[redbull]

Hi GUys,

I am reversing the latest MobSync 2.0.3. An application which allows you to syncronize a windows mobile phone with files on windows computer. IT has lots of options and a really good tool.

http://doosoft.seesaa.net/

The program is written in Borland C++ 6 (BCB6) and IDA and DEDE seem to do quite well on the target. No packing or protection.

The protection consists of an ID and a password.

It uses Localization software to help you build other languages.

The native EXE is built in the Japanese language and when you run the program it tries to load the language for your region. Eg mobsync.enu (english) mobsync.de (german) etc.

These other files are basically resource DLLs (mobsync.enu).

I have located the Japanese resource strings for "Registered" "Unregistered" etc. And marked them in IDA at the right position.

Problem is the PE file has all its strings in the ".rsrc" section and not ".data" so IDA 5.1 does not link the string to any of its references. So i have no xref's for these strings. I tried various options when analysing the file in IDA with no luck.

I have found the MessageBoxA calls and calls to determine where the serial is read.

But the target is quite tricky because it writes a serial file. <username>.ser2
So I want to make sure I find all the places and patch the target correctly. (Actually I want to keygen it)

My question is really how to get IDA to recognize these strings or how to find the "link" between the strings and their references.

I am not expecting people to do my work for me but I need a push in the right direction.

There is a large table, which I will post the real code later, which could be a clue

Something like:

a425530: db offset_421334 [text, dd_213324]
a425534: db offset_421316 [text, dd_213324]
a425538: db offset_42133A [text, dd_213324] etc

And I and guessing this is where the major work is done.

I want to ideally write an IDA script to map these resources and rename them to their reference strings.