Log in

View Full Version : Help with cracking 64 bit version of cracked 32 bit application

mr_tex
April 30th, 2012, 03:30
I need help with cracking the 64 bit version of an already cracked 32 bit application.

I'm a complete newb, trying to learn how to crack.

I successfully cracked a 32 bit application by opening Cheat Engine while process was running, enumerating the DLL's, finding the one that had 'lib' in the name, and changing the assembly code to turn on all the greyed out functions one by one in the software, bypassing the registering aspect (still shows unregistered, but works as a full program). Then, once I figured out what I needed to change in cheat engine, I made it permanent by hex editing the dll itself (which is messy I guess.. but I'm a newb).

I'm super happy about this because it took me weeks to do, but I just realized this program is computer intensive and the 64-bit version would be much better to have.

Well, the ASM code in cheat engine looks totally different for the 64 bit version, and my old method of 'inc eax' to change the greyed out menu items to 'enabled' doesn't work anymore.. I'm like wtf..

So how can this be approached?
Maybe I can just '64bit-ize' the 32 bit dll? Or is that wishful thinking?
Silkut
May 1st, 2012, 12:10
Hi,

I guess you want to use the 64-bit version for the performance gain, that's what I understand from "this program is computer intensive and the 64-bit version would be much better to have."
However, it is not possible to turn a 32-bit application into a 64-bit application just by patching it, it's just simply not designed for this (I mean, in terms of compiled code for a specific architecture).
Actually if you have a 64-bit version of Windows, it is already making 32-bit code running in a 64-bit environment (through WoW64, for instance) but there is no performance gain I think.

It does look different inside your tool cause it IS a whole new world to discover.
My only advice here is, grab the Intel 64-bit manuals and start reading the code..
blabberer
May 1st, 2012, 12:21
to start with there is no such thing called inc eax in 64 bit at all
like posted by silkut first find out what has replaced eax in 64 bit and go on from there
mr_tex
May 20th, 2013, 03:37
pls delete
naides
May 20th, 2013, 08:09
Quote:
[Originally Posted by mr_tex;92432]I need help with cracking the 64 bit version of an already cracked 32 bit application.

I'm a complete newb, trying to learn how to crack.

Learning is good. Getting the x64 version of the program is of not so much advantage imho



I successfully cracked a 32 bit application by opening Cheat Engine while process was running, enumerating the DLL's, finding the one that had 'lib' in the name, and changing the assembly code to turn on all the greyed out functions one by one in the software, bypassing the registering aspect (still shows unregistered, but works as a full program). Then, once I figured out what I needed to change in cheat engine, I made it permanent by hex editing the dll itself (which is messy I guess.. but I'm a newb).

You have 90% of the work done

I'm super happy about this because it took me weeks to do, but I just realized this program is computer intensive and the 64-bit version would be much better to have.

Well, the ASM code in cheat engine looks totally different for the 64 bit version, and my old method of 'inc eax' to change the greyed out menu items to 'enabled' doesn't work anymore.. I'm like wtf..

Look at the strcture of the .dll in 32 and 64 bits. Use Ida graph view. I doubt that they wrote a full new 64 bit .dll from scratch. The funtion names and general structure sholud be similar the position in the file will vary for sure. That way you can pinpoint the overall location of the critical flags and coditional jumps that constitute the protection

So how can this be approached?
Maybe I can just '64bit-ize' the 32 bit dll? Or is that wishful thinking?

the homolog .dll was 64bit sized when it was compiled with a 64 bit engine. You can modify the 64 bit version. You will have to learn the innerworking of 64 bit assembly. But once you get it, is yours for ever!!!


In blue.
tofu-sensei
May 20th, 2013, 14:49
Quote:
[Originally Posted by blabberer;92442]to start with there is no such thing called inc eax in 64 bit at all

that is incorrect