|
|
#1
08-30-2003, 21:23
|
|||
|
|||
|
Packed or not?
Ok, I just got an interesting software:
hxxp://www.chromix.com/ColorThink/windowsdownload.cxsa?-session=tx:8477D52A7B1C4A4C25271B6405566AA7 Protection is User name + SN. If I hexedit the main exe, I can fine strings like "Demo mode" or "SN entered is invalid". But if I load this file in IDA, I get nothing. No Demo string, no invalid SN string. Any idea what the hell is going on? 
|
|
#2
08-30-2003, 23:20
|
|||
|
|||
|
If the program doesn't have straight references to these ASCIIs You won't find them in any decompiler/disassembler. It can be a form/dialog etc.
Then You won't find anything - even if You mark these ASCIIs as a string under IDA You won't get any references. If You have readed these strings it's not packed.
|
|
#3
08-31-2003, 00:20
|
|||
|
|||
|
Actually, I think you're right. Hexview is full of TForm and TButton. It's a RealBasic program, and the main exe is importing some RealBasic plugins.
My problem is that I have no string references in wdasm/ida. Also, registration dialog have 3 buttons: Quit, Demo and Proceed. Proceed button is active only if you enter the correct sn. So, there is no way to enter a dummy sn, press Proceed, and then bpx on usual breakpoints. I try to locate this nag screen, but the program is full of call xxxxxx followed by jz/jnz/jnb xxxxxx, and you know how much this is annoying for a beginner :-( Anyway, thx. for your kind reply.
|
|
#4
08-31-2003, 01:33
|
|||
|
|||
|
You can always stop the program during loading (e.g. GetModuleHandle/GetCommandLine/LoadLibrary etc.) then search memory for "Demo" string, next put breakpoint on read memory access (BPM) on that string, then trace-back the program to see what fragment is responsible for calling this function, etc...
Uff.... I'm only dreaming, since I don't have this app and time to crack it.... Regards.
|
|
#5
08-31-2003, 20:00
|
|||
|
|||
|
I think I had a dream.....
A very deep dream..... It was a vision of something..... Something I can't understand..... It was a very, very old picture..... I think it was Pharaon saying to me..... He said: User name: thanks God dyn!o was borned Serial number: CCT-d7a369-59b9d0-bc3b19-200W What does he mean? Am I the chosen one?
|
|
#6
09-01-2003, 07:58
|
|||
|
|||
|
Salutations Dynio,
You are indeed the heroic one, an icon for us all!
|
|
#7
09-01-2003, 14:52
|
|||
|
|||
|
Thanks a lot dynio, it's working fine. But my goal here is to learn something, not to use "ready made" cracks.
So, if you are so kind and have time to write for ma a little tutorial on how you did it, this will be more appreciated. If not, thank you anyway for your kindness.
|
|
#8
09-01-2003, 14:59
|
|||
|
|||
|
Ok. that was a quick one so check Your PM...
Regards.
|
|
#9
09-01-2003, 18:11
|
|||
|
|||
|
Thanks man, it was very easy to get the right code. But this hapens when you're a beginner and you don't set the right bpx :-)
Cheers
|
|
#10
09-01-2003, 23:13
|
|||
|
|||
|
balauru is there anyway that i can have the tut also i am also a newbie and want to try everything.
Thanks in advance. If you want u can sent it to: [email protected] ysco.
|
|
#11
09-02-2003, 02:07
|
|||
|
|||
|
Can you send me the tut also please on pm
|
|
#12
09-02-2003, 12:38
|
|||
|
|||
|
Hi I am interested in the tut also if it is available
R@dier
|
|
#13
09-02-2003, 19:35
|
||||
|
||||
|
i think this is good stuff... could i have it too, please??
TIA MaRKuS TH-DJM
|
|
#14
09-03-2003, 02:08
|
|||
|
|||
|
Quote:
Dynio you are master 
|
|
#15
09-03-2003, 21:33
|
|||
|
|||
|
Hi;
Please send it to me too. thanks
|
 |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| How to SMC a packed ocx file? | killl | General Discussion | 1 | 08-22-2005 23:55 |
Linear Mode
