Hi guys,
I've been playing around with CDRoller 4.11 for a few hours. In the unregg'ed version you can't save your files (you can't rescue or copy files from a disk to your HD). To get it registered you have to fill in a valid serial. I don't care about finding the serial, but I'm interested in finding out a way to patch the program into saving files when you rescue/copy files. I have located a call starting at 48D6E4 that takes care of showing a dialogbox when the rescue process is starting. (You have to force the program to jump at 49FD30 first, otherwise you never enter the call at 48D6E4).Someplace during this call the api writefile is called, at least it has been like that in previous versions (in the regg'ed version), and the rescued file is written to my HD). But I can't find out where this takes place....
I may have gone blind on this one and missing an easy solution. I have checked with an earlier version, and in that one everything is clear. But not in version 4.11....
So if someone doesn't have anything better to do, please take a look and see if you can solve the riddle.
All kinds of feedback is welcomed..

regards,
hobgoblin

Hi hobgoblin,

Nice target you have found!
The proggie is not packed, is relative small and it's quite interesting. It offers the possibility to learn how to use one of our tools. In fact, the program is written in Delphi and DeDe is the tool that makes our lives much more easier.

Hobgoblin, I have take a look at the target, in particular at your advice, without success because I lost myself in the code :-)
So, I tryed to study the protection routine. For those whom want to try it I suggest to load the file with DeDe and look at 'Forms' panel. TFormAbout is the Class Name contains the definition of the registration dialog box. In particular, it contains the object TButton with the method 'OnClick = ButtonAcceptClick'; this is the function called when the 'Accept' button is pressed. To find the code of this method is simple; select the 'Procedure' panel and the unit 'About'. Now, you have all the necessary in front of you! Btw, the routine protection I have found seems to be fake (4795EE/479654); in fact, to find a working serial is very easy but the problem is that after the congratulation box, the program still remains unregistered. I fear the program saves some datas in the file .cfg but I'm not totally sure.
The program needs much more stepping

ZaiRoN

DeDe is indeed a brilliant tool, and now that the source code is available to all, it's even better

Let's not forget our program identifier programs too though, I still regard PEID as a great program that can not identify numerous packers, but can identify compilers too. A quick right-click on the target immediately tells us it's not packed and written in Delphi.

Run the program, and try to extract tracks and it shows the message "Unregistered version performs an actual CD media reading and" blah blah... Search for this with a hex editor and it gives us a few locations, one of which is 9f23C. Looking at the sections in the file, we can see this is in the code section and would resolve to 49fe3c. Finding a reference to this gives us a nice cmp/jnz just before it. Flipping this junk gets rid of the nag. It doesn't register the program or create the output file however - for that, we need to setup the flags near the beginning of the program, and not let the program itself interfere with them. This is quite an easy task, so is not documented here.

I used Ollydbg to flip the jump as I didn't want the bother of hex editing the file and rerunning it.

(Note that the addresses above point to what seem to be a red herring and points to code that is not actually called? It is upto you to find the correct string and reference as we are not allowed to do this kind of work for you.)