Hello

First of all i have to say Hello

Im really a Newbie with Debuggers.

I want create a new Sentinel LM License File for my Programm which is Sentinel LM license protected.

So far so good.
I ve patched /created succeasfully my Winlscgen.exe, and i have a valid Vendor ID.

I set the Breakpoints in Ollydbg like described here:
http://www.woodmann.com/crackz/Tutorials/Wlscgen.htm

i changed Registers for both Breakpoints and i can log in to Wlscgen.

But now i dont know how i can "find" and use/change the Memory Addresss in Ollydbg or IDA Pro ?

Please, can you help a Newbie ?

Would be gerat

crowley

PS My English is not good, Sorry

So.

Did you patch the dongle calls?

And if so, was it for the version that protects your app?

Have Phun

Hi

Thank you

Yes, i have. It was done with the correct Vendor ID (1191) from the lservc from my App

1.catched the Vendor ID (1191)with slmdec103 (Sentinel LM Version 6.0 detected)
2. slmkit to patch undongle wlscgen.exe
3. load Wlscgen.exe in IDA
4. Set Breakpoints as i found here in the Table
http://www.woodmann.com/crackz/Tutorials/Wlscgen.htm
4. Start Process and the WLScgen.exe will start
5. Run Process again and the WLSCgen Login Windows appears, press Ok.
Its stops again at Breakpoint Address 00414746 where i edit the EAX Register to 0x00000000
6. Run Process again and the edit EDX Register at Breakpoint 004147EE to
0x00000001

Thats what i have now ....

The next Step is to edit the Memory Address [00574199] to 0x43000001

But i dont find it in IDA (and Ollydbg)and i dont know how and where ?


I hope you can help me Its realy hard to understand for a Newbie...but so simple and done in a few Seconds-Minutes for a Pro

Edit the memory directly? or have the value placed into memory by the process? The former is easy in Olly just open the memory window, (blue M on the toolbar), double click on the segment containing that address, control g, type the address, hit enter and then highlight it and do a hex replace - the latter is a little more complicated, it can also be done in the cpu window by going to the address - follow in dump etc....

SiGiNT

Thats what i did..but i cant find [00574199]

Mhhh ,maybe i dont have this Value ? I cant find 0x43000000 it at 00574199
In IDA in IDA View i have byte_574199 at 00574199 ?

I afraid i dont get it....please help.


EDITT I have it ...it was simple.
The Problem was windows 7 x64..

Now i have to hardcode the Vendor ID, thats the hard Part
But i think i cant do it...mybe with a quick Tutorila like press Button x, goto xxxxx, looke there, change that and voila. But i dont understand teh Sense behind.
I really hope somebody help me

keep in reading the tutz froms Crackz's Site, sooner or later you'll understand by yourserlf.

ofcourse....sooner or "later"
I mean im interested in many very complex Things like Audio/Video de/encoding/editing etc, but this Reverese E. Stuff is the hardest from all what i have done until now.

Hehe, yeah, but it's all about motivation. And the "mentality" of this forum is to ensure that users at least tried to get and understand all the available information. Sorry for offtopic

wow..i think i have it...

I xored my speciifc Vendor ID Value....
Tutorial = Our Patch "Word"
Done, just hard-coded the WORD to the file. After that, our Wlscgen.exe VendorID is 09FE

What does it mean hardcoded to file ? should i overwrite the wlscgen.exe in olly with copy/to file ? Create a new File ?
Palyer can you tell the last Step ?

Just use your head and your tools, Where are you seeing the vendor I.D., is it being placed there or is it static, if it's being placed in memory, put a memory break point on write at that location, (before it's being put there), that will break on the routine that's writing it, can you change that?? Is it hard coded in the disassembly? can you change that? - Just think instead of asking.

SiGiNT

Ok

Or i can simply edit the original AE80C3C4
to the fixed Value in Ultaredit it works.
However.. im not ready!

I dont know the Step with the VLM_morphId.
The Tut is a bit unclear for a Newbiw and also i have only my School English which is bad

I dont know how he gets this Value ?!
3. VLM_morphId(C04AADEA) = AE805

How do i have to calculate it ?

A little bit help please ? It was all my own work,maybe you help me now ?

Have you tried Google?? A Google of VLM_morphid yielded:

Excerpt:

In my case The VendorId is 43B7 : ( you can message me for the program name)
1. 43B7 xor 373E4064 = 373E03D3
2. 373E03D3 xor F774E470 = C04AE7A3
3. VLM_morphId(C04AE7A3) = AE847034

I'll let you do your own work.

Tutorials are only guidelines not meant as step by step cracking instructions, expect different values.

SiGiNT

yes, ofcourse...i know this Links and i use a xor calculator for it an i can calculate/reproduce the all the Values. Also for my own Vendor id

What i dont know is how does he come from VLM_morphId(C04AE7A3)to AE847034 to ?
C04AE7A3 to AE847034 Its not a xor calculation ?
I think theres something i still dont understand

I could simply change the AE847034 to the Value for my Vendor ID (1191) with Ultraedit as soon i understand it fully

However..i will get it

EDIT : I have it...
"EAX will hold the Result"

EDIT 2

IT WORKS! Ive succesfully activated my Programm with my License Code
So ive cracked this Sentinel LM Programm . "Wow"..it was a lot of hard work and reading over the last Week.
Thx for this great Forum/Site...

@Crowley: see.. finally you find it..

yep.. im proud Its easy when you know what youre doing. However.

Next Step is Hardlock Emulation

All you needed was a little prodding to use your head!! - we won't hold your hand here! Or do your work for you, our goal here is to teach you how to learn, not to be your instructors - I'm sure you feel you've accomplished far more this way rather then us telling you how to do it, my sig is a not meant to be taken literally, it's satire - CONGRATS!!

And a little more information would have been helpful, rather than telling me after I google it and post it - always show your work.

SiGiNT

VLM_morphid is a function and not an assembler instruction, so it's depedency specific and the question would have not be answered easily or sensibly.