Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 07-21-2020, 01:28
squareD's Avatar
squareD squareD is offline
VIP
 
Join Date: Aug 2005
Location: Banana Republic
Posts: 301
Rept. Given: 31
Rept. Rcvd 35 Times in 27 Posts
Thanks Given: 37
Thanks Rcvd at 110 Times in 72 Posts
squareD Reputation: 36
16 bit program

A friend of mine just asked me to disable a 10min restriction of an old 16 bit program right out of 1996
All my knowledge and tools of past does't work?
Can't remember really to that time, so help is needed!

Oh my god, sorry, wanted to write into general discussion and not here!!!
Just a fault by me, admins please remove my post to right place.
Was a little bit distracted, it was a long day of reversing...
__________________
The three worst enemies of the reversers: sun , fresh air and especially this unbearable roar of birds ...

Last edited by squareD; 07-21-2020 at 01:36.
Reply With Quote
  #2  
Old 07-21-2020, 01:59
chessgod101's Avatar
chessgod101 chessgod101 is offline
Co-Administrator
 
Join Date: Jan 2011
Location: United States
Posts: 535
Rept. Given: 2,218
Rept. Rcvd 691 Times in 219 Posts
Thanks Given: 700
Thanks Rcvd at 939 Times in 186 Posts
chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699
TRW2000 is a good ring3 debugger. I generally use it on the rare occasion I have to look at a dos program. I've heard several people discussing the debugger built into dosbox as well, but I have never used it.
__________________
"As the island of our knowledge grows, so does the shore of our ignorance." John Wheeler
Reply With Quote
The Following 2 Users Say Thank You to chessgod101 For This Useful Post:
niculaita (07-21-2020), squareD (07-22-2020)
  #3  
Old 07-22-2020, 01:58
an0rma1 an0rma1 is offline
Friend
 
Join Date: Feb 2002
Posts: 202
Rept. Given: 101
Rept. Rcvd 29 Times in 17 Posts
Thanks Given: 350
Thanks Rcvd at 99 Times in 40 Posts
an0rma1 Reputation: 29
post a link if you like, I really still love to reverse dos stuff
for DOS you could use many tools, native debuggers, as TR (with a very good and scriptable VM debugger), TRW, TurboDebugger, CUP386 unpacker (with vm debugger), etc...
Modern debuggers and Dosbox's, or even use Ida to disassemble and comment, and Dosbox debugger in another window (as I like to do, specially when reversing, not just bytepatching)

You could probably patch timer interrupt, or check if the program is keeping a internal timer driven by this interrupt.

I've uploaded here sometimes a collection of dos cracking related tools I keep upgrading (and been done for years) Also been trying to do a MsDOS scene releases pack, but many files seem lost for ever...
Reply With Quote
The Following 3 Users Say Thank You to an0rma1 For This Useful Post:
niculaita (07-22-2020), sf42 (07-22-2020), squareD (07-22-2020)
  #4  
Old 07-22-2020, 19:48
squareD's Avatar
squareD squareD is offline
VIP
 
Join Date: Aug 2005
Location: Banana Republic
Posts: 301
Rept. Given: 31
Rept. Rcvd 35 Times in 27 Posts
Thanks Given: 37
Thanks Rcvd at 110 Times in 72 Posts
squareD Reputation: 36
Thanks for the help...

It's not a DOS program, it is running with ntvdm.exe and wow32.dll under Win 7
But I did it in meanwhile with good old W32dasm !
Just nopping out the counting down line and 10 minutes left forever...

Just an edit:
W32dasm counts 42 segments but only shows 27 segments
It's too long being in past, don't know too much about this kind of programs, it was my later youth!

But knowing something, we called in the past "deadlisting", made me able to kill this line in program.
__________________
The three worst enemies of the reversers: sun , fresh air and especially this unbearable roar of birds ...

Last edited by squareD; 07-23-2020 at 00:54.
Reply With Quote
  #5  
Old 07-23-2020, 04:12
l1c1f3r l1c1f3r is offline
Friend
 
Join Date: Aug 2016
Location: Portugal
Posts: 10
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 10
Thanks Rcvd at 11 Times in 5 Posts
l1c1f3r Reputation: 0
DEBUG tool for msdos in dosbox dont work?
Reply With Quote
  #6  
Old 07-23-2020, 17:09
squareD's Avatar
squareD squareD is offline
VIP
 
Join Date: Aug 2005
Location: Banana Republic
Posts: 301
Rept. Given: 31
Rept. Rcvd 35 Times in 27 Posts
Thanks Given: 37
Thanks Rcvd at 110 Times in 72 Posts
squareD Reputation: 36
Don't know...
As I said before, it is a 16bit application with graphic UI running under Windows 32 bit
I. E. Olly beefs, but loads and run it
Only debugging and breakpoints doesn't work correctly, so I was seeking for an alternative
__________________
The three worst enemies of the reversers: sun , fresh air and especially this unbearable roar of birds ...
Reply With Quote
  #7  
Old 07-24-2020, 01:39
sf42 sf42 is offline
Friend
 
Join Date: Feb 2003
Posts: 117
Rept. Given: 23
Rept. Rcvd 28 Times in 13 Posts
Thanks Given: 22
Thanks Rcvd at 82 Times in 32 Posts
sf42 Reputation: 28
Quote:
Originally Posted by squareD View Post
Don't know...
As I said before, it is a 16bit application with graphic UI running under Windows 32 bit
Windows 3.x program?
Reply With Quote
  #8  
Old 07-24-2020, 20:12
squareD's Avatar
squareD squareD is offline
VIP
 
Join Date: Aug 2005
Location: Banana Republic
Posts: 301
Rept. Given: 31
Rept. Rcvd 35 Times in 27 Posts
Thanks Given: 37
Thanks Rcvd at 110 Times in 72 Posts
squareD Reputation: 36
That's what Exeinfo said...

Code:
Not Windows PE ->  Sign.  : NE <- ( 16 bit ) Windows or OS/2
So looks like old Win 3.1 program.
I only should deactivate the 10m demonstration time and that' done!

Should have looked into Exeinfo before, because also said...

Code:
Try another exe or use Hiew.exe tool for view structure
Instead of W32dasm I could use Hiew, but didn't thought about it, because I use Hiew very rarely.
__________________
The three worst enemies of the reversers: sun , fresh air and especially this unbearable roar of birds ...
Reply With Quote
  #9  
Old 07-27-2020, 15:52
ZeNiX's Avatar
ZeNiX ZeNiX is offline
Administrator
 
Join Date: Feb 2009
Posts: 732
Rept. Given: 177
Rept. Rcvd 773 Times in 259 Posts
Thanks Given: 213
Thanks Rcvd at 885 Times in 242 Posts
ZeNiX Reputation: 700-899 ZeNiX Reputation: 700-899 ZeNiX Reputation: 700-899 ZeNiX Reputation: 700-899 ZeNiX Reputation: 700-899 ZeNiX Reputation: 700-899 ZeNiX Reputation: 700-899
NE should be Windows 3.x program.
If it is not encrypted, I will use hiew to solve it.

Besides, w32dasm and ida pro can help as well.
Reply With Quote
The Following User Says Thank You to ZeNiX For This Useful Post:
squareD (07-27-2020)
  #10  
Old 07-27-2020, 21:17
Ethereal Ethereal is offline
Friend
 
Join Date: Jun 2014
Location: Out Sweden
Posts: 64
Rept. Given: 2
Rept. Rcvd 25 Times in 7 Posts
Thanks Given: 18
Thanks Rcvd at 144 Times in 35 Posts
Ethereal Reputation: 26
You should need any help, i'd be happy to help.

Quote:
Originally Posted by squareD View Post
A friend of mine just asked me to disable a 10min restriction of an old 16 bit program right out of 1996
All my knowledge and tools of past does't work?
Can't remember really to that time, so help is needed!

Oh my god, sorry, wanted to write into general discussion and not here!!!
Just a fault by me, admins please remove my post to right place.
Was a little bit distracted, it was a long day of reversing...
Reply With Quote
  #11  
Old 07-27-2020, 22:55
chants chants is offline
VIP
 
Join Date: Jul 2016
Posts: 724
Rept. Given: 35
Rept. Rcvd 48 Times in 30 Posts
Thanks Given: 666
Thanks Rcvd at 1,050 Times in 475 Posts
chants Reputation: 48
Windows 10 x64 will no longer run 16-bit NE programs But you can load up a fast XP 32-bit VM to run and debug them. But Windows 10 32-bit does have an optional feature called NTVDM that can be added to support them. I'm not sure if current versions of WinDbg handles them or not.
Reply With Quote
  #12  
Old 07-27-2020, 23:53
squareD's Avatar
squareD squareD is offline
VIP
 
Join Date: Aug 2005
Location: Banana Republic
Posts: 301
Rept. Given: 31
Rept. Rcvd 35 Times in 27 Posts
Thanks Given: 37
Thanks Rcvd at 110 Times in 72 Posts
squareD Reputation: 36
Ok my friends in this forum...
I like you all, we all have the same hobby!
But I posted in meanwhile:

Code:
I only should deactivate the 10m demonstration time and that's done!


So don't give me further informations in any way...
I surrended, I did it, it's settled, program is running for ever, or may be not?
__________________
The three worst enemies of the reversers: sun , fresh air and especially this unbearable roar of birds ...
Reply With Quote
  #13  
Old 07-28-2020, 01:28
an0rma1 an0rma1 is offline
Friend
 
Join Date: Feb 2002
Posts: 202
Rept. Given: 101
Rept. Rcvd 29 Times in 17 Posts
Thanks Given: 350
Thanks Rcvd at 99 Times in 40 Posts
an0rma1 Reputation: 29
W32Dasm ...
I can't explain why specifically, but this was the most useful cracking tool I've user, I cracked so many programs in those years. I loved also SoftIce, but WinIce gave problems with the graphic card from time to time, and for my taste, it did not adapted too well to Windows systems (maybe using it in a dual monitor could work today ... )
But W32Dasm was a pleasure to use, and worked very well.
Other tool in this league could be Ollydebug, soooo many hours using it.
Reply With Quote
  #14  
Old 07-29-2020, 21:57
squareD's Avatar
squareD squareD is offline
VIP
 
Join Date: Aug 2005
Location: Banana Republic
Posts: 301
Rept. Given: 31
Rept. Rcvd 35 Times in 27 Posts
Thanks Given: 37
Thanks Rcvd at 110 Times in 72 Posts
squareD Reputation: 36
Yeah that's right...
But old DOS or Win 3.1 programs are an exception.
Normally I do some modern things with modern tools i. e. the debugger of mr.exodia
__________________
The three worst enemies of the reversers: sun , fresh air and especially this unbearable roar of birds ...
Reply With Quote
  #15  
Old 08-27-2020, 00:39
Idler Idler is offline
Guest
 
Join Date: Aug 2020
Posts: 3
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 1
Thanks Rcvd at 0 Times in 0 Posts
Idler Reputation: 0
Quote:
Originally Posted by chants View Post
Windows 10 x64 will no longer run 16-bit NE programs But you can load up a fast XP 32-bit VM to run and debug them. But Windows 10 32-bit does have an optional feature called NTVDM that can be added to support them. I'm not sure if current versions of WinDbg handles them or not.
you can always use otvdm to run 16bit applications on 64bit systems
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to debug a program spawned by another program? jonwil General Discussion 19 11-25-2012 18:39
Program to view what another Program is doing when it is run? sojourner353 General Discussion 19 07-07-2012 00:17


All times are GMT +8. The time now is 16:22.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )