nikolatesla20
August 20th, 2003, 06:14
Another quick and dirty armadillo trick.
If you want to use the latest public demo armadillo on your project (be it an unpacker or whatever), and you don't want the "unregistered" messagebox coming up here is what to do:
Used to be in older versions of Arma they stupidly put Security DLL in the Arma EXE, and it wasnt even compressed. AND, you could find the unregistered string and change the jump so it wouldn't show up. Well, they finally woke up from their dork trip and compressed the DLL, and also put layer upon layer of self-decrypting code around the area where the messagebox comes up. However, I still found this workaround. Just make the program call another API instead of MessageBoxA that takes 4 DWORD parameters, and won't crash. I found GetMessageA. Then edit the DLL's import table hehehe
Now, when Arma is running in memory (the protection program itself), it has already decompressed its resources. You'll see the resource section is at 00539000 when it's running. That's the latest 3.20 Arma public. I found Security DLL in here for you already and thru calculations arrived at offset 00615A06 for the string "MessageBoxA". This will be the offset always for anyone out there, trust me. Open up the Arma process using TSearch or another memory editor (make sure you get the right process), and simply overwrite this string with the string "GetMessageA", and now when you protect your program its gets a new import table with this substituted API.
And now, you won't get an unregistered message, either
One other thing, if the protected file is modified (like if someone edits its section characteristics, for example), you also won't get warning messageboxes, but the program will still exit due to protection, so who cares?
Yes, there's more than one way to solve a problem....
I'd also like to say that some out there would deem this trick useless, but I only do what I do to prove to myself that I can think creatively and for the challenge. I just find it interesting, even if no one else might like my methods.
-nt20
If you want to use the latest public demo armadillo on your project (be it an unpacker or whatever), and you don't want the "unregistered" messagebox coming up here is what to do:
Used to be in older versions of Arma they stupidly put Security DLL in the Arma EXE, and it wasnt even compressed. AND, you could find the unregistered string and change the jump so it wouldn't show up. Well, they finally woke up from their dork trip and compressed the DLL, and also put layer upon layer of self-decrypting code around the area where the messagebox comes up. However, I still found this workaround. Just make the program call another API instead of MessageBoxA that takes 4 DWORD parameters, and won't crash. I found GetMessageA. Then edit the DLL's import table hehehe
Now, when Arma is running in memory (the protection program itself), it has already decompressed its resources. You'll see the resource section is at 00539000 when it's running. That's the latest 3.20 Arma public. I found Security DLL in here for you already and thru calculations arrived at offset 00615A06 for the string "MessageBoxA". This will be the offset always for anyone out there, trust me. Open up the Arma process using TSearch or another memory editor (make sure you get the right process), and simply overwrite this string with the string "GetMessageA", and now when you protect your program its gets a new import table with this substituted API.
And now, you won't get an unregistered message, either
One other thing, if the protected file is modified (like if someone edits its section characteristics, for example), you also won't get warning messageboxes, but the program will still exit due to protection, so who cares?
Yes, there's more than one way to solve a problem....
I'd also like to say that some out there would deem this trick useless, but I only do what I do to prove to myself that I can think creatively and for the challenge. I just find it interesting, even if no one else might like my methods.
-nt20
