hi,

i m trying to crack this software for educational purpose only...i m a noob btw. thoug i went through lena's tutorials this one i couldn't figure out...it just seems to go over my head.

this program on start up shows nag that allows to continue on trial for 20 days and has a registration option too. when i enter the registration key the program gives message "the program must be restarted now. click ok to restart it" but on restarting it doesn't bypass instead it shows the nag. i know the check is probably at the start i found a cmp line there altered its z flag it bypasses it once but next time it loops and pop comes the nag again....uhhhh! if it were human i would rip its head off.

so far i was able to locate the license file name... created it in the folder and entered dummy values in it for check.

the other method i tried was to bypass the nag screen totally and make the software run as full program but the calls are in some sort of loop and no matter how many times i tried i couldn't break out of the loop...there seem to be multiple checks and calls to the nag. i tried looking for the reference text "unregistered" but it seems even that is missing...its weird...can someone guide me what i m doing wrong in this

thanx

p.s i posted the screenshot of the startup code for reference.

patch made in the debugger are 'in memory' and are lost when you close&restart.
You need to save them into the executable, thing that you can do by right clicking and 'saving' them, in olly view.

did save it as a exe with modifications still nag pops up...m i making the correction at correct place?

i was able to get rid of nag after lot of exploring...but after saving and reopening it gives error as critical download error

here is what i did... in the image below
http://i1208.photobucket.com/albums/cc367/littledevil05/solution.jpg

i had put a breakpoint 006e4023 and found that

when i made the z flag 0 for the JE SHORT 006E4032 and NOP the JNZ SHORT 006E4032 and press f9 the program bypassES the nag and loads the program in olly. but on saving it as executable and then playing it outside gives me the error "critical application error.please re-download and re-install the program" i observed this error is at opcode 006e4068.

for patching i m replacing both the je and jz with nop.

its so irritating to come this close and still mess up.

someone plz guide.

thanx in advance

reopen the patched version, place an hardware (read data) breakpoint where you changed the code, and run.
99% you'll end up in a cycle that CRC-check your binary - or you end up in a winapi that verifies the exe crc.

screenshot 1 is the modification i made i put the hardware break on execution above at cmp opecode 006e401c...saved it as exe with modifications. http://i1208.photobucket.com/albums/cc367/littledevil05/sol1.jpg

then reopened the modified one and then put hardware break on executionat nop with opcode 006e4023. then when i run i the screenshot 2 error.http://i1208.photobucket.com/albums/cc367/littledevil05/sol2.jpg

if instead of hardware break i put memory on access then i get screenshot 3 error.http://i1208.photobucket.com/albums/cc367/littledevil05/sol3.jpg

on further depth checking i found that it goes into ntdll opcode 006e402b probably raises an exception as tht is the one that allows the nag to turn up or disappear. it seems to not raise an exception when altering the flags and testing ...but raises an exception with changing je and jnz to nop.

what if i tell you the program name...maybe you can test it from your end and help me figure out what i m doing wrong.

It may have more checks. Why not patch the function that affects the conditional rather than the conditional? ..that would be the smarter thing to do (imho)