i have problem cracking ems mysql manager 1.75 which I downloaded from tucows. I have been able to eliminate the reminder window but only from softice. I am unable to change the exe file to make it permanent. The step I do so far:
1. bpx regopenkey to stop the program before the reminder window show up.
2. after the breakpoint showup, then i press F12 until softice come back to mymanager process.
3. i use F10 until i found the procedure which if i press F10 then the window comes up.
4. i trace into this procedure, got another procedure, trace into it, and then i found a test and jz which decide whether to show the reminder or to start the program.
5. i wrote down the test and jz code with their surrounding codes and search for it in the exe file using hedit. not found.


thank you.

Hiya,

Please do some basic research about hex editing. Try searching for tutorials at Krobar's site. I use Hacker's View for a hex editor... should be available at protools.cjb.net.

Clandestiny

thank you for your reply

usually i use this method: for example softice display

A1382402FF MOV EAX,[FF022438]
3B05981E02FF CMP EAX,[FF021E98]
7608 JBE FF01D46F

then i want to change the jbe. usually i search with hedit using the code A1382402FF 3B05981E02FF 7608. so i use the surrounding codes to confirm that it is what i am looking for. it usually works. i suspect that the program was encrypted but i don't know how. i already try using procdump, file analyzer, and file info but still i don't find the solution.


thank you

hi there,

run PE iDentifier by snaker & Qwerton (protools) on target exe and see what you got...let us know )

regards
vb

Thank you very much for your help. I have use PE Identifier and found that the program use ASProtect 1.2. I use caspr to unpacked the program, then successfully change the result. Again, thank you for your help...