I`ve been reversing the latest version of tabledit (2.60d), a guitar tab demo.
I`ve managed to fix the save limit of only 16 bars, also fixed the ascii, html and abc 16 bar limit for export. Got it saying im the licenced user and all the nags are fixed, print watermark now gone too.

But I`m stuck on the midi export limit, i cant understand why i cant find the checks, cause i thought it would be the same as the other limits.
There are hundreds of bits mislead cracker code in this prog, its taken me over 40 hours to get as far as i`ve got, and another 20 hours trying to find this last check.

I`m going insane!!!

Hello ste_ger !

I'm sorry you're going insane.
But did you just want to tell us you're going insane or do you have any questions?
We have an Off Topic Forum for small talk.

Well, with the previous 16 bar limit checks, I used a combination of lwrite, lread and hmemcpy bpx`s, and did some reversing on the files saved. Got some valuable info from the saved tab files, found the offset in the saved files of the amount of bars in the tab file. Then I searched for all occurences of this to find where in the prog the number of bars got written and traced back from there to get the jump if above 16 bars (ja 10).

But with the midi files it isn`t as easy because I cant find any reference in the saved midi, that shows how many bars have been saved, all the checks are probably done before its saved.

My question is, could someone please give me some advice on what is the best method to use, what bpx would be best to start with.

And how do I set a bpx right after I click save?

Thanks

Hello ste_ger !

You must find the WndProc (already discussed here (http://www.woodmann.net/forum/showthread.php?threadid=3638), please search before asking).
There is a difference between a button pressed and a menu call. So you must break on "WM_COMMAND", where lParam is 0 and the low word of wParam contains your MenuID.

I finally have finished it, had some more probs with the save check, there was another check that couldn`t save a tab of more than 48 bars, fixed that.

And I eventually found the midi export check using Wdasm`s debugger, kept my eye on the Operations display to see where it compared against 10h.

Found a lot of answers searching this forum, I find it easier to learn from other peoples q&a on here than most tutorials I`ve found.

Many thanks

bpx on sendmessagea or dialogboxparama if i haven't forgot......it will drive you to the call of the first nag...... this program authors likes to bother alot nagging and nagging.. some functions are maybe not disable but most of them will give you a nag.... save funtion is disable.. i guess all those nag are coming from just one place counting now.. you need exactly 2 bytes to make it good some additional bytes could count to remove some text like demo... the first start up nag at the beggining replace it with EB06 that's all so the program won't crash, that nag is made with the user32.dll.. ok now go to one of the options that has the program that usually display the demo dialog bpx on postmessage to make sure i will catch, the dialog will be displayed as usual after you press ok Sice will break.. good.. trace until you're on the program CODE stop there.. look the address go to W32dasm or IDA go up.. not down! then you will see lots of call all those call are the demo dialog and actually the one that prevent to save.. you only need to change a Push(55) to a Ret (C3) hex the file now try it

RVA's:

0041AE40

0041AF12 <--- there's a Push 68...... change 68 to C3 to remove the demo text at the top. usually will appear if you check the about feature and press ok..

0044A9C0

done!