Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 07-21-2020, 01:28
squareD's Avatar
squareD squareD is offline
VIP
 
Join Date: Aug 2005
Location: Banana Republic
Posts: 266
Rept. Given: 31
Rept. Rcvd 33 Times in 25 Posts
Thanks Given: 26
Thanks Rcvd at 88 Times in 58 Posts
squareD Reputation: 33
16 bit program

A friend of mine just asked me to disable a 10min restriction of an old 16 bit program right out of 1996
All my knowledge and tools of past does't work?
Can't remember really to that time, so help is needed!

Oh my god, sorry, wanted to write into general discussion and not here!!!
Just a fault by me, admins please remove my post to right place.
Was a little bit distracted, it was a long day of reversing...
__________________
The three worst enemies of the reversers: sun , fresh air and especially this unbearable roar of birds ...

Last edited by squareD; 07-21-2020 at 01:36.
Reply With Quote
  #2  
Old 07-21-2020, 01:59
chessgod101's Avatar
chessgod101 chessgod101 is online now
Co-Administrator
 
Join Date: Jan 2011
Location: United States
Posts: 506
Rept. Given: 2,104
Rept. Rcvd 668 Times in 209 Posts
Thanks Given: 504
Thanks Rcvd at 712 Times in 149 Posts
chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699
TRW2000 is a good ring3 debugger. I generally use it on the rare occasion I have to look at a dos program. I've heard several people discussing the debugger built into dosbox as well, but I have never used it.
__________________
"Real knowledge is to know the extent of one's ignorance." Confucius
Reply With Quote
The Following 2 Users Say Thank You to chessgod101 For This Useful Post:
niculaita (07-21-2020), squareD (07-22-2020)
  #3  
Old 07-22-2020, 01:58
an0rma1 an0rma1 is offline
Friend
 
Join Date: Feb 2002
Posts: 194
Rept. Given: 105
Rept. Rcvd 25 Times in 16 Posts
Thanks Given: 322
Thanks Rcvd at 72 Times in 34 Posts
an0rma1 Reputation: 25
post a link if you like, I really still love to reverse dos stuff
for DOS you could use many tools, native debuggers, as TR (with a very good and scriptable VM debugger), TRW, TurboDebugger, CUP386 unpacker (with vm debugger), etc...
Modern debuggers and Dosbox's, or even use Ida to disassemble and comment, and Dosbox debugger in another window (as I like to do, specially when reversing, not just bytepatching)

You could probably patch timer interrupt, or check if the program is keeping a internal timer driven by this interrupt.

I've uploaded here sometimes a collection of dos cracking related tools I keep upgrading (and been done for years) Also been trying to do a MsDOS scene releases pack, but many files seem lost for ever...
Reply With Quote
The Following 3 Users Say Thank You to an0rma1 For This Useful Post:
niculaita (07-22-2020), sf42 (07-22-2020), squareD (07-22-2020)
  #4  
Old 07-22-2020, 19:48
squareD's Avatar
squareD squareD is offline
VIP
 
Join Date: Aug 2005
Location: Banana Republic
Posts: 266
Rept. Given: 31
Rept. Rcvd 33 Times in 25 Posts
Thanks Given: 26
Thanks Rcvd at 88 Times in 58 Posts
squareD Reputation: 33
Thanks for the help...

It's not a DOS program, it is running with ntvdm.exe and wow32.dll under Win 7
But I did it in meanwhile with good old W32dasm !
Just nopping out the counting down line and 10 minutes left forever...

Just an edit:
W32dasm counts 42 segments but only shows 27 segments
It's too long being in past, don't know too much about this kind of programs, it was my later youth!

But knowing something, we called in the past "deadlisting", made me able to kill this line in program.
__________________
The three worst enemies of the reversers: sun , fresh air and especially this unbearable roar of birds ...

Last edited by squareD; 07-23-2020 at 00:54.
Reply With Quote
  #5  
Old 07-23-2020, 04:12
l1c1f3r l1c1f3r is offline
Friend
 
Join Date: Aug 2016
Location: Portugal
Posts: 9
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 10
Thanks Rcvd at 11 Times in 5 Posts
l1c1f3r Reputation: 0
DEBUG tool for msdos in dosbox dont work?
Reply With Quote
  #6  
Old 07-23-2020, 17:09
squareD's Avatar
squareD squareD is offline
VIP
 
Join Date: Aug 2005
Location: Banana Republic
Posts: 266
Rept. Given: 31
Rept. Rcvd 33 Times in 25 Posts
Thanks Given: 26
Thanks Rcvd at 88 Times in 58 Posts
squareD Reputation: 33
Don't know...
As I said before, it is a 16bit application with graphic UI running under Windows 32 bit
I. E. Olly beefs, but loads and run it
Only debugging and breakpoints doesn't work correctly, so I was seeking for an alternative
__________________
The three worst enemies of the reversers: sun , fresh air and especially this unbearable roar of birds ...
Reply With Quote
  #7  
Old 07-24-2020, 01:39
sf42 sf42 is offline
Friend
 
Join Date: Feb 2003
Posts: 109
Rept. Given: 23
Rept. Rcvd 26 Times in 12 Posts
Thanks Given: 9
Thanks Rcvd at 66 Times in 26 Posts
sf42 Reputation: 26
Quote:
Originally Posted by squareD View Post
Don't know...
As I said before, it is a 16bit application with graphic UI running under Windows 32 bit
Windows 3.x program?
Reply With Quote
  #8  
Old 07-24-2020, 20:12
squareD's Avatar
squareD squareD is offline
VIP
 
Join Date: Aug 2005
Location: Banana Republic
Posts: 266
Rept. Given: 31
Rept. Rcvd 33 Times in 25 Posts
Thanks Given: 26
Thanks Rcvd at 88 Times in 58 Posts
squareD Reputation: 33
That's what Exeinfo said...

Code:
Not Windows PE ->  Sign.  : NE <- ( 16 bit ) Windows or OS/2
So looks like old Win 3.1 program.
I only should deactivate the 10m demonstration time and that' done!

Should have looked into Exeinfo before, because also said...

Code:
Try another exe or use Hiew.exe tool for view structure
Instead of W32dasm I could use Hiew, but didn't thought about it, because I use Hiew very rarely.
__________________
The three worst enemies of the reversers: sun , fresh air and especially this unbearable roar of birds ...
Reply With Quote
  #9  
Old 07-27-2020, 15:52
ZeNiX's Avatar
ZeNiX ZeNiX is offline
Administrator
 
Join Date: Feb 2009
Posts: 719
Rept. Given: 173
Rept. Rcvd 767 Times in 256 Posts
Thanks Given: 200
Thanks Rcvd at 724 Times in 226 Posts
ZeNiX Reputation: 700-899 ZeNiX Reputation: 700-899 ZeNiX Reputation: 700-899 ZeNiX Reputation: 700-899 ZeNiX Reputation: 700-899 ZeNiX Reputation: 700-899 ZeNiX Reputation: 700-899
NE should be Windows 3.x program.
If it is not encrypted, I will use hiew to solve it.

Besides, w32dasm and ida pro can help as well.
Reply With Quote
The Following User Says Thank You to ZeNiX For This Useful Post:
squareD (07-27-2020)
  #10  
Old 07-27-2020, 21:17
Ethereal Ethereal is offline
Friend
 
Join Date: Jun 2014
Location: Out Sweden
Posts: 56
Rept. Given: 2
Rept. Rcvd 25 Times in 7 Posts
Thanks Given: 17
Thanks Rcvd at 136 Times in 32 Posts
Ethereal Reputation: 26
You should need any help, i'd be happy to help.

Quote:
Originally Posted by squareD View Post
A friend of mine just asked me to disable a 10min restriction of an old 16 bit program right out of 1996
All my knowledge and tools of past does't work?
Can't remember really to that time, so help is needed!

Oh my god, sorry, wanted to write into general discussion and not here!!!
Just a fault by me, admins please remove my post to right place.
Was a little bit distracted, it was a long day of reversing...
Reply With Quote
  #11  
Old 07-27-2020, 22:55
chants chants is offline
Family
 
Join Date: Jul 2016
Posts: 559
Rept. Given: 6
Rept. Rcvd 35 Times in 21 Posts
Thanks Given: 472
Thanks Rcvd at 835 Times in 392 Posts
chants Reputation: 35
Windows 10 x64 will no longer run 16-bit NE programs But you can load up a fast XP 32-bit VM to run and debug them. But Windows 10 32-bit does have an optional feature called NTVDM that can be added to support them. I'm not sure if current versions of WinDbg handles them or not.
Reply With Quote
  #12  
Old 07-27-2020, 23:53
squareD's Avatar
squareD squareD is offline
VIP
 
Join Date: Aug 2005
Location: Banana Republic
Posts: 266
Rept. Given: 31
Rept. Rcvd 33 Times in 25 Posts
Thanks Given: 26
Thanks Rcvd at 88 Times in 58 Posts
squareD Reputation: 33
Ok my friends in this forum...
I like you all, we all have the same hobby!
But I posted in meanwhile:

Code:
I only should deactivate the 10m demonstration time and that's done!


So don't give me further informations in any way...
I surrended, I did it, it's settled, program is running for ever, or may be not?
__________________
The three worst enemies of the reversers: sun , fresh air and especially this unbearable roar of birds ...
Reply With Quote
  #13  
Old 07-28-2020, 01:28
an0rma1 an0rma1 is offline
Friend
 
Join Date: Feb 2002
Posts: 194
Rept. Given: 105
Rept. Rcvd 25 Times in 16 Posts
Thanks Given: 322
Thanks Rcvd at 72 Times in 34 Posts
an0rma1 Reputation: 25
W32Dasm ...
I can't explain why specifically, but this was the most useful cracking tool I've user, I cracked so many programs in those years. I loved also SoftIce, but WinIce gave problems with the graphic card from time to time, and for my taste, it did not adapted too well to Windows systems (maybe using it in a dual monitor could work today ... )
But W32Dasm was a pleasure to use, and worked very well.
Other tool in this league could be Ollydebug, soooo many hours using it.
Reply With Quote
  #14  
Old 07-29-2020, 21:57
squareD's Avatar
squareD squareD is offline
VIP
 
Join Date: Aug 2005
Location: Banana Republic
Posts: 266
Rept. Given: 31
Rept. Rcvd 33 Times in 25 Posts
Thanks Given: 26
Thanks Rcvd at 88 Times in 58 Posts
squareD Reputation: 33
Yeah that's right...
But old DOS or Win 3.1 programs are an exception.
Normally I do some modern things with modern tools i. e. the debugger of mr.exodia
__________________
The three worst enemies of the reversers: sun , fresh air and especially this unbearable roar of birds ...
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 08:00.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX
( 1998 - 2020 )