iCe's Thread Monday, 08-Feb-99 23:28:22
I'm not sure I'm glad that EB gives me credit for this idea. I may be put before the firing squad before all is said and done. I have waited for this to come out so I have no insite except for tonights attempt. Hmemcpy was my first breakpoint attempt and as always was successful to a degree. I can't use I renabled my breakpoint and searched for the string (my PW) I found it in quite a few but only 4 notable places. They are notable because they repeated. They were: 30:80916032 - 038 30:C31B6A0E - A15 ---> I think this one is bogus 30:D098A032 - 038 ---> a pattern? DS:00000372 - 378 ---> This was interesting but the next time I reran the program DS = 30. I don't like that kind of coincidence so I dropped the Hmemcpy breakpoint and fired WDASM up. Since I am still trying to learn assembly I went straight to the dead list and looked for references to API calls. I found some. I liked these 4 API calls for breakpoints: GetMessageBoxA ---> SiCe didn't like this one LSTRLENA ----> I like this one LSTRCMPA ----> Another ok API call GetDlgItemTextA --> another perennial favorite. Before I get started on new breakpoints I thought I would run god old Task and see just what was going on behind my back. The most notable thing was Zipfile. Hwnd Zipfile wasn't particularly helpful, but then I'm tired so I may have missed something. Maybe tomorrow I'll try a BPR I cleared my Hmemcpy breakpoint and set a BPX on all four API's listed above. "If you go huntin, you may as well use all yer bullets" BD * then I'll run this down tomorrow and see what happens. Good luck all iCe |
iCe's Thread (iCe) (08-Feb-99 23:28:22) |