tsehp
January 26th, 2001, 17:36
vgb (01-25-2001 15:07):
[QUOTE]
+Tsehp (01-25-2001 08:43):
**How to get this info from Boundschecker? When I run the trial and try to get info by clicking on an event, bc aborts. How does the sysprs7.dll ( bcb5 version) figure in this? I RTFM on Boundschecker but I don't see the answer.
Finally, the code below is found in what file? The bcb.exe, a dll,??
Let's see:
_0000010:004D6900 sub esp, 0CCh
_0000010:004D6906 lea eax, [esp+0CCh+var_BC]
_0000010:004D690A push esi
_0000010:004D690B push eax
_0000010:004D690C call ds:GetLocalTime
Thanx for the help,
vgb
Ok I understand wher the problem is, you didn't saw the line on my essay : copied from macillaci's essay

So you cannot find timefix because his essay was on another sentinel
target.
Lets get to it, it's very simple if you know that a time based protection
needs to have the number of days spent since the first install.
So you start the target with boundschecker, using the main exe,
then after it was loaded, look at the log file and you will locate all
the getlocaltime / getsystemtime used by the target before it decided
to load, the job is to locate the good one by tracing further in the
code.
On the listing you pasted, you must look after how the target uses
the values given by the getlocaltime function, then you emulate inputs
meaning you patch the code the force the registers to always contain
legal time values, calculated while you were into the trial period :
_0000010:004DBD76 mov esi, 38820632h
_0000010:004DBD7B mov edx, 0BC2C84B2h
_0000010:004DBD80 nop
those values comes from softice, still on the time trial period, so your target runs forever.