<HTML>
<HEAD>
   <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
   <META NAME="GENERATOR" CONTENT="Mozilla/4.04 [en] (Win95; I) [Netscape]">
   <META NAME="Author" CONTENT="VisualBB">
   <META NAME="Classification" CONTENT="Reverse Code Engineering">
   <META NAME="Description" CONTENT="How to debug with W32Dasm 8.9 II">
   <META NAME="KeyWords" CONTENT="How to crack FtpWolf 2.00">
   <TITLE>How to debug with W32Dasm 8.9 II</TITLE>
</HEAD>
<BODY TEXT="#001010" BGCOLOR="#C0C0C0" LINK="#FF0000" VLINK="#000099" ALINK="#FFFF00">
&nbsp;
<TABLE BORDER CELLSPACING=2 WIDTH="100%" 22" >
<TR BGCOLOR="#FFFFFF">
<TD WIDTH="15%">
<CENTER><B><FONT FACE="Arial,Helvetica">Sept 1998</FONT></B></CENTER>
</TD>

<TD WIDTH="100%">
<CENTER><FONT FACE="Arial,Helvetica"><FONT SIZE=+1>Rsagnt32.dll<BR>
How to debug with W32Dasm 8.9 II</FONT></FONT></CENTER>
</TD>

<TD WIDTH="30%">
<CENTER><B><FONT FACE="Arial,Helvetica">Win '95 PROGRAM</FONT></B></CENTER>

<CENTER><FONT FACE="Arial,Helvetica"><FONT COLOR="#808080">Win Code Reversing</FONT></FONT></CENTER>

<CENTER><FONT FACE="Arial,Helvetica"><FONT COLOR="#808080">&nbsp;</FONT></FONT></CENTER>
</TD>
</TR>

<TR BGCOLOR="#FFFF99">
<TD WIDTH="15%">
<CENTER><FONT FACE="Arial,Helvetica"><FONT COLOR="#890000">&nbsp;</FONT></FONT></CENTER>
</TD>

<TD>
<CENTER><FONT FACE="Arial,Helvetica">by <FONT SIZE=+3>VisualBB&nbsp;</FONT></FONT></CENTER>
</TD>

<TD VALIGN=CENTER WIDTH="30%"><FONT FACE="Arial,Helvetica">&nbsp;</FONT></TD>
</TR>

<TR BGCOLOR="#999900">
<TD WIDTH="15%">
<CENTER><FONT FACE="Arial,Helvetica">&nbsp;</FONT></CENTER>
</TD>

<TD>
<CENTER><FONT FACE="Arial,Helvetica">Code Reversing For Beginners&nbsp;</FONT></CENTER>
</TD>

<TD WIDTH="30%">
<CENTER><FONT FACE="Arial,Helvetica">&nbsp;</FONT></CENTER>

<CENTER><FONT FACE="Arial,Helvetica">&nbsp;</FONT></CENTER>
</TD>
</TR>

<TR BGCOLOR="#C0C0C0">
<TD WIDTH="15%"></TD>

<TD ALIGN=LEFT>
<CENTER><FONT FACE="Arial,Helvetica">&nbsp;</FONT></CENTER>

<CENTER><B><FONT FACE="Arial,Helvetica">Program Details</FONT></B></CENTER>

<CENTER><FONT FACE="Arial,Helvetica"><B>Program Name:</B> KeyViewPro</FONT></CENTER>

<CENTER><FONT FACE="Arial,Helvetica"><B>Program Type:</B> Multi File Viewer</FONT></CENTER>

<CENTER><B><FONT FACE="Arial,Helvetica">Program Location:&nbsp;</FONT></B>
<A HREF="http://www.keyview.com">http://www.keyview.com/</A></CENTER>

<CENTER><B><FONT FACE="Arial,Helvetica">Program Size: 5,488,701(5.5mb)</FONT></B></CENTER>
<FONT FACE="Arial,Helvetica">&nbsp;</FONT></TD>

<TD WIDTH="30%"></TD>
</TR>

<TR BGCOLOR="#C0C0C0">
<TD WIDTH="15%"></TD>

<TD><FONT FACE="Arial,Helvetica"><B>&nbsp;</B>&nbsp;</FONT>&nbsp;
<CENTER><B><FONT FACE="Arial,Helvetica">Tools Used:</FONT></B></CENTER>

<CENTER><FONT FACE="Arial,Helvetica"><A HREF="http://www.fortunecity.com/bally/waterford/18/w32dsm89.zip">W32Dasm
V8.9 - Disassembler</A></FONT></CENTER>

<CENTER><FONT FACE="Arial,Helvetica">and W32DASM 8.9 ONLY&nbsp;</FONT></CENTER>

<CENTER><FONT FACE="Arial,Helvetica">&nbsp;</FONT></CENTER>
</TD>

<TD WIDTH="30%"></TD>
</TR>

<TR>
<TD VALIGN=CENTER BGCOLOR="#C6E7C6">
<CENTER><B><FONT FACE="Arial,Helvetica"><FONT COLOR="#0000FF">Rating</FONT></FONT></B></CENTER>
</TD>

<TD VALIGN=CENTER BGCOLOR="#C6E7C6">
<CENTER><B><FONT FACE="Arial,Helvetica"><FONT SIZE=-1><FONT COLOR="#0000FF">Easy
( X )&nbsp; Medium (&nbsp; )&nbsp; Hard (&nbsp;&nbsp;&nbsp; )&nbsp; Pro
(&nbsp;&nbsp;&nbsp; )</FONT>&nbsp;</FONT></FONT></B></CENTER>
</TD>

<TD WIDTH="30%" BGCOLOR="#999900"><B><FONT FACE="Arial,Helvetica"><FONT SIZE=-1>There
is a crack, a crack in everything. That's how the light gets in.</FONT></FONT></B></TD>
</TR>
</TABLE>

<CENTER><FONT FACE="Arial,Helvetica"><FONT SIZE=-1>&nbsp;</FONT></FONT></CENTER>

<CENTER><FONT FACE="Arial,Helvetica">&nbsp;</FONT>&nbsp;
<HR></CENTER>

<CENTER><FONT FACE="Arial,Helvetica">&nbsp;</FONT></CENTER>

<CENTER><FONT FACE="Arial,Helvetica"><FONT SIZE=+2>KeyViewPro6</FONT></FONT></CENTER>

<CENTER><FONT FACE="Arial,Helvetica"><FONT COLOR="#0B7FC1">Written by VisualBB</FONT></FONT></CENTER>
<FONT FACE="Arial Black">&nbsp;</FONT>
<BR>&nbsp;
<BR>&nbsp;
<TABLE BORDER CELLSPACING=2 WIDTH="100%" HEIGHT="22" >
<TR>
<TD BGCOLOR="#C6E7C6">
<CENTER><FONT COLOR="#0000FF"><FONT SIZE=+2>Introduction</FONT></FONT></CENTER>
</TD>
</TR>
</TABLE>
<FONT FACE="Arial,Helvetica">&nbsp;</FONT>
<BR>This program comes as a trial. It uses the RSAGNT.DLL file for protection.
This file is CRC protected so no patches can be done. It creates a file
called Keyview.exe that on running brings up the hated but/try dialog.
The program is ok and allows file viewing though personally I prefer and
use Quickview 4.5 that integrates seamlessly into Nortion File Manager
(the best).
<BR><FONT FACE="Arial,Helvetica">&nbsp;</FONT>
<TABLE BORDER CELLSPACING=2 WIDTH="100%" HEIGHT="22" >
<TR>
<TD BGCOLOR="#C6E7C6">
<CENTER><FONT COLOR="#3333FF"><FONT SIZE=+2>About this protection system</FONT></FONT></CENTER>
</TD>
</TR>
</TABLE>
<FONT FACE="Arial,Helvetica">&nbsp;</FONT>
<BR>InstallShield registration number or installs as a 30 day trial with
rsagnt.dll as the checking system. Files are CRC protected!
<BR><FONT FACE="Arial,Helvetica">&nbsp;</FONT>
<TABLE BORDER CELLSPACING=2 WIDTH="100%" HEIGHT="22" >
<TR>
<TD BGCOLOR="#C6E7C6">
<CENTER><FONT SIZE=+2><FONT COLOR="#0000FF">The Essay</FONT>&nbsp;</FONT></CENTER>
</TD>
</TR>
</TABLE>
<FONT FACE="Arial,Helvetica"><FONT COLOR="#000000">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</FONT></FONT>
<BR><FONT SIZE=-1><B>OK. Install the program and installshield comes up
asking for a rego or else the install will be</B> <B>a 30 day DEMO!</B></FONT>

<P><B><FONT FACE="Arial,Helvetica">For now install it as a 30 day demo.
On running it we get the usual rsagnt nag dialog to either buy or try.
Buy leads to various screens which we ignore for this</FONT></B>

<P><FONT COLOR="#FF0000"><FONT SIZE=+1>NOTE: This crack works for ALL rsagnt
protected "Trials". I have successfully used it on ALL Macromedia trials
eg. Dreamweaver,Fireworks, Aftershock etc.</FONT></FONT>

<P><FONT COLOR="#000000">Lets see what is in the install directory. We
find of course rsagnt.dll so we are confirmed.</FONT>
<BR><FONT COLOR="#000000">Keyview.exe - this is the "BAD" file which brings
up the BUY /TRY screen</FONT>

<P><FONT COLOR="#000000">Hullo whats this? - </FONT><FONT COLOR="#CC33CC"><FONT SIZE=+2>KEYVIPOP.EXE</FONT></FONT>

<P><FONT COLOR="#000000">Lets run it. Comes up with a dialog showing files
moving and then a dialog with the message that this program cannot continue
at this point and to NOT delete this file as it will be needed. OK lets
W32Dasm the sucker.</FONT>

<P><FONT COLOR="#000000">Lets look in the string ref's for our string -
"You cannot run this application at this time."</FONT>
<BR><FONT COLOR="#000000">Found it easily at the bottom. Double click on
it and we see this code:</FONT>

<P><TT><FONT COLOR="#000000">:00404C9E 83FEFF&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
cmp esi, FFFFFFFF</FONT></TT>
<BR><TT><FONT COLOR="#000000">:00404CA1 7504&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
jne 00404CA7</FONT></TT>
<BR><TT><FONT COLOR="#000000">:00404CA3 6A00&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
push 00000000</FONT></TT>
<BR><TT><FONT COLOR="#000000">:00404CA5 FFD3&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
call ebx</FONT></TT>

<P><TT><FONT COLOR="#000000">* Referenced by a (U)nconditional or (C)onditional
Jump at Address:</FONT></TT>
<BR><TT><FONT COLOR="#000000">|:00404CA1(C)</FONT></TT>
<BR><TT><FONT COLOR="#000000">|</FONT></TT>

<P><TT><FONT COLOR="#000000">* Reference To: USER32.MessageBoxA, Ord:0195h</FONT></TT>
<BR><TT><FONT COLOR="#000000">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|</FONT></TT>
<BR><TT><FONT COLOR="#000000">:00404CA7 8B3D88044300&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
mov edi, dword ptr [00430488]</FONT></TT>
<BR><TT><FONT COLOR="#000000">:00404CAD 85F6&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
test esi, esi</FONT></TT> <TT>&lt;--<FONT COLOR="#FF0000">Compare esi to
0</FONT></TT>
<BR><TT><FONT COLOR="#000000">:00404CAF 752F&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
jne 00404CE0 &lt;-- </FONT><FONT COLOR="#FF0000">Jump to continue making
full ver</FONT></TT>

<P><TT><FONT COLOR="#000000">* Possible StringData Ref from Data Obj ->"You
cannot run this application "&lt;-- </FONT><FONT COLOR="#FF0000">here is
the string</FONT></TT>
<BR><TT><FONT COLOR="#000000">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
->"at this time."</FONT></TT>
<BR><TT><FONT COLOR="#000000">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|</FONT></TT>
<BR><TT><FONT COLOR="#000000">:00404CB1 68F8D14100&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
push 0041D1F8</FONT></TT>
<BR><TT><FONT COLOR="#000000">:00404CB6 68205B4200&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
push 00425B20</FONT></TT>
<BR><TT><FONT COLOR="#000000">:00404CBB E870AF0000&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
call 0040FC30</FONT></TT>
<BR><TT><FONT COLOR="#000000">:00404CC0 8B8C2418020000&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
mov ecx, dword ptr [esp+00000218]</FONT></TT>
<BR><TT><FONT COLOR="#000000">:00404CC7 83C408&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
add esp, 00000008</FONT></TT>

<P><FONT COLOR="#000000">What brings us here? There is a check on the value
of esi and a jump to regions unknown if esi is NOT 1, just before this
string. What this means is that the proggy checks the value of esi and
if 0 continues on and displays the dialog that you cannot run the app at
this time etc.</FONT>

<P><FONT COLOR="#000000">Time to check this out. Lets run the sucker in
W32Dasm and check this code out. </FONT><FONT COLOR="#CC0000">Set a breakpoint
at :00404CAD.</FONT>
<BR><FONT COLOR="#000000">Now load and run the file. Up comes the copying
file dialogbox and then we break at our breakpoint. </FONT><FONT COLOR="#FF0000">Check
the value of esi and it is 0</FONT>
<BR><FONT COLOR="#000000">So the&nbsp;</FONT> <FONT COLOR="#000000"><TT>You
cannot run this application dialog box code </TT>will fire.</FONT>

<P><FONT COLOR="#000000">Lets change the value of esi to NONZERO or 1.
Click modify data button, type 1 click the small button names "esi" and
see that the value is now 1. Write this to memory by clicking the "</FONT><FONT COLOR="#FF0000">MODIFY</FONT><FONT COLOR="#000000">"
button. Now run or press the F9 key.</FONT>

<P><FONT COLOR="#000000">Surprise, surprise the file copy continues and
up pops the FULL version of Keyviewpro. Help about reveals the truth that
this is the full version and is registered to the name you entered on installation.</FONT>

<P><FONT COLOR="#000000">WE ARE NOW FULLY REGISTERED.</FONT>
<BR>&nbsp;
<TABLE BORDER CELLSPACING=2 WIDTH="100%" HEIGHT="22" >
<TR>
<TD BGCOLOR="#C6E7C6">
<CENTER><FONT SIZE=+2><FONT COLOR="#0000FF">The 'Crack'</FONT>&nbsp;</FONT></CENTER>
</TD>
</TR>
</TABLE>
<FONT FACE="Arial,Helvetica">&nbsp;</FONT>
<BR><B><FONT FACE="Arial,Helvetica">There is no crack needed as the program
self upgrades you if you previously outlined steps are followed.</FONT></B>
Remember this works for ALL RSAGNT32.DLL protected programs. Get them and
Crack them.
<BR><FONT FACE="Arial,Helvetica">&nbsp;</FONT>
<BR>&nbsp;
<TABLE BORDER CELLSPACING=2 WIDTH="100%" HEIGHT="22" >
<TR>
<TD BGCOLOR="#C6E7C6">
<CENTER><FONT SIZE=+2><FONT COLOR="#0000FF">Final Notes</FONT>&nbsp;</FONT></CENTER>
</TD>
</TR>
</TABLE>
<FONT FACE="Arial,Helvetica"><FONT COLOR="#333333">&nbsp;</FONT></FONT>
<BR><FONT FACE="Arial,Helvetica"><FONT COLOR="#333333">I cannot believe
that people pay to have such LAME protections for their expensively priced
programs. This is a lesson to readers that to crack a program it is not
always necessary to go the direct way. There is always a backdoor open
a crack. The main difference is to find it and wedge it WIDE OPEN!!</FONT></FONT>

<P><B><FONT FACE="Arial,Helvetica">Greets to The author of that great cracking
tool W32DASM!</FONT></B>
<BR><FONT FACE="Arial,Helvetica">&nbsp;</FONT>
<BR><FONT FACE="Arial,Helvetica">My thanks and gratitude goes to:-</FONT>
<BR><FONT FACE="Arial,Helvetica">&nbsp;</FONT>
<BR><FONT FACE="Arial,Helvetica">Fravia+ for providing possibly the greatest
source of Reverse Engineering</FONT>
<BR><FONT FACE="Arial,Helvetica">knowledge on the Web.</FONT>
<BR><FONT FACE="Arial,Helvetica">&nbsp;</FONT>
<BR><FONT FACE="Arial,Helvetica">+ORC for showing me the light at the end
of the tunnel.</FONT>
<BR>&nbsp;
<TABLE BORDER CELLSPACING=2 WIDTH="100%" HEIGHT="22" >
<TR>
<TD BGCOLOR="#C6E7C6">
<CENTER><FONT COLOR="#0000FF"><FONT SIZE=+2>Ob Duh</FONT></FONT>&nbsp;</CENTER>
</TD>
</TR>
</TABLE>
<I><FONT FACE="Arial,Helvetica">&nbsp;</FONT></I>
<BR><I><FONT FACE="Arial,Helvetica">Do I really have to remind you all
that by buying and NOT stealing the software you use will ensure that these
software houses will continue to&nbsp; produce even *better* software for
us to use and more importantly, to continue offering even more challenges
to breaking their often weak protection systems.</FONT></I>
<BR><FONT FACE="Arial,Helvetica">&nbsp;</FONT>
<BR><I><FONT FACE="Arial,Helvetica">If your looking for cracks or serial
numbers from these pages then your wasting your time, try searching elsewhere
on the Web under Warze, Cracks etc.</FONT></I>
<BR><FONT FACE="Arial,Helvetica">&nbsp;&nbsp;&nbsp;&nbsp;</FONT>
<HR SIZE=3 WIDTH="100%">
<CENTER><FONT FACE="Arial,Helvetica">&nbsp;</FONT></CENTER>

<CENTER><FONT FACE="Arial,Helvetica">&nbsp;</FONT></CENTER>

<CENTER><TABLE BORDER=2 >
<TR>
<TD>&nbsp;<FONT FACE="Arial,Helvetica"><FONT SIZE=+1>[ <A HREF="Main.html">Return</A>
]</FONT></FONT>&nbsp;</TD>
</TR>
</TABLE></CENTER>

<CENTER><B><FONT FACE="Arial,Helvetica"><FONT SIZE=+1>&nbsp;</FONT></FONT></B></CENTER>

<HR SIZE=3 WIDTH="100%">
<BR><FONT FACE="Arial,Helvetica"><FONT SIZE=-2>Essay by: <FONT COLOR="#990000">VisualBB</FONT></FONT></FONT>
<BR><FONT FACE="Arial,Helvetica"><FONT SIZE=-2>Page Created:&nbsp; 12 Sept
1998</FONT></FONT>
</BODY>
</HTML>
