Hi all

I need a little help with cracking PaintShop Pro ver 7 (trial). I am a newbie but have cracked quite a few progs with s/n protection. PaintShop pro is very different for me as it uses a completely different protection - it's a 30 day trial, with no s/n to enter.

This is probably an easy protection to crack, but not having attempted any kind of time limit protections, it's giving me a little trouble!
I've been setting a bpx on GetSystemTime, hoping that maybe the prog checks the date just after the call. GetSystemTime appears to be called from a file called "MCF.RTL" or something similar. When I hit F12 and return to the main prog I can find no sign of any data related to today's date anywhere.

Am I going in the right direction here? will I find the protection code by using such a breakpoint or should I be breaking on something else?

Can someone (especially someone who has already cracked the prog) please point me in the right direction. I'm not looking for an answer outlining the exact place (offset) where I should patch the prog, as I want to discover that myself. However I do need some kind of guidence because I'm just thrashing around in the dark at the moment!

Any help will be greatly appreciated

Thanks in advance
xOptiMus

Hi there,
I reversed the program a while ago. A hint: enter the program in the sice loader. When sice breaks at the beginning of the executed code, why not try a bpx loadimage? Paintshop uses this function (among others) to paint/load the opening nag screen. The nag screen reveals some text on yellow background. This text changes when the trial period is over. After Sice breaks on loadimage, why not try to trace back for a while and see where you end up?
The nag screen itself may also be removed in this version of Paintshop (without disableing some of the functions).
Good luck,

Or try this:
Enter Paintshop in the Sice loader. When you’re at the beginning of the code, you may try a bpx postquitmessage. ( To get the full potential of this approach, your copy of Paintshop must be expired). When Sice breaks, just hit F12 until you reach psp.exe code for the second time. You should by then be right after a call to Updatewindow. You are now in the middle of a call that runs/builds/loads the nag screen. If you just get out of the call, and then re-enter the call, I’m sure you will see a way to get rid of the nag screen. Now, if you do this correctly, you will also get rid of the time limitation at the same time.
If you only want to get rid of the time limitation, but keep the nag, just run the program until the expired nag shows. Enter a bpx destroywindow in Sice and then hit the quit button. When Sice breaks, get rid of the breakpoint, and start tracing backwards. Quite soon you will get to a point in the code where you will see some jle-instructions. This is where you can manipulate the program to never expire.
Hope this helps…
Regards,
Hobgoblin

Hi there Hobgoblin,

Thanks very much for your help, i really do appreciate it! I'v been struggling for some time now. I've not heard of any of those breakpoints that you mentioned so I'll try all of them.

I would have been lost without those bpx's because that's just what I needed - bearings, a good reference point. I knew there must be somthing that Sice could break on, I just could'nt find it!

I think if there is a lack of knowledge in reversing tutorials, then it is the knowledge that would teach us how to isolate the lines of code that correspond to whatever object we whish to manipulate, ie a menu selection, an OK button, a window, or whatever. To be able to isolate the code that relates to these objects efficiently, is I think, just as important, if not more so, than the actual "cracking" of a program.

Thanks again Hobgoblin you've helped me enormously

xOptiMus