Hello!
As you see, this strange way of working (when target is rebuilded) is one of the things I am willing to fix, this that ask you for a certain file that apparently is available for the program.
But I am only researching the code of the original program, in order to restore it, as you would get it if no protection was applied.
That means, I would like to rebuild a code without any piece of protection, as the original program did. It is my goal.
So, the question is: is it neccesary, in order to the rebuilded program be working, decrypting that code?
I think: no.
In other hand, I guess that encrypted code is dumped too with my rebuilder, but I haven't checked this point.
When I have traced (in OllyDbg, only possible from the beginning of the execution with Hidedebugger plugin, shared in another Thread of this forum) I have found things such "License", ".lic", and so on, all related to AM registration. I was thinking it would be interesting extracting the way how the registration was done. But this is another line of research. Maybe when fixed all the changes applied by the AM protector, it would be due taking this issue.
Of course, in every PC you need a different AM registration code, stated that register keys that controls the time expiration are different for every computer. Maybe it is dealing with Volume_id, FreeSpaceDisk, or similar, to get the unique code for each PC, as you can find in mounts of programs.
<"Woud calling <redirected CreateFile>, <redirected ReadFile>, <redirected CloseHandle> and <redirected WriteFile> directly help? (I only used fopen etc because they are there and easier to work with)">
jonwil, I do not understand this sentence, could you explain what this question means, just a little?
Cheers!
Nacho_dj