hello every one out there:
This is my first post,So please take it easy with me.I got this progam called otsjuke 1.00.151 I have crack the timetrial all the nags in the begging and end of the program but every 8 to 19 mins.It says "otsjuke please register your coppy today",that's throw the speakers,It used to pop out with a window that stop every thing but this is already beaten but this wave I don't find out how to deleted it;s driving me crazy,please help I;m a newbie and with this program i pop my cherry and have'n find a tut how to do this.
thanks Mark1234

Hullo,

You are probably looking at embedded .wav file. The best thing to do under this circumstances is:

1) Ensure that the program is not packed or encrypted. If it is, you will have to COMPLETELY unpack/decrypt the same.

2) Use GOOGLE and search for a description of the .wav file format. Obtain a description of its header. You should know when the header starts and music starts.

3) Select ANY randome wave file on your computer (Windows comes with so many of them). Do a pattern matching of the header of that wave file, with the binary representation of your program.

4) If a match is found, most likely the .wav header will also contain the length (does it? that is why step 2 is necessary). Find out the length, rip it off (replace by nops or sequence of add/sub)

5) Ensure that it does not cause a PAGE FAULT or trigger off ANOTHER check if the wav file is not present.

6) If all OK, then enjoy.

Have Phun, forever.

Thanks Aimless:
I'm happy i got a reply ever thing looks OK but as I sad I'm a newbie Exacly what is the wave file format, in the inports I got Ssound ssound api and I got waveinopen wavein(this) wavein(that),waveout(this),waveout(that) is it this what you talking about ,how do I do a discription of it's header ,sorry I know this sound like a whole new tut, but I'm sure you now what your talking about and i'm sure you break this steps for me I'M GOING TO CRACK MY FIRST PROGRAM,and maybe you could make it as a tut becouse believe me I've have search the web for 2 weeks and haven't found a tut that can closely help me and I mean 4 hours daily saerch
As a said before thanks Aimless
Mark1234

This a different approach to what aimless suggested. Try to isolate the piece of code that play the wave thing and deactivate it.

1) with the SoftIce symbol loader, load the exports of the file C:\WINDOWS\SYSTEM\WINMM.DLL.
This dll contains most of the sound api.

2) Run the program while softIce is in the background, place a BPX on 'sndPlaySound' and on 'sndPlaySoundA', which is the most common API used to play a wav string through the sound card.

3) Wait.

4)When the NAG sound is about to come, Sice should break. Push F11 and you are going to be in the area of the application code that plays the NAG sound. Do what you need to avoid this piece of code to ever call "sndPlaySoundA". Also, the address of the WAV string was pushed into the stack just before the function was called.

tHANKS Naides:
but i got a littel problem, that is, i don't got softice i'm runing on win.xp and haven't found a copy that works with xp i'm trying to work with ollydbg but thiers no tut on how to crack with this program so basickly don't know how to use it all, all the work up to now is with w32dasm using the dead list

Howdy mark,

No one is going to tell you "exactly" how to do this for you.
You have to learn it yourself.

If you search the tips that the people give you, you should be able to do this on your own. It is not that difficult of a task to do.

Peace, Woodmann

woodmann:
I realy know that i'm not going to get the exact solution but if i get ideas at less for now to make it not to tecnical becouse i've had read alot of tuts but new to some computer words,i have never taken a computer class i think that for the month I've been reading i'm not so bad.I decided to crack this program becouse it had a littel of lots of protections.What ever reply i get i'm going to study it and try to do the best but as a newbie i can't be afraid of asking becouse the person who hears is the one who gains wisdom and mayby latter i'll be answering the questions in bad inglish but still.
thanks alot
Mark1234

Olly is very easy to use.

Load up prog. Set whatever breakpoints you want and let the prog run, or start to trace straightaway. Simple as that. No need for tuts on how to crack with it, it's just a debugger, like sice.

Idea: use wdasm to search for calls to interesting api's, then use olly to test if they as interesting as you thought. Simple.

Fake

Mark:

Do not be intimidated. It is finding problems and working solutions that one learns the art of Cracking.

1. Consider installing the program in an older computer which is runing Win98, where Sice does work, and do the cracking there. once you crack an app in win98 the crack will work in winXP almost certainly.
Or:

in widasm, look for calls to sound API like sndPlaySoundA and breakpoint around it with ollydbg or windbg.

I wiould personally go for sln 1. an old box runing a pentium 200 Mhz and win98 can be very easily found, and most tuts assume you have access to a functional SoftIce. Learning to crack in a winxp box without Sice is an unnecessary act of masochism

Lol. Mind you, Softice is a tool, not a sacred alter at which one should bring gifts of food and incense. Cracking can easily be done without s-ice, if one knows how. And as for the tuts out there ... their single-minded use of soft-ice typically shows their lack of interest in reversing.

The point: Soft-ice is overrated, compared to the brain. From what has been noted so far about this target, there should be quite a few ways to open it, without using s-ice.

Regards.
Fake

Fake

What I meant was that most tuts assume Sice use.
Cracking without Sice is possible if one knows how, but until one learns to know how, Sice is just the best documented tool in tuts and other sources so one does not have to invent the wheel more than a few times.

No offense intended,
no major point of discussion,

I think

You are right, s-ice is the most used tool in tuts. But, the way I see it, learning to use other tools as well, and preferably when one starts to learn bout cracking, opens many more possibilities.

The problem with most tuts are that they really don't show anything new: it's just a five-step guide to cracking this or that target, using the approaches of millions of other tuts. To me, the most valuable tut on s-ice, and perhaps the only one really worth reading, is Mammon's tale. Anything else comes from hands on practice.

There's another thing too: relying on s-ice limits your options, and at times presents itself as a weakness. Every programmer knows, that sice is a crackers dreamtool, so they use that in their protections. There were protections gainst s-ice before they came gainst regmon and filemon, for instance.

Besides, it's quite fun to explore the different ways to open a target, wouldn't you agree?

Anyway, guess I overreacted. Just seemed to me that a lot of different ways had been presented, quite a few that doesn't need s-ice. And newbie or no newbie, running a target in olly and setting a breakpoint should take no longer to figure out than a min or two.

Fake