Hello,
I d/l'ed a fully functional demo of an app that helps you make Windows help files, called Help and Manual. Now, I was able to remove the 14 day trial period but something else is messing me up now. Everytime I compile a new help file, sprinkled throughout it are messages like UNREGISTERED DEMO COPY and stuff like that. Does anyone know how I can stop it from doing that? Maybe I could do something to remove the time limit that will also remove those messages, I dont know. To get rid of the time limit I nop'ed the calls that popped up the demo nag screen after the demo time trial was up and I was able to continue using it.

Anyway, any help is appreciated.

Thanx a lot

Flack

>>Thanx a lot

N0 thanx

All, about you are talking, you must done y0rself.
Search, Read & Learn

or your post seems like crc-help request..

Don't replay!

Ok then, can someone at least tell me what I am looking at so that I may go "Search, Read & Learn" by myself? I thought after I passed the time limit it would be fine but obviously I was wrong. I dont mind reading and I would search but I dont know exactly what to search for. Maybe someone can help me out. Im not asking that anyone do it for me.

Flack

Hello Flack !

Why don't you write the "unregistered" text down and search for it in the application?
If you're looking for a bitmap, try a resource editor. Deleting the bitmap may help, but will probably not.
If you're looking for text, try normal and UNICODE, replace the text by spaces or 00h.
Find the place where the bitmap/text is loaded and inserted into the help file, find out why this is done, check for flags preventing it.
The list is very long, just try by yourself.

Follow the links below and you'll end up in pagers dealing with similar situations.

Thanx for the tips DakienDX. I opened up the exe in HexWorkshop and searched for the inserted text:

This help file was created with an unregistered copy of Help & Manual. © EC Software. All rights reserved. This message will not appear if you compile this help file with the registered version of Help & Manual.

However, the closest thing I can find was:

..is h..f.@ile was c..ed wit@.h.` unregiste.. co..py of.K. . EC Sof..tware. All right...Qserved. Th..m..ag....i.0not appear if......mp..t..h.w..the.0..v..ers

I changed the letters that I recognized to spaces and the message did disappear. Anyway, I would like to find where the program inserts the text into my help file.

What breakpoint would I use so that softice would popup when I hit a certain button in the program? Im hoping that if I can break in when I hit the compile button I can step through and find where the text is inserted. Would this be helpful or am I totally off base?

I apologize if my newbie questions are irritating, I just want to be able to do this.

-Flack

Hello Flack !

The text you found looks like the .EXE is packed. It shouldn't be encrypted/protected since you can still read parts of the text. So you should unpack it first and then go further.

You can use BMSG in SoftICE, but I wouldn't recommend it. I suppose a helpfile creation is a complex work and you wouldn't find anything you're looking for so easy in all the code.

One idea might be that the "unregistered" message is inserted into the help source file (.RTF), so you might compile your help file as normal, edit the generated .RTF file and remove the "unregistered" messages and compile it again using the windows help-compiler.

This works if you're creating a .HLP file, but not on .CHM files. So you have to find a similar way there too. However, this is just a workaround, nothing practical.

Hey DakienDX, thanx for helping me out. I thought of editing the files and then compiling them with windows help compiler and I was easily able to remove all of the unregistered messages (all I have to do is ask Help and Manual to not delete the temporary files so I can edit them and compile on my own), which is good, but kind of tedious. Anyway, Ill unpack it and continue trying to find a way.

Once again, thanx a lot for your help

-Flack

didnt u see links in the bottom of this page, theres bvery good link to start with, Flack, especially fravia collection/CrackZ.

wish u luck, Flack

Hey DakienDX,
You said that the text I found looked like the exe is packed and that I should unpack it first and then go further. When I checked with PEid with what the exe could be packed with, it didnt find anything. So if it is not packed, where can the message be? I checked all of the files that it came with but they are not in there either.

Anyone have any suggestions?

Thanx

-Flack

Hello Flack !

The text looks really packed to me. If the .EXE is not packed/protected, then maybe it uses some internal compression.

At least you've found the (partial) "unregistered" message. You should try breaking with SoftICE on "read" from this memory location. You might come over the decrypting procedure this way.

I don't know if you've won much then, since you would have to repack the patched data and you don't know how it was compressed. The only other way apart from editing the .RTF files would be to search if there is a "registered" flag somewhere which disables the "unregistered" message.

might be packed ?

hmm it might be .. of course it could also possibly be doing stuff like...


mov esi,offset unregisterednagbuffer
mov dword ptr [esi],'ernU'
mov dword ptr [esi+4],'tsig'
mov dword ptr [esi+8],dere'

etc etc..

think about it.. if the exe was packed, and he changed those bytes, and then ran the exe, surely it would crash?