l0ke
July 7th, 2001, 02:44
Could need some help with this!
The protection:
A protective directory is stored with the authorization. It contains authorization files with the "system" and "hidden" attributes. The attributes must not be changed. The files must not be modified or deleted, otherwise the authorization will be irretrievably lost.
The protective directory "AX NF ZZ" is stored once per drive and contains all the installed local authorizations on the drive. It is stored with the installation of the first authorization and deleted again when the last authorization is removed. The protective directory stores one or two files per authorization, both with the same name. These files have the authorization name as the file name, but different name extensions.
And:
The authorization causes a cluster to appear on the target drive which is identified as "defective". Do not attempt to restore this cluster.
URL to get the AuthorsW application (wich can control and manage diffrent licenses): http://www.ad.siemens.de/Simatic-cs
--Note! the file extensions is *.EKB and *.HRD
(I'm not sure about the *.HRD) there is also a file check to see if the SWITCH.F9L exists in your %windir%.
The application I'm trying to crack is an upgrade for "Switchsim" at www.routersim.com.
To run you need a already registered copy of an earlier version (nlwdll32.dll is required), and also the "Assymetrix toolbook runtime" files.
Dump taken from "SCPW32.DLL"
If one change :00404980-004049881 to FF FF and then continue to run it
(watch them as an error code will moved there, bpmb the 00404981 byte to se any changes)
If the bytes gets changed do change them back to FF FF.
The application will start running (as normal I think) but closes itself right away!?
This is where I need the help to find out how things work.
EAX=0000FF00 EBX=00F56729 ECX=8171675C EDX=8061FEC7 ESI=00F5CBEC
EDI=00404980 EBP=00F5C03C ESP=8061FFDC EIP=00F57E85 o d I S z A P C
CS=0167 DS=016F SS=016F ES=016F FS=4187 GS=0000
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄbyteÄÄÄÄÄÄÄÄÄÄÄÄÄÄPROTÄÄÄ(0)ÄÄ
016F:00404980 03 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
016F:00404990 03 00 53 57 49 54 43 48-00 00 00 00 00 00 00 00 ..SWITCH........
016F:004049A0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
016F:004049B0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
016F:004049C0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
016F:004049D0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
016F:004049E0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
016F:004049F0 06 53 57 49 54 43 48 00-00 00 00 00 00 00 00 00 .SWITCH.........
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄPROT32Ä
0167:00F57E67 58 POP EAX
0167:00F57E68 807D3A01 CMP BYTE PTR [EBP+3A],01
0167:00F57E6C 7511 JNZ 00F57E7F
0167:00F57E6E 80BD6E15000001 CMP BYTE PTR [EBP+0000156E],01
0167:00F57E75 7508 JNZ 00F57E7F
0167:00F57E77 3CFF CMP AL,FF
0167:00F57E79 7504 JNZ 00F57E7F
0167:00F57E7B B0EA MOV AL,EA
0167:00F57E7D EB00 JMP 00F57E7F
0167:00F57E7F 8BBD94060000 MOV EDI,[EBP+00000694] <<=00404980
0167:00F57E85 83C701 ADD EDI,01
0167:00F57E88 8807 MOV [EDI],AL
0167:00F57E8A 8BBD94060000 MOV EDI,[EBP+00000694] << same location
0167:00F57E90 8A07 MOV AL,[EDI]
0167:00F57E92 3C00 CMP AL,00
0167:00F57E94 7505 JNZ 00F57E9B
0167:00F57E96 E803D3FFFF CALL 00F5519E
0167:00F57E9B E8EACEFFFF CALL 00F54D8A
0167:00F57EA0 8A854A880000 MOV AL,[EBP+0000884A]
0167:00F57EA6 3C00 CMP AL,00
0167:00F57EA8 7414 JZ 00F57EBE
0167:00F57EAA 8BBD94060000 MOV EDI,[EBP+00000694] << same location
0167:00F57EB0 83C701 ADD EDI,01
0167:00F57EB3 8A07 MOV AL,[EDI]
0167:00F57EB5 3CD3 CMP AL,D3
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄSCPW32!.text+6E67ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
The protection:
A protective directory is stored with the authorization. It contains authorization files with the "system" and "hidden" attributes. The attributes must not be changed. The files must not be modified or deleted, otherwise the authorization will be irretrievably lost.
The protective directory "AX NF ZZ" is stored once per drive and contains all the installed local authorizations on the drive. It is stored with the installation of the first authorization and deleted again when the last authorization is removed. The protective directory stores one or two files per authorization, both with the same name. These files have the authorization name as the file name, but different name extensions.
And:
The authorization causes a cluster to appear on the target drive which is identified as "defective". Do not attempt to restore this cluster.
URL to get the AuthorsW application (wich can control and manage diffrent licenses): http://www.ad.siemens.de/Simatic-cs
--Note! the file extensions is *.EKB and *.HRD
(I'm not sure about the *.HRD) there is also a file check to see if the SWITCH.F9L exists in your %windir%.
The application I'm trying to crack is an upgrade for "Switchsim" at www.routersim.com.
To run you need a already registered copy of an earlier version (nlwdll32.dll is required), and also the "Assymetrix toolbook runtime" files.
Dump taken from "SCPW32.DLL"
If one change :00404980-004049881 to FF FF and then continue to run it
(watch them as an error code will moved there, bpmb the 00404981 byte to se any changes)
If the bytes gets changed do change them back to FF FF.
The application will start running (as normal I think) but closes itself right away!?
This is where I need the help to find out how things work.
EAX=0000FF00 EBX=00F56729 ECX=8171675C EDX=8061FEC7 ESI=00F5CBEC
EDI=00404980 EBP=00F5C03C ESP=8061FFDC EIP=00F57E85 o d I S z A P C
CS=0167 DS=016F SS=016F ES=016F FS=4187 GS=0000
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄbyteÄÄÄÄÄÄÄÄÄÄÄÄÄÄPROTÄÄÄ(0)ÄÄ
016F:00404980 03 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
016F:00404990 03 00 53 57 49 54 43 48-00 00 00 00 00 00 00 00 ..SWITCH........
016F:004049A0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
016F:004049B0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
016F:004049C0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
016F:004049D0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
016F:004049E0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
016F:004049F0 06 53 57 49 54 43 48 00-00 00 00 00 00 00 00 00 .SWITCH.........
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄPROT32Ä
0167:00F57E67 58 POP EAX
0167:00F57E68 807D3A01 CMP BYTE PTR [EBP+3A],01
0167:00F57E6C 7511 JNZ 00F57E7F
0167:00F57E6E 80BD6E15000001 CMP BYTE PTR [EBP+0000156E],01
0167:00F57E75 7508 JNZ 00F57E7F
0167:00F57E77 3CFF CMP AL,FF
0167:00F57E79 7504 JNZ 00F57E7F
0167:00F57E7B B0EA MOV AL,EA
0167:00F57E7D EB00 JMP 00F57E7F
0167:00F57E7F 8BBD94060000 MOV EDI,[EBP+00000694] <<=00404980
0167:00F57E85 83C701 ADD EDI,01
0167:00F57E88 8807 MOV [EDI],AL
0167:00F57E8A 8BBD94060000 MOV EDI,[EBP+00000694] << same location
0167:00F57E90 8A07 MOV AL,[EDI]
0167:00F57E92 3C00 CMP AL,00
0167:00F57E94 7505 JNZ 00F57E9B
0167:00F57E96 E803D3FFFF CALL 00F5519E
0167:00F57E9B E8EACEFFFF CALL 00F54D8A
0167:00F57EA0 8A854A880000 MOV AL,[EBP+0000884A]
0167:00F57EA6 3C00 CMP AL,00
0167:00F57EA8 7414 JZ 00F57EBE
0167:00F57EAA 8BBD94060000 MOV EDI,[EBP+00000694] << same location
0167:00F57EB0 83C701 ADD EDI,01
0167:00F57EB3 8A07 MOV AL,[EDI]
0167:00F57EB5 3CD3 CMP AL,D3
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄSCPW32!.text+6E67ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ