Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   Cannot find text in files (https://forum.exetools.com/showthread.php?t=6384)

MAHMUT 01-13-2005 15:15
Cannot find text in files
 
Hello people. I am a quite newby
I have this program. It's installation procedure with 3 cab files. These file are beeing extractet in the temp directory ( i found all the files).
The extracted files are containing:
1. Some dll's
2. Some bitmaps (used in the inst procedure)
2. One exe (it has actually another extension, but it can be dissasembled)
3 And one ASCII file with all text string that are coming in the messageboxes in the inst procedure
When i open the SETUP.exe in Olly, i cannot use breakpoints because the setup is only for unpacking the cab files. When the installation procedure starts setup is terminated and the files from the temp dir are running.
I don't know how to continue in Olly, because the instal process is already running.
When i dissasemble any file, i could not find the text string "The serial number is incorrect".
The bad thing is when i delete the BITMAPS the are no longer in the messageboxes, but when i delete the ASCII file (that's) containing all the messages (including the "The serial number is incorrect)) the message still appears!!!
I tried to run the extractet files (by copying them to another dir), no succes.
If there is someone with same expirience, please help me.
THNX

Wa||acE 01-13-2005 17:00
Hi there im not too sure but maybe if you check the executable modules window in olly and check the one you are looking for then when you get to the serial not accepted box pause the program in olly with F12 then check the call stack alt+K for a lead back to the program where its checking for the serial.

omidgl 01-13-2005 18:47
MAHMUT : Cracking can't be done by just deleting Text-Message files. You must change the executable codes that is responsible to check the serial and make that message. Or analyzing Serial-Generation routine(function) in the executable file and make it by your own like other KeyGens.

It's better for you to start reading some Tutorials about Analyzing,Debugging and Reverse Engineering tools befor starting to crack.

Regards
OMID

MAHMUT 01-14-2005 03:25
Olly is not running anymore..:(
 
Quote:
Originally Posted by Wa||acE
Hi there im not too sure but maybe if you check the executable modules window in olly and check the one you are looking for then when you get to the serial not accepted box pause the program in olly with F12 then check the call stack alt+K for a lead back to the program where its checking for the serial.
Hello Wallace,


Thank you for repyling,

I will try that. In the meanwhile i managed it to unpack the CAB files (i checked everyone with PEId). I found one DLL, that PEid cannot find any signature.
I loaded this DLL in OLLY, but no text string found.
i tried the same i win32dsam, i found some dialogs, and also the serial number text.

Maybe it's packed.

I will try what you wrote.

THNX again and greetings.
P.S Sorry for my english

dmownz 01-14-2005 15:32
Make sure you search in unicode too. You can use stirngs -e l <filename> for example.

MAHMUT 01-14-2005 20:26
Maybe because of my poor english, you misunderstood me. I didn't expect to crack the program by deleting the text file. I just ment that the text strings (like "the serial number is incorrect") i only found in that text file, and not in any exeutable.
I know that i have to find the code that checks the serial number, but i cannot, because one DLL is 99% encrypted. (Dialog ref. in Win32dsam shows that there are some bytes about serial numbers, but no offsets:(.
Greetings

MAHMUT 01-16-2005 16:24
Little help (at the end)...
 
After reading the RCEarchive i decompiled the Setup.ins with ISdoc122. I found some text about serial, it's like that:

label101:
lString6 = SUPPORTDIR ^ "lcnsinfo.bmp";
DialogSetInfo(1, lString6, 0);
StrLoadString("", "TEXT_ENTER_SERIAL_TITLE", lString0);
StrLoadString("", "TEXT_ENTER_SERIAL", lString1);
lString2 = string4;
StrLoadString("", "TEXT_SERIAL", lString6);
function16(lString0, lString1, lString6, lString2);
lNumber0 = LAST_RESULT;
lNumber2 = lNumber0 = 12;
if (lNumber2 = 0) then
goto label103;
endif;
return(lNumber0);
StrLength(lString2);
lNumber1 = LAST_RESULT;
lNumber2 = lNumber1 != 17;
GetByte(lNumber3, lString2, 3);
lNumber3 = lNumber3 != 45;
lNumber2 = lNumber2 || lNumber3;
GetByte(lNumber3, lString2, 6);
lNumber3 = lNumber3 != 45;
lNumber2 = lNumber2 || lNumber3;
GetByte(lNumber3, lString2, 11);
lNumber3 = lNumber3 != 45;
lNumber2 = lNumber2 || lNumber3;
if (lNumber2 = 0) then
goto label104;
endif;
StrLoadString("", "ERROR_SERIAL_WRONG", lString6);
Sprintf(lString5, "%s (%#lx)", lString6, -534863864);
MessageBox(lString5, -65535);
return(0);

Can anyone help me furthe how to get to the serial?

Thanx in advance

Mahmut

MAHMUT 01-19-2005 16:09
I solved the problem!!!
 
Hello guys!

I opened the setup.ins in a hex editor, and found the string WRONG SERIAL NUMBER. Before that there was a conditional jump (in hex 95), i changed that in uncond. jump (96) and the progi accepted any serial number i have entered.

If someone wants more detailed descripiton, no pro.

Greetings


All times are GMT +8. The time now is 11:57.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX