Tutorial on W32Dasm!
By Krobar

Nov 1999

Here a quick tut on how to start off with W32dasm.



First we gotta install it. Just make a directory and unzip in it....could be
C:\W32dasm, or like me, C:\Program files\W32dasm. Dont bury it too deep in lots of directories because you may get problems disassembling.

Once you got it unzipped just click on the w32dasm.exe and W32dasm open...better to have full screen view if it doesnt automatically open like this.
Now you looking at a screen with menu and buttons.

To open a file to disassemble you can either go to Disassembler menu (thats top left) and click 'open file to disassemble', or click on the 'open file to disassemble' button (top left but directly below the menu option):

In the message box that appears, just scroll round till you find the program you want (in our case it gonna be crackme1.exe) and click open.
Depending on the size of the file...could happen quick, or take a while...it'll disassemble. Just wait till it finishes.

You now got a whole 'dead listing' of the programs code, and you should be able to follow the tuts you find that use this tool.

If you look along the top you see a row of menu items and below these a row of buttons. A few of the buttons you should get familiar with are:

  • 'Strn ReF' button..second in from the right. This button is mentioned quite regularly in tuts to search for string references in program. Click this button and a box with 'strings of text' that are used in the program is displayed...like 'register', 'invalid serial number', etc. Double click a line and you'll jump to the place in the code that that line is. (Note, not all programs have string references):



  • 'Jump To' and 'Ret JMP' buttons..near the middle. Used for following jumps and returning from them. There also hotkeys for these functions. Right arrow key follows a jump...Ctrl and left arrow key returns from the jump (to follow a jump the line in the code has to be highlighted).
  • 'Call' and 'RET' buttons.. to the right of the 'RET JMP' button. Used for following and returning from calls. Also hotkeys. Right arrow key to follow a call...left arrow key to return.

Note: these buttons will 'light up' when they are useable.

Another function you use quite often is the 'Goto' menu...along the top about halfway. Click on this menu item and you get four options, but probably the one you use most is 'Goto Code Location'...the last of the four. Click this option and a box appears. Type in the code location, (obviously only if you know it) click ok, and you be taken to that line of code. Shift/F12 also brings up this box:

There one more thing I explain coz a lot of tuts mention it. This is the offset. Once you found the relevant bit of code that you think you got to change you highlight the line, then look down bottom and you'll see this:

See right at bottom: 'Line 896 Pg 11 of 32 Code Data @ blah blah @ Offset 00001595h. What we interested in is Offset 00001595h... Forget the zeros at the beginning, and the h at the end means hex. Take note of the remaining numbers...1595...that the offset. Thats the number we put in hiew to take us to that piece of code we want to change.

Anyway, get used to this program coz a lot of tuts use it.