Log in

View Full Version : Cracking Delphi Components ? Any tips ? please


DeViaN
April 15th, 2007, 11:58
Hello everybody.
I tried to find any way to crack demo protected (nag screen) components,but without success.
Can anybody give me any tips where to search ??? in .bpl or .dcu ?

Thank you so much.

Lol Now I found out that .bpl is PE and i can be packed/protected too....

FrankRizzo
April 15th, 2007, 14:56
It just goes without saying that you should use DeDe to have a look at it, and from there, it's just a simple matter of searching through the dead-listing, and trying out a patch or two.

Of course, knowing a little bit about how windows events work will help. If they put up a nice text box, or dialog box to tell you that it's unregistered, then you'll want to look at the resources, and references to them in the code as your "way in".

DeViaN
April 15th, 2007, 15:10
Oh,I found out that .bpl (dll) package is packed with compressor..... Please can you give me a tip how to unpack it ???
Because its not pe file,I cannot load this file as process

Woodmann
April 15th, 2007, 23:38
Ummmmm.......

This is so very close to getting deleted.
Why dont you tell us more.

Have you tried DeDe? If you have, show us some code concerning your problem. What is the "compressor"?

Woodmann

DeViaN
April 16th, 2007, 15:49
Oh sorry,excuse me.... I am not English native speaker

Yep I tried Dede.... Its able to decompile .bpl packages.... but first of all I need to unpack it

Packer is Mew 1.1 SE ....I tried to unpack it with olly script..its like dll,but dll loader not working for it.

Thank you for your help.

Edit: I promise to tell you more next time.... really.

Edit2: Also,I read this article:
hxxp://www.reversing.be/article.php?story=20050804204446290
But there is nothing about unpacking..... and over net,there is no many (maybe nothing) information about delphi packages.

LLXX
April 16th, 2007, 23:57
...

They're cracked just like everything else. Change a jump or two.

And judging by your experience from your Post, you should really be unpacking manually.

blurcode
April 17th, 2007, 03:06
If you compile your target with runtime libraries you attack the .bpl if you compile without you attack the .dcu

To attack the .dcu compile a test application with the component that is protected.
As mentioned (somewhere), FindWindow API is your start. You patch the test app to remove the protection. Then you need to compare the compiled test application with the .dcu and find those patches you did to remove the protection, you will have to apply them with a hex editor (i normally have to change a byte to make it jump, a JE (74h to E9h or 75h to E9h)).

.bpl is to be used inside IDE, i personally dont use any protected .bpl since you will end getting a lot of access violations inside Delphi.
To unpack the .bpl you need to do it when IDE loads it. Since it is a "special" dll you will also need to fix the relocations after unpack if needed, so you will have to unpack it twice with different Image Base address and use ReloX tool.

Good luck.

DeViaN
April 18th, 2007, 09:46
Oh my god I managed it.... thank you guys.... especially to blurcode

Thank you again

(Dcu32Int helps me)