toon
September 6th, 2013, 15:35
Hi this is my first time here and looking to learn.
I have a program
What is the protection.....
I thought the protection to be a name/key
What tools are you using....
And using ollydbg. in sandboxie
What is the problem....the problem is after
I fixed the time trial (to have time to reverse), I found call to serial and compares. [I entered the serial and instead of the normal "key error" I get "registered success" but when I click OK it goes to the same message window and if I exit it then the program is still in partial cripple mode. Example clicking on a box says this is "the demo and you can't..." .
What tutorials have you read....
(random's, Lena's and several online I don't know who's)
Show your output listing WITH comments....
00635103 |. E>CALL ****.@Lbstring@DESEncryp>; \@Lbstring@DESEncryptStringEx$qqrx17System@AnsiStringpxuco
00635108 |. 8>LEA EDX,DWORD PTR [EBP-40]
0063510B |. 8>LEA EAX,DWORD PTR [EBP-4]
0063510E |. E>CALL ****.008BFAC0 ; SERIAL FROM NAME IN THIS CALL
00635113 |. F>DEC DWORD PTR [EBX+1C]
00635116 |. 8>LEA EAX,DWORD PTR [EBP-40]
00635119 |. B>MOV EDX,2
0063511E |. E>CALL ****.008BFA90 ; serial generated FROM NAME
00635123 |. F>DEC DWORD PTR [EBX+1C]
00635126 |. 8>LEA EAX,DWORD PTR [EBP-3C]
00635129 |. B>MOV EDX,2
0063512E |. E>CALL ****.008BFA90 ; loads Username
00635133 |. F>DEC DWORD PTR [EBX+1C]
00635136 |. 8>LEA EAX,DWORD PTR [EBP-38]
00635139 |. B>MOV EDX,2
0063513E |. E>CALL ****.008BFA90 ; somtehing to do username
00635143 |. 6>MOV WORD PTR [EBX+10],0A4
00635149 |. 3>XOR ECX,ECX
0063514B |. 8>MOV DWORD PTR [EBP-44],ECX
0063514E |. 8>LEA EDX,DWORD PTR [EBP-44]
00635151 |. F>INC DWORD PTR [EBX+1C]
00635154 |. 8>MOV EAX,DWORD PTR [ESI+30C]
0063515A |. E>CALL ****.@Rzedit@TRzEdit@Get>
0063515F |. 8>LEA EAX,DWORD PTR [EBP-44]
00635162 |. 3>XOR EDX,EDX
00635164 |. 8>MOV DWORD PTR [EBP-48],EDX
00635167 |. 8>LEA EDX,DWORD PTR [EBP-48]
0063516A |. F>INC DWORD PTR [EBX+1C]
0063516D |. E>CALL ****.008BFC80
00635172 |. 8>LEA EDX,DWORD PTR [EBP-48]
00635175 |. 8>LEA EAX,DWORD PTR [EBP-4]
00635178 |. E>CALL ****.008BFB74
0063517D |. 5>PUSH EAX
0063517E |. F>DEC DWORD PTR [EBX+1C]
00635181 |. 8>LEA EAX,DWORD PTR [EBP-48]
00635184 |. B>MOV EDX,2
00635189 |. E>CALL****.008BFA90
0063518E |. F>DEC DWORD PTR [EBX+1C] ; |
00635191 |. 8>LEA EAX,DWORD PTR [EBP-44] |
00635194 |. B>MOV EDX,2 ; |
00635199 |. E>CALL ****a.008BFA90 ; \???Call to verify reg
because if NotE goes key error
0063519E |. 5>POP ECX
0063519F |. 8>TEST CL,CL
006351A1 |. 0>JE ****.0063537A
---------------------------
008BFABF 9>NOP
008BFAC0 /$ 5>PUSH EBP
008BFAC1 |. 8>MOV EBP,ESP
008BFAC3 |. 5>PUSH EBX
008BFAC4 |. 5>PUSH ESI
008BFAC5 |. 8>MOV ESI,EAX
008BFAC7 |. 8>MOV EDX,DWORD PTR [EDX] ; KEY APPEARS
008BFAC9 |. E>CALL ****.0081E184
008BFACE |. 8>MOV EAX,ESI
008BFAD0 |. 5>POP ESI
008BFAD1 |. 5>POP EBX
Note program also writes to a ini file what ever name and key I enter right or wrong.
NOW ask your question....
After I enter the key and it says success, yet it doesn't exit the try purchase window, and if I f4 to close, it goes to the crippled version (as if I pressed try) . Did I miss some other protection.
I need some help what should I look for or where can I investigate?
thanks, I am not to good at this, but I am as far as I know to go. Any advice?
I have a program
What is the protection.....
I thought the protection to be a name/key
What tools are you using....
And using ollydbg. in sandboxie
What is the problem....the problem is after
I fixed the time trial (to have time to reverse), I found call to serial and compares. [I entered the serial and instead of the normal "key error" I get "registered success" but when I click OK it goes to the same message window and if I exit it then the program is still in partial cripple mode. Example clicking on a box says this is "the demo and you can't..." .
What tutorials have you read....
(random's, Lena's and several online I don't know who's)
Show your output listing WITH comments....
00635103 |. E>CALL ****.@Lbstring@DESEncryp>; \@Lbstring@DESEncryptStringEx$qqrx17System@AnsiStringpxuco
00635108 |. 8>LEA EDX,DWORD PTR [EBP-40]
0063510B |. 8>LEA EAX,DWORD PTR [EBP-4]
0063510E |. E>CALL ****.008BFAC0 ; SERIAL FROM NAME IN THIS CALL
00635113 |. F>DEC DWORD PTR [EBX+1C]
00635116 |. 8>LEA EAX,DWORD PTR [EBP-40]
00635119 |. B>MOV EDX,2
0063511E |. E>CALL ****.008BFA90 ; serial generated FROM NAME
00635123 |. F>DEC DWORD PTR [EBX+1C]
00635126 |. 8>LEA EAX,DWORD PTR [EBP-3C]
00635129 |. B>MOV EDX,2
0063512E |. E>CALL ****.008BFA90 ; loads Username
00635133 |. F>DEC DWORD PTR [EBX+1C]
00635136 |. 8>LEA EAX,DWORD PTR [EBP-38]
00635139 |. B>MOV EDX,2
0063513E |. E>CALL ****.008BFA90 ; somtehing to do username
00635143 |. 6>MOV WORD PTR [EBX+10],0A4
00635149 |. 3>XOR ECX,ECX
0063514B |. 8>MOV DWORD PTR [EBP-44],ECX
0063514E |. 8>LEA EDX,DWORD PTR [EBP-44]
00635151 |. F>INC DWORD PTR [EBX+1C]
00635154 |. 8>MOV EAX,DWORD PTR [ESI+30C]
0063515A |. E>CALL ****.@Rzedit@TRzEdit@Get>
0063515F |. 8>LEA EAX,DWORD PTR [EBP-44]
00635162 |. 3>XOR EDX,EDX
00635164 |. 8>MOV DWORD PTR [EBP-48],EDX
00635167 |. 8>LEA EDX,DWORD PTR [EBP-48]
0063516A |. F>INC DWORD PTR [EBX+1C]
0063516D |. E>CALL ****.008BFC80
00635172 |. 8>LEA EDX,DWORD PTR [EBP-48]
00635175 |. 8>LEA EAX,DWORD PTR [EBP-4]
00635178 |. E>CALL ****.008BFB74
0063517D |. 5>PUSH EAX
0063517E |. F>DEC DWORD PTR [EBX+1C]
00635181 |. 8>LEA EAX,DWORD PTR [EBP-48]
00635184 |. B>MOV EDX,2
00635189 |. E>CALL****.008BFA90
0063518E |. F>DEC DWORD PTR [EBX+1C] ; |
00635191 |. 8>LEA EAX,DWORD PTR [EBP-44] |
00635194 |. B>MOV EDX,2 ; |
00635199 |. E>CALL ****a.008BFA90 ; \???Call to verify reg
because if NotE goes key error
0063519E |. 5>POP ECX
0063519F |. 8>TEST CL,CL
006351A1 |. 0>JE ****.0063537A
---------------------------
008BFABF 9>NOP
008BFAC0 /$ 5>PUSH EBP
008BFAC1 |. 8>MOV EBP,ESP
008BFAC3 |. 5>PUSH EBX
008BFAC4 |. 5>PUSH ESI
008BFAC5 |. 8>MOV ESI,EAX
008BFAC7 |. 8>MOV EDX,DWORD PTR [EDX] ; KEY APPEARS
008BFAC9 |. E>CALL ****.0081E184
008BFACE |. 8>MOV EAX,ESI
008BFAD0 |. 5>POP ESI
008BFAD1 |. 5>POP EBX
Note program also writes to a ini file what ever name and key I enter right or wrong.
NOW ask your question....
After I enter the key and it says success, yet it doesn't exit the try purchase window, and if I f4 to close, it goes to the crippled version (as if I pressed try) . Did I miss some other protection.
I need some help what should I look for or where can I investigate?
thanks, I am not to good at this, but I am as far as I know to go. Any advice?