hi,

after manuelly unpacking an app I tried to run the program but a msg box popped up and told me "Corrupt File..Please Reinstall".
I tried to set a breakpoint on msgboxa but after pressing f11 I directly got to exitprocess.

So..whats a good bpx or method to get to the routine that verifies the checksum?

thanx for a little help

siRl

If it's unpacked, why not get a dead listing of it using something like IDA? The string saying it's corrupt may be right in the code segment

Hi,

You could try CreateFileA (to get the name) and ReadFile. If it's a CRC check there's a good chance the proggy is reading at least a part of itself from the file on disk and performing a checksum. Also see if it seems to be performing a GetFileSize check on itself as well, which it may be using to detect being unpacked.

Kayaker

Hi,

A couple of other things you could try. If it's a straightforward CRC check routine, there's likely a simple compare of the calculated checksum with what it *should* be. The real checksum may be hardcoded in the file somewhere which you could change to the calculated value, as one option for patching. The checksum will probably be a weird looking hex value you may see in EAX or another register, this is one clue of what's happening.

The other thing you might try if you have a hard time locating the checksum routine, and a technique I've been able to use successfully on a couple of occasions, is to do a SoftIce Trace on a suspicious section and see if there's any indication in the buffer logs that there's a multi-repeating loop, which *may* be the actual checksum routine. For example, if you do find a ReadFile call soon before your MessageBox call that you think might be being used to read the file in for a CRC check, set up a Trace between the 2 calls. Then peruse the Trace buffer. There'll probably be a s***load of code lines but if you find a relatively short loop that is being repeated over and over and over again, it might be the actual checksum procedure (i.e. read each byte in the file/section and perform some algorithm/summation on it, which will become the checksum value).

Just a couple of thoughts. Plus there could be more than 1 CRC check as well

Kayaker

I did that already but found nothing of interest.
I forgot to mention it. Sorry.

What's the app ?

Active Smart v1.3
http://www.ariolic.com/

OMFG

die.

?

CoDe_InSiDe

I'm not saying this is where this crap came from, but this is one reason for NOT putting a direct, clickable link to shareware sites in posts. This leads the sites directly back to here. This we don't need.

Please read EULA of Actve SMART

Oh dear,

I assume you are the author.

How can I phrase this.

It is legal to dissassemble and otherwise reverse engineer software (or indeed most anything else), though it may invalidate any warrenty with the item.

I am not sure that anybody here has used the app past 21 day limit.

Additionally as I remember software "ownership" is currently a grey area in most european countrys, and in the US essentially the customer owns the software, despite what the EULA says.

I take your point that you are not happy about your prog potentially being pirated.

Posting winzip eulas is not the way to do it, speak to the folks here, ask them to look at the protection on an older version.

It does work honestly !

I also suggest that you look in the associated archives and use the knowledge there to protect yourself better.

The information is free.

BTW, I am only really interested in the packer used, as I don't recognise it.

Tell me which packer it is and I will go away

Kilby...

Asprotect with a twist, a little different from normal

I have no interest in cracking and distributing this app either, this isn't where that kind of thing happens, but antagonizing the board by flooding it with EULA spam is probably the surest way to GET it cracked...

That's the point I was trying to make.

Ahh, asprotect with a twist.

Thiat's the second time I have seen that twist in the last 2 days.

Kilby...

(sorry kilby)

The previous msg was deleted, in fact it was a big one containing the app's eula, without any interest for us.