Log in

View Full Version : Marx Cryptobox dongle


balauru
January 16th, 2004, 09:46
Hi guys,

I have a program protected by this dongle. Dongle driver name is mpiwin32.dll, it have stupid exports like "No Marx device attached", and so on. The problem is that this mpiwin32.dll is created somehow by the main exe of the program. I have deleted all mpiwin32.dll from my computer, but when i launch the exe, it's creating in Documents and Settings\Administrator\Local Settings\Temp this dll. Created file name is not mpiwin32.dll, it's something like 985464687879454.tmp (every time it have a different number).

Any ideea how can I see if this dll is embeded in the main exe file? and if it is, how can I replace it with a cracked one?

Thanks for your help
balauru

OHPen
January 16th, 2004, 12:12
You can do it like that...

First delete all m*.dll from your system
Start the app
Crack the dll created in the temp dir
and change attribute in the way that it can't be overwritten and thats it...
If you expect that the dll is IN the app it have to be joined together with it.
And then there is need to dump the files from memory in order to create a workin one...

regards,

OHPen

PS PM me your target please, i will take a look at it...

Mr. Blue
January 16th, 2004, 12:16
Well, you can try setting a breakpoint on CreateFileA. When your debugger breaks check the arguments passed to the CreateFile api (the first argument is the file name) - then when you find the call that creates the dll file you can trace back to the caller and see whats going on there.

Once you have found the code that writes the dll you can try to disable it so it wont extract the
dll each time it is run. Then you need patch the prog so that it will load your cracked dll.

CluelessNoob
January 16th, 2004, 14:30
Quote:
[Originally Posted by balauru]Hi guys,

Any ideea how can I see if this dll is embeded in the main exe file? and if it is, how can I replace it with a cracked one?

balauru


One (simple) possibility is that the DLL is stored in the resources section.

If the main EXE is not protected, try using a resourse editor (Resource Hacker) and see if you can find the DLL.

If its a resource, and you can extract/replace resources the finished product might be easy to re-assemble.

Removing the protection is a different matter.

Good Luck.