Hi, im new here and ive been trying to crack a software that checks if the key is valid on the internet.
The thing is, i could bypass the authentication, but the software then becomes unusable :/
Here it is:
seg000:00401D4C call sub_401610 <- check the net for the key
seg000:00401D51 test eax, eax <- authentication
seg000:00401D53 jz short loc_401D6D
seg000:00401D55 mov edx, [esp+20h+hInstance]
...

I just have nop the test and it enters the program, no functions tho :/
what should i do?

00401D4C call not only brings a good boy/bad boy answer in eax, which is tested immediately, but should also brings another element, perhaps a decryption key, that is necessary for the software to run. Check the input and output of that sub_40610 call for clues.

i cant find it :// been looking for it =(
would u mind helping me out? got msn/aim or something like it?

does this belongs to this part of the board (advanced) ?

sorry for posting it in the wrong section :/

btw, what i mean by unusable, means that i click the buttons, they dont work, the close button, the start button, nothing works at all.. its like no function is assigned to the buttons.

Still cant find how to make my proggie work, please help me :// im cracking my head over here =( I could bypass the online checker, it works by checking the name of the executable with a database on the internet.
But the program becomes unusable, the window is there, but you click it and it doesnt work, none of the buttons, not even the close button. Heres what ive found out so far, please, any ideas are welcome:

seg000:00401D4C call sub_401610 <- connect to the internet
seg000:00401D51 test eax, eax <- check validity
seg000:00401D53 jz short loc_401D6D <- continue or stop
seg000:00401D55 mov edx, [esp+20h+hInstance]
seg000:00401D59 push 0 ; dwInitParam
seg000:00401D5B push offset DialogFunc ; lpDialogFunc
seg000:00401D60 push 0 ; hWndParent
seg000:00401D62 push 65h ; lpTemplateName
seg000:00401D64 push edx ; hInstance
seg000:00401D65 call dsialogBoxParamA ; Create a modal
seg000:00401D6B jmp short loc_401D7D <- proggie
....
seg000:00401628 mov [esp+2A4h+var_290], 1388h
seg000:00401630 mov [esp+2A4h+var_288], ebx
seg000:00401634 mov [esp+2A4h+var_28C], 1
seg000:0040163C call ds:GetModuleHandleA <- get filename
seg000:00401642 push eax ; hModule
seg000:00401643 call ds:GetModuleFileNameA <- get filename
seg000:00401649 lea edi, [esp+298h+Filename]
seg000:00401650 or ecx, 0FFFFFFFFh
seg000:00401653 xor eax, eax <- store filename??
...

after that it connects to the web server and gets back to 00401D51..
what should i be looking for?

how the hell is that 'store filename' ?



1. keep your questions in the thread you created initially
2. debug it some more and note down exactly what happens

3. Read Naides' initial reply.
4. seg000:00401650 or ecx, 0FFFFFFFFh <-- Disconnect all buttons from code, send all contents of harddisk to Microsoft, delete all porn from computer, set up exception handler to make an <xor eax, eax> instruction store a filename, and finally, set single step trap flag.

Oh no!! Not the infamous "delete all porn from computer" call. Man, dELTA has been caught by that one many times. That's why he recognizes it so easily. He just hates it when that happens.

Regards,

damn
NOT MY PORN!
ehehhe
but still, i dont get it, could you explain it to me a bit more detailed?
a friend told me that there is a proggie that connects the buttons to the functions, but i got no idea which proggie is it, and where to find it.
and id like to understand this a bit more. =/ any tuts that are sorta about that? ://

What everyone is trying to say is that somewhere in the call is a piece of code that "enables" everything that doesn't work for you right now. You've killed the call 00401D4C, and now your app doesn't work. Enable it, and it does. Thus there is something in there other than a protection routine.

So trace the code, step into the call and read what's happening. Taking a wild guess, you'll most probably find another couple of calls inside the call 00401D4C. One of those will probably lead to the protection check, another will lead to code that enables (or has a hand in enabling) the dialog items.

In other words, you've patched it too high up the code "tree". But what do I know, eh. I couldn't even undo aspack

the thing is that i didnt kill it
i patched under it, on test eax, eax...
i still dont know what to do
how do i check the input/output of a function through ida? the program doesnt allow to have softice on when running it, so cant debug it with it.

no such thing as cant... go find the anti debug code, smack it on the head and load softice and start tracing, working from a deadlisting doesnt seem to be working from you, or try using other debuggers like trw, olly etc, perhaps it doesnt check for those