PEiD & W32DSM Questions

Ok, heres another newbie ? I have searched google and the PEiD forums for this one.

I have used PEiD to check a program, it only shows its coded using Visual C++ 6.0. So I assume no protection.

So when I open up program in WDSM and try to find a certain script it shows no scripts.

Just trying to find a certain point in the program where it gives me a certain script message and debug from there.

Some direction on this subject please.

Thanks,
Dr Pete

assuming that program is not protected by only PeID checking is quite naive, there are too many possibilites not covered by it.

for example script messages can be encrypted

1. try to search your strings using hex editor. also, browsing file with hex editor can tell you whether the file is encrypted or packed (packed and unpacked bytestreams look different)
2. try to search them in unicode translation.
3. look in the resources String section.

and stop looking for "unpacker for visual c" there is no such thing

[LaDidi]

What your proggy do BEFORE what you are seeking for (ie FileMon, Regmon) ?
Read the registry ? May be do a search in imports like RegOpenKey, RegQueryValueEx ?
Read a ini file ? GetPrivateProfileString, ....
Have you any string in W32DAsm ?
Best regards

May you give the name of the proggy ?

LaDidi, The program is a demo which has every feature enabled except 1, which I am sure is just disabled.
The script Iam looking for is when I press this feature button and gives me the message not enabled in demo.
I have used hexworkshop, wdsm and ollydbg to find this script to no avail.

Quote:

Originally Posted by maca

assuming that program is not protected by only PeID checking is quite naive, there are too many possibilites not covered by it.

for example script messages can be encrypted

Any suggestions on what else to try? P.S. Edit your post to reply maca.
Looking into different unpackers for Visual C++ V 6.0.

Quote:

Originally Posted by 2late

If the answer is yes, indeed, Wdasm tends to give rather poor result with later C++ versions. I'd suggest try the app with Bengaly's PVDasm - I found it to be much better to locate and show strings. That's what are you after, seems to me.

Cheers

Will check this out 2late, Good suggestion, not really sure to answer (script or string) Just know its the error box I get after I try and enable the particular function.

Thanks for the help!
Dr Pete

[2late]

If the answer is yes, indeed, Wdasm tends to give rather poor result with later C++ versions. I'd suggest try the app with Bengaly's PVDasm - I found it to be much better to locate and show strings. That's what are you after, seems to me.

Cheers

You can Modified the PeHeader to E0000020 with a PeEditor
then you can see the string in WD32ASM.
ECO

my 2 cents...try to break on MessageboxA ,(in wdasm set breakpoint to all occurences of the API) if it breaks look at the code, somwere upwards is somthing conditional, like je,jne,jz etc. on so on..
monguz