select or add the key \Software\Borland\Delphi 2.0\Debugging

4. Add new value: EnableCPU="1"

5. Close register.

Now you'll notice that the View menu has a new entry named CPU. Give it a try!

2) BOOT SOFTICE YES/NO?



Put this at the end of your autoexec.bat

REM begin boot options ------------------------
set Winice1="Load WinIce"
set Winice2="Not Using WinIce Today"
echo Please Specify Whether You Want To Use WinIce
echo.
echo Press 1 for %Winice1%
echo or
echo Press 2 for %Winice2%
echo.
choice /c:12 /T:2,2 Choose an option
if errorlevel 2 goto NoLo
if errorlevel 1 goto Lo
:Lo
C:\SIW95\WINICE.EXE
goto end
:NoLo
echo.
echo WinIce Will Not Be Loaded.
:end
REM end boot options ------------------------
Explanation of /T:2,2:
the first "2" is the option if you don't press anything. The second "2" is the number of seconds if no instructions are given. So /T:2,2 means the default is 2 after 2 seconds of no instructions.

Eternal_Bliss(at)hotmail(point)com
redhomepage red links red anonymity +ORC redstudents' essays redacademy database
redantismut redtools redcocktails redsearch_forms redmail_fravia
redIs reverse engineering legal?

red(c) Fravia+ 1995, 1996, 1997, 1998. All rights reserved