I want to kill the 30-day limit of an asp-protected file
by patching the memory..The problem is that i can't find where, or with what, the comparing is done.
I think the comparing is done before the prog is unpacked.

Any experience with this, without unpacking the file ??

Spekkel.......

Try RegQueryValueExA and monitor for a HKEY/ROOT/CLSID entry. Some versions of Asp "hide" the install date info in here as a short cryptic string and check it during unpacking.

Hi Kayaker,

Yep found it !!

Thanks you, the proggie now runs for ever by patching
the memory (just two bytes).
btw. after day-limit a clsid key is made, after calling this key a test eax,eax and setz bl does the comparing.

Greetings.........SpeKKeL.......

Hi Spekkel,

An in-line memory patch on an Asprotect time limit. Nice job. (Might make a nice tut y'know hint, hint

Regards,
Kayaker

Hi SpeKKel,

Yes a tut would be great. I am 'revirginating' my discompress.com site
thanks to +Tsehp & Woodmann and have a section on in-line patching. I made a few tuts for ASpack & Shrinker. But a current ASprotect fix would be useful

What ya think ?

SplAj

Well don't think my tut would be so verry special because i am not so experienced as a lot of other crackers on this board!!

I'am intending to make a better patch and also try to by-pass the " protection error " messagebox witch will
appear sometimes when you try to make some other patches (it didn't troubled me this time).

So when i bring this to a succes , and i really understand what i have done!!> yep......i could write a tut.

btw: I didn't exactly made an inline patch but used risc's rpp 1.5....

Regards.........SpeKKeL.

Hmmm, memory patching is helpful techniques, but I hate loaders...
As You know - ASPr v1.1+ encrypt OEP with CRC of few code parts, and not so easy to patch this shit...
But I found big essay (written by strange russian dude) about direct patching program protected by ASProtect v1.1. Loocks nice
Here is it: http://www.reversing.net/articles/master/adr.htm

Fuck, but it on russian, and I can read only disasm code dumps, but it enought... l

look at some past threads on this board, a guy and me managed to patch commview 2.1 in mem, the crc checks are easily found by a bpmb wherever you want into the target's code, last time I saw one, it was only checking the code once, relayed by a similar doing it a few instructions before the OEP is reached, this method is fast, easy to implement but sometimes doesn't make work your patched target on every versions of windows.