Hello

I am currently trying to crack a program of which the demo is protected by an expiration date. Using IDA i think i have the point where the conditional jump is done. The problem is that the prog is detecting a modification (NOPing out the jump) to itself and aborting startup with the sound of a Win critical error.
Correcting the PE checksum with PESUM results in a runtime error when starting up the prog.
(It seems to have been written in Delphi 1.0 according to IDA.)

Any suggenstions ?

Anyone aware of a tut on the topic ?
Should i look for the place where the sound is played ? (which API ?)
Is this a standard protection for which a standard <g> workaround exists ?

Many thanks in advance !
Xfission

Hi.... in such cases the best way is to set (in SI) a BPM 'memory_I_replaced' r in the ORIGINAL file to see what happens. Like the new ASprotected targets there is a HUGE checksum algo loop that if you change one byte some code does not get decrypted. So you have to trace to the end of the routine and find out what SHOULD happen to the crc result
and emulate it

.....for example... I know the bytes to patch are around VA 187:00542110 (~ raw 142110) . Then I would set a bpm 187:542110 R and press F5 . Then hopefully I am in the middle of the checking routine ! So trace it and emulate it.

side note:-
the CS register is a clue what OS you are running 167:=Win98, 187:=Win ME, 1B:=WinNT/2K

Hope that helps

SplAj