Hi there Paul Chin. While you might not be familiar with Half-Life mods, would it be a good idea to do tutorials on how to strip a function's .cpp coding (e.g CRandSpawner::SpawnNPC(void) from Crack-Life: Anniversary), and also on how to copy and paste the functions to another .dll file like hl.dll? Specifically I am referring to the functions laid out in the functions table. Because as much as its my first time using IDA, I am not overly familiar with the application myself, and I am sure there are others out there who feel the same way.
Hello. Is it necessary to buy the professional version of Ida Pro? Is the free Ida debugger enough to debug hung processes on a Windows system? I work as a user support engineer and the user freezes the scanning program for 10 minutes and then continues to work. Stops at the win32u!usermsgwaitmultipleobjects function. How do I know what the scanning program is waiting for?
I think, in your case, try using dedicated debuggers like windbg or xdbg. IDA's debugger is not that powerful as compared to windbg or xdbg. In a debugger you can step through the function call and inspect the memory in realtime and see what the scanning program is waiting for. Windbg is microsoft's specialized debugger for debugging low level kernel and system processes and is very powerful. xdbg is for general purpose debugging. Good luck!
@@PaulChin20 Thank you so much for answering my question, because I have been trying to debug a Windows system for several years now. I work in user support and if the program freezes or consumes a lot of resources, I become helpless))) Did I understand correctly that all problems in the system can be solved with a debugger? The disassembler is probably made for something else... I'm reading the book "Windows internals". What other resources can I read about debugging?
@@Anton_Zh Windows internals is a good start. Also here is some microsoft tutorial on windbg debugger: docs.microsoft.com/en-us/windows-hardware/drivers/debugger/getting-started-with-windbg
Hello I am super new to this and how do you know to change it to jz or jnz? and I was planning on buying the "Reverse Engineering: IDA For Beginners" and I have no knowledge on asm you think I should get it as a beginner?
Hi Paul.. if you have something like this mov esp, ebp in X32bg it tells you that it is too big if you change it to mov esp, ep , how can you do that in IDA ? and how would i know if something is too big? Thank you
I assume you are referring to assembling an instruction which overwrites the following instructions. If such is the case, you can know because in xdbg, you can click on the left check box of the assembly dialog to make sure it is same size. If it is bigger there will be a warning. But for ida i have not tried assembling anything which overrides the subsequent instructions. Maybe you can try and see if there is any warning messages?
@@PaulChin20 so did play wit it, and found the following. if I want to change it to another value, it will keep giving me an error , that i cannot do that. if I want to NOP it. I don't need to find out the bytes. if I nop a move eax, eax it will show below the leftovers in yellow, that i need to nop as well. but as far chaning a test eax , 0 to test eax, 1 or anything else, it wont let you.
hey Im a big fan of yours. but I have some question to ask and it's private. Where can I do that? I try to go to your site to ask but I don't find any option to do it.
The problem that I'm having is that I don't know what all of the Assembly Language ('eax', 'ecx', 'mov', 'jne', 'jmp', 'xor', etc., etc.) means. I think in order to fully comprehend how to use IDA Pro, x64dbg, OllyDBG, Binary Ninja, etc., etc., a person should first learn some basics about Assembly Language. Do you have any training on this topic?
Sorry, I do not have specific courses for assembly language. You learn as you go along. It is more practical that way. Otherwise, many students will get turned off (boring) by too much background info or theory.
Hi Sir, i have an old dos application (cooling tower calculation program). The problem is it runs on my xp but when i run it via emulator (dosbox) in win 10 i get an error saying "This program is copy protected. Use Install To copy It".. The license folder (AX NF ZZ) is stored as hidden on c dive in xp. Is there anyway that to make DOSBox check the license folder... Or can we use ida pro to remove the attrib checks from the exe itself ? This is what one of a member from different forum told me.. - Dosbox can't see the hidden files, because DosBox doesn't support long filenames, ie filenames with a space in them for example, and the directory where the files are is named "AX NF ZZ" and has spaces - And even if it could see the directory, DosBox doesn't support hidden/system files either, and there's a check to see if the files are hidden in the code. He changed the folder name to AX_NF_ZZ in the code, and removed the attribute checks. Because some of the code was encrypted and it worked for him.. Unfortunately that was his last post and dint here from him again lol my bad luck. I somehow want this application to run in dosbox for my college project.. Application File - easyupload.io/uw7fwj If any one could help would be gr8full.. Thanks .. Regards..
Sorry Sam, I am not sure how to solve the problems that you are facing. It appears that dosbox is some kind of virtual machine and you are running a dos program inside it. I am not sure how to crack the dos program inside the virtual machine, since I think xdbg would not be able to penetrate the dosbox and disassemble the dos program within it.
Hello sir. Sir I have a problem while patching. The software which I am trying to patch requires internet for activation. And when I search the messagebox in the search section. There are no results. What can be the problem.
You can use the call stack method. In xdbg, after the message box shows. Pause. Then go to the Call Stack Tab. Check all the functions from the top - one by one until you get to the caller of the MessageBox. One of my courses teach you how to do this: www.udemy.com/course/reverse-engineer-window-program/?couponCode=RE2JUL7
Theoretically it is possible, provided there is no protection mechanism. You need a debugger, eg, xdbg. Once the click on the button, pause the debugger and goto the call stack - one of the addresses from the top is the call-back function. Use that technique for the open shop button first - then note down the address of the call-back function. Then, repeat for the inventory button - note the call back function - then patch it to jump to the open shop function instead.
Hello sir Chin very good all your courses on Udemy and cracking lessons. I'm a fan :) . I would be interested in a course on exploit development made by you. Buffer overflow ...
You can try using PEstudio to open the program. It will list all the strings it finds, including urls. You can download PeStudio here: www.winitor.com/download
@@PaulChin20 Thank you. But the way is complicated and needs time and I have to take the URL In a short time. App exe and weak protection I want a quick way or program to take.URL A lot of research in Google, and I couldn't find a way.
@@mr7mood357 Have you tried PEstudio as I have suggested? It is very fast. The strings a listed automatically. And you can scroll to down the list to see the urls.
Very interesting sir and very powerful explanation I would love to see you doing a crack me challange written by pc soft windev because it has an other method and encrypted which don't show strings and make it little hard to reverse if you want I would send u a crack me exe file
One way is to use HTTP Analyzer (http-analyzer.en.softonic.com/) to monitor the traffic to the server as well as the response from the server. Then block the server by redirecting it to localhost using the hosts file in windows (www.freecodecamp.org/news/how-to-find-and-edit-a-windows-hosts-file/). Then use xdbg call stack method to trace the serial key check function. Look for the jump that decides if the response from server is correct. Then reverse the logic and patch it. You can learn to do this in the CSP course: crackinglessons.com/learn
When try to download the zip this message: Error 503 Backend is unhealthy Backend is unhealthy Guru Mediation: Details: cache-ams12738-AMS 1625231254 1813159633 Varnish cache server
Nice video, I have software which authenticate on internet then login. Its also time limited one year. Could you please help in this regard to bypass its date and time limit activity.
Sorry I cannot post emails here for fear of spamming. You can contact me here, or through the forums in crackinglessons.com/learn and also in Udemy messaging. Thanks
I am enjoying your instruction here but I am have a problem with the CrackMe.zip. Norton Antivirus deletes the file every time because of of this ----->Heur.AdvMLB. What's up with this A? You seem like a very likeable guy, I don't think you would try to bug my computer on purpose????
You have no idea how much this video helped
Glad to hear that!
How about patching IDM sir , can you?
Hi there Paul Chin. While you might not be familiar with Half-Life mods, would it be a good idea to do tutorials on how to strip a function's .cpp coding (e.g CRandSpawner::SpawnNPC(void) from Crack-Life: Anniversary), and also on how to copy and paste the functions to another .dll file like hl.dll? Specifically I am referring to the functions laid out in the functions table.
Because as much as its my first time using IDA, I am not overly familiar with the application myself, and I am sure there are others out there who feel the same way.
Not sure how to do that Sir.
the only tutorial that actually helped me, thank you
Hello sir
In ida process options in parameter box
Which command I should write ??
Hi Abdo, Which part of the video are you referring to?
Hello. Is it necessary to buy the professional version of Ida Pro? Is the free Ida debugger enough to debug hung processes on a Windows system? I work as a user support engineer and the user freezes the scanning program for 10 minutes and then continues to work. Stops at the win32u!usermsgwaitmultipleobjects function. How do I know what the scanning program is waiting for?
I think, in your case, try using dedicated debuggers like windbg or xdbg. IDA's debugger is not that powerful as compared to windbg or xdbg. In a debugger you can step through the function call and inspect the memory in realtime and see what the scanning program is waiting for. Windbg is microsoft's specialized debugger for debugging low level kernel and system processes and is very powerful. xdbg is for general purpose debugging. Good luck!
@@PaulChin20 Thank you so much for answering my question, because I have been trying to debug a Windows system for several years now. I work in user support and if the program freezes or consumes a lot of resources, I become helpless))) Did I understand correctly that all problems in the system can be solved with a debugger? The disassembler is probably made for something else... I'm reading the book "Windows internals". What other resources can I read about debugging?
@@Anton_Zh Windows internals is a good start. Also here is some microsoft tutorial on windbg debugger: docs.microsoft.com/en-us/windows-hardware/drivers/debugger/getting-started-with-windbg
1:24, how to set that flowchart view? You said "analyse", but didn't show how to. May I know exactly how to "analyse" please?
When you open the crackme, IDA will auto-analyze it. That is what I meant when I said analyze. Thanks for watching my videos!
How can I contact you for a little help??
You can post your question here. Thanks!
The software im trying to crack its a setup file it will work the same ? and i cant find the string i need
Not sure. I have not tried cracking a setup file before. I normally install it first, and then crack the installed file.
@@PaulChin20 the software its behind a setup file and the setup file require a password in the installer
Oh I see. You could try to crack the setup file then. Use xdbg.
Quite cool. Yet sometimes there is nothing in "strings" view to be found directly.
What if the code piece i find doesn't show that diagram?
I'm kinda stuck trying to bypass a process
Can you help me in licensing part, I bypassed but some errors
Sorry Raheem, I am not available to do projects. But you can take my course and learn how to do it: crackinglessons.com/learn Try the CSP course
When I press Assemble, the assemble window does not pop up, any solutions?
great video!
Thank You Mr Paul
How do i analize????
Hello I am super new to this and how do you know to change it to jz or jnz? and I was planning on buying the "Reverse Engineering: IDA For Beginners" and I have no knowledge on asm you think I should get it as a beginner?
jz = if(x==0){jmp}
jnz = if(x!=0){jmp}
hello Sir i want crack cara professional software any tips
Hi Paul.. if you have something like this mov esp, ebp in X32bg it tells you that it is too big if you change it to mov esp, ep , how can you do that in IDA ? and how would i know if something is too big? Thank you
I assume you are referring to assembling an instruction which overwrites the following instructions. If such is the case, you can know because in xdbg, you can click on the left check box of the assembly dialog to make sure it is same size. If it is bigger there will be a warning. But for ida i have not tried assembling anything which overrides the subsequent instructions. Maybe you can try and see if there is any warning messages?
@@PaulChin20 let me try and see what happens. I will report back. I like x32bg better for editing, but it seems harder to trace something
@@perrykappetein9685 Thanks Perry!
@@PaulChin20 so did play wit it, and found the following.
if I want to change it to another value, it will keep giving me an error , that i cannot do that.
if I want to NOP it. I don't need to find out the bytes. if I nop a move eax, eax it will show below the leftovers in yellow, that i need to nop as well. but as far chaning a test eax , 0 to test eax, 1 or anything else, it wont let you.
@@perrykappetein9685 Thanks for the sharing Perry!
Have your update version of IDA Pro? If have pls give me link.
hey Im a big fan of yours. but I have some question to ask and it's private. Where can I do that? I try to go to your site to ask but I don't find any option to do it.
You could PM me in Udemy or in crackinglessons.com after logging in with an account.
Hi, there is a program tied to bitcoin payment, how to bypass payment, thanks
Hi, thanks for viewing my videos. I haven't tried bitcoin before.
The problem that I'm having is that I don't know what all of the Assembly Language ('eax', 'ecx', 'mov', 'jne', 'jmp', 'xor', etc., etc.) means. I think in order to fully comprehend how to use IDA Pro, x64dbg, OllyDBG, Binary Ninja, etc., etc., a person should first learn some basics about Assembly Language. Do you have any training on this topic?
Sorry, I do not have specific courses for assembly language. You learn as you go along. It is more practical that way. Otherwise, many students will get turned off (boring) by too much background info or theory.
Hey, so there’s a game I play and with jailbreak I can change the abilities with flex when I go to heap objects, how would I go about it in IDA?
For hacking games, usually we use Cheat Engine. It can trace values like health, score, ammo etc, in real-time and allows you to modify those values.
Hi Sir,
i have an old dos application (cooling tower calculation program). The problem is it runs on my xp but when i run it via emulator (dosbox) in win 10 i get an error saying
"This program is copy protected. Use Install To copy It"..
The license folder (AX NF ZZ) is stored as hidden on c dive in xp. Is there anyway that to make DOSBox check the license folder... Or can we use ida pro to remove the attrib checks from the exe itself ?
This is what one of a member from different forum told me..
- Dosbox can't see the hidden files, because DosBox doesn't support long filenames, ie filenames with a space in them for example, and the directory where the files are is named "AX NF ZZ" and has spaces
- And even if it could see the directory, DosBox doesn't support hidden/system files either, and there's a check to see if the files are hidden in the code.
He changed the folder name to AX_NF_ZZ in the code, and removed the attribute checks. Because some of the code was encrypted and it worked for him.. Unfortunately that was his last post and dint here from him again lol my bad luck.
I somehow want this application to run in dosbox for my college project..
Application File - easyupload.io/uw7fwj
If any one could help would be gr8full..
Thanks ..
Regards..
Sorry Sam, I am not sure how to solve the problems that you are facing. It appears that dosbox is some kind of virtual machine and you are running a dos program inside it. I am not sure how to crack the dos program inside the virtual machine, since I think xdbg would not be able to penetrate the dosbox and disassemble the dos program within it.
The newer versions of IDA Free don't support DOS executables, you're best bet is to use the Freeware version of IDA 5.
@@ronin7771 Thanks for the tip Ronin.
Hello sir. Sir I have a problem while patching. The software which I am trying to patch requires internet for activation. And when I search the messagebox in the search section. There are no results. What can be the problem.
You can use the call stack method. In xdbg, after the message box shows. Pause. Then go to the Call Stack Tab. Check all the functions from the top - one by one until you get to the caller of the MessageBox. One of my courses teach you how to do this: www.udemy.com/course/reverse-engineer-window-program/?couponCode=RE2JUL7
@@PaulChin20 Thank you Soo much sir
Hello, I have trying to he same to LISCAD 2021, but seems it is too complicated for any debugger. Could you please help me out.
Sir how to change click button mechanism in game? If we click inventory in game, can we change it to open shop?
Please reply us sir! Thanks
Theoretically it is possible, provided there is no protection mechanism. You need a debugger, eg, xdbg. Once the click on the button, pause the debugger and goto the call stack - one of the addresses from the top is the call-back function. Use that technique for the open shop button first - then note down the address of the call-back function. Then, repeat for the inventory button - note the call back function - then patch it to jump to the open shop function instead.
@@PaulChin20 omg thanks I’m gonna try your method sir
@@jibril2810 Welcome Jibril.
Very clear explanation thank you
How can we get online help.
We need some help.
You could post here or in the Udemy Q & A, or in my CSL/CSP forum in my website crackinglessons.com
@@PaulChin20 OK, we have already posted in crackinglesson.com on 20/05/2021 as Vivek maurya
@@New_CarCare Thanks, I believe it has been answered by Identity.
Hello sir Chin very good all your courses on Udemy and cracking lessons. I'm a fan :) . I would be interested in a course on exploit development made by you. Buffer overflow ...
Thanks for enrolling in my courses David. I will keep your suggestion in view for future plans.
Can you help me? IDA shows an error when I click ARM. Great video!
I want to extract the URL vedio from the program. How?
You can try using PEstudio to open the program. It will list all the strings it finds, including urls. You can download PeStudio here: www.winitor.com/download
@@PaulChin20 Thank you. But the way is complicated and needs time and I have to take the URL In a short time.
App exe and weak protection
I want a quick way or program to take.URL A lot of research in Google, and I couldn't find a way.
@@mr7mood357 Have you tried PEstudio as I have suggested? It is very fast. The strings a listed automatically. And you can scroll to down the list to see the urls.
thanks!
Welcome Kelvin!
Awesome, you helped me a lot. :-)
Glad to hear that Metalmelborn! Thanks for watching my videos!
thank you very much
I was searching how can I save the modifications to the file at the end of the patch
Thanks
You are welcome Sir!
IDA pro is god
Graph mode is beautiful!!
Anyway, I enjoyed the video well :D
Thanks!
password is not correct!!
The password is crackinglessons.com
can you make other but this time whit super anti spIware?
Thanks for your request. I will keep it in view.
Thanks! password of zip?
The unzip password is: crackinglessons.com
what the heck password is not working
Hello, Can you help me to crack a program?
Give me a means of communication so I can talk to you (it can be a social network)
Sorry, I do not provide cracking services.
Very interesting sir and very powerful explanation I would love to see you doing a crack me challange written by pc soft windev because it has an other method and encrypted which don't show strings and make it little hard to reverse if you want I would send u a crack me exe file
9
9
9
o9ò
ò
I
Hello sir I need ur contact to share my problem I need ur help.
You can post your problem here dxerah.
@@PaulChin20 how I remove a messagebox but the string doesn't find out.
sir , how to bypass online login software
One way is to use HTTP Analyzer (http-analyzer.en.softonic.com/) to monitor the traffic to the server as well as the response from the server. Then block the server by redirecting it to localhost using the hosts file in windows (www.freecodecamp.org/news/how-to-find-and-edit-a-windows-hosts-file/). Then use xdbg call stack method to trace the serial key check function. Look for the jump that decides if the response from server is correct. Then reverse the logic and patch it. You can learn to do this in the CSP course: crackinglessons.com/learn
Hi paul
where can i find this course in udemy, which series?
regards
When try to download the zip this message:
Error 503 Backend is unhealthy
Backend is unhealthy
Guru Mediation:
Details: cache-ams12738-AMS 1625231254 1813159633
Varnish cache server
The error is gone, file can be dowloaded now.
@@harrylakkerderrie8696 Glad to hear it has worked out!
Hello Paul Chin, best regards. brother, how can I contact you? I need to talk with you
I am also on facebook: facebook.com/paul.chin.penang
👌👌👌👌👌👌👌🙏🙏🙏🙏🙏🙏🙏
Martin Cynthia Wilson Sarah Wilson Donna
Have challenge for you, accept?
Nice video, I have software which authenticate on internet then login. Its also time limited one year. Could you please help in this regard to bypass its date and time limit activity.
Smith Shirley Thompson Amy Miller Shirley
can you give me your mail thanks
Sorry I cannot post emails here for fear of spamming. You can contact me here, or through the forums in crackinglessons.com/learn and also in Udemy messaging. Thanks
I am enjoying your instruction here but I am have a problem with the CrackMe.zip. Norton Antivirus deletes the file every time because of of this ----->Heur.AdvMLB. What's up with this A? You seem like a very likeable guy, I don't think you would try to bug my computer on purpose????
It's a false positive. Use a virtual machine to open it. Once you open it with IDA or x64dbg, you can see for yourself that it is not a malware.