salsa
September 17th, 2002, 22:52
I've tackled a VC++ program lately. It was a Petite packed prog. I manually unpacked it in no time. I thought the unpacking process would be the difficult part. However, the actual reversing soon turned out to be a real pain in the a**.
There was a terrible tamper check. It took almost a day to reverse (The tuts I read later were telling that it was a Petite feature. However, the prog had its own, either). Then, I was able to see the main screen. The nightmare had just begun when I found out that 75 % of its features were crippled. I started debugging. Another day have passed without any fruitful result. Tried active and passive approaches. All the TOTs, techniques and tricks I know have failed. I was exhausted. At that very moment, I decided to do something really strange. I fired up my SmartCheck and loaded the daemon. While analysing the program flow in great surprise (Yes, it worked for a non-VB prog) I caught a keyword which was missing in the string ref list; "Unregistered". Damn, it was checking sort of a regged-or-not flag after many calls to RegQueryValueExA. Honestly, I know this is the first thing to look for and I did but, couldn't catch and missed it with Sice. The author have deliberately put in so many junk routines to fool the reverser. Anyway, I patched a couple of jumps, altered the content in the registers and finally removed the msgbox. I didn't know if SmartCheck can be used on non-VB progs.
Rationale:
The wheel may have been reinvented many times. But, who cares. Each inventor benefits from it, for sure.
There was a terrible tamper check. It took almost a day to reverse (The tuts I read later were telling that it was a Petite feature. However, the prog had its own, either). Then, I was able to see the main screen. The nightmare had just begun when I found out that 75 % of its features were crippled. I started debugging. Another day have passed without any fruitful result. Tried active and passive approaches. All the TOTs, techniques and tricks I know have failed. I was exhausted. At that very moment, I decided to do something really strange. I fired up my SmartCheck and loaded the daemon. While analysing the program flow in great surprise (Yes, it worked for a non-VB prog) I caught a keyword which was missing in the string ref list; "Unregistered". Damn, it was checking sort of a regged-or-not flag after many calls to RegQueryValueExA. Honestly, I know this is the first thing to look for and I did but, couldn't catch and missed it with Sice. The author have deliberately put in so many junk routines to fool the reverser. Anyway, I patched a couple of jumps, altered the content in the registers and finally removed the msgbox. I didn't know if SmartCheck can be used on non-VB progs.
Rationale:
The wheel may have been reinvented many times. But, who cares. Each inventor benefits from it, for sure.