Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page DVDRegionFree 3.25 Stolen bytes
Register Forum Rules FAQ Calendar

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 01-04-2004, 20:37
MaRKuS-DJM's Avatar
MaRKuS-DJM MaRKuS-DJM is offline
Cracker + Unpacker
  
Join Date: Aug 2003
Location: Virtual World / Network
Posts: 553
Rept. Given: 7
Rept. Rcvd 6 Times in 4 Posts
Thanks Given: 3
Thanks Rcvd at 16 Times in 10 Posts
MaRKuS-DJM Reputation: 6
DVDRegionFree 3.25 Stolen bytes
it was easy to find OEP + fix IAT. but i have problems with stolen bytes. i know, i must look at the stack, but i've found only the first startup bytes

push ebp
mov ebp,esp
push 0
push 421D08
push 41B640

then i got stuck (now there should be references to aspr-code which is removed)
Reply With Quote
  #2  
Old 01-04-2004, 23:02
Peter[Pan]
 
Posts: n/a
Its a visual C++ App, just copy and paste a startup routine from another visual C++ app, the only part u needs, is the part you found:

but the PUSH 0 should be PUSH -1

watch

from a app i found in my hard drive

Code:
00896F9E >/$ 55             PUSH EBP
00896F9F  |. 8BEC           MOV EBP,ESP
00896FA1  |. 6A FF          PUSH -1
00896FA3  |. 68 40CAA700    PUSH 00A7CA40
00896FA8  |. 68 44718900    PUSH 00897144
00896FAD  |. 64:A1 00000000 MOV EAX,DWORD PTR FS:[0]
00896FB3  |. 50             PUSH EAX
00896FB4  |. 64:8925 000000>MOV DWORD PTR FS:[0],ESP
00896FBB  |. 83EC 68        SUB ESP,68
00896FBE  |. 53             PUSH EBX
00896FBF  |. 56             PUSH ESI
00896FC0  |. 57             PUSH EDI
00896FC1  |. 8965 E8        MOV DWORD PTR SS:[EBP-18],ESP
00896FC4  |. 33DB           XOR EBX,EBX
00896FC6  |. 895D FC        MOV DWORD PTR SS:[EBP-4],EBX
00896FC9  |. 6A 02          PUSH 2
Bet you cant guess where yours goes ?

Enjoy.

Btw when u patch the Pointer, and it says its Registered , its *NOT* Working still, i didnt get a chance to finish playing with it, but if u use the trial version with a dvd, it will work fine, and with any region, however after dumping / fixing the registration pointer it doesnt work at all, says registered all nags are gone but not working

Maybe britedream wants to take a look at it ?
i dont have time atm.
Reply With Quote
  #3  
Old 01-05-2004, 00:23
lownoise
 
Posts: n/a
stolen bytes
here are the stolen bytes

PUSH EBP
MOV EBP,ESP
PUSH -1
PUSH 421D08
PUSH 41B640
MOV EAX,DWORD PTR FS:[0]
PUSH EAX
MOV DWORD PTR FS:[0],ESP
SUB ESP,68
PUSH EBX
PUSH ESI
PUSH EDI
MOV DWORD PTR SS:[EBP-18],ESP
XOR EBX,EBX
MOV DWORD PTR SS:[EBP-4],EBX
PUSH 2


just do a trace from the last exception when eip is in the code section. If you look in your trace log you'll see the above stolen bytes
Regards lownoise
Reply With Quote
Reply

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
int3 and stolen bytes ! Newbie_Cracker General Discussion 4 03-14-2007 16:48
Damaged stolen bytes *RemedY* General Discussion 9 05-22-2004 16:58
22 stolen bytes? SvensK General Discussion 2 11-06-2003 17:13
ASPR: stolen bytes neccessary?! MaRKuS-DJM General Discussion 2 11-05-2003 09:13


All times are GMT +8. The time now is 06:45.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )