Welcome to Our Community

Wanting to join the rest of our members? Feel free to sign up today.

If I can then you can!

Discussion in 'GFX Domain HOME !' started by angelofmercy, Nov 6, 2018 at 11:49 AM.

Tags:
  1. angelofmercy

    angelofmercy Well-Known Member
    Member

    Joined:
    Jun 7, 2017
    Messages:
    397
    Likes Received:
    270
    Hi. This is just a post about debugging. Some of you might know that I am learnig reverse engineering. Well to be honest I'm not. All I'm doing is running a debugger (x64dbg), searching strings and if the debugger hits a stop block it. So far it works ok on things. I know nothing about C#/C++/Delphi/Pearl/Javascript or any language really. However I have always been able to understand how things work to a limit. I might be cracking stuff the long and boring way but it seems to work. I am too old now to become part of a scene or to learn coding from scratch. Batch scripting seems easy and it helps on some software to simply cheat the trial running out. Again I googled all this and took snippets and put them together but it worked. That's when I thought try a debugger. How scary would it be?

    It was at that point I saw how weird it all looked. Yes I knew about ollydbg, who doesn't! I've been pirating software since about 1987! Yes I am old lol. But I never knew how piracy worked. I just knew if you step over a puddle you won't get wet (not a great pun but it explains well). In 2001 I got a PC for the 1st time and started learning how to usre the web. It was a few years later my photography college teacher mentioned "Crack" to me. I thought he was dealing lol. That one word was my life since. I googled everything about cracks and my piracy days began! But I was just downloading stuff I never used coz I could just like we all do.

    2018 changed things for me. I suffer depression. I got bored of games (last ones I played was Batman AK and Rise of The Tomb Raider). I was bored of watching Big Bang over and over! It was summer and all the programs like Flash, Walking Dead, Arrow, Legends etc were not on. So I thought how can I stop myself being bored. Here it comes (thank god you say!). As stated I knew about ollydbg and seen it in action thanks to youtube over the years but it looked scary and hard! I decided sod it take the plunge. I have a 64bit machine so I needed a 64bit debugger. I saw there were not many as I read 64bit debugging is new and only pros have them. I of course read on how x64dbg worked as this is essential to understanding breakpoints and how to edit command etc. Then I found one of the most powerful commands you could type i was JMP is Jump. Jump is like stepping over a goto command. It basically ignores what follows and goes to the address code at the jmp command. Recently I've started googling what command and all these codes mean in dissassembly language. The one thing you need to learn is searching for strings. Strings are just words like comments or function names the programmer has used. A simple example "Watermark" is a string found. Open that string. Always look up! Usually commands starts underneath a string. Look for things like JNE/JE/JLE/JAE. Change them to JMP. Now that watermark is gone! If it was that easy things would be lovely. Sadly its not always that easy. I learned Tracing.

    Tracing is basically fooling the program into running without breaking from what I can tell. Watermarks are either present on screen or on the save. Think like a programmer on this part. Do you put the watermark in when a new document is made or when an image is opened. Or do you process it on the save? Find strings that relate to save, open, new etc. If it sounds like a command then it probably is. This is where Tracing comes into play. X64dbg allows animation. Instead of keeping your finger down on the keyboard the animation animates a key being pressed do you don't have to (this is not what it really means but its easier to understand believe me!). So lets say its on the save command. Make a breakpoint or breakpoints on the save strings or strings (depending on how many save strings there are). Now click save in the main program. As its running through the debugger the debugger will pause on the 1st breakpoint found. You can go to the next breakpoint if there is one. Lets say there isn't and the program still outputs the watermark. Go back and click save again. Program will pause on the breakpoint again. This time use tracing anim style. This will then run the program as it would but goes through every line and command it calls to. Eventually it will stop. If the save function has not been done continue. Eventually it will save. But it will stop in the debugger. Now reverse the animation by simply pressing the minus button. Go back up the code to see where the last call or jump was. Its here you start looking at things as this is usually the last place it makes a call from. Sometimes luck comes in and a nice JNE (jump if not equal) command is there so you change it to JMP and the watermark is gone. But thats not the case. I cannot teach you that part only tell you tracing and going backwards is very useful into finding things. If a program makes a call to a website search that site in the strings.

    Now here is where it gets a little hard. CALLS. Not as in mobile phones! Call commands as far as I know is the start of a function such as start and stop. There are things called Intermodualr Calls. Things like alerts,messages etc that popup on sreen. QT4/QT5 use exec@Q etc. Look for messageA/messageW or Dialog. User32.sendmessage or User32.PeekMessage is where these lie. Same rule applies look for a jump command and change that command or trace where the dialog or message opens to the very last call. Usually there is a jump to command that takes you there. That is the command you need to change not the actual window call as that will mess it up.

    Take Dynamic Auto Painter 6. I never knew how to crack it until I tried. The programmer uses a weird string like "{{rrr"as the watermark with a jump to command. Change all those commands to jmp. Again not that easy. You have to run the program, save a lot etc and hope for the best.

    Anyway how boring was this? I wrote this to say that if someone like me who knows absolutely nothing can take a simple program like RichDirt and make it last forever then you definitely can! I want this message to give others encouragement and hope. I hope you might becomen what I will never. But I have found those who encourage people help those people go on to better things.

    So I hope this makes you think "Can I do that?", simple answet is if you can read and write then yes you can!

    Enjoy. Piracy is fun just don't make it your life! Golden rule. Otherwise Volksi would still be happy lol
     
    nobrega and notimetolose like this.